-
-
Notifications
You must be signed in to change notification settings - Fork 365
/
authorize_jwt_bearer_required_jti_test.go
110 lines (91 loc) · 2.93 KB
/
authorize_jwt_bearer_required_jti_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0
package integration_test
import (
"context"
"net/http"
"testing"
"time"
"github.com/go-jose/go-jose/v3/jwt"
"github.com/google/uuid"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/suite"
"github.com/ory/fosite"
"github.com/ory/fosite/compose"
"github.com/ory/fosite/integration/clients"
)
type authorizeJWTBearerRequiredJtiSuite struct {
suite.Suite
client *clients.JWTBearer
}
func (s *authorizeJWTBearerRequiredJtiSuite) TestBadResponseWithoutJTI() {
ctx := context.Background()
client := s.getClient()
token, err := client.GetToken(ctx, &clients.JWTBearerPayload{
Claims: &jwt.Claims{
Issuer: firstJWTBearerIssuer,
Subject: firstJWTBearerSubject,
Audience: []string{tokenURL},
Expiry: jwt.NewNumericDate(time.Now().Add(time.Hour)),
IssuedAt: jwt.NewNumericDate(time.Now()),
},
}, []string{"fosite"})
s.assertBadResponse(s.T(), token, err)
}
func (s *authorizeJWTBearerRequiredJtiSuite) TestSuccessResponseWithJTI() {
ctx := context.Background()
client := s.getClient()
token, err := client.GetToken(ctx, &clients.JWTBearerPayload{
Claims: &jwt.Claims{
Issuer: firstJWTBearerIssuer,
Subject: firstJWTBearerSubject,
Audience: []string{tokenURL},
Expiry: jwt.NewNumericDate(time.Now().Add(time.Hour)),
IssuedAt: jwt.NewNumericDate(time.Now()),
ID: uuid.New().String(),
},
}, []string{"fosite"})
s.assertSuccessResponse(s.T(), token, err)
}
func (s *authorizeJWTBearerRequiredJtiSuite) getClient() *clients.JWTBearer {
client := *s.client
return &client
}
func (s *authorizeJWTBearerRequiredJtiSuite) assertSuccessResponse(t *testing.T, token *clients.Token, err error) {
assert.Nil(t, err)
assert.NotNil(t, token)
assert.Equal(t, token.TokenType, "bearer")
assert.Empty(t, token.RefreshToken)
assert.NotEmpty(t, token.ExpiresIn)
assert.NotEmpty(t, token.AccessToken)
}
func (s *authorizeJWTBearerRequiredJtiSuite) assertBadResponse(t *testing.T, token *clients.Token, err error) {
assert.Nil(t, token)
assert.NotNil(t, err)
retrieveError, ok := err.(*clients.RequestError)
assert.True(t, ok)
assert.Equal(t, retrieveError.Response.StatusCode, http.StatusBadRequest)
}
func TestAuthorizeJWTBearerRequiredJtiSuite(t *testing.T) {
provider := compose.Compose(
&fosite.Config{
GrantTypeJWTBearerCanSkipClientAuth: true,
GrantTypeJWTBearerIDOptional: false,
GrantTypeJWTBearerIssuedDateOptional: true,
TokenURL: tokenURL,
},
fositeStore,
jwtStrategy,
compose.OAuth2ClientCredentialsGrantFactory,
compose.RFC7523AssertionGrantFactory,
)
testServer := mockServer(t, provider, &fosite.DefaultSession{})
defer testServer.Close()
client := newJWTBearerAppClient(testServer)
if err := client.SetPrivateKey(firstKeyID, firstPrivateKey); err != nil {
assert.Nil(t, err)
}
suite.Run(t, &authorizeJWTBearerRequiredJtiSuite{
client: client,
})
}