Comments (8)
robotdan
commented on May 27, 2024
Seems reasonable.
from fusionauth-jwt.
jamietanna
commented on May 27, 2024
Hey @robotdan would you be OK if I refactor JSONWebKeySetTest slightly? It'll be easier to unit test if we're not going out to real endpoints (especially as I can't seem to find many public servers supporting the spec) - would you be happy with that?
(Originally published at: https://www.jvt.me/mf2/2020/10/oxt9d/)
from fusionauth-jwt.
robotdan
commented on May 27, 2024
Is this just to add some additional tests you mean? The ones that are there should work since those are legit endpoints.
https://github.com/FusionAuth/fusionauth-jwt/blob/48cd5897019b923ad7fe318aa0d632484a0ccddd/src/test/java/io/fusionauth/jwks/JSONWebKeySetTest.java
Or do you mean in order to add code for retrieveKeysFromIssuer?
from fusionauth-jwt.
jamietanna
commented on May 27, 2024
Sorry, I wasn't clear. In JSONWebKeySetTest we're reaching out to a real set of endpoints.
However, I can't seem to find a public OAuth2 server that supports RFC8414 to write a test.
I was thinking of using something like Wiremock to create a fake server so I can stub it out, and wondered if you'd be happy with that as a change to the existing tests in JSONWebKeySetTest?
(Originally published at: https://www.jvt.me/mf2/2020/10/wczpu/)
from fusionauth-jwt.
robotdan
commented on May 27, 2024
Ah, ok, got it. Yeah, don't have to test real endpoints if there aren't any public ones that we can hit reliably.
You can just build some expected JSON and then parse it similar to how we do JWKS.
https://github.com/FusionAuth/fusionauth-jwt/tree/master/src/test/resources/jwk
https://github.com/FusionAuth/fusionauth-jwt/blob/013a981b7c82173fdd40b26a0384584677aaf7f0/src/test/java/io/fusionauth/jwks/JSONWebKeyBuilderTest.java
I can help write tests as well if you know what code you want to write.
from fusionauth-jwt.
voidmain
commented on May 27, 2024
If you have a valid response from that RFC, you could use the internal HTTP server that Java ships with for testing.
from fusionauth-jwt.
robotdan
commented on May 27, 2024
@jamietanna I stubbed this out under 314d76f. Let me know if that will work for you.
Feel free to submit some more tests if you have a specific use case you want to test for:
- https://github.com/FusionAuth/fusionauth-jwt/blob/master/src/main/java/io/fusionauth/oauth2/ServerMetaDataHelper.java
- https://github.com/FusionAuth/fusionauth-jwt/blob/master/src/test/java/io/fusionauth/oauth2/ServerMetaDataTest.java
- https://github.com/FusionAuth/fusionauth-jwt/blob/master/src/test/resources/oauth2/example_server_metadata.json
from fusionauth-jwt.
robotdan
commented on May 27, 2024
Releasing in 4.1.0, if there are additional features or missing capabilities from what I've described here, please open a new issue to track. Thanks!
from fusionauth-jwt.
Related Issues (20)
- Add x5c and verify public key against x5c when extracting a public key from a JSON Web Key HOT 6
- io.fusionauth:fusionauth-jwt:4.0.1 has security vulnerabilities HOT 4
- README improvements
- Configurable timeouts on UrlConnection HOT 6
- Upgrade to Java >= 14? HOT 7
- Create a RSASigner.newSHA256Signer which supports PrivateKey instance HOT 2
- Wrong module descriptor HOT 10
- Will Grant Negotiation and Authorization Protocol (GNAP) working code be made available soon? HOT 2
- Embedding JWK does not yield an interoperable result HOT 3
- Overriding "configureMessageConverters" in spring HOT 2
- How to gen a jwk with kid? HOT 3
- 2047 vs. 2048 HOT 2
- Android 7 - Base64 NoClassDefFoundError HOT 1
- Decode expired JWT throws Exception HOT 2
- Best way to pull out "kid" to pick verifier? HOT 4
- Support Function<String,Verifier> for kid mapping HOT 2
- "The JWT could not be de-serialized." HOT 4
- Need Ability to Extend `Header` class HOT 2
- Fix padding on the EC signature when decoding `r` and `s` from the DER encoded value HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fusionauth-jwt.