(t *testing.T)
| 333 | } |
| 334 | |
| 335 | func TestHandlerWellKnown(t *testing.T) { |
| 336 | t.Parallel() |
| 337 | |
| 338 | reg := testhelpers.NewRegistryMemory(t, driver.WithConfigOptions(configx.WithValues(map[string]any{ |
| 339 | config.KeyScopeStrategy: "DEPRECATED_HIERARCHICAL_SCOPE_STRATEGY", |
| 340 | config.KeyIssuerURL: "http://hydra.localhost", |
| 341 | config.KeySubjectTypesSupported: []string{"pairwise", "public"}, |
| 342 | config.KeyOIDCDiscoverySupportedClaims: []string{"sub"}, |
| 343 | config.KeyOAuth2ClientRegistrationURL: "http://client-register/registration", |
| 344 | config.KeyOIDCDiscoveryUserinfoEndpoint: "/userinfo", |
| 345 | }))) |
| 346 | t.Run(fmt.Sprintf("hsm_enabled=%v", reg.Config().HSMEnabled()), func(t *testing.T) { |
| 347 | testhelpers.MustEnsureRegistryKeys(t, reg, x.OpenIDConnectKeyName) |
| 348 | |
| 349 | h := oauth2.NewHandler(reg) |
| 350 | |
| 351 | r := httprouterx.NewTestRouterAdminWithPrefix(t) |
| 352 | h.SetPublicRoutes(r.ToPublic(), func(h http.Handler) http.Handler { return h }) |
| 353 | h.SetAdminRoutes(r) |
| 354 | ts := httptest.NewServer(r) |
| 355 | defer ts.Close() |
| 356 | |
| 357 | res, err := http.Get(ts.URL + "/.well-known/openid-configuration") |
| 358 | require.NoError(t, err) |
| 359 | defer res.Body.Close() //nolint:errcheck |
| 360 | |
| 361 | var wellKnownResp hydra.OidcConfiguration |
| 362 | err = json.NewDecoder(res.Body).Decode(&wellKnownResp) |
| 363 | require.NoError(t, err, "problem decoding wellknown json response: %+v", err) |
| 364 | |
| 365 | snapshotOpts := []snapshotx.Opt{} |
| 366 | if reg.Config().HSMEnabled() { |
| 367 | // The signing algorithm is not stable in the HSM tests, because the key is kept |
| 368 | // in the HSM and persists across test runs. |
| 369 | snapshotOpts = append(snapshotOpts, snapshotx.ExceptPaths( |
| 370 | "id_token_signed_response_alg", |
| 371 | "id_token_signing_alg_values_supported", |
| 372 | "userinfo_signed_response_alg", |
| 373 | "userinfo_signing_alg_values_supported", |
| 374 | )) |
| 375 | } |
| 376 | snapshotx.SnapshotT(t, wellKnownResp, snapshotOpts...) |
| 377 | }) |
| 378 | } |
| 379 | |
| 380 | func TestHandlerOauthAuthorizationServer(t *testing.T) { |
| 381 | t.Parallel() |
nothing calls this directly
no test coverage detected