(t *testing.T)
| 85 | } |
| 86 | |
| 87 | func TestOIDCProviderGetLoginURL(t *testing.T) { |
| 88 | serverURL := &url.URL{ |
| 89 | Scheme: "https", |
| 90 | Host: "oauth2proxy.oidctest", |
| 91 | } |
| 92 | provider := newOIDCProvider(serverURL, true) |
| 93 | |
| 94 | n, err := encryption.Nonce(32) |
| 95 | assert.NoError(t, err) |
| 96 | nonce := base64.RawURLEncoding.EncodeToString(n) |
| 97 | |
| 98 | // SkipNonce defaults to true |
| 99 | skipNonce := provider.GetLoginURL("http://redirect/", "", nonce, url.Values{}) |
| 100 | assert.NotContains(t, skipNonce, "nonce") |
| 101 | |
| 102 | provider.SkipNonce = false |
| 103 | withNonce := provider.GetLoginURL("http://redirect/", "", nonce, url.Values{}) |
| 104 | assert.Contains(t, withNonce, fmt.Sprintf("nonce=%s", nonce)) |
| 105 | assert.NotContains(t, withNonce, "code_challenge") |
| 106 | assert.NotContains(t, withNonce, "code_challenge_method") |
| 107 | } |
| 108 | |
| 109 | func TestOIDCProviderRedeem(t *testing.T) { |
| 110 | idToken, _ := newSignedTestIDToken(defaultIDToken) |
nothing calls this directly
no test coverage detected