fixup! Add option to configure an external OAuth server

pkg/cmd/server/apis/config/helpers.go

@@ -167,6 +167,9 @@ func GetMasterFileReferences(config *MasterConfig) []*string {
 	for k := range config.AuthConfig.WebhookTokenAuthenticators {
 		refs = append(refs, &config.AuthConfig.WebhookTokenAuthenticators[k].ConfigFile)
 	}
+	if len(config.AuthConfig.OAuthMetadataFile) > 0 {
+		refs = append(refs, &config.AuthConfig.OAuthMetadataFile)
+	}
 
 	refs = append(refs, &config.AggregatorConfig.ProxyClientInfo.CertFile)
 	refs = append(refs, &config.AggregatorConfig.ProxyClientInfo.KeyFile)

pkg/cmd/server/apis/config/types.go

@@ -434,6 +434,7 @@ type MasterAuthConfig struct {
 	// OAuthMetadataFile is a path to a file containing the discovery endpoint for OAuth 2.0 Authorization
 	// Server Metadata for an external OAuth server.
 	// See IETF Draft: // https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2
+	// This option is mutually exclusive with OAuthConfig
 	OAuthMetadataFile string
 }
 

pkg/cmd/server/apis/config/v1/types.go

@@ -297,6 +297,7 @@ type MasterAuthConfig struct {
 	// OAuthMetadataFile is a path to a file containing the discovery endpoint for OAuth 2.0 Authorization
 	// Server Metadata for an external OAuth server.
 	// See IETF Draft: // https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2
+	// This option is mutually exclusive with OAuthConfig
 	OAuthMetadataFile string `json:"oauthMetadataFile"`
 }
 

pkg/oauth/util/discovery.go

@@ -46,6 +46,9 @@ type OauthAuthorizationServerMetadata struct {
 	CodeChallengeMethodsSupported []string `json:"code_challenge_methods_supported"`
 }
 
+// TODO: promote this struct as it is not effectively part of our API, since we
+// validate configuration using LoadOAuthMetadataFile
+
 func getOauthMetadata(masterPublicURL string) OauthAuthorizationServerMetadata {
 	config := osinserver.NewDefaultServerConfig()
 	return OauthAuthorizationServerMetadata{