mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-12 11:04:25 +00:00
14b8cf4894
This PR starts the OIDC implementation for the API V2 including the Implicit and Code Flow. Co-authored-by: Livio Spring <livio.a@gmail.com> Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
151 lines
3.8 KiB
Go
151 lines
3.8 KiB
Go
package oidc
|
|
|
|
import (
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/muhlemmer/gu"
|
|
"github.com/stretchr/testify/assert"
|
|
"google.golang.org/protobuf/proto"
|
|
"google.golang.org/protobuf/types/known/durationpb"
|
|
"google.golang.org/protobuf/types/known/timestamppb"
|
|
|
|
"github.com/zitadel/zitadel/internal/domain"
|
|
"github.com/zitadel/zitadel/internal/query"
|
|
oidc_pb "github.com/zitadel/zitadel/pkg/grpc/oidc/v2alpha"
|
|
)
|
|
|
|
func Test_authRequestToPb(t *testing.T) {
|
|
now := time.Now()
|
|
arg := &query.AuthRequest{
|
|
ID: "authID",
|
|
CreationDate: now,
|
|
ClientID: "clientID",
|
|
Scope: []string{"a", "b", "c"},
|
|
RedirectURI: "callbackURI",
|
|
Prompt: []domain.Prompt{
|
|
domain.PromptUnspecified,
|
|
domain.PromptNone,
|
|
domain.PromptLogin,
|
|
domain.PromptConsent,
|
|
domain.PromptSelectAccount,
|
|
domain.PromptCreate,
|
|
999,
|
|
},
|
|
UiLocales: []string{"en", "fi"},
|
|
LoginHint: gu.Ptr("foo@bar.com"),
|
|
MaxAge: gu.Ptr(time.Minute),
|
|
HintUserID: gu.Ptr("userID"),
|
|
}
|
|
want := &oidc_pb.AuthRequest{
|
|
Id: "authID",
|
|
CreationDate: timestamppb.New(now),
|
|
ClientId: "clientID",
|
|
RedirectUri: "callbackURI",
|
|
Prompt: []oidc_pb.Prompt{
|
|
oidc_pb.Prompt_PROMPT_UNSPECIFIED,
|
|
oidc_pb.Prompt_PROMPT_NONE,
|
|
oidc_pb.Prompt_PROMPT_LOGIN,
|
|
oidc_pb.Prompt_PROMPT_CONSENT,
|
|
oidc_pb.Prompt_PROMPT_SELECT_ACCOUNT,
|
|
oidc_pb.Prompt_PROMPT_CREATE,
|
|
oidc_pb.Prompt_PROMPT_UNSPECIFIED,
|
|
},
|
|
UiLocales: []string{"en", "fi"},
|
|
Scope: []string{"a", "b", "c"},
|
|
LoginHint: gu.Ptr("foo@bar.com"),
|
|
MaxAge: durationpb.New(time.Minute),
|
|
HintUserId: gu.Ptr("userID"),
|
|
}
|
|
got := authRequestToPb(arg)
|
|
if !proto.Equal(want, got) {
|
|
t.Errorf("authRequestToPb() =\n%v\nwant\n%v\n", got, want)
|
|
}
|
|
}
|
|
|
|
func Test_errorReasonToOIDC(t *testing.T) {
|
|
tests := []struct {
|
|
reason oidc_pb.ErrorReason
|
|
want string
|
|
}{
|
|
{
|
|
reason: oidc_pb.ErrorReason_ERROR_REASON_UNSPECIFIED,
|
|
want: "server_error",
|
|
},
|
|
{
|
|
reason: oidc_pb.ErrorReason_ERROR_REASON_INVALID_REQUEST,
|
|
want: "invalid_request",
|
|
},
|
|
{
|
|
reason: oidc_pb.ErrorReason_ERROR_REASON_UNAUTHORIZED_CLIENT,
|
|
want: "unauthorized_client",
|
|
},
|
|
{
|
|
reason: oidc_pb.ErrorReason_ERROR_REASON_ACCESS_DENIED,
|
|
want: "access_denied",
|
|
},
|
|
{
|
|
reason: oidc_pb.ErrorReason_ERROR_REASON_UNSUPPORTED_RESPONSE_TYPE,
|
|
want: "unsupported_response_type",
|
|
},
|
|
{
|
|
reason: oidc_pb.ErrorReason_ERROR_REASON_INVALID_SCOPE,
|
|
want: "invalid_scope",
|
|
},
|
|
{
|
|
reason: oidc_pb.ErrorReason_ERROR_REASON_SERVER_ERROR,
|
|
want: "server_error",
|
|
},
|
|
{
|
|
reason: oidc_pb.ErrorReason_ERROR_REASON_TEMPORARY_UNAVAILABLE,
|
|
want: "temporarily_unavailable",
|
|
},
|
|
{
|
|
reason: oidc_pb.ErrorReason_ERROR_REASON_INTERACTION_REQUIRED,
|
|
want: "interaction_required",
|
|
},
|
|
{
|
|
reason: oidc_pb.ErrorReason_ERROR_REASON_LOGIN_REQUIRED,
|
|
want: "login_required",
|
|
},
|
|
{
|
|
reason: oidc_pb.ErrorReason_ERROR_REASON_ACCOUNT_SELECTION_REQUIRED,
|
|
want: "account_selection_required",
|
|
},
|
|
{
|
|
reason: oidc_pb.ErrorReason_ERROR_REASON_CONSENT_REQUIRED,
|
|
want: "consent_required",
|
|
},
|
|
{
|
|
reason: oidc_pb.ErrorReason_ERROR_REASON_INVALID_REQUEST_URI,
|
|
want: "invalid_request_uri",
|
|
},
|
|
{
|
|
reason: oidc_pb.ErrorReason_ERROR_REASON_INVALID_REQUEST_OBJECT,
|
|
want: "invalid_request_object",
|
|
},
|
|
{
|
|
reason: oidc_pb.ErrorReason_ERROR_REASON_REQUEST_NOT_SUPPORTED,
|
|
want: "request_not_supported",
|
|
},
|
|
{
|
|
reason: oidc_pb.ErrorReason_ERROR_REASON_REQUEST_URI_NOT_SUPPORTED,
|
|
want: "request_uri_not_supported",
|
|
},
|
|
{
|
|
reason: oidc_pb.ErrorReason_ERROR_REASON_REGISTRATION_NOT_SUPPORTED,
|
|
want: "registration_not_supported",
|
|
},
|
|
{
|
|
reason: 99999,
|
|
want: "server_error",
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.reason.String(), func(t *testing.T) {
|
|
got := errorReasonToOIDC(tt.reason)
|
|
assert.Equal(t, tt.want, got)
|
|
})
|
|
}
|
|
}
|