-
-
Save james-d-elliott/1475671e805c9b4e2167c6c1b61f05f2 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
=== RUN TestExample | |
fosite_test.go:340: | |
Error Trace: fosite_test.go:340 | |
Error: Not equal: | |
expected: "openid offline_access" | |
actual : "openid offline_access extra" | |
Diff: | |
--- Expected | |
+++ Actual | |
@@ -1 +1 @@ | |
-openid offline_access | |
+openid offline_access extra | |
Test: TestExample | |
fosite_test.go:345: | |
Error Trace: fosite_test.go:345 | |
Error: Not equal: | |
expected: fosite.Arguments{"openid", "offline_access"} | |
actual : fosite.Arguments{"openid", "offline_access", "extra"} | |
Diff: | |
--- Expected | |
+++ Actual | |
@@ -1,4 +1,5 @@ | |
-(fosite.Arguments) (len=2) { | |
+(fosite.Arguments) (len=3) { | |
(string) (len=6) "openid", | |
- (string) (len=14) "offline_access" | |
+ (string) (len=14) "offline_access", | |
+ (string) (len=5) "extra" | |
} | |
Test: TestExample | |
{"access_token":"ory_at_tY4YMKZxrR-efLiqRrObgFJaIKhZ-WGqb4imj88jiys.8WzVH6M2DVp81_F5jrX1ZHCo6NKfRjS-OWkH3qEUdIY","expires_in":1799,"id_token":"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdF9oYXNoIjoiMWtXOFpObThtLUJfMlB4OWxVMERjUSIsImF1ZCI6WyJleGFtcGxlIl0sImF1dGhfdGltZSI6MTY2NzM1NzcxMSwiZXhwIjoxNjY3MzYxMzExLCJpYXQiOjE2NjczNTc3MTEsImp0aSI6IjMxYTY3OTQ0LTY2MzItNDA3YS1hMWNhLWNlMzk3OGNjZmM3ZSIsInN1YiI6InRlc3RpbmcifQ.QbNyDOZxeibnZ8yspsrm40e3GKCI_effoftC6NgSXFUqvG619JUI-AcW_kuiTXPLsO-DwmkgoXip_qEXIwOPQza2VTTgROQr5r92DDJkjhyFgVoqV-IL7IktupS6tddui6ExWxjmqTwvEE0gQ_lNvGaJ5rpUKgsXPlIQCrqcwFZ0P01WS4diI6FXisrqpmZGQxj-k_moJgP5VPTaOd7GDBMAj7jQSqCyjjOAEozX-VItbI2RHQ0B_WJQpb0mqGX4X03B_X4zLkpxPUpX4OmColHTIntQ0creP8qSZovdi9rlSH5cmWEYaxZ8DeV2vfJ3rDJNelFFIWFOK0AuVsXmhg","refresh_token":"ory_rt_D2UL2lwjFhumKQE_lmhh1pL7NIyC_s8eJWHbbMhbnV8.7iDatN8viZWb1sf-5GiOxsuaqyV9S53AESi70hPYCcU","scope":"openid offline_access extra","token_type":"bearer"} | |
{"access_token":"ory_at_ljFrCDqWfjKmZcc8wK5ULdMjhGu7jwrJATbrbXLxnpY.7AuOi2Q7Ypfx4skceHeFYnkORWwMZe9PdZG9ELWQLRA","expires_in":1799,"id_token":"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdF9oYXNoIjoidXE3ZHo4U3hHVkxjS01jUFA3LVQyQSIsImF1ZCI6WyJleGFtcGxlIl0sImF1dGhfdGltZSI6MTY2NzM1NzcxMSwiZXhwIjoxNjY3MzYxMzExLCJpYXQiOjE2NjczNTc3MTEsImp0aSI6IjU1N2U2ZDY4LTQxOTEtNGFkOC04ODE2LWNlMjVlZWRlNzYyMyIsInN1YiI6InRlc3RpbmcifQ.xuwACBlwZJuPJy-lHKEUeBJD9UCjY4r-ohM-6Kj6H3901Gko6GuAiU2erOkVNXGWIAvNkPCQBmEluvdQ7j9A3uW3zQzNrilPdhTX80yxt1R_2E6_vLO5tXfuJcty5_o1Ovcvt2_fPr75z3ZEMN7goHeEc5DlE19Rh3mh9F7BrKsud5f20FTZ_BzZtc8EB3BE_5jf5PGCFRlaZS7Nf47sQncIQ1-UCpSKs4oQ_s91Fz3CZxz51jox9RE0ufUEd1MeDP_s4fU_FwdNIdtuSiM9OjhQlUB7cvY7Vt_irwTzcNN5WTHpGfNp3BnA4skYeKk5eE-gZrow2Fu4402AkhixlA","refresh_token":"ory_rt_69xHeDImIulCrq4s5lB__mgN22Nrm0NGLt1uVPBSQpw.6_NNynKKTPEatVaVpfnS9lqPBcijTHTHBzYvdWGIwAk","scope":"openid offline_access extra","token_type":"bearer"} | |
access_token: id: 7AuOi2Q7Ypfx4skceHeFYnkORWwMZe9PdZG9ELWQLRA: scopes: [openid offline_access extra] | |
refresh_token: id: 7iDatN8viZWb1sf-5GiOxsuaqyV9S53AESi70hPYCcU: scopes: [openid offline_access extra] | |
refresh_token: id: 6_NNynKKTPEatVaVpfnS9lqPBcijTHTHBzYvdWGIwAk: scopes: [openid offline_access extra] | |
id session: id: ory_ac_QKrANXTwHDgLXF9ja3JaiALliolAPtPJ51DQ85iVVWw.GBrzt5lsTBuLYIWgFZc7z7-xEFzAVvSNM7-uxJ0lg3I: scopes: [openid offline_access extra] | |
--- FAIL: TestExample (0.21s) | |
Expected :fosite.Arguments{"openid", "offline_access"} | |
Actual :fosite.Arguments{"openid", "offline_access", "extra"} | |
<Click to see difference> | |
FAIL | |
Process finished with the exit code 1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
type PTHasher struct{} | |
func (h *PTHasher) Compare(ctx context.Context, hash []byte, data []byte) error { | |
if bytes.Compare(hash, data) == 0 { | |
return nil | |
} | |
return fmt.Errorf("invalid") | |
} | |
func (h *PTHasher) Hash(ctx context.Context, data []byte) ([]byte, error) { | |
return nil, nil | |
} | |
func TestExample(t *testing.T) { | |
privateKey, _ := rsa.GenerateKey(rand.Reader, 2048) | |
scopesOriginal := []string{"openid", "offline_access", "extra"} | |
scopesRefresh := []string{"openid", "offline_access"} | |
c := &Config{ | |
AccessTokenLifespan: time.Minute * 30, | |
GlobalSecret: []byte("u7b3mmRo65Nm9GuAGX7GRibWdTHHcvrk"), | |
ClientSecretsHasher: &PTHasher{}, | |
SendDebugMessagesToClients: true, | |
} | |
store := storage.NewMemoryStore() | |
store.Clients["example"] = DefaultOpenIDConnectClient{ | |
DefaultClient: &DefaultClient{ | |
ID: "example", | |
Secret: []byte("example"), | |
RedirectURIs: []string{"https://localhost/oidc/callback"}, | |
Scopes: []string{"openid", "offline_access", "extra"}, | |
GrantTypes: []string{"authorization_code", "refresh_token"}, | |
}, | |
} | |
fosite := compose.ComposeAllEnabled(c, store, privateKey) | |
formAuthorize := url.Values{} | |
formAuthorize.Set("client_id", "example") | |
formAuthorize.Set("redirect_uri", "https://localhost/oidc/callback") | |
formAuthorize.Set("scope", strings.Join(scopesOriginal, " ")) | |
formAuthorize.Set("response_type", "code") | |
formAuthorize.Set("state", "014551f45dea91525e4e873edb041f3ec90f667e") | |
urlAuthorize, err := url.ParseRequestURI("https://localhost/oidc/authorize") | |
require.NoError(t, err) | |
urlAuthorize.RawQuery = formAuthorize.Encode() | |
reqHTTPAuthorize, err := http.NewRequest(http.MethodGet, urlAuthorize.String(), nil) | |
require.NoError(t, err) | |
ctxAuthorize := context.Background() | |
reqAuthorize, err := fosite.NewAuthorizeRequest(ctxAuthorize, reqHTTPAuthorize) | |
switch e := err.(type) { | |
case *RFC6749Error: | |
fmt.Printf("code: %d, description: %s, debug: %s, hint: %s\n", e.CodeField, e.DescriptionField, e.DebugField, e.HintField) | |
case nil: | |
break | |
default: | |
fmt.Printf("can't determine error: %+v\n", e) | |
} | |
require.NoError(t, err) | |
assert.NotNil(t, reqAuthorize) | |
for _, scope := range reqAuthorize.GetRequestedScopes() { | |
reqAuthorize.GrantScope(scope) | |
} | |
for _, audience := range reqAuthorize.GetRequestedAudience() { | |
reqAuthorize.GrantAudience(audience) | |
} | |
session := &openid.DefaultSession{ | |
Claims: &jwt.IDTokenClaims{ | |
Subject: "testing", | |
}, | |
Username: "testing", | |
Subject: "testing", | |
} | |
assert.Equal(t, "testing", session.GetSubject()) | |
respAuthorize, err := fosite.NewAuthorizeResponse(ctxAuthorize, reqAuthorize, session) | |
switch e := err.(type) { | |
case *RFC6749Error: | |
fmt.Printf("code: %d, description: %s, debug: %s, hint: %s\n", e.CodeField, e.DescriptionField, e.DebugField, e.HintField) | |
case nil: | |
break | |
default: | |
fmt.Printf("can't determine error: %+v\n", e) | |
} | |
require.NoError(t, err) | |
assert.NotNil(t, respAuthorize) | |
recorderAuthorize := httptest.NewRecorder() | |
fosite.WriteAuthorizeResponse(ctxAuthorize, recorderAuthorize, reqAuthorize, respAuthorize) | |
headersAuthorize := recorderAuthorize.Header() | |
locationAuthorize := headersAuthorize.Get("Location") | |
assert.NotEmpty(t, locationAuthorize) | |
urlAuthorizeResponse, err := url.ParseRequestURI(locationAuthorize) | |
require.NoError(t, err) | |
qryAuthoizeResponse := urlAuthorizeResponse.Query() | |
code := qryAuthoizeResponse.Get("code") | |
assert.NotEmpty(t, code) | |
formToken := &url.Values{} | |
formToken.Set("grant_type", "authorization_code") | |
formToken.Set("client_id", "example") | |
formToken.Set("client_secret", "example") | |
formToken.Set("redirect_uri", "https://localhost/oidc/callback") | |
formToken.Set("code", code) | |
reqHTTPToken, err := http.NewRequest(http.MethodPost, "https://localhost/oidc/token", strings.NewReader(formToken.Encode())) | |
require.NoError(t, err) | |
reqHTTPToken.Header.Set("Content-Type", "application/x-www-form-urlencoded") | |
assert.NotNil(t, reqHTTPToken) | |
ctxToken := context.Background() | |
sessionToken := openid.NewDefaultSession() | |
reqToken, err := fosite.NewAccessRequest(ctxToken, reqHTTPToken, sessionToken) | |
switch e := err.(type) { | |
case *RFC6749Error: | |
fmt.Printf("code: %d, description: %s, debug: %s, hint: %s\n", e.CodeField, e.DescriptionField, e.DebugField, e.HintField) | |
case nil: | |
break | |
default: | |
fmt.Printf("can't determine error: %+v\n", e) | |
} | |
require.NoError(t, err) | |
assert.NotNil(t, reqToken) | |
respToken, err := fosite.NewAccessResponse(ctxToken, reqToken) | |
require.NoError(t, err) | |
assert.NotNil(t, respToken) | |
recorderToken := httptest.NewRecorder() | |
fosite.WriteAccessResponse(ctxToken, recorderToken, reqToken, respToken) | |
parsedTokenResponse := &TokenResponse{} | |
err = json.Unmarshal(recorderToken.Body.Bytes(), parsedTokenResponse) | |
require.NoError(t, err) | |
assert.NotEmpty(t, parsedTokenResponse.RefreshToken) | |
assert.Equal(t, strings.Join(scopesOriginal, " "), parsedTokenResponse.Scope) | |
accessToken, ok := store.AccessTokens[strings.SplitN(parsedTokenResponse.AccessToken, ".", 2)[1]] | |
require.True(t, ok) | |
assert.Equal(t, Arguments(scopesOriginal), accessToken.GetGrantedScopes()) | |
formRefreshToken := &url.Values{} | |
formRefreshToken.Set("grant_type", "refresh_token") | |
formRefreshToken.Set("client_id", "example") | |
formRefreshToken.Set("client_secret", "example") | |
formRefreshToken.Set("refresh_token", parsedTokenResponse.RefreshToken) | |
formRefreshToken.Set("scope", strings.Join(scopesRefresh, " ")) | |
formRefreshToken.Set("redirect_uri", "https://localhost/oidc/callback") | |
formRefreshToken.Set("code", code) | |
reqHTTPRefreshToken, err := http.NewRequest(http.MethodPost, "https://localhost/oidc/token", strings.NewReader(formRefreshToken.Encode())) | |
require.NoError(t, err) | |
reqHTTPRefreshToken.Header.Set("Content-Type", "application/x-www-form-urlencoded") | |
assert.NotNil(t, reqHTTPRefreshToken) | |
ctxRefreshToken := context.Background() | |
sessionRefreshToken := openid.NewDefaultSession() | |
reqRefreshToken, err := fosite.NewAccessRequest(ctxRefreshToken, reqHTTPRefreshToken, sessionRefreshToken) | |
switch e := err.(type) { | |
case *RFC6749Error: | |
fmt.Printf("code: %d, description: %s, debug: %s, hint: %s\n", e.CodeField, e.DescriptionField, e.DebugField, e.HintField) | |
case nil: | |
break | |
default: | |
fmt.Printf("can't determine error: %+v\n", e) | |
} | |
require.NoError(t, err) | |
assert.NotNil(t, reqRefreshToken) | |
respRefreshToken, err := fosite.NewAccessResponse(ctxRefreshToken, reqRefreshToken) | |
require.NoError(t, err) | |
assert.NotNil(t, respRefreshToken) | |
recorderRefreshToken := httptest.NewRecorder() | |
fosite.WriteAccessResponse(ctxRefreshToken, recorderRefreshToken, reqRefreshToken, respRefreshToken) | |
parsedRefreshTokenResponse := &TokenResponse{} | |
err = json.Unmarshal(recorderRefreshToken.Body.Bytes(), parsedRefreshTokenResponse) | |
require.NoError(t, err) | |
assert.NotEmpty(t, parsedRefreshTokenResponse.RefreshToken) | |
assert.Equal(t, strings.Join(scopesRefresh, " "), parsedRefreshTokenResponse.Scope) | |
accessTokenRefresh, ok := store.AccessTokens[strings.SplitN(parsedRefreshTokenResponse.AccessToken, ".", 2)[1]] | |
require.True(t, ok) | |
assert.Equal(t, Arguments(scopesRefresh), accessTokenRefresh.GetGrantedScopes()) | |
fmt.Println(recorderToken.Body) | |
fmt.Println(recorderRefreshToken.Body) | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment