Merge remote-tracking branch 'tgoodsell-tempus/support-ec-keys' into …

…pr_1715_tgoodsell-tempus
okta · Sep 12, 2023 · fb526b4 · fb526b4
2 parents ed0ce6f + ae9f4f4
commit fb526b4
Show file tree

Hide file tree

Showing 3 changed files with 49 additions and 1 deletion.
diff --git a/examples/okta_app_oauth/service_with_jwks.tf b/examples/okta_app_oauth/service_with_jwks.tf
@@ -12,3 +12,29 @@ resource "okta_app_oauth" "test" {
     n   = "owfoXNHcAlAVpIO41840ZU2tZraLGw3yEr3xZvAti7oEZPUKCytk88IDgH7440JOuz8GC_D6vtduWOqnEt0j0_faJnhKHgfj7DTWBOCxzSdjrM-Uyj6-e_XLFvZXzYsQvt52PnBJUV15G1W9QTjlghT_pFrW0xrTtbO1c281u1HJdPd5BeIyPb0pGbciySlx53OqGyxrAxPAt5P5h-n36HJkVsSQtNvgptLyOwWYkX50lgnh2szbJ0_O581bqkNBy9uqlnVeK1RZDQUl4mk8roWYhsx_JOgjpC3YyeXA6hHsT5xWZos_gNx98AHivNaAjzIzvyVItX2-hP0Aoscfff"
   }
 }
+
+resource "okta_app_oauth" "test_ec" {
+  label                      = "test_ecAcc_replace_with_uuid"
+  type                       = "service"
+  response_types             = ["token"]
+  grant_types                = ["client_credentials"]
+  token_endpoint_auth_method = "private_key_jwt"
+
+  jwks {
+    kty = "EC"
+    kid = "testing"
+    x   = "K37X78mXJHHldZYMzrwipjKR-YZUS2SMye0KindHp6I"
+    y   = "8IfvsvXWzbFWOZoVOMwgF5p46mUj3kbOVf9Fk0vVVHo"
+  }
+}
+
+# Test EC Key
+# {
+#     "kty": "EC",
+#     "use": "sig",
+#     "crv": "P-256",
+#     "kid": "testing",
+#     "x": "K37X78mXJHHldZYMzrwipjKR-YZUS2SMye0KindHp6I",
+#     "y": "8IfvsvXWzbFWOZoVOMwgF5p46mUj3kbOVf9Fk0vVVHo",
+#     "alg": "ES256"
+# }
diff --git a/okta/resource_okta_app_oauth.go b/okta/resource_okta_app_oauth.go
@@ -325,6 +325,16 @@ func resourceAppOAuth() *schema.Resource {
 							Optional:    true,
 							Description: "RSA Modulus",
 						},
+						"x": {
+							Type:        schema.TypeString,
+							Optional:    true,
+							Description: "X coordinate of the elliptic curve point",
+						},
+						"y": {
+							Type:        schema.TypeString,
+							Optional:    true,
+							Description: "Y coordinate of the elliptic curve point",
+						},
 					},
 				},
 			},

diff --git a/okta/resource_okta_app_oauth_test.go b/okta/resource_okta_app_oauth_test.go
@@ -266,6 +266,8 @@ func TestAccResourceOktaAppOauth_serviceWithJWKS(t *testing.T) {
 	config := mgr.GetFixtures("service_with_jwks.tf", t)
 	resourceName := fmt.Sprintf("%s.test", appOAuth)
 
+	ecResourceName := fmt.Sprintf("%s.test2", appOAuth)
+
 	oktaResourceTest(t, resource.TestCase{
 		PreCheck:          testAccPreCheck(t),
 		ErrorCheck:        testAccErrorChecks(t),
@@ -282,6 +284,16 @@ func TestAccResourceOktaAppOauth_serviceWithJWKS(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "jwks.0.n", "owfoXNHcAlAVpIO41840ZU2tZraLGw3yEr3xZvAti7oEZPUKCytk88IDgH7440JOuz8GC_D6vtduWOqnEt0j0_faJnhKHgfj7DTWBOCxzSdjrM-Uyj6-e_XLFvZXzYsQvt52PnBJUV15G1W9QTjlghT_pFrW0xrTtbO1c281u1HJdPd5BeIyPb0pGbciySlx53OqGyxrAxPAt5P5h-n36HJkVsSQtNvgptLyOwWYkX50lgnh2szbJ0_O581bqkNBy9uqlnVeK1RZDQUl4mk8roWYhsx_JOgjpC3YyeXA6hHsT5xWZos_gNx98AHivNaAjzIzvyVItX2-hP0Aoscfff"),
 				),
 			},
+			{
+				Config: config,
+				Check: resource.ComposeTestCheckFunc(
+					ensureResourceExists(ecResourceName, createDoesAppExist(sdk.NewOpenIdConnectApplication())),
+					resource.TestCheckResourceAttr(ecResourceName, "jwks.0.kty", "EC"),
+					resource.TestCheckResourceAttr(ecResourceName, "jwks.0.kid", "testing"),
+					resource.TestCheckResourceAttr(ecResourceName, "jwks.0.x", "K37X78mXJHHldZYMzrwipjKR-YZUS2SMye0KindHp6I"),
+					resource.TestCheckResourceAttr(ecResourceName, "jwks.0.y", "8IfvsvXWzbFWOZoVOMwgF5p46mUj3kbOVf9Fk0vVVHo"),
+				),
+			},
 		},
 	})
 }
@@ -352,7 +364,7 @@ func TestAccResourceOktaAppOauth_redirect_uris(t *testing.T) {
 					  "https://*.example.com/"
 					]
 					response_types = ["code"]
-				  }				
+				  }
 				`,
 				Check: resource.ComposeTestCheckFunc(
 					ensureResourceExists(resourceName, createDoesAppExist(sdk.NewOpenIdConnectApplication())),