test(load): machine jwt profile grant (#8482)

# Which Problems Are Solved Currently there was no load test present for machine jwt profile grant. This test is now added # How the Problems Are Solved K6 test implemented. # Additional Context - part of https://github.com/zitadel/zitadel/issues/8352
2025-08-12 03:17:33 +00:00 · 2024-08-27 15:06:03 +02:00
parent cbbd44c303
commit 1ce9a4322e
9 changed files with 231 additions and 62 deletions
--- a/load-test/src/oidc.ts
+++ b/load-test/src/oidc.ts
@@ -1,8 +1,11 @@
 import { JSONObject, check, fail } from 'k6';
 import encoding from 'k6/encoding';
-import http from 'k6/http';
+import http, { RequestBody } from 'k6/http';
 import { Trend } from 'k6/metrics';
 import url from './url';
+import { Config } from './config';
+// @ts-ignore Import module
+import zitadel from 'k6/x/zitadel';

 export class Tokens {
  idToken?: string;
@@ -103,4 +106,66 @@ export function clientCredentials(clientId: string, clientSecret: string): Promi
      resolve(tokens)
    });
  });
-}
+}
+
+export interface TokenRequest {
+  payload(): RequestBody;
+  headers(): { [name: string]: string; };
+}
+
+const privateKey = open('../.keys/key.pem');
+
+export class JWTProfileRequest implements TokenRequest {
+  keyPayload!: {
+    userId: string;
+    expiration: number;
+    keyId: string;
+  };
+
+  constructor(userId: string, keyId: string) {
+    this.keyPayload = {
+      userId: userId,
+      // 1 minute
+      expiration: 60*1_000_000_000,
+      keyId: keyId,
+    };
+  }
+
+  payload(): RequestBody{
+    const assertion = zitadel.signJWTProfileAssertion(
+      this.keyPayload.userId,
+      this.keyPayload.keyId,
+      {
+        audience: [Config.host],
+        expiration: this.keyPayload.expiration,
+        key: privateKey
+      });
+    return {
+      'grant_type': 'urn:ietf:params:oauth:grant-type:jwt-bearer',
+      scope: 'openid',
+      assertion: `${assertion}`
+    };
+  };
+  public headers(): { [name: string]: string; } {
+    return {
+      'Content-Type': 'application/x-www-form-urlencoded'
+    };
+  };
+}
+
+const tokenDurationTrend = new Trend('oidc_token_duration', true);
+export async function token(request: TokenRequest): Promise<Tokens> {
+  return http.asyncRequest('POST', configuration().token_endpoint,
+    request.payload(),
+    {
+      headers: request.headers(),
+    },
+  ).then((res) => {
+    tokenDurationTrend.add(res.timings.duration);
+    check(res, {
+      'token status ok': (r) => r.status === 200,
+      'access token returned': (r) => r.json('access_token')! != undefined && r.json('access_token')! != '',
+    });
+    return new Tokens(res.json() as JSONObject);
+  });
+};