|
@@ -0,0 +1,72 @@
|
|
|
+package auth
|
|
|
+
|
|
|
+import (
|
|
|
+ "context"
|
|
|
+ "github.com/Nerzal/gocloak/v13"
|
|
|
+ "github.com/Nerzal/gocloak/v13/pkg/jwx"
|
|
|
+ "os"
|
|
|
+ "reflect"
|
|
|
+ "testing"
|
|
|
+)
|
|
|
+
|
|
|
+var cli = gocloak.NewClient(os.Getenv("JWT_ISSUER"))
|
|
|
+
|
|
|
+func TestDecodeClaims(t *testing.T) {
|
|
|
+ tests := []struct {
|
|
|
+ token string
|
|
|
+ realm string
|
|
|
+ want *Claims
|
|
|
+ wantErr bool
|
|
|
+ }{
|
|
|
+ {
|
|
|
+ token: "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJzTEFaZEJKUF93OHdZRWI4aDlQNmxNSTltSS1WMlNCX1JRREpmZG5Qek1JIn0.eyJleHAiOjE2OTQ0MDY4MzUsImlhdCI6MTY5NDQwNjUzNSwianRpIjoiMjMzODg1MjAtNmQ5Yi00ZTNiLTkzODItYTk5NWQ1MGZiMzI2IiwiaXNzIjoiaHR0cDovLzIwLjIxMC4xMTUuMjQ1L3JlYWxtcy8zMmE4MzQ4Ni0xNTMwLTUwN2MtYWRkNy1kOTdmNDMxNmIyOGIiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiM2U1NmQxYjMtNjBkMy00OWQxLWExNzQtZDY5Y2ZhNjI1NDE4IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoibWFzdGVyIiwic2Vzc2lvbl9zdGF0ZSI6ImQxMTg2YmE2LWQyYzEtNGRiZC04MjNiLTJiODM4ZGE0OWVhMCIsImFjciI6IjEiLCJhbGxvd2VkLW9yaWdpbnMiOlsiKiJdLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiIsImRlZmF1bHQtcm9sZXMtZGVtbyJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoib3BlbmlkIGVtYWlsIHByb2ZpbGUiLCJzaWQiOiJkMTE4NmJhNi1kMmMxLTRkYmQtODIzYi0yYjgzOGRhNDllYTAiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsInByZWZlcnJlZF91c2VybmFtZSI6ImJlZWpheSJ9.UGJf4utoJAUL0TzaaRwiAew_r5movdt_zrQab0wUt7kfIeV-3x8VPegeHSwKpc3Aera7RPjGjQMF4_rPgxjowMNXKPVY3kxIj0g9Mx0A80t3-iUcYuVzRYYqw0WUEDonFxWSo1i4kbuZeBv55Q3mHNYp_umKn_Fp2AzH3o1vLQoBLoX1_zj9MjljFTJtwAjHQ96AYHfO0lc-gREJFdFOSlNNvNXYlAZott_3vilhbGu0JhbpHmNgIibnNFsV444K0toa2BeMrcr-dL09FKVb0mcZt3lj5UfHF2BXDJSsrL0nUXgb7ZoBKjaGDqkvL8GFViDr7wRpiFABBBWwAQyaNA",
|
|
|
+ realm: "32a83486-1530-507c-add7-d97f4316b28b",
|
|
|
+ want: &Claims{
|
|
|
+ Acr: "1",
|
|
|
+ AllowedOrigins: []string{"*"},
|
|
|
+ Aud: "account",
|
|
|
+ Azp: "master",
|
|
|
+ EmailVerified: false,
|
|
|
+ ExpiresAr: 1694406835,
|
|
|
+ IssuedAt: 1694406535,
|
|
|
+ Issuer: "http://20.210.115.245/realms/32a83486-1530-507c-add7-d97f4316b28b",
|
|
|
+ Jti: "b489568f-5236-4c97-aa81-172cf18036bc",
|
|
|
+ Username: "beejay",
|
|
|
+ RealmAccess: jwx.RealmAccess{
|
|
|
+ Roles: []string{"offline_access", "uma_authorization", "default-roles-demo"},
|
|
|
+ },
|
|
|
+ ResourceAccess: jwx.ResourceAccess{
|
|
|
+ Account: jwx.Account{
|
|
|
+ Roles: []string{"manage-account", "manage-account-links", "view-profile"},
|
|
|
+ },
|
|
|
+ },
|
|
|
+ Scope: "openid email profile",
|
|
|
+ SessionState: "d1186ba6-d2c1-4dbd-823b-2b838da49ea0",
|
|
|
+ Sid: "d1186ba6-d2c1-4dbd-823b-2b838da49ea0",
|
|
|
+ Sub: "3e56d1b3-60d3-49d1-a174-d69cfa625418",
|
|
|
+ Typ: "Bearer",
|
|
|
+ },
|
|
|
+ wantErr: false,
|
|
|
+ },
|
|
|
+ }
|
|
|
+
|
|
|
+ for _, tt := range tests {
|
|
|
+ t.Run("TestDecodeClaims", func(t *testing.T) {
|
|
|
+ token, _, err := cli.DecodeAccessToken(context.TODO(), tt.token, tt.realm)
|
|
|
+ if (err != nil) != tt.wantErr {
|
|
|
+ t.Errorf("DecodeClaims() error = %v, wantErr %v", err, tt.wantErr)
|
|
|
+ return
|
|
|
+ }
|
|
|
+
|
|
|
+ got, err := DecodeClaims(token)
|
|
|
+ if (err != nil) != tt.wantErr {
|
|
|
+ t.Errorf("DecodeClaims() error = %v, wantErr %v", err, tt.wantErr)
|
|
|
+ return
|
|
|
+ }
|
|
|
+
|
|
|
+ if !reflect.DeepEqual(got, tt.want) {
|
|
|
+ t.Errorf("DecodeClaims() got = %v, want %v", got, tt.want)
|
|
|
+ }
|
|
|
+ })
|
|
|
+ }
|
|
|
+}
|