MCPcopy
hub / github.com/ory/hydra / TestClientCredentials

Function TestClientCredentials

oauth2/oauth2_client_credentials_test.go:32–386  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

30)
31
32func TestClientCredentials(t *testing.T) {
33 t.Parallel()
34
35 ctx := context.Background()
36 reg := testhelpers.NewRegistryMemory(t, driver.WithConfigOptions(configx.WithValue(config.KeyAccessTokenStrategy, "opaque")))
37 public, admin := testhelpers.NewOAuth2Server(ctx, t, reg)
38
39 var newCustomClient = func(t *testing.T, c *hc.Client) (*hc.Client, clientcredentials.Config) {
40 unhashedSecret := c.Secret
41 require.NoError(t, reg.ClientManager().CreateClient(ctx, c))
42 return c, clientcredentials.Config{
43 ClientID: c.GetID(),
44 ClientSecret: unhashedSecret,
45 TokenURL: reg.Config().OAuth2TokenURL(ctx).String(),
46 Scopes: strings.Split(c.Scope, " "),
47 EndpointParams: url.Values{"audience": c.Audience},
48 }
49 }
50
51 var newClient = func(t *testing.T) (*hc.Client, clientcredentials.Config) {
52 return newCustomClient(t, &hc.Client{
53 Secret: uuid.Must(uuid.NewV4()).String(),
54 RedirectURIs: []string{public.URL + "/callback"},
55 ResponseTypes: []string{"token"},
56 GrantTypes: []string{"client_credentials"},
57 Scope: "foobar",
58 Audience: []string{"https://api.ory.sh/"},
59 })
60 }
61
62 var getToken = func(t *testing.T, conf clientcredentials.Config) (*goauth2.Token, error) {
63 conf.AuthStyle = goauth2.AuthStyleInHeader
64 return conf.Token(context.Background())
65 }
66
67 var encodeOr = func(t *testing.T, val interface{}, or string) string {
68 out, err := json.Marshal(val)
69 require.NoError(t, err)
70 if string(out) == "null" {
71 return or
72 }
73
74 return string(out)
75 }
76
77 var inspectToken = func(t *testing.T, token *goauth2.Token, cl *hc.Client, conf clientcredentials.Config, strategy string, expectedExp time.Time, checkExtraClaims bool) {
78 introspection := testhelpers.IntrospectToken(t, token.AccessToken, admin)
79
80 check := func(res gjson.Result) {
81 assert.EqualValues(t, cl.GetID(), res.Get("client_id").String(), "%s", res.Raw)
82 assert.EqualValues(t, cl.GetID(), res.Get("sub").String(), "%s", res.Raw)
83 assert.EqualValues(t, reg.Config().IssuerURL(ctx).String(), res.Get("iss").String(), "%s", res.Raw)
84
85 assert.EqualValues(t, res.Get("nbf").Int(), res.Get("iat").Int(), "%s", res.Raw)
86 assert.WithinDuration(t, expectedExp, time.Unix(res.Get("exp").Int(), 0), 2*time.Second)
87
88 assert.EqualValues(t, encodeOr(t, conf.EndpointParams["audience"], "[]"), res.Get("aud").Raw, "%s", res.Raw)
89

Callers

nothing calls this directly

Calls 15

NewRegistryMemoryFunction · 0.92
WithConfigOptionsFunction · 0.92
NewOAuth2ServerFunction · 0.92
IntrospectTokenFunction · 0.92
InsecureDecodeJWTFunction · 0.92
runFunction · 0.85
OAuth2TokenURLMethod · 0.80
IssuerURLMethod · 0.80
MustSetMethod · 0.80
CreateClientMethod · 0.65
ClientManagerMethod · 0.65

Tested by

no test coverage detected