github.com/livekit/protocol@v1.16.1-0.20240517185851-47e4c6bba773/auth/accesstoken_test.go (about) 1 // Copyright 2023 LiveKit, Inc. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package auth 16 17 import ( 18 "strings" 19 "testing" 20 "time" 21 22 "github.com/go-jose/go-jose/v3/jwt" 23 "github.com/stretchr/testify/require" 24 25 "github.com/livekit/protocol/livekit" 26 "github.com/livekit/protocol/utils" 27 ) 28 29 func TestAccessToken(t *testing.T) { 30 t.Parallel() 31 32 t.Run("keys must be set", func(t *testing.T) { 33 token := NewAccessToken("", "") 34 _, err := token.ToJWT() 35 require.Equal(t, ErrKeysMissing, err) 36 }) 37 38 t.Run("generates a decode-able key", func(t *testing.T) { 39 apiKey, secret := apiKeypair() 40 videoGrant := &VideoGrant{RoomJoin: true, Room: "myroom"} 41 at := NewAccessToken(apiKey, secret). 42 AddGrant(videoGrant). 43 SetValidFor(time.Minute * 5). 44 SetKind(livekit.ParticipantInfo_AGENT). 45 SetIdentity("user") 46 value, err := at.ToJWT() 47 //fmt.Println(raw) 48 require.NoError(t, err) 49 50 require.Len(t, strings.Split(value, "."), 3) 51 52 // ensure it's a valid JWT 53 token, err := jwt.ParseSigned(value) 54 require.NoError(t, err) 55 56 decodedGrant := ClaimGrants{} 57 err = token.UnsafeClaimsWithoutVerification(&decodedGrant) 58 require.NoError(t, err) 59 60 require.EqualValues(t, livekit.ParticipantInfo_AGENT, decodedGrant.GetParticipantKind()) 61 require.EqualValues(t, videoGrant, decodedGrant.Video) 62 }) 63 64 t.Run("missing kind should be interpreted as standard", func(t *testing.T) { 65 apiKey, secret := apiKeypair() 66 value, err := NewAccessToken(apiKey, secret). 67 AddGrant(&VideoGrant{RoomJoin: true, Room: "myroom"}). 68 ToJWT() 69 require.NoError(t, err) 70 token, err := jwt.ParseSigned(value) 71 require.NoError(t, err) 72 73 decodedGrant := ClaimGrants{} 74 err = token.UnsafeClaimsWithoutVerification(&decodedGrant) 75 require.NoError(t, err) 76 77 // default validity 78 require.EqualValues(t, livekit.ParticipantInfo_STANDARD, decodedGrant.GetParticipantKind()) 79 }) 80 81 t.Run("default validity should be more than a minute", func(t *testing.T) { 82 apiKey, secret := apiKeypair() 83 videoGrant := &VideoGrant{RoomJoin: true, Room: "myroom"} 84 at := NewAccessToken(apiKey, secret). 85 AddGrant(videoGrant) 86 value, err := at.ToJWT() 87 require.NoError(t, err) 88 token, err := jwt.ParseSigned(value) 89 require.NoError(t, err) 90 91 claim := jwt.Claims{} 92 decodedGrant := ClaimGrants{} 93 err = token.UnsafeClaimsWithoutVerification(&claim, &decodedGrant) 94 require.NoError(t, err) 95 require.EqualValues(t, videoGrant, decodedGrant.Video) 96 97 // default validity 98 require.True(t, claim.Expiry.Time().Sub(claim.IssuedAt.Time()) > time.Minute) 99 }) 100 } 101 102 func apiKeypair() (string, string) { 103 return utils.NewGuid(utils.APIKeyPrefix), utils.RandomSecret() 104 }