TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-11 17:27:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge commit from fork

Browse Source
This commit is contained in:
Livio Spring
2025-03-31 12:45:11 +02:00
committed by GitHub
parent 14de8ecac2
commit 315503beab
3 changed files with 17 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
internal/api/oidc/integration_test/token_jwt_profile_test.go
View File

@@ -21,7 +21,9 @@ import (
)
func TestServer_JWTProfile(t *testing.T) {
user, name, keyData, err := Instance.CreateOIDCJWTProfileClient(CTX)
user, name, keyData, err := Instance.CreateOIDCJWTProfileClient(CTX, time.Hour)
require.NoError(t, err)
_, _, keyDataExpired, err := Instance.CreateOIDCJWTProfileClient(CTX, 10*time.Second)
require.NoError(t, err)
type claims struct {
@@ -104,6 +106,12 @@ func TestServer_JWTProfile(t *testing.T) {
resourceOwnerPrimaryDomain: Instance.DefaultOrg.PrimaryDomain,
},
},
{
name: "key expired",
keyData: keyDataExpired,
scope: []string{oidc.ScopeOpenID},
wantErr: true,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
@@ -123,6 +131,9 @@ func TestServer_JWTProfile(t *testing.T) {
},
time.Minute, time.Second,
)
if tt.wantErr {
return
}
provider, err := rp.NewRelyingPartyOIDC(CTX, Instance.OIDCIssuer(), "", "", redirectURI, tt.scope)
require.NoError(t, err)

4
internal/integration/oidc.go
View File

@@ -438,7 +438,7 @@ func (i *Instance) CreateOIDCCredentialsClientInactive(ctx context.Context) (mac
return machine, name, secret.GetClientId(), secret.GetClientSecret(), nil
}
func (i *Instance) CreateOIDCJWTProfileClient(ctx context.Context) (machine *management.AddMachineUserResponse, name string, keyData []byte, err error) {
func (i *Instance) CreateOIDCJWTProfileClient(ctx context.Context, keyLifetime time.Duration) (machine *management.AddMachineUserResponse, name string, keyData []byte, err error) {
name = gofakeit.Username()
machine, err = i.Client.Mgmt.AddMachineUser(ctx, &management.AddMachineUserRequest{
Name: name,
@@ -451,7 +451,7 @@ func (i *Instance) CreateOIDCJWTProfileClient(ctx context.Context) (machine *man
keyResp, err := i.Client.Mgmt.AddMachineKey(ctx, &management.AddMachineKeyRequest{
UserId: machine.GetUserId(),
Type: authn.KeyType_KEY_TYPE_JSON,
ExpirationDate: timestamppb.New(time.Now().Add(time.Hour)),
ExpirationDate: timestamppb.New(time.Now().Add(keyLifetime)),
})
if err != nil {
return nil, "", nil, err

3
internal/query/authn_key_user.sql
View File

@@ -8,4 +8,5 @@ join projections.users14_machines m
and u.id = m.user_id
where k.instance_id = $1
and k.id = $2
and u.id = $3;
and u.id = $3
and k.expiration > current_timestamp;