Trusted RP 생성 흐름 테스트 추가

2026-03-30 13:08:10 +09:00
parent 3a057ee860
commit cfe97ecb1e
4 changed files with 299 additions and 0 deletions
--- a/devfront/tests/devfront-clients-lifecycle.spec.ts
+++ b/devfront/tests/devfront-clients-lifecycle.spec.ts
@@ -8,6 +8,8 @@ import {
 } from "./helpers/devfront-fixtures";

 const appNamePlaceholder = /My Awesome Application|예: 멋진 애플리케이션/i;
+const sshRsaPublicKey =
+  "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAABwECAwQFBgc= test@example";

 test.describe("DevFront clients lifecycle", () => {
  test.beforeEach(async ({ page }) => {
@@ -120,4 +122,69 @@ test.describe("DevFront clients lifecycle", () => {
      page.getByRole("textbox", { name: /인증 콜백 URL|Callback/i }),
    ).toHaveValue(/https:\/\/after\.example\.com\/callback/);
  });
+
+  test("pkce trusted rp with inline ssh-rsa key should persist mapped payload", async ({
+    page,
+  }) => {
+    const state = {
+      clients: [makeClient("client-trusted", { name: "Trusted App", type: "pkce" })],
+      consents: [] as Consent[],
+      auditLogsByCursor: undefined,
+    };
+    await installDevApiMock(page, state);
+
+    await page.goto("/clients/client-trusted/settings");
+
+    await page
+      .getByRole("switch", {
+        name: /Trusted RP \(자체 로그인 UI 사용\)|Trusted RP \(Custom Login UI\)/i,
+      })
+      .click();
+
+    await expect(
+      page.getByRole("heading", {
+        name: /공개키 등록|Public Key Registration/i,
+      }),
+    ).toBeVisible();
+
+    await page
+      .getByPlaceholder(
+        /ssh-rsa AAA\.\.\.|Paste an 'ssh-rsa AAA\.\.\.' public key first/i,
+      )
+      .fill(sshRsaPublicKey);
+    await page.getByRole("button", { name: /^저장$|^Save$/i }).click();
+
+    await expect.poll(() => state.clients[0]?.tokenEndpointAuthMethod).toBe(
+      "private_key_jwt",
+    );
+    await expect
+      .poll(() => state.clients[0]?.metadata?.headless_login_enabled)
+      .toBe(true);
+    await expect
+      .poll(
+        () =>
+          (state.clients[0]?.jwks as { keys?: Array<{ kty?: string; alg?: string }> })
+            ?.keys?.[0]?.kty,
+      )
+      .toBe("RSA");
+    await expect
+      .poll(
+        () =>
+          (state.clients[0]?.jwks as { keys?: Array<{ kty?: string; alg?: string }> })
+            ?.keys?.[0]?.alg,
+      )
+      .toBe("RS256");
+
+    await page.reload();
+    await expect(
+      page.getByRole("heading", {
+        name: /공개키 등록|Public Key Registration/i,
+      }),
+    ).toBeVisible();
+    await expect(
+      page.getByPlaceholder(
+        /ssh-rsa AAA\.\.\.|Paste an 'ssh-rsa AAA\.\.\.' public key first/i,
+      ),
+    ).toHaveValue(/"kty": "RSA"/);
+  });
 });
--- a/devfront/tests/helpers/devfront-fixtures.ts
+++ b/devfront/tests/helpers/devfront-fixtures.ts
@@ -12,6 +12,9 @@ export type Client = {
  scopes: string[];
  createdAt: string;
  clientSecret?: string;
+  tokenEndpointAuthMethod?: string;
+  jwksUri?: string;
+  jwks?: Record<string, unknown> | string;
  metadata?: Record<string, unknown>;
 };

@@ -214,6 +217,9 @@ export async function installDevApiMock(page: Page, state: DevApiMockState) {
        status?: ClientStatus;
        redirectUris?: string[];
        scopes?: string[];
+        tokenEndpointAuthMethod?: string;
+        jwksUri?: string;
+        jwks?: Record<string, unknown> | string;
        metadata?: Record<string, unknown>;
      }) || { name: "created app" };

@@ -223,6 +229,9 @@ export async function installDevApiMock(page: Page, state: DevApiMockState) {
        status: payload.status ?? "active",
        redirectUris: payload.redirectUris ?? [],
        scopes: payload.scopes ?? ["openid"],
+        tokenEndpointAuthMethod: payload.tokenEndpointAuthMethod,
+        jwksUri: payload.jwksUri,
+        jwks: payload.jwks,
        metadata: payload.metadata ?? {},
      });

@@ -294,6 +303,9 @@ export async function installDevApiMock(page: Page, state: DevApiMockState) {
        type?: ClientType;
        scopes?: string[];
        redirectUris?: string[];
+        tokenEndpointAuthMethod?: string;
+        jwksUri?: string;
+        jwks?: Record<string, unknown> | string;
        metadata?: Record<string, unknown>;
      }) || { name: "updated app" };
      const found = state.clients.find((client) => client.id === clientId);
@@ -302,6 +314,15 @@ export async function installDevApiMock(page: Page, state: DevApiMockState) {
      if (payload.type) found.type = payload.type;
      if (payload.scopes) found.scopes = payload.scopes;
      if (payload.redirectUris) found.redirectUris = payload.redirectUris;
+      if (payload.tokenEndpointAuthMethod !== undefined) {
+        found.tokenEndpointAuthMethod = payload.tokenEndpointAuthMethod;
+      }
+      if (payload.jwksUri !== undefined) {
+        found.jwksUri = payload.jwksUri;
+      }
+      if (payload.jwks !== undefined) {
+        found.jwks = payload.jwks;
+      }
      if (payload.metadata) found.metadata = payload.metadata;
      appendAuditLog("CLIENT_UPDATE", "UPDATE_CLIENT", clientId);
      return json(route, {