Allow configuring multiple OAuth clients in the same realm

assets/cla/consent.yaml

@@ -45,4 +45,6 @@
   email: [email protected]
 - name: Phil Porada
   email: [email protected]
+- name: Matthias Stone
+  email: [email protected]
 

config.go

@@ -112,6 +112,10 @@ func (cfg *Config) AddAuthorizationPolicy(p *authz.PolicyConfig) error {
 
 // Validate validates Config.
 func (cfg *Config) Validate() error {
+	if cfg == nil {
+		return fmt.Errorf("config is nil")
+	}
+
 	if len(cfg.AuthenticationPortals) < 1 && len(cfg.AuthorizationPolicies) < 1 {
 		return fmt.Errorf("no portals and gatekeepers found")
 	}

config_test.go

@@ -299,6 +299,41 @@ func TestNewConfig(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "test valid config whan multiple portals have same realm from different identity stores",
+			identityStores: []*ids.IdentityStoreConfig{
+				{
+					Name: "localdb1",
+					Kind: "local",
+					Params: map[string]interface{}{
+						"realm": "local",
+						"path":  filepath.Join(path.Dir(dbPath), "user_db1.json"),
+					},
+				},
+				{
+					Name: "localdb2",
+					Kind: "local",
+					Params: map[string]interface{}{
+						"realm": "local",
+						"path":  filepath.Join(path.Dir(dbPath), "user_db2.json"),
+					},
+				},
+			},
+			portals: []*authn.PortalConfig{
+				{
+					Name: "myportal1",
+					IdentityStores: []string{
+						"localdb1",
+					},
+				},
+				{
+					Name: "myportal2",
+					IdentityStores: []string{
+						"localdb2",
+					},
+				},
+			},
+		},
 	}
 
 	for _, tc := range testcases {
@@ -361,3 +396,9 @@ func TestNewConfig(t *testing.T) {
 		})
 	}
 }
+
+func TestValidateNilConfig(t *testing.T) {
+	var cfg *Config
+	err := cfg.Validate()
+	tests.EvalErrWithLog(t, err, "Validate", true, fmt.Errorf("config is nil"), nil)
+}

server.go

@@ -48,7 +48,6 @@ type Server struct {
 	ssoProviders      []sso.SingleSignOnProvider
 	userRegistries    []registry.UserRegistry
 	nameRefs          refMap
-	realmRefs         refMap
 	logger            *zap.Logger
 }
 
@@ -74,7 +73,6 @@ func NewServer(config *Config, logger *zap.Logger) (*Server, error) {
 		config:    config,
 		logger:    logger,
 		nameRefs:  newRefMap(),
-		realmRefs: newRefMap(),
 	}
 
 	for _, cfg := range config.IdentityProviders {
@@ -85,14 +83,10 @@ func NewServer(config *Config, logger *zap.Logger) (*Server, error) {
 		if _, exists := srv.nameRefs.identityProviders[provider.GetName()]; exists {
 			return nil, errors.ErrNewServer.WithArgs("duplicate identity provider name", provider.GetName())
 		}
-		if _, exists := srv.realmRefs.identityProviders[provider.GetRealm()]; exists {
-			return nil, errors.ErrNewServer.WithArgs("duplicate identity provider realm", provider.GetRealm())
-		}
 		if err := provider.Configure(); err != nil {
 			return nil, errors.ErrNewServer.WithArgs("failed configuring identity provider", err)
 		}
 		srv.nameRefs.identityProviders[provider.GetName()] = provider
-		srv.realmRefs.identityProviders[provider.GetRealm()] = provider
 		srv.identityProviders = append(srv.identityProviders, provider)
 	}
 
@@ -104,14 +98,10 @@ func NewServer(config *Config, logger *zap.Logger) (*Server, error) {
 		if _, exists := srv.nameRefs.identityStores[store.GetName()]; exists {
 			return nil, errors.ErrNewServer.WithArgs("duplicate identity store name", store.GetName())
 		}
-		if _, exists := srv.realmRefs.identityStores[store.GetRealm()]; exists {
-			return nil, errors.ErrNewServer.WithArgs("duplicate identity store realm", store.GetRealm())
-		}
 		if err := store.Configure(); err != nil {
 			return nil, errors.ErrNewServer.WithArgs("failed configuring identity store", err)
 		}
 		srv.nameRefs.identityStores[store.GetName()] = store
-		srv.realmRefs.identityStores[store.GetRealm()] = store
 		srv.identityStores = append(srv.identityStores, store)
 	}