Improve usage of OIDC_TLS_VERIFY (#78)

* Fix inverted logic of OIDC_TLS_VERIFY When OIDC_TLS_VERIFY was set to the string "true" this was converted to the boolean `true` by `strToBool`. This resulted in `skipTLSVerify` also returning `true`. Thus verification was actually skipped. Fixed this inverted logic bug. * Apply OIDC_TLS_VERIFY to OIDC provider as well The configuration OIDC_TLS_VERIFY was only applied to for the refresh- token related checks. It was still not possible to use the test client with an OIDC provider that was using a self-signed certificate. This commit changes the context used for communicating with the OIDC provider. That way TLS certificate validation can be skipped and thus an OIDC provider using a self-signed certificate can also be used.
BeryJu · Nov 13, 2023 · a64dd56 · a64dd56
1 parent d440121
commit a64dd56
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/pkg/client.go b/pkg/client.go
@@ -44,7 +44,7 @@ func strToBool(str string) bool {
 
 func skipTLSVerify() bool {
 	tlsVerify := strings.ToLower(Env("OIDC_TLS_VERIFY", "true"))
-	return strToBool(tlsVerify)
+	return !strToBool(tlsVerify)
 }
 
 func createContext(from context.Context) context.Context {
@@ -68,7 +68,7 @@ func getScopes() []string {
 }
 
 func NewOIDCClient(clientID string, clientSecret string, providerURL string) *OIDCClient {
-	ctx := context.Background()
+	ctx := createContext(context.Background())
 
 	provider, err := oidc.NewProvider(ctx, providerURL)
 	if err != nil {