Add common token fields to OIDC login response

path_login_test.go

@@ -32,7 +32,17 @@ type testConfig struct {
 	groupsClaim    string
 }
 
-func setupBackend(t *testing.T, cfg testConfig) (logical.Backend, logical.Storage) {
+type closeableBackend struct {
+	logical.Backend
+
+	closeServerFunc func()
+}
+
+func setupBackend(t *testing.T, cfg testConfig) (closeableBackend, logical.Storage) {
+	cb := closeableBackend{
+		closeServerFunc: func() {},
+	}
+
 	b, storage := getBackend(t)
 
 	if cfg.groupsClaim == "" {
@@ -53,6 +63,8 @@ func setupBackend(t *testing.T, cfg testConfig) (logical.Backend, logical.Storag
 			}
 		} else {
 			p := newOIDCProvider(t)
+			cb.closeServerFunc = p.server.Close
+
 			cert, err := p.getTLSCert()
 			if err != nil {
 				t.Fatal(err)
@@ -124,7 +136,9 @@ func setupBackend(t *testing.T, cfg testConfig) (logical.Backend, logical.Storag
 		t.Fatalf("err:%s resp:%#v\n", err, resp)
 	}
 
-	return b, storage
+	cb.Backend = b
+
+	return cb, storage
 }
 
 func getTestJWT(t *testing.T, privKey string, cl jwt.Claims, privateCl interface{}) (string, *ecdsa.PrivateKey) {
@@ -852,6 +866,7 @@ func testLogin_ExpiryClaims(t *testing.T, jwks bool) {
 		} else if !tt.Valid && !resp.IsError() {
 			t.Fatalf("[test %d: %s jws: %v] expected token expired error, got : %v", i, tt.Context, tt.JWKS, *resp)
 		}
+		b.closeServerFunc()
 	}
 }
 
@@ -929,6 +944,7 @@ func testLogin_NotBeforeClaims(t *testing.T, jwks bool) {
 		} else if !tt.Valid && !resp.IsError() {
 			t.Fatalf("[test %d: %s jws: %v] expected token not valid yet error, got : %v", i, tt.Context, *resp, tt.JWKS)
 		}
+		b.closeServerFunc()
 	}
 }
 

path_oidc.go

@@ -199,25 +199,29 @@ func (b *jwtAuthBackend) pathCallback(ctx context.Context, req *logical.Request,
 		tokenMetadata[k] = v
 	}
 
-	resp := &logical.Response{
-		Auth: &logical.Auth{
-			Policies:     role.Policies,
-			DisplayName:  alias.Name,
-			Period:       role.Period,
-			NumUses:      role.NumUses,
-			Alias:        alias,
-			GroupAliases: groupAliases,
-			InternalData: map[string]interface{}{
-				"role": roleName,
-			},
-			Metadata: tokenMetadata,
-			LeaseOptions: logical.LeaseOptions{
-				Renewable: true,
-				TTL:       role.TTL,
-				MaxTTL:    role.MaxTTL,
-			},
-			BoundCIDRs: role.BoundCIDRs,
+	auth := &logical.Auth{
+		Policies:     role.Policies,
+		DisplayName:  alias.Name,
+		Period:       role.Period,
+		NumUses:      role.NumUses,
+		Alias:        alias,
+		GroupAliases: groupAliases,
+		InternalData: map[string]interface{}{
+			"role": roleName,
+		},
+		Metadata: tokenMetadata,
+		LeaseOptions: logical.LeaseOptions{
+			Renewable: true,
+			TTL:       role.TTL,
+			MaxTTL:    role.MaxTTL,
 		},
+		BoundCIDRs: role.BoundCIDRs,
+	}
+
+	role.PopulateTokenAuth(auth)
+
+	resp := &logical.Response{
+		Auth: auth,
 	}
 
 	return resp, nil

path_oidc_test.go

@@ -290,6 +290,7 @@ func TestOIDC_Callback(t *testing.T) {
 					"color": "green",
 					"size":  "medium",
 				},
+				NumUses: 10,
 			}
 			if useBoundCIDRs {
 				sock, err := sockaddr.NewSockAddr("127.0.0.42")
@@ -896,9 +897,10 @@ func getBackendAndServer(t *testing.T, boundCIDRs bool) (logical.Backend, logica
 			"COLOR":        "color",
 			"/nested/Size": "size",
 		},
-		"groups_claim": "/nested/Groups",
-		"ttl":          "3m",
-		"max_ttl":      "5m",
+		"groups_claim":   "/nested/Groups",
+		"token_ttl":      "3m",
+		"token_num_uses": 10,
+		"max_ttl":        "5m",
 		"bound_claims": map[string]interface{}{
 			"password":            "foo",
 			"sk":                  "42",