test: mock http oidc configuration requests

authenticator/authenticator_default_test.go

@@ -12,7 +12,7 @@ import (
 
 func TestAuthenticatorDefaultCreateAuthenticator(t *testing.T) {
 	jsonConfig, _ := json.Marshal(map[string]interface{}{
-		"jwks_urls":       []string{"https://oauth.cerberauth.com/.well-known/jwks.json"},
+		"jwks_urls":       []string{"https://ory.projects.oryapis.com/.well-known/jwks.json"},
 		"trusted_issuers": []string{"https://oauth.cerberauth.com"},
 		"required_scope":  []string{},
 		"target_audience": []string{},
@@ -26,7 +26,7 @@ func TestAuthenticatorDefaultCreateAuthenticator(t *testing.T) {
 	}, &config.AuthenticatorRuleConfig{
 		Handler: "jwt",
 		Config: map[string]interface{}{
-			"jwks_urls":       []string{"https://oauth.cerberauth.com/.well-known/jwks.json"},
+			"jwks_urls":       []string{"https://ory.projects.oryapis.com/.well-known/jwks.json"},
 			"trusted_issuers": []string{"https://oauth.cerberauth.com"},
 			"target_audience": []string{},
 		},
@@ -45,7 +45,7 @@ func TestAuthenticatorDefaultCreateAuthenticator(t *testing.T) {
 
 func TestAuthenticatorDefaultCreateAuthenticatorWithScopes(t *testing.T) {
 	jsonConfig, _ := json.Marshal(map[string]interface{}{
-		"jwks_urls":       []string{"https://oauth.cerberauth.com/.well-known/jwks.json"},
+		"jwks_urls":       []string{"https://ory.projects.oryapis.com/.well-known/jwks.json"},
 		"trusted_issuers": []string{"https://oauth.cerberauth.com"},
 		"required_scope":  []string{"resource:read", "resource:write"},
 		"target_audience": []string{"https://api.cerberauth.com"},
@@ -60,7 +60,7 @@ func TestAuthenticatorDefaultCreateAuthenticatorWithScopes(t *testing.T) {
 	}, &config.AuthenticatorRuleConfig{
 		Handler: "jwt",
 		Config: map[string]interface{}{
-			"jwks_urls":       []string{"https://oauth.cerberauth.com/.well-known/jwks.json"},
+			"jwks_urls":       []string{"https://ory.projects.oryapis.com/.well-known/jwks.json"},
 			"trusted_issuers": []string{"https://oauth.cerberauth.com"},
 			"target_audience": []string{"https://api.cerberauth.com"},
 		},

authenticator/authenticator_test.go

@@ -7,9 +7,31 @@ import (
 	"github.com/bmizerany/assert"
 	"github.com/cerberauth/openapi-oathkeeper/config"
 	"github.com/getkin/kin-openapi/openapi3"
+	"github.com/jarcoal/httpmock"
 	"github.com/ory/oathkeeper/rule"
 )
 
+var (
+	oidcConfigurationUrl = "https://oauth.cerberauth.com/.well-known/openid-configuration"
+	oidcConfiguration    = OpenIdConfiguration{
+		Issuer:  "https://oauth.cerberauth.com",
+		JwksUri: "https://oauth.cerberauth.com/.well-known/jwks.json",
+	}
+)
+
+func setupSuite(tb testing.TB) func(tb testing.TB) {
+	httpmock.Activate()
+	resp, err := httpmock.NewJsonResponder(200, oidcConfiguration)
+	if err != nil {
+		tb.Fatal(err)
+	}
+	httpmock.RegisterResponder("GET", oidcConfigurationUrl, resp)
+
+	return func(tb testing.TB) {
+		defer httpmock.DeactivateAndReset()
+	}
+}
+
 func TestNewAuthenticatorFromSecurityScheme(t *testing.T) {
 	jsonConfig, _ := json.Marshal(map[string]interface{}{
 		"jwks_urls":       []string{"https://oauth.cerberauth.com/.well-known/jwks.json"},
@@ -40,17 +62,20 @@ func TestNewAuthenticatorFromSecurityScheme(t *testing.T) {
 }
 
 func TestNewAuthenticatorFromSecuritySchemeWhenTypeIsOpenIDConnect(t *testing.T) {
+	teardownSuite := setupSuite(t)
+	defer teardownSuite(t)
+
 	jsonConfig, _ := json.Marshal(map[string]interface{}{
-		"jwks_urls":       []string{"https://console.ory.sh/.well-known/jwks.json"},
-		"trusted_issuers": []string{"https://console.ory.sh"},
+		"jwks_urls":       []string{"https://oauth.cerberauth.com/.well-known/jwks.json"},
+		"trusted_issuers": []string{"https://oauth.cerberauth.com"},
 		"required_scope":  []string{},
 	})
 	expectedAuthenticator := &rule.Handler{
 		Handler: "jwt",
 		Config:  jsonConfig,
 	}
 	a, newAuthenticatorErr := NewAuthenticatorFromSecurityScheme(&openapi3.SecuritySchemeRef{
-		Value: openapi3.NewOIDCSecurityScheme("https://project.console.ory.sh/.well-known/openid-configuration"),
+		Value: openapi3.NewOIDCSecurityScheme(oidcConfigurationUrl),
 	}, nil)
 	if newAuthenticatorErr != nil {
 		t.Fatal(newAuthenticatorErr)
@@ -65,9 +90,12 @@ func TestNewAuthenticatorFromSecuritySchemeWhenTypeIsOpenIDConnect(t *testing.T)
 }
 
 func TestNewAuthenticatorFromSecuritySchemeWhenTypeIsOpenIDConnectWithLowercaseType(t *testing.T) {
+	teardownSuite := setupSuite(t)
+	defer teardownSuite(t)
+
 	jsonConfig, _ := json.Marshal(map[string]interface{}{
-		"jwks_urls":       []string{"https://console.ory.sh/.well-known/jwks.json"},
-		"trusted_issuers": []string{"https://console.ory.sh"},
+		"jwks_urls":       []string{"https://oauth.cerberauth.com/.well-known/jwks.json"},
+		"trusted_issuers": []string{"https://oauth.cerberauth.com"},
 		"required_scope":  []string{},
 	})
 	expectedAuthenticator := &rule.Handler{
@@ -77,7 +105,7 @@ func TestNewAuthenticatorFromSecuritySchemeWhenTypeIsOpenIDConnectWithLowercaseT
 	a, newAuthenticatorErr := NewAuthenticatorFromSecurityScheme(&openapi3.SecuritySchemeRef{
 		Value: &openapi3.SecurityScheme{
 			Type:             "openidconnect",
-			OpenIdConnectUrl: "https://project.console.ory.sh/.well-known/openid-configuration",
+			OpenIdConnectUrl: "https://oauth.cerberauth.com/.well-known/openid-configuration",
 		},
 	}, nil)
 	if newAuthenticatorErr != nil {
@@ -103,7 +131,7 @@ func TestNewAuthenticatorFromSecuritySchemeWhenTypeIsOpenIDConnectWithConfig(t *
 		Config:  jsonConfig,
 	}
 	a, newAuthenticatorErr := NewAuthenticatorFromSecurityScheme(&openapi3.SecuritySchemeRef{
-		Value: openapi3.NewOIDCSecurityScheme("https://project.console.ory.sh/.well-known/openid-configuration"),
+		Value: openapi3.NewOIDCSecurityScheme(oidcConfigurationUrl),
 	}, &config.AuthenticatorRuleConfig{
 		Handler: "jwt",
 		Config: map[string]interface{}{

generator/.snapshots/TestGenerateFromPetstoreWithOpenIdConnect

@@ -12,7 +12,7 @@
     Authenticators: ([]rule.Handler) (len=1) {
       (rule.Handler) {
         Handler: (string) (len=3) "jwt",
-        Config: (json.RawMessage) (len=206) {
+        Config: (json.RawMessage) (len=212) {
           00000000  7b 22 6a 77 6b 73 5f 75  72 6c 73 22 3a 5b 22 68  |{"jwks_urls":["h|
           00000010  74 74 70 73 3a 2f 2f 6f  61 75 74 68 2e 63 65 72  |ttps://oauth.cer|
           00000020  62 65 72 61 75 74 68 2e  63 6f 6d 2f 2e 77 65 6c  |berauth.com/.wel|
@@ -24,8 +24,9 @@
           00000080  22 3a 5b 22 68 74 74 70  73 3a 2f 2f 61 70 69 2e  |":["https://api.|
           00000090  63 65 72 62 65 72 61 75  74 68 2e 63 6f 6d 22 5d  |cerberauth.com"]|
           000000a0  2c 22 74 72 75 73 74 65  64 5f 69 73 73 75 65 72  |,"trusted_issuer|
-          000000b0  73 22 3a 5b 22 68 74 74  70 73 3a 2f 2f 63 65 72  |s":["https://cer|
-          000000c0  62 65 72 61 75 74 68 2e  63 6f 6d 22 5d 7d        |berauth.com"]}|
+          000000b0  73 22 3a 5b 22 68 74 74  70 73 3a 2f 2f 6f 61 75  |s":["https://oau|
+          000000c0  74 68 2e 63 65 72 62 65  72 61 75 74 68 2e 63 6f  |th.cerberauth.co|
+          000000d0  6d 22 5d 7d                                       |m"]}|
         }
       }
     },
@@ -142,7 +143,7 @@
     Authenticators: ([]rule.Handler) (len=1) {
       (rule.Handler) {
         Handler: (string) (len=3) "jwt",
-        Config: (json.RawMessage) (len=206) {
+        Config: (json.RawMessage) (len=212) {
           00000000  7b 22 6a 77 6b 73 5f 75  72 6c 73 22 3a 5b 22 68  |{"jwks_urls":["h|
           00000010  74 74 70 73 3a 2f 2f 6f  61 75 74 68 2e 63 65 72  |ttps://oauth.cer|
           00000020  62 65 72 61 75 74 68 2e  63 6f 6d 2f 2e 77 65 6c  |berauth.com/.wel|
@@ -154,8 +155,9 @@
           00000080  22 3a 5b 22 68 74 74 70  73 3a 2f 2f 61 70 69 2e  |":["https://api.|
           00000090  63 65 72 62 65 72 61 75  74 68 2e 63 6f 6d 22 5d  |cerberauth.com"]|
           000000a0  2c 22 74 72 75 73 74 65  64 5f 69 73 73 75 65 72  |,"trusted_issuer|
-          000000b0  73 22 3a 5b 22 68 74 74  70 73 3a 2f 2f 63 65 72  |s":["https://cer|
-          000000c0  62 65 72 61 75 74 68 2e  63 6f 6d 22 5d 7d        |berauth.com"]}|
+          000000b0  73 22 3a 5b 22 68 74 74  70 73 3a 2f 2f 6f 61 75  |s":["https://oau|
+          000000c0  74 68 2e 63 65 72 62 65  72 61 75 74 68 2e 63 6f  |th.cerberauth.co|
+          000000d0  6d 22 5d 7d                                       |m"]}|
         }
       }
     },
@@ -214,7 +216,7 @@
     Authenticators: ([]rule.Handler) (len=1) {
       (rule.Handler) {
         Handler: (string) (len=3) "jwt",
-        Config: (json.RawMessage) (len=206) {
+        Config: (json.RawMessage) (len=212) {
           00000000  7b 22 6a 77 6b 73 5f 75  72 6c 73 22 3a 5b 22 68  |{"jwks_urls":["h|
           00000010  74 74 70 73 3a 2f 2f 6f  61 75 74 68 2e 63 65 72  |ttps://oauth.cer|
           00000020  62 65 72 61 75 74 68 2e  63 6f 6d 2f 2e 77 65 6c  |berauth.com/.wel|
@@ -226,8 +228,9 @@
           00000080  22 3a 5b 22 68 74 74 70  73 3a 2f 2f 61 70 69 2e  |":["https://api.|
           00000090  63 65 72 62 65 72 61 75  74 68 2e 63 6f 6d 22 5d  |cerberauth.com"]|
           000000a0  2c 22 74 72 75 73 74 65  64 5f 69 73 73 75 65 72  |,"trusted_issuer|
-          000000b0  73 22 3a 5b 22 68 74 74  70 73 3a 2f 2f 63 65 72  |s":["https://cer|
-          000000c0  62 65 72 61 75 74 68 2e  63 6f 6d 22 5d 7d        |berauth.com"]}|
+          000000b0  73 22 3a 5b 22 68 74 74  70 73 3a 2f 2f 6f 61 75  |s":["https://oau|
+          000000c0  74 68 2e 63 65 72 62 65  72 61 75 74 68 2e 63 6f  |th.cerberauth.co|
+          000000d0  6d 22 5d 7d                                       |m"]}|
         }
       }
     },
@@ -257,7 +260,7 @@
     Authenticators: ([]rule.Handler) (len=1) {
       (rule.Handler) {
         Handler: (string) (len=3) "jwt",
-        Config: (json.RawMessage) (len=206) {
+        Config: (json.RawMessage) (len=212) {
           00000000  7b 22 6a 77 6b 73 5f 75  72 6c 73 22 3a 5b 22 68  |{"jwks_urls":["h|
           00000010  74 74 70 73 3a 2f 2f 6f  61 75 74 68 2e 63 65 72  |ttps://oauth.cer|
           00000020  62 65 72 61 75 74 68 2e  63 6f 6d 2f 2e 77 65 6c  |berauth.com/.wel|
@@ -269,8 +272,9 @@
           00000080  22 3a 5b 22 68 74 74 70  73 3a 2f 2f 61 70 69 2e  |":["https://api.|
           00000090  63 65 72 62 65 72 61 75  74 68 2e 63 6f 6d 22 5d  |cerberauth.com"]|
           000000a0  2c 22 74 72 75 73 74 65  64 5f 69 73 73 75 65 72  |,"trusted_issuer|
-          000000b0  73 22 3a 5b 22 68 74 74  70 73 3a 2f 2f 63 65 72  |s":["https://cer|
-          000000c0  62 65 72 61 75 74 68 2e  63 6f 6d 22 5d 7d        |berauth.com"]}|
+          000000b0  73 22 3a 5b 22 68 74 74  70 73 3a 2f 2f 6f 61 75  |s":["https://oau|
+          000000c0  74 68 2e 63 65 72 62 65  72 61 75 74 68 2e 63 6f  |th.cerberauth.co|
+          000000d0  6d 22 5d 7d                                       |m"]}|
         }
       }
     },
@@ -358,7 +362,7 @@
     Authenticators: ([]rule.Handler) (len=1) {
       (rule.Handler) {
         Handler: (string) (len=3) "jwt",
-        Config: (json.RawMessage) (len=206) {
+        Config: (json.RawMessage) (len=212) {
           00000000  7b 22 6a 77 6b 73 5f 75  72 6c 73 22 3a 5b 22 68  |{"jwks_urls":["h|
           00000010  74 74 70 73 3a 2f 2f 6f  61 75 74 68 2e 63 65 72  |ttps://oauth.cer|
           00000020  62 65 72 61 75 74 68 2e  63 6f 6d 2f 2e 77 65 6c  |berauth.com/.wel|
@@ -370,8 +374,9 @@
           00000080  22 3a 5b 22 68 74 74 70  73 3a 2f 2f 61 70 69 2e  |":["https://api.|
           00000090  63 65 72 62 65 72 61 75  74 68 2e 63 6f 6d 22 5d  |cerberauth.com"]|
           000000a0  2c 22 74 72 75 73 74 65  64 5f 69 73 73 75 65 72  |,"trusted_issuer|
-          000000b0  73 22 3a 5b 22 68 74 74  70 73 3a 2f 2f 63 65 72  |s":["https://cer|
-          000000c0  62 65 72 61 75 74 68 2e  63 6f 6d 22 5d 7d        |berauth.com"]}|
+          000000b0  73 22 3a 5b 22 68 74 74  70 73 3a 2f 2f 6f 61 75  |s":["https://oau|
+          000000c0  74 68 2e 63 65 72 62 65  72 61 75 74 68 2e 63 6f  |th.cerberauth.co|
+          000000d0  6d 22 5d 7d                                       |m"]}|
         }
       }
     },
@@ -517,7 +522,7 @@
     Authenticators: ([]rule.Handler) (len=1) {
       (rule.Handler) {
         Handler: (string) (len=3) "jwt",
-        Config: (json.RawMessage) (len=206) {
+        Config: (json.RawMessage) (len=212) {
           00000000  7b 22 6a 77 6b 73 5f 75  72 6c 73 22 3a 5b 22 68  |{"jwks_urls":["h|
           00000010  74 74 70 73 3a 2f 2f 6f  61 75 74 68 2e 63 65 72  |ttps://oauth.cer|
           00000020  62 65 72 61 75 74 68 2e  63 6f 6d 2f 2e 77 65 6c  |berauth.com/.wel|
@@ -529,8 +534,9 @@
           00000080  22 3a 5b 22 68 74 74 70  73 3a 2f 2f 61 70 69 2e  |":["https://api.|
           00000090  63 65 72 62 65 72 61 75  74 68 2e 63 6f 6d 22 5d  |cerberauth.com"]|
           000000a0  2c 22 74 72 75 73 74 65  64 5f 69 73 73 75 65 72  |,"trusted_issuer|
-          000000b0  73 22 3a 5b 22 68 74 74  70 73 3a 2f 2f 63 65 72  |s":["https://cer|
-          000000c0  62 65 72 61 75 74 68 2e  63 6f 6d 22 5d 7d        |berauth.com"]}|
+          000000b0  73 22 3a 5b 22 68 74 74  70 73 3a 2f 2f 6f 61 75  |s":["https://oau|
+          000000c0  74 68 2e 63 65 72 62 65  72 61 75 74 68 2e 63 6f  |th.cerberauth.co|
+          000000d0  6d 22 5d 7d                                       |m"]}|
         }
       }
     },
@@ -560,7 +566,7 @@
     Authenticators: ([]rule.Handler) (len=1) {
       (rule.Handler) {
         Handler: (string) (len=3) "jwt",
-        Config: (json.RawMessage) (len=206) {
+        Config: (json.RawMessage) (len=212) {
           00000000  7b 22 6a 77 6b 73 5f 75  72 6c 73 22 3a 5b 22 68  |{"jwks_urls":["h|
           00000010  74 74 70 73 3a 2f 2f 6f  61 75 74 68 2e 63 65 72  |ttps://oauth.cer|
           00000020  62 65 72 61 75 74 68 2e  63 6f 6d 2f 2e 77 65 6c  |berauth.com/.wel|
@@ -572,8 +578,9 @@
           00000080  22 3a 5b 22 68 74 74 70  73 3a 2f 2f 61 70 69 2e  |":["https://api.|
           00000090  63 65 72 62 65 72 61 75  74 68 2e 63 6f 6d 22 5d  |cerberauth.com"]|
           000000a0  2c 22 74 72 75 73 74 65  64 5f 69 73 73 75 65 72  |,"trusted_issuer|
-          000000b0  73 22 3a 5b 22 68 74 74  70 73 3a 2f 2f 63 65 72  |s":["https://cer|
-          000000c0  62 65 72 61 75 74 68 2e  63 6f 6d 22 5d 7d        |berauth.com"]}|
+          000000b0  73 22 3a 5b 22 68 74 74  70 73 3a 2f 2f 6f 61 75  |s":["https://oau|
+          000000c0  74 68 2e 63 65 72 62 65  72 61 75 74 68 2e 63 6f  |th.cerberauth.co|
+          000000d0  6d 22 5d 7d                                       |m"]}|
         }
       }
     },
@@ -632,7 +639,7 @@
     Authenticators: ([]rule.Handler) (len=1) {
       (rule.Handler) {
         Handler: (string) (len=3) "jwt",
-        Config: (json.RawMessage) (len=206) {
+        Config: (json.RawMessage) (len=212) {
           00000000  7b 22 6a 77 6b 73 5f 75  72 6c 73 22 3a 5b 22 68  |{"jwks_urls":["h|
           00000010  74 74 70 73 3a 2f 2f 6f  61 75 74 68 2e 63 65 72  |ttps://oauth.cer|
           00000020  62 65 72 61 75 74 68 2e  63 6f 6d 2f 2e 77 65 6c  |berauth.com/.wel|
@@ -644,8 +651,9 @@
           00000080  22 3a 5b 22 68 74 74 70  73 3a 2f 2f 61 70 69 2e  |":["https://api.|
           00000090  63 65 72 62 65 72 61 75  74 68 2e 63 6f 6d 22 5d  |cerberauth.com"]|
           000000a0  2c 22 74 72 75 73 74 65  64 5f 69 73 73 75 65 72  |,"trusted_issuer|
-          000000b0  73 22 3a 5b 22 68 74 74  70 73 3a 2f 2f 63 65 72  |s":["https://cer|
-          000000c0  62 65 72 61 75 74 68 2e  63 6f 6d 22 5d 7d        |berauth.com"]}|
+          000000b0  73 22 3a 5b 22 68 74 74  70 73 3a 2f 2f 6f 61 75  |s":["https://oau|
+          000000c0  74 68 2e 63 65 72 62 65  72 61 75 74 68 2e 63 6f  |th.cerberauth.co|
+          000000d0  6d 22 5d 7d                                       |m"]}|
         }
       }
     },