42 lines
1.1 KiB
Rust
42 lines
1.1 KiB
Rust
use axum::{Router, routing::get};
|
|
use uuid::Uuid;
|
|
|
|
#[tokio::test]
|
|
async fn jwks_endpoint_allows_rs256_verification_via_auth_kit() {
|
|
let app = Router::new().route(
|
|
"/.well-known/jwks.json",
|
|
get(iam_service::presentation::http::handlers::jwks::jwks_handler),
|
|
);
|
|
|
|
let listener = tokio::net::TcpListener::bind("127.0.0.1:0").await.unwrap();
|
|
let addr = listener.local_addr().unwrap();
|
|
let base_url = format!("http://{}", addr);
|
|
|
|
let handle = tokio::spawn(async move {
|
|
axum::serve(listener, app).await.unwrap();
|
|
});
|
|
|
|
let token = iam_service::utils::sign(
|
|
Uuid::new_v4(),
|
|
Uuid::new_v4(),
|
|
vec!["Admin".to_string()],
|
|
vec!["tenant:read".to_string()],
|
|
vec![],
|
|
0,
|
|
)
|
|
.unwrap();
|
|
|
|
let cfg = auth_kit::jwt::JwtVerifyConfig::rs256_from_jwks(
|
|
"iam-service",
|
|
&format!("{}/.well-known/jwks.json", base_url),
|
|
)
|
|
.unwrap();
|
|
|
|
let claims = auth_kit::jwt::verify(&token, &cfg).await.unwrap();
|
|
assert_eq!(claims.iss, "iam-service");
|
|
assert!(!claims.sub.is_empty());
|
|
assert!(!claims.tenant_id.is_empty());
|
|
|
|
handle.abort();
|
|
}
|