forked from baron/baron-sso
61 lines
1.5 KiB
Go
61 lines
1.5 KiB
Go
package domain
|
|
|
|
import "testing"
|
|
|
|
func TestHydraClient_TrustedRPFlags(t *testing.T) {
|
|
t.Run("inline jwks with private_key_jwt and headless enabled", func(t *testing.T) {
|
|
client := HydraClient{
|
|
TokenEndpointAuthMethod: "private_key_jwt",
|
|
JWKS: map[string]any{
|
|
"keys": []map[string]any{{
|
|
"kty": "RSA",
|
|
}},
|
|
},
|
|
Metadata: map[string]any{
|
|
"headless_login_enabled": true,
|
|
},
|
|
}
|
|
|
|
if !client.IsTrustedRP() {
|
|
t.Fatalf("expected trusted rp")
|
|
}
|
|
if !client.IsHeadlessLoginEnabled() {
|
|
t.Fatalf("expected headless login enabled")
|
|
}
|
|
})
|
|
|
|
t.Run("jwks uri without private_key_jwt is not trusted", func(t *testing.T) {
|
|
client := HydraClient{
|
|
TokenEndpointAuthMethod: "none",
|
|
JWKSUri: "https://rp.example.com/.well-known/jwks.json",
|
|
Metadata: map[string]any{
|
|
"headless_login_enabled": true,
|
|
},
|
|
}
|
|
|
|
if client.IsTrustedRP() {
|
|
t.Fatalf("expected untrusted rp")
|
|
}
|
|
if client.IsHeadlessLoginEnabled() {
|
|
t.Fatalf("expected headless login disabled when client is not trusted")
|
|
}
|
|
})
|
|
|
|
t.Run("trusted rp without boolean metadata flag is not headless enabled", func(t *testing.T) {
|
|
client := HydraClient{
|
|
TokenEndpointAuthMethod: "private_key_jwt",
|
|
JWKSUri: "https://rp.example.com/.well-known/jwks.json",
|
|
Metadata: map[string]any{
|
|
"headless_login_enabled": "true",
|
|
},
|
|
}
|
|
|
|
if !client.IsTrustedRP() {
|
|
t.Fatalf("expected trusted rp")
|
|
}
|
|
if client.IsHeadlessLoginEnabled() {
|
|
t.Fatalf("expected headless login disabled for non-bool metadata")
|
|
}
|
|
})
|
|
}
|