Added denylist options for the connections #203
Conversation
|
Hi @apamildner thanks for your continued contributions! Can you please run Thanks! |
apamildner
force-pushed
the
feature/adding-denylist-to-connection-options
branch
2 times, most recently
from
cc28f9f to
4055b8c
Compare
|
Hi! Thanks for the response. I've run the commands you specified now 👍 |
|
One thing I noticed is that you're using What benefit is addressed by utilizing |
|
It needs to be a |
You're right @apamildner. It is more like "scope": "openid profile email read:users write:users read:group write:group",Whereas "non_persistent_attrs": [
"ethnicity",
"gender",
"first_name",
"family_name"
]
Ok, I've self-researched enough to know that But in return, I do think the testing should be expanded beyond just adding it to L107 in https://github.com/go-auth0/auth0/blob/master/management/connection_test.go.
No, you were right about |
apamildner
force-pushed
the
feature/adding-denylist-to-connection-options
branch
from
d65700d to
1826438
Compare
|
Thanks for the feedback. I added some tests now and rewrote some of the existing ones to actually check against the returned objects from the api. I ran into a problem though. The build/PR pipeline is not working even though I have done |
Looks like your branch didn't bring in the PR (and subsequent PR that fixed the generate) I approved while you were adding tests. I brought in the changes for |
|
When I bring your branch current on my machine and try to test, it is failing (unfortunately) go test ./... -v -run TestConnectionOptions
testing: warning: no tests to run
PASS
ok gopkg.in/auth0.v5 (cached) [no tests to run]
testing: warning: no tests to run
PASS
ok gopkg.in/auth0.v5/internal/client (cached) [no tests to run]
testing: warning: no tests to run
PASS
ok gopkg.in/auth0.v5/internal/tag (cached) [no tests to run]
testing: warning: no tests to run
PASS
ok gopkg.in/auth0.v5/internal/testing/expect (cached) [no tests to run]
=== RUN TestConnectionOptions
=== RUN TestConnectionOptions/GoogleOAuth2
2021/03/24 13:43:16 400 Bad Request: Payload validation error: 'Additional properties not allowed: strategy,name,id'.
FAIL gopkg.in/auth0.v5/management 0.825s
FAIL |
|
It was indeed good that we extended the tests. Seems like not all connections support this feature which is what I assumed from the docs, but to be honest the documentation is quite lacking about what connections support this: https://auth0.com/docs/security/denylist-user-attributes. If you have time, it would be great if I could get this information and then I could remove the option for the unsupported connections. |
|
Hey @apamildner, I took a look at the source code around this and every connection object supports this. However where I led you astray and how your tests were written, is that denying attributes only works with the PATCH method. The documentation does say this (To add attributes to the DenyList, make a So the tests will need to do something like this:
|
|
Any progress @apamildner on updating the tests to only work on PATCH vs at initial connection creation? |
… expected for the various connections.
…he connection was deleted.
apamildner
force-pushed
the
feature/adding-denylist-to-connection-options
branch
2 times, most recently
from
1cceb42 to
56b7156
Compare
…nPersistentAttrs) for GoogleOauth2 and Email
apamildner
force-pushed
the
feature/adding-denylist-to-connection-options
branch
from
56b7156 to
711ff1a
Compare
|
Sorry for the delay, I finally had time to work on this! I added the tests as specified for two of the connections. |
|
LGTM. Merging. |
As described in https://auth0.com/docs/security/denylist-user-attributes there exists an option to add a DenyList on all connections such that some user data fields are never stored in auth0. This PR adds the ability to include this in the request to update connections.
Proposed Changes
NonPersistentAttrs *[]stringto allConnectionstructsAcceptance Test Output
Community Note