forked from panva/oauth4webapi
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathrequest_object.test.ts
80 lines (70 loc) · 2.41 KB
/
request_object.test.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
import anyTest, { type TestFn } from 'ava'
import { client, issuer } from './_setup.js'
import * as jose from 'jose'
import * as lib from '../src/index.js'
const test = anyTest as TestFn<{ [alg: string]: CryptoKeyPair }>
const algs: lib.JWSAlgorithm[] = ['RS256', 'ES256', 'PS256', 'EdDSA']
test.before(async (t) => {
for (const alg of algs) {
const key = await lib.generateKeyPair(alg)
t.context[alg] = key
}
})
test('issueRequestObject()', async (t) => {
const sign = t.context.ES256
const jwt = await lib.issueRequestObject(
issuer,
client,
new URLSearchParams({ response_type: 'code', resource: 'urn:example:resource' }),
{ key: sign.privateKey },
)
const { payload, protectedHeader } = await jose.jwtVerify(jwt, sign.publicKey)
t.deepEqual(protectedHeader, { alg: 'ES256', typ: 'oauth-authz-req+jwt' })
const { exp, iat, nbf, jti, ...claims } = payload
t.is(typeof exp, 'number')
t.is(typeof nbf, 'number')
t.is(typeof iat, 'number')
t.is(typeof jti, 'string')
t.deepEqual(claims, {
iss: client.client_id,
aud: issuer.issuer,
response_type: 'code',
resource: 'urn:example:resource',
client_id: client.client_id,
})
})
test('issueRequestObject() - multiple resource parameters', async (t) => {
const sign = t.context.ES256
const jwt = await lib.issueRequestObject(
issuer,
client,
new URLSearchParams([
['resource', 'urn:example:resource'],
['resource', 'urn:example:resource-2'],
]),
{ key: sign.privateKey },
)
const { payload, protectedHeader } = await jose.jwtVerify(jwt, sign.publicKey)
t.deepEqual(protectedHeader, { alg: 'ES256', typ: 'oauth-authz-req+jwt' })
const { resource } = payload
t.deepEqual(resource, ['urn:example:resource', 'urn:example:resource-2'])
})
for (const alg of algs) {
test(`issueRequestObject() signed using ${alg}`, async (t) => {
const sign = t.context[alg]
const jwt = await lib.issueRequestObject(issuer, client, new URLSearchParams(), {
key: sign.privateKey,
})
const protectedHeader = jose.decodeProtectedHeader(jwt)
t.is(protectedHeader.alg, alg)
})
}
test('issueRequestObject() signature kid', async (t) => {
const sign = t.context.ES256
const jwt = await lib.issueRequestObject(issuer, client, new URLSearchParams(), {
key: sign.privateKey,
kid: 'kid-1',
})
const protectedHeader = jose.decodeProtectedHeader(jwt)
t.is(protectedHeader.kid, 'kid-1')
})