Documentation ¶
Overview ¶
package oidcauthtest exposes tools to assist in writing unit tests of OIDC and JWT authentication workflows.
When the package is loaded it will randomly generate an ECDSA signing keypair used to sign JWTs both via the Server and the SignJWT method.
Index ¶
- func SignJWT(privKey string, claims jwt.Claims, privateClaims interface{}) (string, error)
- func SigningKeys() (pub, priv string)
- func WithPort(port int, returnFunc func()) startOption
- type Server
- func (s *Server) Addr() string
- func (s *Server) CACert() string
- func (s *Server) DisableUserInfo()
- func (s *Server) OmitIDTokens()
- func (s *Server) ServeHTTP(w http.ResponseWriter, req *http.Request)
- func (s *Server) SetAllowedRedirectURIs(uris []string)
- func (s *Server) SetClientCreds(clientID, clientSecret string)
- func (s *Server) SetCustomAudience(customAudience string)
- func (s *Server) SetCustomClaims(customClaims map[string]interface{})
- func (s *Server) SetExpectedAuthCode(code string)
- func (s *Server) SetExpectedAuthNonce(nonce string)
- func (s *Server) SigningKeys() (pub, priv string)
- func (s *Server) Stop()
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func SignJWT ¶
SignJWT will bundle the provided claims into a signed JWT. The provided key is assumed to be ECDSA.
If no private key is provided, the default package keys are used. These can be retrieved via the SigningKeys() method.
func SigningKeys ¶
func SigningKeys() (pub, priv string)
SigningKeys returns the pem-encoded keys used to sign JWTs by default.
Types ¶
type Server ¶
type Server struct {
// contains filtered or unexported fields
}
Server is local server the mocks the endpoints used by the OIDC and JWKS process.
func Start ¶
func Start(t testing.T, options ...startOption) *Server
Start creates a disposable Server. If the port provided is zero it will bind to a random free port, otherwise the provided port is used.
func (*Server) DisableUserInfo ¶
func (s *Server) DisableUserInfo()
DisableUserInfo makes the userinfo endpoint return 404 and omits it from the discovery config.
func (*Server) OmitIDTokens ¶
func (s *Server) OmitIDTokens()
OmitIDTokens forces an error state where the /token endpoint does not return id_token.
func (*Server) ServeHTTP ¶
func (s *Server) ServeHTTP(w http.ResponseWriter, req *http.Request)
ServeHTTP implements http.Handler.
func (*Server) SetAllowedRedirectURIs ¶
SetAllowedRedirectURIs allows you to configure the allowed redirect URIs for the OIDC workflow. If not configured a sample of "https://example.com" is used.
func (*Server) SetClientCreds ¶
SetClientCreds is for configuring the client information required for the OIDC workflows.
func (*Server) SetCustomAudience ¶
SetCustomAudience configures what audience value to embed in the JWT issued by the OIDC workflow.
func (*Server) SetCustomClaims ¶
SetCustomClaims lets you set claims to return in the JWT issued by the OIDC workflow.
func (*Server) SetExpectedAuthCode ¶
SetExpectedAuthCode configures the auth code to return from /auth and the allowed auth code for /token.
func (*Server) SetExpectedAuthNonce ¶
SetExpectedAuthNonce configures the nonce value required for /auth.
func (*Server) SigningKeys ¶
SigningKeys returns the pem-encoded keys used to sign JWTs.