Unit tests for #2177
This commit is contained in:
parent
a3821fc560
commit
8143c5168b
|
@ -143,12 +143,22 @@ ok( $prms{access_token}, ' access_token found' );
|
|||
ok( $prms{state}, ' state found' );
|
||||
count(5);
|
||||
|
||||
my $id_token_payload = id_token_payload($prms{id_token});
|
||||
is ($id_token_payload->{acr}, "customacr-1", "Check ACR value");
|
||||
count(1);
|
||||
my $id_token_payload = id_token_payload( $prms{id_token} );
|
||||
is( $id_token_payload->{acr}, "customacr-1", "Check ACR value" );
|
||||
ok( ( grep { $_ eq "rpid" } @{ $id_token_payload->{aud} } ),
|
||||
'Check that clientid is in audience' );
|
||||
ok( (
|
||||
grep { $_ eq "http://my.extra.audience/test" }
|
||||
@{ $id_token_payload->{aud} }
|
||||
),
|
||||
'Check for additional audiences'
|
||||
);
|
||||
ok( ( grep { $_ eq "urn:extra2" } @{ $id_token_payload->{aud} } ),
|
||||
'Check for additional audiences' );
|
||||
count(4);
|
||||
|
||||
# Check attributes in ID Token
|
||||
my $id_token_decoded = id_token_payload($prms{id_token});
|
||||
my $id_token_decoded = id_token_payload( $prms{id_token} );
|
||||
ok( $id_token_decoded->{sub} eq "dwho", 'Check sub value' );
|
||||
ok( !$id_token_decoded->{name}, 'Claim name must not be in ID token' );
|
||||
count(2);
|
||||
|
@ -234,7 +244,9 @@ sub op {
|
|||
oidcServiceAllowAuthorizationCodeFlow => 1,
|
||||
oidcRPMetaDataOptions => {
|
||||
rp => {
|
||||
oidcRPMetaDataOptionsDisplayName => "RP",
|
||||
oidcRPMetaDataOptionsDisplayName => "RP",
|
||||
oidcRPMetaDataOptionsAdditionalAudiences =>
|
||||
"http://my.extra.audience/test urn:extra2",
|
||||
oidcRPMetaDataOptionsIDTokenExpiration => 3600,
|
||||
oidcRPMetaDataOptionsClientID => "rpid",
|
||||
oidcRPMetaDataOptionsIDTokenSignAlg => "HS512",
|
||||
|
@ -248,11 +260,11 @@ sub op {
|
|||
oidcOPMetaDataJSON => {},
|
||||
oidcOPMetaDataJWKS => {},
|
||||
oidcServiceMetaDataAuthnContext => {
|
||||
'loa-4' => 4,
|
||||
'loa-4' => 4,
|
||||
'customacr-1' => 1,
|
||||
'loa-5' => 5,
|
||||
'loa-2' => 2,
|
||||
'loa-3' => 3
|
||||
'loa-5' => 5,
|
||||
'loa-2' => 2,
|
||||
'loa-3' => 3
|
||||
},
|
||||
oidcServicePrivateKeySig => oidc_key_op_private_sig,
|
||||
oidcServicePublicKeySig => oidc_key_op_public_sig,
|
||||
|
|
|
@ -53,6 +53,9 @@ my $op = LLNG::Manager::Test->new( {
|
|||
oidcRPMetaDataOptionsAccessTokenExpiration => 3600,
|
||||
oidcRPMetaDataOptionsBypassConsent => 1,
|
||||
oidcRPMetaDataOptionsIDTokenForceClaims => 1,
|
||||
oidcRPMetaDataOptionsAdditionalAudiences =>
|
||||
"http://my.extra.audience/test urn:extra2",
|
||||
|
||||
}
|
||||
},
|
||||
oidcOPMetaDataOptions => {},
|
||||
|
@ -227,7 +230,17 @@ count(3);
|
|||
$id_token_payload = id_token_payload($id_token);
|
||||
is( $id_token_payload->{name}, 'Frédéric Accents',
|
||||
'Found claim in ID token' );
|
||||
count(1);
|
||||
ok( ( grep { $_ eq "rpid" } @{ $id_token_payload->{aud} } ),
|
||||
'Check that clientid is in audience' );
|
||||
ok( (
|
||||
grep { $_ eq "http://my.extra.audience/test" }
|
||||
@{ $id_token_payload->{aud} }
|
||||
),
|
||||
'Check for additional audiences'
|
||||
);
|
||||
ok( ( grep { $_ eq "urn:extra2" } @{ $id_token_payload->{aud} } ),
|
||||
'Check for additional audiences' );
|
||||
count(4);
|
||||
|
||||
## Get userinfo again
|
||||
ok(
|
||||
|
@ -263,12 +276,12 @@ ok(
|
|||
count(1);
|
||||
$json = expectJSON($res);
|
||||
|
||||
is( $json->{active}, 1 );
|
||||
is( $json->{client_id}, 'rpid' );
|
||||
is( $json->{sub}, 'french' );
|
||||
is( $json->{active}, 1, 'Token is active' );
|
||||
is( $json->{client_id}, 'rpid', 'Introspection contains client_id' );
|
||||
is( $json->{sub}, 'french', 'Introspection contains sub' );
|
||||
|
||||
# #2168
|
||||
ok( grep { $_ eq "!weird:scope.name~" } ( split /\s+/, $json->{scope} ),
|
||||
ok( ( grep { $_ eq "!weird:scope.name~" } ( split /\s+/, $json->{scope} ) ),
|
||||
"Scope contains weird scope name" );
|
||||
count(4);
|
||||
|
||||
|
|
|
@ -54,6 +54,8 @@ my $op = LLNG::Manager::Test->new( {
|
|||
oidcRPMetaDataOptionsBypassConsent => 1,
|
||||
oidcRPMetaDataOptionsRefreshToken => 1,
|
||||
oidcRPMetaDataOptionsIDTokenForceClaims => 1,
|
||||
oidcRPMetaDataOptionsAdditionalAudiences =>
|
||||
"http://my.extra.audience/test urn:extra2",
|
||||
}
|
||||
},
|
||||
oidcOPMetaDataOptions => {},
|
||||
|
@ -119,6 +121,16 @@ ok( $id_token, "Got ID token" );
|
|||
my $id_token_payload = id_token_payload($id_token);
|
||||
is( $id_token_payload->{name}, 'Frédéric Accents',
|
||||
'Found claim in ID token' );
|
||||
ok( ( grep { $_ eq "rpid" } @{ $id_token_payload->{aud} } ),
|
||||
'Check that clientid is in audience' );
|
||||
ok( (
|
||||
grep { $_ eq "http://my.extra.audience/test" }
|
||||
@{ $id_token_payload->{aud} }
|
||||
),
|
||||
'Check for additional audiences'
|
||||
);
|
||||
ok( ( grep { $_ eq "urn:extra2" } @{ $id_token_payload->{aud} } ),
|
||||
'Check for additional audiences' );
|
||||
|
||||
# Get userinfo
|
||||
$res = $op->_post(
|
||||
|
|
Loading…
Reference in New Issue
Block a user