github.com/Axway/agent-sdk@v1.1.101/pkg/authz/oauth/provider_test.go (about) 1 package oauth 2 3 import ( 4 "net/http" 5 "strings" 6 "testing" 7 "time" 8 9 "github.com/Axway/agent-sdk/pkg/config" 10 "github.com/stretchr/testify/assert" 11 ) 12 13 func TestProvider(t *testing.T) { 14 15 cases := []struct { 16 name string 17 idpType string 18 authHeader map[string]string 19 authQueryParams map[string]string 20 headers map[string]string 21 queryParams map[string]string 22 clientRequest *clientMetadata 23 expectedClient *clientMetadata 24 metadataResponseCode int 25 registrationResponseCode int 26 unRegistrationResponseCode int 27 expectMetadataErr bool 28 expectRegistrationErr bool 29 expectUnRegistrationErr bool 30 authServerMetadata *AuthorizationServerMetadata 31 }{ 32 { 33 name: "IDP metadata bad request", 34 idpType: "generic", 35 metadataResponseCode: http.StatusBadRequest, 36 expectMetadataErr: true, 37 }, 38 { 39 name: "registration bad request", 40 idpType: "generic", 41 clientRequest: &clientMetadata{ 42 ClientName: "test", 43 }, 44 metadataResponseCode: http.StatusOK, 45 registrationResponseCode: http.StatusBadRequest, 46 expectRegistrationErr: true, 47 }, 48 { 49 name: "unregistration bad request", 50 idpType: "okta", 51 clientRequest: &clientMetadata{ 52 ClientName: "test", 53 RedirectURIs: []string{"http://localhost"}, 54 JwksURI: "http://jwks", 55 GrantTypes: []string{GrantTypeAuthorizationCode}, 56 }, 57 expectedClient: &clientMetadata{ 58 ClientName: "test", 59 RedirectURIs: []string{"http://localhost"}, 60 JwksURI: "http://jwks", 61 GrantTypes: []string{GrantTypeAuthorizationCode}, 62 TokenEndpointAuthMethod: config.ClientSecretBasic, 63 ResponseTypes: []string{AuthResponseCode}, 64 Scope: []string{"read", "write"}, 65 extraProperties: map[string]string{ 66 "key": "value", 67 oktaApplicationType: oktaAppTypeWeb, 68 }, 69 }, 70 metadataResponseCode: http.StatusOK, 71 registrationResponseCode: http.StatusCreated, 72 unRegistrationResponseCode: http.StatusBadRequest, 73 expectUnRegistrationErr: true, 74 }, 75 { 76 name: "successful create and delete client", 77 idpType: "generic", 78 clientRequest: &clientMetadata{ 79 ClientName: "test", 80 RedirectURIs: []string{"http://localhost"}, 81 JwksURI: "http://jwks", 82 GrantTypes: []string{GrantTypeImplicit}, 83 }, 84 expectedClient: &clientMetadata{ 85 ClientName: "test", 86 RedirectURIs: []string{"http://localhost"}, 87 JwksURI: "http://jwks", 88 GrantTypes: []string{GrantTypeImplicit}, 89 TokenEndpointAuthMethod: config.ClientSecretBasic, 90 ResponseTypes: []string{AuthResponseToken}, 91 Scope: []string{"read", "write"}, 92 extraProperties: map[string]string{ 93 "key": "value", 94 }, 95 }, 96 metadataResponseCode: http.StatusOK, 97 registrationResponseCode: http.StatusCreated, 98 unRegistrationResponseCode: http.StatusNoContent, 99 }, 100 { 101 name: "successful client_credential", 102 idpType: "generic", 103 authHeader: map[string]string{"authHdr": "authHrdVal"}, 104 authQueryParams: map[string]string{"authParam": "authParamVal"}, 105 headers: map[string]string{"hdr": "hrdVal"}, 106 queryParams: map[string]string{"param": "paramVal"}, 107 clientRequest: &clientMetadata{ 108 ClientName: "test", 109 RedirectURIs: []string{"http://localhost"}, 110 JwksURI: "http://jwks", 111 GrantTypes: []string{GrantTypeClientCredentials}, 112 }, 113 expectedClient: &clientMetadata{ 114 ClientName: "test", 115 RedirectURIs: []string{"http://localhost"}, 116 JwksURI: "http://jwks", 117 GrantTypes: []string{GrantTypeClientCredentials}, 118 TokenEndpointAuthMethod: config.ClientSecretBasic, 119 ResponseTypes: []string{}, 120 Scope: []string{"read", "write"}, 121 extraProperties: map[string]string{ 122 "key": "value", 123 }, 124 }, 125 metadataResponseCode: http.StatusOK, 126 registrationResponseCode: http.StatusCreated, 127 unRegistrationResponseCode: http.StatusNoContent, 128 }, 129 { 130 name: "provider with existing auth server metadata", 131 idpType: "generic", 132 clientRequest: &clientMetadata{ 133 ClientName: "test", 134 RedirectURIs: []string{"http://localhost"}, 135 JwksURI: "http://jwks", 136 GrantTypes: []string{GrantTypeClientCredentials}, 137 }, 138 expectedClient: &clientMetadata{ 139 ClientName: "test", 140 RedirectURIs: []string{"http://localhost"}, 141 JwksURI: "http://jwks", 142 GrantTypes: []string{GrantTypeClientCredentials}, 143 TokenEndpointAuthMethod: config.ClientSecretBasic, 144 ResponseTypes: []string{}, 145 Scope: []string{"read", "write"}, 146 extraProperties: map[string]string{ 147 "key": "value", 148 }, 149 }, 150 authServerMetadata: &AuthorizationServerMetadata{}, 151 registrationResponseCode: http.StatusCreated, 152 unRegistrationResponseCode: http.StatusNoContent, 153 }, 154 } 155 for _, tc := range cases { 156 t.Run(tc.name, func(t *testing.T) { 157 s := NewMockIDPServer() 158 defer s.Close() 159 idpCfg := &config.IDPConfiguration{ 160 Name: "test", 161 Type: tc.idpType, 162 AuthConfig: &config.IDPAuthConfiguration{ 163 Type: config.Client, 164 ClientID: "test", 165 ClientSecret: "test", 166 RequestHeaders: tc.authHeader, 167 QueryParams: tc.authQueryParams, 168 }, 169 GrantType: GrantTypeClientCredentials, 170 ClientScopes: "read,write", 171 AuthMethod: config.ClientSecretBasic, 172 MetadataURL: s.GetMetadataURL(), 173 ExtraProperties: config.ExtraProperties{"key": "value"}, 174 RequestHeaders: tc.headers, 175 QueryParams: tc.queryParams, 176 } 177 178 s.SetMetadataResponseCode(tc.metadataResponseCode) 179 var opts []func(*providerOptions) 180 if tc.authServerMetadata != nil { 181 tc.authServerMetadata.TokenEndpoint = s.GetTokenURL() 182 tc.authServerMetadata.RegistrationEndpoint = s.GetRegistrationEndpoint() 183 opts = []func(*providerOptions){ 184 WithAuthServerMetadata(tc.authServerMetadata), 185 } 186 } 187 p, err := NewProvider(idpCfg, config.NewTLSConfig(), "", 30*time.Second, opts...) 188 if tc.expectMetadataErr { 189 assert.NotNil(t, err) 190 assert.Nil(t, p) 191 return 192 } 193 194 assert.Nil(t, err) 195 assert.NotNil(t, p) 196 if tc.authServerMetadata != nil { 197 authMetadata := p.GetMetadata() 198 assert.Equal(t, tc.authServerMetadata.TokenEndpoint, authMetadata.TokenEndpoint) 199 assert.Equal(t, tc.authServerMetadata.RegistrationEndpoint, authMetadata.RegistrationEndpoint) 200 } 201 202 s.SetRegistrationResponseCode(tc.registrationResponseCode) 203 cr, err := p.RegisterClient(tc.clientRequest) 204 if tc.expectRegistrationErr { 205 assert.NotNil(t, err) 206 assert.Nil(t, cr) 207 return 208 } 209 210 assert.Nil(t, err) 211 assert.NotNil(t, cr) 212 213 assert.Equal(t, tc.expectedClient.GetClientName(), cr.GetClientName()) 214 assert.NotEmpty(t, cr.GetClientID()) 215 assert.NotEmpty(t, cr.GetClientSecret()) 216 assert.Equal(t, strings.Join(tc.expectedClient.GetGrantTypes(), ","), strings.Join(cr.GetGrantTypes(), ",")) 217 assert.Equal(t, tc.expectedClient.GetTokenEndpointAuthMethod(), cr.GetTokenEndpointAuthMethod()) 218 assert.Equal(t, strings.Join(tc.expectedClient.GetResponseTypes(), ","), strings.Join(cr.GetResponseTypes(), ",")) 219 assert.Equal(t, strings.Join(tc.expectedClient.GetRedirectURIs(), ","), strings.Join(cr.GetRedirectURIs(), ",")) 220 assert.Equal(t, strings.Join(tc.expectedClient.GetScopes(), ","), strings.Join(cr.GetScopes(), ",")) 221 assert.Equal(t, tc.expectedClient.GetJwksURI(), cr.GetJwksURI()) 222 assert.Equal(t, len(tc.expectedClient.GetExtraProperties()), len(cr.GetExtraProperties())) 223 s.SetRegistrationResponseCode(tc.unRegistrationResponseCode) 224 err = p.UnregisterClient(cr.GetClientID(), cr.GetRegistrationAccessToken()) 225 if tc.expectUnRegistrationErr { 226 assert.NotNil(t, err) 227 return 228 } 229 assertHeaders(t, tc.authHeader, s.GetTokenRequestHeaders()) 230 assertQueryParams(t, tc.authQueryParams, s.GetTokenQueryParams()) 231 assertHeaders(t, tc.headers, s.GetRequestHeaders()) 232 assertQueryParams(t, tc.queryParams, s.GetQueryParams()) 233 234 assert.Nil(t, err) 235 }) 236 } 237 }