(t *testing.T)
| 378 | } |
| 379 | |
| 380 | func TestHandlerOauthAuthorizationServer(t *testing.T) { |
| 381 | t.Parallel() |
| 382 | |
| 383 | reg := testhelpers.NewRegistryMemory(t, driver.WithConfigOptions(configx.WithValues(map[string]any{ |
| 384 | config.KeyScopeStrategy: "DEPRECATED_HIERARCHICAL_SCOPE_STRATEGY", |
| 385 | config.KeyIssuerURL: "http://hydra.localhost", |
| 386 | config.KeySubjectTypesSupported: []string{"pairwise", "public"}, |
| 387 | config.KeyOIDCDiscoverySupportedClaims: []string{"sub"}, |
| 388 | config.KeyOAuth2ClientRegistrationURL: "http://client-register/registration", |
| 389 | config.KeyOIDCDiscoveryUserinfoEndpoint: "/userinfo", |
| 390 | }))) |
| 391 | t.Run(fmt.Sprintf("hsm_enabled=%v", reg.Config().HSMEnabled()), func(t *testing.T) { |
| 392 | testhelpers.MustEnsureRegistryKeys(t, reg, x.OpenIDConnectKeyName) |
| 393 | |
| 394 | h := oauth2.NewHandler(reg) |
| 395 | |
| 396 | r := httprouterx.NewTestRouterAdminWithPrefix(t) |
| 397 | h.SetPublicRoutes(r.ToPublic(), func(h http.Handler) http.Handler { return h }) |
| 398 | h.SetAdminRoutes(r) |
| 399 | ts := httptest.NewServer(r) |
| 400 | defer ts.Close() |
| 401 | |
| 402 | res, err := http.Get(ts.URL + "/.well-known/oauth-authorization-server") |
| 403 | require.NoError(t, err) |
| 404 | defer res.Body.Close() //nolint:errcheck |
| 405 | |
| 406 | var wellKnownResp hydra.OidcConfiguration |
| 407 | err = json.NewDecoder(res.Body).Decode(&wellKnownResp) |
| 408 | require.NoError(t, err, "problem decoding wellknown json response: %+v", err) |
| 409 | snapshotOpts := []snapshotx.Opt{} |
| 410 | if reg.Config().HSMEnabled() { |
| 411 | // The signing algorithm is not stable in the HSM tests, because the key is kept |
| 412 | // in the HSM and persists across test runs. |
| 413 | snapshotOpts = append(snapshotOpts, snapshotx.ExceptPaths( |
| 414 | "id_token_signed_response_alg", |
| 415 | "id_token_signing_alg_values_supported", |
| 416 | "userinfo_signed_response_alg", |
| 417 | "userinfo_signing_alg_values_supported", |
| 418 | )) |
| 419 | } |
| 420 | snapshotx.SnapshotT(t, wellKnownResp, snapshotOpts...) |
| 421 | }) |
| 422 | } |
nothing calls this directly
no test coverage detected