-
-
Save panva/b047e176f612d817c68ca57412ffcd2a to your computer and use it in GitHub Desktop.
certification
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
✓ ID Token rp-id_token-bad-sig-rs256 @code-basic: 2368ms | |
✓ ID Token rp-id_token-bad-sig-rs256 @id_token-implicit: 1925ms | |
✓ ID Token rp-id_token-bad-sig-rs256 @id_token+token-implicit: 1882ms | |
✓ ID Token rp-id_token-bad-sig-rs256 @code+id_token-hybrid: 1889ms | |
✓ ID Token rp-id_token-bad-sig-rs256 @code+token-hybrid: 2364ms | |
✓ ID Token rp-id_token-bad-sig-rs256 @code+id_token+token-hybrid: 1893ms | |
✓ nonce Request Parameter rp-nonce-unless-code-flow @id_token-implicit: 1898ms | |
✓ nonce Request Parameter rp-nonce-unless-code-flow @id_token+token-implicit: 1860ms | |
✓ nonce Request Parameter rp-nonce-unless-code-flow @code+id_token-hybrid: 2350ms | |
✓ nonce Request Parameter rp-nonce-unless-code-flow @code+token-hybrid: 2332ms | |
✓ nonce Request Parameter rp-nonce-unless-code-flow @code+id_token+token-hybrid: 2348ms | |
11 passing (25s) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function reject() { | |
throw new Error('expected a rejection'); | |
} | |
describe('rp-id_token-bad-sig-rs256', function () { // < test framework | |
// test will be executed for all relevant profiles with their respective response_type | |
forEach({ | |
'@code-basic': 'code', | |
'@id_token-implicit': 'id_token', | |
'@id_token+token-implicit': 'id_token token', | |
'@code+id_token-hybrid': 'code id_token', | |
'@code+token-hybrid': 'code token', | |
'@code+id_token+token-hybrid': 'code id_token token', | |
}, (response_type, profile) => { | |
it(profile, async function () { // < test framework, failed assertions and uncaught errors will fail the test | |
// setup phase | |
const { client } = await register('rp-id_token-bad-sig-rs256', { id_token_signed_response_alg: 'RS256' }); // < discovery + dynamic registration wrapper | |
assert.equal(client.id_token_signed_response_alg, 'RS256'); // < assert the registration outcome, client will be expecting RS256 id token sigs | |
const nonce = String(Math.random()); | |
const authorization = await got(client.authorizationUrl({ redirect_uri, nonce, response_type }), noFollow); // < http request to the authorization | |
const params = client.callbackParams(authorization.headers.location.replace('#', '?')); // < use the location header to extract the callback parameters | |
// assertion phase | |
try { | |
await client.authorizationCallback(redirect_uri, params, { nonce }); | |
reject(); // < in case previous statement does not throw/reject | |
} catch (err) { | |
assert.equal(err.message, 'invalid signature'); // < assert the error message | |
} | |
}); | |
}); | |
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
describe('rp-nonce-unless-code-flow', function () { // < test framework, failed assertions and uncaught errors will fail the test | |
forEach({ | |
'@id_token-implicit': 'id_token', | |
'@id_token+token-implicit': 'id_token token', | |
'@code+id_token-hybrid': 'code id_token', | |
'@code+token-hybrid': 'code token', | |
'@code+id_token+token-hybrid': 'code id_token token', | |
}, (response_type, profile) => { | |
it(profile, async function () { // < test framework | |
const { client } = await register('rp-nonce-unless-code-flow', { }); // < discovery + dynamic registration wrapper | |
const nonce = String(Math.random()); | |
const authorization = await got(client.authorizationUrl({ nonce, redirect_uri, response_type }), noFollow); | |
const params = client.callbackParams(authorization.headers.location.replace('#', '?')); | |
const tokens = await client.authorizationCallback(redirect_uri, params, { nonce }); | |
assert(tokens); // < assert the result presence | |
}); | |
}); | |
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1) ID Token rp-id_token-bad-sig-rs256 @code-basic | |
✓ ID Token rp-id_token-bad-sig-rs256 @id_token-implicit: 1925ms | |
✓ ID Token rp-id_token-bad-sig-rs256 @id_token+token-implicit: 1882ms | |
✓ ID Token rp-id_token-bad-sig-rs256 @code+id_token-hybrid: 1889ms | |
✓ ID Token rp-id_token-bad-sig-rs256 @code+token-hybrid: 2364ms | |
✓ ID Token rp-id_token-bad-sig-rs256 @code+id_token+token-hybrid: 1893ms | |
✓ nonce Request Parameter rp-nonce-unless-code-flow @id_token-implicit: 1898ms | |
2) nonce Request Parameter rp-nonce-unless-code-flow @id_token+token-implicit | |
✓ nonce Request Parameter rp-nonce-unless-code-flow @code+id_token-hybrid: 2350ms | |
✓ nonce Request Parameter rp-nonce-unless-code-flow @code+token-hybrid: 2332ms | |
✓ nonce Request Parameter rp-nonce-unless-code-flow @code+id_token+token-hybrid: 2348ms | |
9 passing (25s) | |
2 failing | |
1) ID Token rp-id_token-bad-sig-rs256 @code-basic: | |
AssertionError: 'invalid signature' == 'expected a rejection' | |
+ expected - actual | |
-expected a rejection | |
+invalid signature | |
2) nonce Request Parameter rp-nonce-unless-code-flow @id_token+token-implicit: | |
AssertionError: true == undefined | |
+ expected - actual | |
-undefined | |
+true | |
npm ERR! Test failed. See above for more details. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment