// X-Auth-Uri が ID プロバイダでないなら response_type を code id_token にすることの検査。
func TestAuthForSelector(t *testing.T) {
	// ////////////////////////////////
	// logutil.SetupConsole(logRoot, level.ALL)
	// defer logutil.SetupConsole(logRoot, level.OFF)
	// ////////////////////////////////

	page := newTestPage([]jwk.Key{test_taKey}, []idpdb.Element{test_idp})

	r, err := newAuthRequest()
	if err != nil {
		t.Fatal(err)
	}
	r.Header.Set("X-Auth-Uri", test_idp.Id()+"a/auth")

	w := httptest.NewRecorder()
	page.HandleAuth(w, r)

	if w.Code != http.StatusFound {
		t.Error(w.Code)
		t.Fatal(http.StatusFound)
	} else if uri, err := url.Parse(w.HeaderMap.Get("Location")); err != nil {
		t.Fatal(err)
	} else if q := uri.Query(); len(q) == 0 {
		t.Fatal("no query")
	} else if respType, respType2 := strsetutil.New("code", "id_token"), request.FormValueSet(q.Get("response_type")); !reflect.DeepEqual(respType2, respType) {
		t.Error(respType2)
		t.Fatal(respType)
	}
}
func TestCoopResponse(t *testing.T) {
	tok := "McnSl40-QRtAxBoBOmj9GJfALyNdJy"
	tokType := "Bearer"
	expIn := 2817 * time.Second
	scop := strsetutil.New("openid")
	idsTok := []byte("eyJhbGciOiJSUzI1NiJ9.eyJhdWQiOiJodHRwOi8vbG9jYWxob3N0OjcwMDAiLCJleHAiOjE0MzI4MjI1MzMsImlhdCI6MTQzMjgwMDkzMywiaWRzIjp7Im1haW4iOnsic3ViIjoiWi0wWnRGZWlyaU1kWkZIYlNDR3ZDbHplclBYWkU5SGJKNWlaREx2X3hVWSJ9fSwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDoxNjA0Iiwic3ViIjoiaHR0cDovL2xvY2FsaG9zdDo3MDAwIn0.JRCRQRJkE5UTwniZqYf6Y-DncD58Qs0GQe5SF7A_K66nymZR9mUrXWj0rAG6NcXEsH5IpoFfcYUVLylx_XxyrKNK8ynGgiGwOblNW41rb2FmLmtFdf3Y03z9ID5hWJsEJmyup071s5WUeURAa3xv-h-t-cSBqXIv_R-TPWGyWSKVSe6lKudfOh74rrG_5IHheFs3hKiyw9viVJRV9sOekcrV93ppdUweguxx_AgSjFhdEh6atmUy5ft3Oz3doqfSQHQ2xMR_V9cFryzXrfJDyual4KBFMQHJ3LU2kyuoebKpHjwT5Iv3Bn-QY7U_SIO4vvcBuOcvjNyWyymla6KzPA")
	body, err := json.Marshal(map[string]interface{}{
		"access_token": tok,
		"token_type":   tokType,
		"expires_in":   int(expIn / time.Second),
		"scope":        requtil.ValueSetForm(scop),
		"ids_token":    string(idsTok),
	})
	if err != nil {
		t.Fatal(err)
	}

	r, err := http.ReadResponse(bufio.NewReader(io.MultiReader(
		strings.NewReader("HTTP/1.1 200 OK\r\n"+"Content-Type: application/json\r\n"+"\r\n"),
		bytes.NewReader(body),
	)), nil)
	if err != nil {
		t.Fatal(err)
	}

	resp, err := parseCoopResponse(r)
	if err != nil {
		t.Fatal(err)
	} else if resp.token() != tok {
		t.Error(resp.token())
		t.Fatal(tok)
	} else if resp.tokenType() != tokType {
		t.Error(resp.tokenType())
		t.Fatal(tokType)
	} else if resp.expiresIn() != expIn {
		t.Error(resp.expiresIn())
		t.Fatal(expIn)
	} else if !reflect.DeepEqual(resp.scope(), scop) {
		t.Error(resp.scope())
		t.Fatal(scop)
	} else if !bytes.Equal(resp.idsToken(), idsTok) {
		t.Error(resp.idsToken())
		t.Fatal(idsTok)
	}
}
Exemple #3
0
	if hndl.sigKid != "" {
		ass.SetHeader(tagKid, hndl.sigKid)
	}
	ass.SetClaim(tagIss, hndl.selfId)
	ass.SetClaim(tagSub, hndl.selfId)
	ass.SetClaim(tagAud, aud)
	ass.SetClaim(tagJti, hndl.idGen.String(hndl.jtiLen))
	now := time.Now()
	ass.SetClaim(tagExp, now.Add(hndl.jtiExpIn).Unix())
	ass.SetClaim(tagIat, now.Unix())
	if err := ass.Sign(keys); err != nil {
		return nil, erro.Wrap(err)
	}
	data, err := ass.Encode()
	if err != nil {
		return nil, erro.Wrap(err)
	}

	return data, nil
}

// セッションを発行しても良い属性かどうか。
func sessionEnable(attrName string) bool {
	return sessEnAttrs[attrName]
}

var sessEnAttrs = strsetutil.New(
	tagIss,
	tagSub,
)