diff --git a/authenticator/authenticator_default_test.go b/authenticator/authenticator_default_test.go index f98043a..c6886ca 100644 --- a/authenticator/authenticator_default_test.go +++ b/authenticator/authenticator_default_test.go @@ -12,7 +12,7 @@ import ( func TestAuthenticatorDefaultCreateAuthenticator(t *testing.T) { jsonConfig, _ := json.Marshal(map[string]interface{}{ - "jwks_urls": []string{"https://oauth.cerberauth.com/.well-known/jwks.json"}, + "jwks_urls": []string{"https://ory.projects.oryapis.com/.well-known/jwks.json"}, "trusted_issuers": []string{"https://oauth.cerberauth.com"}, "required_scope": []string{}, "target_audience": []string{}, @@ -26,7 +26,7 @@ func TestAuthenticatorDefaultCreateAuthenticator(t *testing.T) { }, &config.AuthenticatorRuleConfig{ Handler: "jwt", Config: map[string]interface{}{ - "jwks_urls": []string{"https://oauth.cerberauth.com/.well-known/jwks.json"}, + "jwks_urls": []string{"https://ory.projects.oryapis.com/.well-known/jwks.json"}, "trusted_issuers": []string{"https://oauth.cerberauth.com"}, "target_audience": []string{}, }, @@ -45,7 +45,7 @@ func TestAuthenticatorDefaultCreateAuthenticator(t *testing.T) { func TestAuthenticatorDefaultCreateAuthenticatorWithScopes(t *testing.T) { jsonConfig, _ := json.Marshal(map[string]interface{}{ - "jwks_urls": []string{"https://oauth.cerberauth.com/.well-known/jwks.json"}, + "jwks_urls": []string{"https://ory.projects.oryapis.com/.well-known/jwks.json"}, "trusted_issuers": []string{"https://oauth.cerberauth.com"}, "required_scope": []string{"resource:read", "resource:write"}, "target_audience": []string{"https://api.cerberauth.com"}, @@ -60,7 +60,7 @@ func TestAuthenticatorDefaultCreateAuthenticatorWithScopes(t *testing.T) { }, &config.AuthenticatorRuleConfig{ Handler: "jwt", Config: map[string]interface{}{ - "jwks_urls": []string{"https://oauth.cerberauth.com/.well-known/jwks.json"}, + "jwks_urls": []string{"https://ory.projects.oryapis.com/.well-known/jwks.json"}, "trusted_issuers": []string{"https://oauth.cerberauth.com"}, "target_audience": []string{"https://api.cerberauth.com"}, }, diff --git a/authenticator/authenticator_test.go b/authenticator/authenticator_test.go index a52511b..f2e9216 100644 --- a/authenticator/authenticator_test.go +++ b/authenticator/authenticator_test.go @@ -7,9 +7,31 @@ import ( "github.com/bmizerany/assert" "github.com/cerberauth/openapi-oathkeeper/config" "github.com/getkin/kin-openapi/openapi3" + "github.com/jarcoal/httpmock" "github.com/ory/oathkeeper/rule" ) +var ( + oidcConfigurationUrl = "https://oauth.cerberauth.com/.well-known/openid-configuration" + oidcConfiguration = OpenIdConfiguration{ + Issuer: "https://oauth.cerberauth.com", + JwksUri: "https://oauth.cerberauth.com/.well-known/jwks.json", + } +) + +func setupSuite(tb testing.TB) func(tb testing.TB) { + httpmock.Activate() + resp, err := httpmock.NewJsonResponder(200, oidcConfiguration) + if err != nil { + tb.Fatal(err) + } + httpmock.RegisterResponder("GET", oidcConfigurationUrl, resp) + + return func(tb testing.TB) { + defer httpmock.DeactivateAndReset() + } +} + func TestNewAuthenticatorFromSecurityScheme(t *testing.T) { jsonConfig, _ := json.Marshal(map[string]interface{}{ "jwks_urls": []string{"https://oauth.cerberauth.com/.well-known/jwks.json"}, @@ -40,9 +62,12 @@ func TestNewAuthenticatorFromSecurityScheme(t *testing.T) { } func TestNewAuthenticatorFromSecuritySchemeWhenTypeIsOpenIDConnect(t *testing.T) { + teardownSuite := setupSuite(t) + defer teardownSuite(t) + jsonConfig, _ := json.Marshal(map[string]interface{}{ - "jwks_urls": []string{"https://console.ory.sh/.well-known/jwks.json"}, - "trusted_issuers": []string{"https://console.ory.sh"}, + "jwks_urls": []string{"https://oauth.cerberauth.com/.well-known/jwks.json"}, + "trusted_issuers": []string{"https://oauth.cerberauth.com"}, "required_scope": []string{}, }) expectedAuthenticator := &rule.Handler{ @@ -50,7 +75,7 @@ func TestNewAuthenticatorFromSecuritySchemeWhenTypeIsOpenIDConnect(t *testing.T) Config: jsonConfig, } a, newAuthenticatorErr := NewAuthenticatorFromSecurityScheme(&openapi3.SecuritySchemeRef{ - Value: openapi3.NewOIDCSecurityScheme("https://project.console.ory.sh/.well-known/openid-configuration"), + Value: openapi3.NewOIDCSecurityScheme(oidcConfigurationUrl), }, nil) if newAuthenticatorErr != nil { t.Fatal(newAuthenticatorErr) @@ -65,9 +90,12 @@ func TestNewAuthenticatorFromSecuritySchemeWhenTypeIsOpenIDConnect(t *testing.T) } func TestNewAuthenticatorFromSecuritySchemeWhenTypeIsOpenIDConnectWithLowercaseType(t *testing.T) { + teardownSuite := setupSuite(t) + defer teardownSuite(t) + jsonConfig, _ := json.Marshal(map[string]interface{}{ - "jwks_urls": []string{"https://console.ory.sh/.well-known/jwks.json"}, - "trusted_issuers": []string{"https://console.ory.sh"}, + "jwks_urls": []string{"https://oauth.cerberauth.com/.well-known/jwks.json"}, + "trusted_issuers": []string{"https://oauth.cerberauth.com"}, "required_scope": []string{}, }) expectedAuthenticator := &rule.Handler{ @@ -77,7 +105,7 @@ func TestNewAuthenticatorFromSecuritySchemeWhenTypeIsOpenIDConnectWithLowercaseT a, newAuthenticatorErr := NewAuthenticatorFromSecurityScheme(&openapi3.SecuritySchemeRef{ Value: &openapi3.SecurityScheme{ Type: "openidconnect", - OpenIdConnectUrl: "https://project.console.ory.sh/.well-known/openid-configuration", + OpenIdConnectUrl: "https://oauth.cerberauth.com/.well-known/openid-configuration", }, }, nil) if newAuthenticatorErr != nil { @@ -103,7 +131,7 @@ func TestNewAuthenticatorFromSecuritySchemeWhenTypeIsOpenIDConnectWithConfig(t * Config: jsonConfig, } a, newAuthenticatorErr := NewAuthenticatorFromSecurityScheme(&openapi3.SecuritySchemeRef{ - Value: openapi3.NewOIDCSecurityScheme("https://project.console.ory.sh/.well-known/openid-configuration"), + Value: openapi3.NewOIDCSecurityScheme(oidcConfigurationUrl), }, &config.AuthenticatorRuleConfig{ Handler: "jwt", Config: map[string]interface{}{ diff --git a/generator/.snapshots/TestGenerateFromPetstoreWithOpenIdConnect b/generator/.snapshots/TestGenerateFromPetstoreWithOpenIdConnect index 76083b3..dd91b4a 100644 --- a/generator/.snapshots/TestGenerateFromPetstoreWithOpenIdConnect +++ b/generator/.snapshots/TestGenerateFromPetstoreWithOpenIdConnect @@ -12,7 +12,7 @@ Authenticators: ([]rule.Handler) (len=1) { (rule.Handler) { Handler: (string) (len=3) "jwt", - Config: (json.RawMessage) (len=206) { + Config: (json.RawMessage) (len=212) { 00000000 7b 22 6a 77 6b 73 5f 75 72 6c 73 22 3a 5b 22 68 |{"jwks_urls":["h| 00000010 74 74 70 73 3a 2f 2f 6f 61 75 74 68 2e 63 65 72 |ttps://oauth.cer| 00000020 62 65 72 61 75 74 68 2e 63 6f 6d 2f 2e 77 65 6c |berauth.com/.wel| @@ -24,8 +24,9 @@ 00000080 22 3a 5b 22 68 74 74 70 73 3a 2f 2f 61 70 69 2e |":["https://api.| 00000090 63 65 72 62 65 72 61 75 74 68 2e 63 6f 6d 22 5d |cerberauth.com"]| 000000a0 2c 22 74 72 75 73 74 65 64 5f 69 73 73 75 65 72 |,"trusted_issuer| - 000000b0 73 22 3a 5b 22 68 74 74 70 73 3a 2f 2f 63 65 72 |s":["https://cer| - 000000c0 62 65 72 61 75 74 68 2e 63 6f 6d 22 5d 7d |berauth.com"]}| + 000000b0 73 22 3a 5b 22 68 74 74 70 73 3a 2f 2f 6f 61 75 |s":["https://oau| + 000000c0 74 68 2e 63 65 72 62 65 72 61 75 74 68 2e 63 6f |th.cerberauth.co| + 000000d0 6d 22 5d 7d |m"]}| } } }, @@ -142,7 +143,7 @@ Authenticators: ([]rule.Handler) (len=1) { (rule.Handler) { Handler: (string) (len=3) "jwt", - Config: (json.RawMessage) (len=206) { + Config: (json.RawMessage) (len=212) { 00000000 7b 22 6a 77 6b 73 5f 75 72 6c 73 22 3a 5b 22 68 |{"jwks_urls":["h| 00000010 74 74 70 73 3a 2f 2f 6f 61 75 74 68 2e 63 65 72 |ttps://oauth.cer| 00000020 62 65 72 61 75 74 68 2e 63 6f 6d 2f 2e 77 65 6c |berauth.com/.wel| @@ -154,8 +155,9 @@ 00000080 22 3a 5b 22 68 74 74 70 73 3a 2f 2f 61 70 69 2e |":["https://api.| 00000090 63 65 72 62 65 72 61 75 74 68 2e 63 6f 6d 22 5d |cerberauth.com"]| 000000a0 2c 22 74 72 75 73 74 65 64 5f 69 73 73 75 65 72 |,"trusted_issuer| - 000000b0 73 22 3a 5b 22 68 74 74 70 73 3a 2f 2f 63 65 72 |s":["https://cer| - 000000c0 62 65 72 61 75 74 68 2e 63 6f 6d 22 5d 7d |berauth.com"]}| + 000000b0 73 22 3a 5b 22 68 74 74 70 73 3a 2f 2f 6f 61 75 |s":["https://oau| + 000000c0 74 68 2e 63 65 72 62 65 72 61 75 74 68 2e 63 6f |th.cerberauth.co| + 000000d0 6d 22 5d 7d |m"]}| } } }, @@ -214,7 +216,7 @@ Authenticators: ([]rule.Handler) (len=1) { (rule.Handler) { Handler: (string) (len=3) "jwt", - Config: (json.RawMessage) (len=206) { + Config: (json.RawMessage) (len=212) { 00000000 7b 22 6a 77 6b 73 5f 75 72 6c 73 22 3a 5b 22 68 |{"jwks_urls":["h| 00000010 74 74 70 73 3a 2f 2f 6f 61 75 74 68 2e 63 65 72 |ttps://oauth.cer| 00000020 62 65 72 61 75 74 68 2e 63 6f 6d 2f 2e 77 65 6c |berauth.com/.wel| @@ -226,8 +228,9 @@ 00000080 22 3a 5b 22 68 74 74 70 73 3a 2f 2f 61 70 69 2e |":["https://api.| 00000090 63 65 72 62 65 72 61 75 74 68 2e 63 6f 6d 22 5d |cerberauth.com"]| 000000a0 2c 22 74 72 75 73 74 65 64 5f 69 73 73 75 65 72 |,"trusted_issuer| - 000000b0 73 22 3a 5b 22 68 74 74 70 73 3a 2f 2f 63 65 72 |s":["https://cer| - 000000c0 62 65 72 61 75 74 68 2e 63 6f 6d 22 5d 7d |berauth.com"]}| + 000000b0 73 22 3a 5b 22 68 74 74 70 73 3a 2f 2f 6f 61 75 |s":["https://oau| + 000000c0 74 68 2e 63 65 72 62 65 72 61 75 74 68 2e 63 6f |th.cerberauth.co| + 000000d0 6d 22 5d 7d |m"]}| } } }, @@ -257,7 +260,7 @@ Authenticators: ([]rule.Handler) (len=1) { (rule.Handler) { Handler: (string) (len=3) "jwt", - Config: (json.RawMessage) (len=206) { + Config: (json.RawMessage) (len=212) { 00000000 7b 22 6a 77 6b 73 5f 75 72 6c 73 22 3a 5b 22 68 |{"jwks_urls":["h| 00000010 74 74 70 73 3a 2f 2f 6f 61 75 74 68 2e 63 65 72 |ttps://oauth.cer| 00000020 62 65 72 61 75 74 68 2e 63 6f 6d 2f 2e 77 65 6c |berauth.com/.wel| @@ -269,8 +272,9 @@ 00000080 22 3a 5b 22 68 74 74 70 73 3a 2f 2f 61 70 69 2e |":["https://api.| 00000090 63 65 72 62 65 72 61 75 74 68 2e 63 6f 6d 22 5d |cerberauth.com"]| 000000a0 2c 22 74 72 75 73 74 65 64 5f 69 73 73 75 65 72 |,"trusted_issuer| - 000000b0 73 22 3a 5b 22 68 74 74 70 73 3a 2f 2f 63 65 72 |s":["https://cer| - 000000c0 62 65 72 61 75 74 68 2e 63 6f 6d 22 5d 7d |berauth.com"]}| + 000000b0 73 22 3a 5b 22 68 74 74 70 73 3a 2f 2f 6f 61 75 |s":["https://oau| + 000000c0 74 68 2e 63 65 72 62 65 72 61 75 74 68 2e 63 6f |th.cerberauth.co| + 000000d0 6d 22 5d 7d |m"]}| } } }, @@ -358,7 +362,7 @@ Authenticators: ([]rule.Handler) (len=1) { (rule.Handler) { Handler: (string) (len=3) "jwt", - Config: (json.RawMessage) (len=206) { + Config: (json.RawMessage) (len=212) { 00000000 7b 22 6a 77 6b 73 5f 75 72 6c 73 22 3a 5b 22 68 |{"jwks_urls":["h| 00000010 74 74 70 73 3a 2f 2f 6f 61 75 74 68 2e 63 65 72 |ttps://oauth.cer| 00000020 62 65 72 61 75 74 68 2e 63 6f 6d 2f 2e 77 65 6c |berauth.com/.wel| @@ -370,8 +374,9 @@ 00000080 22 3a 5b 22 68 74 74 70 73 3a 2f 2f 61 70 69 2e |":["https://api.| 00000090 63 65 72 62 65 72 61 75 74 68 2e 63 6f 6d 22 5d |cerberauth.com"]| 000000a0 2c 22 74 72 75 73 74 65 64 5f 69 73 73 75 65 72 |,"trusted_issuer| - 000000b0 73 22 3a 5b 22 68 74 74 70 73 3a 2f 2f 63 65 72 |s":["https://cer| - 000000c0 62 65 72 61 75 74 68 2e 63 6f 6d 22 5d 7d |berauth.com"]}| + 000000b0 73 22 3a 5b 22 68 74 74 70 73 3a 2f 2f 6f 61 75 |s":["https://oau| + 000000c0 74 68 2e 63 65 72 62 65 72 61 75 74 68 2e 63 6f |th.cerberauth.co| + 000000d0 6d 22 5d 7d |m"]}| } } }, @@ -517,7 +522,7 @@ Authenticators: ([]rule.Handler) (len=1) { (rule.Handler) { Handler: (string) (len=3) "jwt", - Config: (json.RawMessage) (len=206) { + Config: (json.RawMessage) (len=212) { 00000000 7b 22 6a 77 6b 73 5f 75 72 6c 73 22 3a 5b 22 68 |{"jwks_urls":["h| 00000010 74 74 70 73 3a 2f 2f 6f 61 75 74 68 2e 63 65 72 |ttps://oauth.cer| 00000020 62 65 72 61 75 74 68 2e 63 6f 6d 2f 2e 77 65 6c |berauth.com/.wel| @@ -529,8 +534,9 @@ 00000080 22 3a 5b 22 68 74 74 70 73 3a 2f 2f 61 70 69 2e |":["https://api.| 00000090 63 65 72 62 65 72 61 75 74 68 2e 63 6f 6d 22 5d |cerberauth.com"]| 000000a0 2c 22 74 72 75 73 74 65 64 5f 69 73 73 75 65 72 |,"trusted_issuer| - 000000b0 73 22 3a 5b 22 68 74 74 70 73 3a 2f 2f 63 65 72 |s":["https://cer| - 000000c0 62 65 72 61 75 74 68 2e 63 6f 6d 22 5d 7d |berauth.com"]}| + 000000b0 73 22 3a 5b 22 68 74 74 70 73 3a 2f 2f 6f 61 75 |s":["https://oau| + 000000c0 74 68 2e 63 65 72 62 65 72 61 75 74 68 2e 63 6f |th.cerberauth.co| + 000000d0 6d 22 5d 7d |m"]}| } } }, @@ -560,7 +566,7 @@ Authenticators: ([]rule.Handler) (len=1) { (rule.Handler) { Handler: (string) (len=3) "jwt", - Config: (json.RawMessage) (len=206) { + Config: (json.RawMessage) (len=212) { 00000000 7b 22 6a 77 6b 73 5f 75 72 6c 73 22 3a 5b 22 68 |{"jwks_urls":["h| 00000010 74 74 70 73 3a 2f 2f 6f 61 75 74 68 2e 63 65 72 |ttps://oauth.cer| 00000020 62 65 72 61 75 74 68 2e 63 6f 6d 2f 2e 77 65 6c |berauth.com/.wel| @@ -572,8 +578,9 @@ 00000080 22 3a 5b 22 68 74 74 70 73 3a 2f 2f 61 70 69 2e |":["https://api.| 00000090 63 65 72 62 65 72 61 75 74 68 2e 63 6f 6d 22 5d |cerberauth.com"]| 000000a0 2c 22 74 72 75 73 74 65 64 5f 69 73 73 75 65 72 |,"trusted_issuer| - 000000b0 73 22 3a 5b 22 68 74 74 70 73 3a 2f 2f 63 65 72 |s":["https://cer| - 000000c0 62 65 72 61 75 74 68 2e 63 6f 6d 22 5d 7d |berauth.com"]}| + 000000b0 73 22 3a 5b 22 68 74 74 70 73 3a 2f 2f 6f 61 75 |s":["https://oau| + 000000c0 74 68 2e 63 65 72 62 65 72 61 75 74 68 2e 63 6f |th.cerberauth.co| + 000000d0 6d 22 5d 7d |m"]}| } } }, @@ -632,7 +639,7 @@ Authenticators: ([]rule.Handler) (len=1) { (rule.Handler) { Handler: (string) (len=3) "jwt", - Config: (json.RawMessage) (len=206) { + Config: (json.RawMessage) (len=212) { 00000000 7b 22 6a 77 6b 73 5f 75 72 6c 73 22 3a 5b 22 68 |{"jwks_urls":["h| 00000010 74 74 70 73 3a 2f 2f 6f 61 75 74 68 2e 63 65 72 |ttps://oauth.cer| 00000020 62 65 72 61 75 74 68 2e 63 6f 6d 2f 2e 77 65 6c |berauth.com/.wel| @@ -644,8 +651,9 @@ 00000080 22 3a 5b 22 68 74 74 70 73 3a 2f 2f 61 70 69 2e |":["https://api.| 00000090 63 65 72 62 65 72 61 75 74 68 2e 63 6f 6d 22 5d |cerberauth.com"]| 000000a0 2c 22 74 72 75 73 74 65 64 5f 69 73 73 75 65 72 |,"trusted_issuer| - 000000b0 73 22 3a 5b 22 68 74 74 70 73 3a 2f 2f 63 65 72 |s":["https://cer| - 000000c0 62 65 72 61 75 74 68 2e 63 6f 6d 22 5d 7d |berauth.com"]}| + 000000b0 73 22 3a 5b 22 68 74 74 70 73 3a 2f 2f 6f 61 75 |s":["https://oau| + 000000c0 74 68 2e 63 65 72 62 65 72 61 75 74 68 2e 63 6f |th.cerberauth.co| + 000000d0 6d 22 5d 7d |m"]}| } } }, diff --git a/generator/generator_test.go b/generator/generator_test.go index 276c02d..675579c 100644 --- a/generator/generator_test.go +++ b/generator/generator_test.go @@ -10,17 +10,37 @@ import ( "github.com/bmizerany/assert" "github.com/bradleyjkemp/cupaloy/v2" + "github.com/cerberauth/openapi-oathkeeper/authenticator" "github.com/cerberauth/openapi-oathkeeper/config" "github.com/getkin/kin-openapi/openapi3" + "github.com/jarcoal/httpmock" "github.com/ory/oathkeeper/rule" "github.com/stretchr/testify/require" ) var ( - _, b, _, _ = runtime.Caller(0) - basepath = filepath.Dir(b) + _, b, _, _ = runtime.Caller(0) + basepath = filepath.Dir(b) + oidcConfigurationUrl = "https://oauth.cerberauth.com/.well-known/openid-configuration" + oidcConfiguration = authenticator.OpenIdConfiguration{ + Issuer: "https://oauth.cerberauth.com", + JwksUri: "https://oauth.cerberauth.com/.well-known/jwks.json", + } ) +func setupSuite(tb testing.TB) func(tb testing.TB) { + httpmock.Activate() + resp, err := httpmock.NewJsonResponder(200, oidcConfiguration) + if err != nil { + tb.Fatal(err) + } + httpmock.RegisterResponder("GET", oidcConfigurationUrl, resp) + + return func(tb testing.TB) { + defer httpmock.DeactivateAndReset() + } +} + func getRuleById(rules []rule.Rule, id string) *rule.Rule { for _, r := range rules { if r.ID == id { @@ -220,12 +240,15 @@ func TestGenerateOpenAPIWithoutSecurity(t *testing.T) { } func TestGenerateFromSimpleOpenAPIWithOpenIdConnect(t *testing.T) { + teardownSuite := setupSuite(t) + defer teardownSuite(t) + c, _ := json.Marshal(map[string]interface{}{ "jwks_urls": []string{ - "https://console.ory.sh/.well-known/jwks.json", + "https://oauth.cerberauth.com/.well-known/jwks.json", }, "trusted_issuers": []string{ - "https://console.ory.sh", + "https://oauth.cerberauth.com", }, "required_scope": []string{ "write:pets", @@ -268,7 +291,7 @@ func TestGenerateFromSimpleOpenAPIWithOAuth2(t *testing.T) { "https://oauth.cerberauth.com/.well-known/jwks.json", }, "trusted_issuers": []string{ - "https://cerberauth.com", + "https://oauth.cerberauth.com", }, "required_scope": []string{ "write:pets", @@ -314,7 +337,7 @@ func TestGenerateFromSimpleOpenAPIWithHttpBearer(t *testing.T) { "https://oauth.cerberauth.com/.well-known/jwks.json", }, "trusted_issuers": []string{ - "https://cerberauth.com", + "https://oauth.cerberauth.com", }, "required_scope": []string{}, "target_audience": []string{ @@ -352,12 +375,15 @@ func TestGenerateFromSimpleOpenAPIWithHttpBearer(t *testing.T) { } func TestGenerateFromSimpleOpenAPIWithOpenIdConnectWithGlobalSecurityScheme(t *testing.T) { + teardownSuite := setupSuite(t) + defer teardownSuite(t) + c, _ := json.Marshal(map[string]interface{}{ "jwks_urls": []string{ - "https://console.ory.sh/.well-known/jwks.json", + "https://oauth.cerberauth.com/.well-known/jwks.json", }, "trusted_issuers": []string{ - "https://console.ory.sh", + "https://oauth.cerberauth.com", }, "required_scope": []string{ "write:pets", @@ -433,12 +459,15 @@ func TestGenerateFromSimpleOpenAPIWithUpstreamUrlAndPath(t *testing.T) { } func TestGenerateFromSimpleOpenAPIWithOpenIdConnectWithGlobalAndLocalOverrideSecurityScheme(t *testing.T) { + teardownSuite := setupSuite(t) + defer teardownSuite(t) + c, _ := json.Marshal(map[string]interface{}{ "jwks_urls": []string{ - "https://console.ory.sh/.well-known/jwks.json", + "https://oauth.cerberauth.com/.well-known/jwks.json", }, "trusted_issuers": []string{ - "https://console.ory.sh", + "https://oauth.cerberauth.com", }, "required_scope": []string{ "read:pets", @@ -474,12 +503,15 @@ func TestGenerateFromSimpleOpenAPIWithOpenIdConnectWithGlobalAndLocalOverrideSec } func TestGenerateFromPetstoreWithOpenIdConnect(t *testing.T) { + teardownSuite := setupSuite(t) + defer teardownSuite(t) + var authenticators = make(map[string]config.AuthenticatorRuleConfig) authenticators["petstore_auth"] = config.AuthenticatorRuleConfig{ Handler: "jwt", Config: map[string]interface{}{ "jwks_urls": []string{"https://oauth.cerberauth.com/.well-known/jwks.json"}, - "trusted_issuers": []string{"https://cerberauth.com"}, + "trusted_issuers": []string{"https://oauth.cerberauth.com"}, "target_audience": []string{"https://api.cerberauth.com"}, }, } diff --git a/go.mod b/go.mod index 5777589..3076071 100644 --- a/go.mod +++ b/go.mod @@ -7,6 +7,7 @@ require ( github.com/bradleyjkemp/cupaloy/v2 v2.8.0 github.com/getkin/kin-openapi v0.120.0 github.com/hedhyw/rex v0.6.0 + github.com/jarcoal/httpmock v1.3.1 github.com/knadh/koanf/maps v0.1.1 github.com/knadh/koanf/parsers/yaml v0.1.0 github.com/knadh/koanf/providers/confmap v0.1.0 diff --git a/go.sum b/go.sum index 9d1975c..249a748 100644 --- a/go.sum +++ b/go.sum @@ -544,6 +544,8 @@ github.com/jackc/puddle v1.3.0/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dv github.com/jandelgado/gcov2lcov v1.0.4/go.mod h1:NnSxK6TMlg1oGDBfGelGbjgorT5/L3cchlbtgFYZSss= github.com/jandelgado/gcov2lcov v1.0.5 h1:rkBt40h0CVK4oCb8Dps950gvfd1rYvQ8+cWa346lVU0= github.com/jandelgado/gcov2lcov v1.0.5/go.mod h1:NnSxK6TMlg1oGDBfGelGbjgorT5/L3cchlbtgFYZSss= +github.com/jarcoal/httpmock v1.3.1 h1:iUx3whfZWVf3jT01hQTO/Eo5sAYtB2/rqaUuOtpInww= +github.com/jarcoal/httpmock v1.3.1/go.mod h1:3yb8rc4BI7TCBhFY8ng0gjuLKJNquuDNiPaZjnENuYg= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= @@ -647,6 +649,8 @@ github.com/mattn/go-sqlite3 v2.0.3+incompatible/go.mod h1:FPy6KqzDD04eiIsT53CuJW github.com/mattn/goveralls v0.0.6 h1:cr8Y0VMo/MnEZBjxNN/vh6G90SZ7IMb6lms1dzMoO+Y= github.com/mattn/goveralls v0.0.6/go.mod h1:h8b4ow6FxSPMQHF6o2ve3qsclnffZjYTNEKmLesRwqw= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= +github.com/maxatome/go-testdeep v1.12.0 h1:Ql7Go8Tg0C1D/uMMX59LAoYK7LffeJQ6X2T04nTH68g= +github.com/maxatome/go-testdeep v1.12.0/go.mod h1:lPZc/HAcJMP92l7yI6TRz1aZN5URwUBUAfUNvrclaNM= github.com/microcosm-cc/bluemonday v1.0.20/go.mod h1:yfBmMi8mxvaZut3Yytv+jTXRY8mxyjJ0/kQBTElld50= github.com/microcosm-cc/bluemonday v1.0.21 h1:dNH3e4PSyE4vNX+KlRGHT5KrSvjeUkoNPwEORjffHJg= github.com/microcosm-cc/bluemonday v1.0.21/go.mod h1:ytNkv4RrDrLJ2pqlsSI46O6IVXmZOBBD4SaJyDwwTkM= diff --git a/test/stub/petstore_openidconnect.openapi.json b/test/stub/petstore_openidconnect.openapi.json index 6ca6772..94dff68 100644 --- a/test/stub/petstore_openidconnect.openapi.json +++ b/test/stub/petstore_openidconnect.openapi.json @@ -1189,7 +1189,7 @@ "securitySchemes": { "petstore_auth": { "type": "openIdConnect", - "openIdConnectUrl": "https://project.console.ory.sh/.well-known/openid-configuration" + "openIdConnectUrl": "https://oauth.cerberauth.com/.well-known/openid-configuration" } } } diff --git a/test/stub/sample.openapi.json b/test/stub/sample.openapi.json index cef2455..0086322 100644 --- a/test/stub/sample.openapi.json +++ b/test/stub/sample.openapi.json @@ -117,7 +117,7 @@ "securitySchemes": { "openidconnect": { "type": "openIdConnect", - "openIdConnectUrl": "https://project.console.ory.sh/.well-known/openid-configuration" + "openIdConnectUrl": "https://oauth.cerberauth.com/.well-known/openid-configuration" } } } diff --git a/test/stub/simple_http_bearer_jwt.openapi.json b/test/stub/simple_http_bearer_jwt.openapi.json index 1828e16..51506fe 100644 --- a/test/stub/simple_http_bearer_jwt.openapi.json +++ b/test/stub/simple_http_bearer_jwt.openapi.json @@ -63,7 +63,7 @@ "scheme": "bearer", "bearerFormat": "JWT", "x-authenticator-jwks-uri": "https://oauth.cerberauth.com/.well-known/jwks.json", - "x-authenticator-issuer": "https://cerberauth.com", + "x-authenticator-issuer": "https://oauth.cerberauth.com", "x-authenticator-audience": "https://api.cerberauth.com" } } diff --git a/test/stub/simple_oauth2.openapi.json b/test/stub/simple_oauth2.openapi.json index 6cc9b9d..d06c7fe 100644 --- a/test/stub/simple_oauth2.openapi.json +++ b/test/stub/simple_oauth2.openapi.json @@ -65,7 +65,7 @@ "type": "oauth2", "flows": {}, "x-authenticator-jwks-uri": "https://oauth.cerberauth.com/.well-known/jwks.json", - "x-authenticator-issuer": "https://cerberauth.com", + "x-authenticator-issuer": "https://oauth.cerberauth.com", "x-authenticator-audience": "https://api.cerberauth.com" } } diff --git a/test/stub/simple_openidconnect.openapi.json b/test/stub/simple_openidconnect.openapi.json index ef9ebcf..92faf55 100644 --- a/test/stub/simple_openidconnect.openapi.json +++ b/test/stub/simple_openidconnect.openapi.json @@ -63,7 +63,7 @@ "securitySchemes": { "petstore_auth": { "type": "openIdConnect", - "openIdConnectUrl": "https://project.console.ory.sh/.well-known/openid-configuration" + "openIdConnectUrl": "https://oauth.cerberauth.com/.well-known/openid-configuration" } } } diff --git a/test/stub/simple_openidconnect_global.openapi.json b/test/stub/simple_openidconnect_global.openapi.json index 0a92fdf..a751ba1 100644 --- a/test/stub/simple_openidconnect_global.openapi.json +++ b/test/stub/simple_openidconnect_global.openapi.json @@ -117,7 +117,7 @@ "securitySchemes": { "petstore_auth": { "type": "openIdConnect", - "openIdConnectUrl": "https://project.console.ory.sh/.well-known/openid-configuration" + "openIdConnectUrl": "https://oauth.cerberauth.com/.well-known/openid-configuration" } } }