Skip to content

Commit

Permalink
add tests
Browse files Browse the repository at this point in the history
  • Loading branch information
@Revolyssup
Revolyssup committed Feb 28, 2025
1 parent 4b1a69d commit b672a8b
Show file tree
Hide file tree
Showing 2 changed files with 103 additions and 0 deletions.
1 change: 1 addition & 0 deletions apisix/plugins/openid-connect.lua
View file
Original file line number Diff line number Diff line change
Expand Up @@ -394,6 +394,7 @@ local function introspect(ctx, conf)
if discovery_err then
core.log.warn("OIDC access discovery url failed : ", discovery_err)
else
core.log.info("valid_issuers not provided, using issuer from discovery doc: ", discovery.issuer)
valid_issuers = {discovery.issuer}
end
end
Expand Down
102 changes: 102 additions & 0 deletions t/plugin/openid-connect7.t
View file
Original file line number Diff line number Diff line change
Expand Up @@ -322,3 +322,105 @@ true
qr/token validate successfully by \w+/
--- grep_error_log_out
token validate successfully by jwks
=== TEST 7: Update plugin with ID provider jwks endpoint for token verification with valid issuer in discovery endpoint.
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin").test
local code, body = t('/apisix/admin/routes/1',
ngx.HTTP_PUT,
[[{
"plugins": {
"openid-connect": {
"client_id": "dummy",
"client_secret": "dummy",
"discovery": "http://127.0.0.1:8089/realms/University/.well-known/openid-configuration",
"redirect_uri": "http://localhost:3000",
"ssl_verify": false,
"timeout": 10,
"bearer_only": true,
"use_jwks": true,
"realm": "University"
}
},
"upstream": {
"nodes": {
"127.0.0.1:1980": 1
},
"type": "roundrobin"
},
"uri": "/hello"
}]]
)
if code >= 300 then
ngx.status = code
end
ngx.say(body)
}
}
--- response_body
passed
=== TEST 8: Obtain valid token and access route with it. Use valid_issuer from discovery endpoint.
--- http_config
server {
listen 8089;
location /realms/University/.well-known/openid-configuration {
content_by_lua_block {
ngx.say([[
{
"issuer": "http://127.0.0.1:8089/realms/University",
"jwks_uri": "http://127.0.0.1:8089/realms/University/protocol/openid-connect/certs",
"response_types_supported": ["id_token"],
"subject_types_supported": ["public"],
"id_token_signing_alg_values_supported": ["RS256"]
}]])
}
}
}
--- config
location /t {
content_by_lua_block {
-- Obtain valid access token from Keycloak using known username and password.
local json_decode = require("toolkit.json").decode
local http = require "resty.http"
local httpc = http.new()
local uri = "http://127.0.0.1:8080/realms/University/protocol/openid-connect/token"
local res, err = httpc:request_uri(uri, {
method = "POST",
body = "grant_type=password&client_id=course_management&client_secret=d1ec69e9-55d2-4109-a3ea-befa071579d5&[email protected]&password=123456",
headers = {
["Content-Type"] = "application/x-www-form-urlencoded"
}
})
-- Check response from keycloak and fail quickly if there's no response.
if not res then
ngx.say(err)
return
end
-- Get access token from JSON response body.
local body = json_decode(res.body)
local accessToken = body["access_token"]
-- Access route using access token. Should work.
uri = "http://127.0.0.1:" .. ngx.var.server_port .. "/hello"
local res, err = httpc:request_uri(uri, {
method = "GET",
headers = {
["Authorization"] = "Bearer " .. body["access_token"]
}
})
}
}
--- error_log
valid_issuers not provided, using issuer from discovery doc: http://127.0.0.1:8089/realms/University

0 comments on commit b672a8b

Please sign in to comment.