github/wonderwall
1
0
Fork 0
mirror of https://github.com/nais/wonderwall.git synced 2026-05-08 17:37:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
7432f86b64f6443887e6584dfd72d9711dcdc4ea
wonderwall/pkg/openid/assertion_test.go
Trong Huu Nguyen 693b1b3bbe test: add missing test for client assertion
2021-10-20 09:05:06 +02:00

52 lines
1.5 KiB
Go
Raw Blame History

package openid_test
import (
"testing"
"time"
"github.com/lestrrat-go/jwx/jwa"
"github.com/lestrrat-go/jwx/jwt"
"github.com/stretchr/testify/assert"
"github.com/nais/wonderwall/pkg/mock"
"github.com/nais/wonderwall/pkg/openid"
"github.com/nais/wonderwall/pkg/openid/scopes"
)
func TestAssertion(t *testing.T) {
provider := mock.NewTestProvider()
provider.OpenIDConfiguration.Issuer = "some-issuer"
provider.ClientConfiguration.ClientID = "client-id"
provider.ClientConfiguration.Scopes = scopes.DefaultScopes()
expiry := 30 * time.Second
assertionString, err := openid.ClientAssertion(provider, expiry)
assert.NoError(t, err)
key := provider.GetClientConfiguration().GetClientJWK()
publicKey, err := key.PublicKey()
assert.NoError(t, err)
opts := []jwt.ParseOption{
jwt.WithValidate(true),
jwt.WithVerify(jwa.SignatureAlgorithm(publicKey.Algorithm()), publicKey),
jwt.WithRequiredClaim(jwt.IssuedAtKey),
jwt.WithRequiredClaim(jwt.ExpirationKey),
jwt.WithRequiredClaim(jwt.JwtIDKey),
}
assertion, err := jwt.Parse([]byte(assertionString), opts...)
assert.NoError(t, err)
assert.ElementsMatch(t, []string{"some-issuer"}, assertion.Audience())
assert.Equal(t, "client-id", assertion.Issuer())
assert.Equal(t, "client-id", assertion.Subject())
scps, ok := assertion.Get("scope")
assert.True(t, ok)
assert.Equal(t, "openid", scps)
assert.True(t, assertion.IssuedAt().Before(time.Now()))
assert.True(t, assertion.Expiration().After(time.Now()))
assert.True(t, assertion.Expiration().Before(time.Now().Add(expiry)))
}
Reference in New Issue View Git Blame Copy Permalink