Trusted RP 생성 흐름 테스트 추가

2026-03-30 13:08:10 +09:00
parent 3a057ee860
commit cfe97ecb1e
4 changed files with 299 additions and 0 deletions
--- a/backend/internal/domain/hydra_models_test.go
+++ b/backend/internal/domain/hydra_models_test.go
@@ -0,0 +1,60 @@
+package domain
+
+import "testing"
+
+func TestHydraClient_TrustedRPFlags(t *testing.T) {
+	t.Run("inline jwks with private_key_jwt and headless enabled", func(t *testing.T) {
+		client := HydraClient{
+			TokenEndpointAuthMethod: "private_key_jwt",
+			JWKS: map[string]any{
+				"keys": []map[string]any{{
+					"kty": "RSA",
+				}},
+			},
+			Metadata: map[string]any{
+				"headless_login_enabled": true,
+			},
+		}
+
+		if !client.IsTrustedRP() {
+			t.Fatalf("expected trusted rp")
+		}
+		if !client.IsHeadlessLoginEnabled() {
+			t.Fatalf("expected headless login enabled")
+		}
+	})
+
+	t.Run("jwks uri without private_key_jwt is not trusted", func(t *testing.T) {
+		client := HydraClient{
+			TokenEndpointAuthMethod: "none",
+			JWKSUri:                 "https://rp.example.com/.well-known/jwks.json",
+			Metadata: map[string]any{
+				"headless_login_enabled": true,
+			},
+		}
+
+		if client.IsTrustedRP() {
+			t.Fatalf("expected untrusted rp")
+		}
+		if client.IsHeadlessLoginEnabled() {
+			t.Fatalf("expected headless login disabled when client is not trusted")
+		}
+	})
+
+	t.Run("trusted rp without boolean metadata flag is not headless enabled", func(t *testing.T) {
+		client := HydraClient{
+			TokenEndpointAuthMethod: "private_key_jwt",
+			JWKSUri:                 "https://rp.example.com/.well-known/jwks.json",
+			Metadata: map[string]any{
+				"headless_login_enabled": "true",
+			},
+		}
+
+		if !client.IsTrustedRP() {
+			t.Fatalf("expected trusted rp")
+		}
+		if client.IsHeadlessLoginEnabled() {
+			t.Fatalf("expected headless login disabled for non-bool metadata")
+		}
+	})
+}