Request groups scope for whynot OIDC role
This commit is contained in:
@@ -142,8 +142,13 @@ class CredentialChangeTests(unittest.TestCase):
|
||||
[
|
||||
"https://bao.coulomb.social/ui/vault/auth/netkingdom/oidc/callback",
|
||||
"http://localhost:8250/oidc/callback",
|
||||
"http://127.0.0.1:8250/oidc/callback",
|
||||
],
|
||||
)
|
||||
self.assertEqual(
|
||||
payload["oidc_scopes"],
|
||||
["openid", "profile", "email", "groups"],
|
||||
)
|
||||
|
||||
def test_apply_plan_refuses_unapproved_ccr(self) -> None:
|
||||
with self.assertRaises(SystemExit):
|
||||
@@ -170,6 +175,8 @@ class CredentialChangeTests(unittest.TestCase):
|
||||
self.assertIn('role_payload_file="$(mktemp)"', rendered)
|
||||
self.assertIn('"bound_claims": {', rendered)
|
||||
self.assertIn('"allowed_redirect_uris": [', rendered)
|
||||
self.assertIn('"oidc_scopes": [', rendered)
|
||||
self.assertIn('"groups"', rendered)
|
||||
self.assertIn(
|
||||
'"https://bao.coulomb.social/ui/vault/auth/netkingdom/oidc/callback"',
|
||||
rendered,
|
||||
|
||||
Reference in New Issue
Block a user