Remove deprecated flag --oidc-redirect-url-hostname (#1450)

integration_test/credetial_plugin_test.go

@@ -332,32 +332,6 @@ func TestCredentialPlugin(t *testing.T) {
 		assertCredentialPluginStdout(t, &stdout, svc.LastTokenResponse().IDToken, now.Add(time.Hour))
 	})
 
-	t.Run("RedirectURLHostname", func(t *testing.T) {
-		ctx, cancel := context.WithTimeout(context.TODO(), timeout)
-		defer cancel()
-		svc := oidcserver.New(t, keypair.None, testconfig.Config{
-			Want: testconfig.Want{
-				Scope:               "openid",
-				RedirectURIPrefix:   "http://127.0.0.1:",
-				CodeChallengeMethod: "S256",
-			},
-			Response: testconfig.Response{
-				IDTokenExpiry:                 now.Add(time.Hour),
-				CodeChallengeMethodsSupported: []string{"plain", "S256"},
-			},
-		})
-		var stdout bytes.Buffer
-		runGetToken(t, ctx, getTokenConfig{
-			tokenCacheDir: tokenCacheDir,
-			issuerURL:     svc.IssuerURL(),
-			httpDriver:    httpdriver.New(ctx, t, httpdriver.Config{BodyContains: "Authenticated"}),
-			now:           now,
-			stdout:        &stdout,
-			args:          []string{"--oidc-redirect-url-hostname", "127.0.0.1"},
-		})
-		assertCredentialPluginStdout(t, &stdout, svc.LastTokenResponse().IDToken, now.Add(time.Hour))
-	})
-
 	t.Run("RedirectURLHTTPS", func(t *testing.T) {
 		ctx, cancel := context.WithTimeout(context.TODO(), timeout)
 		defer cancel()

pkg/cmd/authentication.go

@@ -23,7 +23,6 @@ type authenticationOptions struct {
 	LocalServerCertFile         string
 	LocalServerKeyFile          string
 	OpenURLAfterAuthentication  string
-	RedirectURLHostname         string // DEPRECATED
 	RedirectURLAuthCodeKeyboard string // DEPRECATED
 	AuthRequestExtraParams      map[string]string
 	Username                    string
@@ -48,10 +47,6 @@ func (o *authenticationOptions) addFlags(f *pflag.FlagSet) {
 	f.StringVar(&o.LocalServerCertFile, "local-server-cert", "", "[authcode] Certificate path for the local server")
 	f.StringVar(&o.LocalServerKeyFile, "local-server-key", "", "[authcode] Certificate key path for the local server")
 	f.StringVar(&o.OpenURLAfterAuthentication, "open-url-after-authentication", "", "[authcode] If set, open the URL in the browser after authentication")
-	f.StringVar(&o.RedirectURLHostname, "oidc-redirect-url-hostname", "", "[authcode] Hostname of the redirect URL")
-	if err := f.MarkDeprecated("oidc-redirect-url-hostname", "use --oidc-redirect-url instead."); err != nil {
-		panic(err)
-	}
 	f.StringVar(&o.RedirectURLAuthCodeKeyboard, "oidc-redirect-url-authcode-keyboard", "", "Equivalent to --oidc-redirect-url")
 	if err := f.MarkDeprecated("oidc-redirect-url-authcode-keyboard", "use --oidc-redirect-url instead."); err != nil {
 		panic(err)
@@ -77,7 +72,6 @@ func (o *authenticationOptions) grantOptionSet() (s authentication.GrantOptionSe
 			LocalServerCertFile:        o.LocalServerCertFile,
 			LocalServerKeyFile:         o.LocalServerKeyFile,
 			OpenURLAfterAuthentication: o.OpenURLAfterAuthentication,
-			RedirectURLHostname:        o.RedirectURLHostname,
 			AuthRequestExtraParams:     o.AuthRequestExtraParams,
 		}
 	case o.GrantType == "authcode-keyboard":

pkg/cmd/authentication_test.go

@@ -36,7 +36,6 @@ func Test_authenticationOptions_grantOptionSet(t *testing.T) {
 				"--local-server-cert", "/path/to/local-server-cert",
 				"--local-server-key", "/path/to/local-server-key",
 				"--open-url-after-authentication", "https://example.com/success.html",
-				"--oidc-redirect-url-hostname", "example",
 				"--oidc-auth-request-extra-params", "ttl=86400",
 				"--oidc-auth-request-extra-params", "reauth=true",
 				"--username", "USER",
@@ -51,7 +50,6 @@ func Test_authenticationOptions_grantOptionSet(t *testing.T) {
 					LocalServerCertFile:        "/path/to/local-server-cert",
 					LocalServerKeyFile:         "/path/to/local-server-key",
 					OpenURLAfterAuthentication: "https://example.com/success.html",
-					RedirectURLHostname:        "example",
 					AuthRequestExtraParams:     map[string]string{"ttl": "86400", "reauth": "true"},
 				},
 			},

pkg/oidc/client/authcode.go

@@ -29,7 +29,6 @@ type GetTokenByAuthCodeInput struct {
 	State                  string
 	Nonce                  string
 	PKCEParams             pkce.Params
-	RedirectURLHostname    string // DEPRECATED
 	AuthRequestExtraParams map[string]string
 	LocalServerSuccessHTML string
 	LocalServerCertFile    string
@@ -50,7 +49,6 @@ func (c *client) GetTokenByAuthCode(ctx context.Context, in GetTokenByAuthCodeIn
 		TokenRequestOptions:    tokenRequestOptions(in.PKCEParams),
 		LocalServerBindAddress: in.BindAddress,
 		LocalServerReadyChan:   localServerReadyChan,
-		RedirectURLHostname:    in.RedirectURLHostname,
 		LocalServerSuccessHTML: in.LocalServerSuccessHTML,
 		LocalServerCertFile:    in.LocalServerCertFile,
 		LocalServerKeyFile:     in.LocalServerKeyFile,

pkg/usecases/authentication/authcode/browser.go

@@ -19,7 +19,6 @@ type BrowserOption struct {
 	BindAddress                []string
 	AuthenticationTimeout      time.Duration
 	OpenURLAfterAuthentication string
-	RedirectURLHostname        string // DEPRECATED
 	AuthRequestExtraParams     map[string]string
 	LocalServerCertFile        string
 	LocalServerKeyFile         string
@@ -54,7 +53,6 @@ func (u *Browser) Do(ctx context.Context, o *BrowserOption, oidcClient client.In
 		State:                  state,
 		Nonce:                  nonce,
 		PKCEParams:             pkceParams,
-		RedirectURLHostname:    o.RedirectURLHostname,
 		AuthRequestExtraParams: o.AuthRequestExtraParams,
 		LocalServerSuccessHTML: successHTML,
 		LocalServerCertFile:    o.LocalServerCertFile,