Allow Clock Skew for Zitadel CT tests (#355)

erlef · Jun 12, 2024 · fa872d4 · fa872d4
1 parent 3b12c8a
commit fa872d4
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 0 deletions.
diff --git a/test/oidcc/token_test.exs b/test/oidcc/token_test.exs
@@ -46,6 +46,9 @@ defmodule Oidcc.TokenTest do
     System.put_env("CLIENT_CREDENTIALS_CLIENT_SECRET", @client_credentials_client_secret)
     System.put_env("JWT_PROFILE", @jwt_profile)
 
+    # Allow minimal clock skew for Zitadel
+    Application.put_env(:oidcc, :max_clock_skew, 5)
+
     :ok
   end
 

diff --git a/test/oidcc_SUITE.erl b/test/oidcc_SUITE.erl
@@ -161,6 +161,7 @@ retrieve_jwt_profile_token(_Config) ->
     KeyMap = jose:decode(KeyJson),
     Key = jose_jwk:from_pem(maps:get(<<"key">>, KeyMap)),
 
+    application:set_env(oidcc, max_clock_skew, 10),
     ?assertMatch(
         {ok, _},
         oidcc:jwt_profile_token(
@@ -175,6 +176,7 @@ retrieve_jwt_profile_token(_Config) ->
             }
         )
     ),
+    application:unset_env(oidcc, max_clock_skew),
 
     ok.
 

diff --git a/test/oidcc_test.exs b/test/oidcc_test.exs
@@ -33,6 +33,9 @@ defmodule OidccTest do
     System.put_env("CLIENT_CREDENTIALS_CLIENT_SECRET", @client_credentials_client_secret)
     System.put_env("JWT_PROFILE", @jwt_profile)
 
+    # Allow minimal clock skew for Zitadel
+    Application.put_env(:oidcc, :max_clock_skew, 5)
+
     :ok
   end
 

diff --git a/test/oidcc_token_SUITE.erl b/test/oidcc_token_SUITE.erl
@@ -100,6 +100,7 @@ retrieves_client_credentials_token(_Config) ->
         ZitadelClientCredentialsClientSecret
     ),
 
+    application:set_env(oidcc, max_clock_skew, 10),
     ?assertMatch(
         {error, {grant_type_not_supported, client_credentials}},
         oidcc_token:client_credentials(SalesforceClientContext, #{})
@@ -111,6 +112,7 @@ retrieves_client_credentials_token(_Config) ->
             scope => [<<"openid">>, <<"profile">>]
         })
     ),
+    application:unset_env(oidcc, max_clock_skew),
 
     ok.
 
@@ -137,6 +139,7 @@ validates_access_token(_Config) ->
         ZitadelClientCredentialsClientSecret
     ),
 
+    application:set_env(oidcc, max_clock_skew, 10),
     {ok, Token} = oidcc_token:client_credentials(ZitadelClientContext, #{
         scope => [<<"openid">>, <<"profile">>]
     }),
@@ -149,5 +152,6 @@ validates_access_token(_Config) ->
         }},
         oidcc_token:validate_jwt(AccessToken, ZitadelClientContext, #{signing_algs => [<<"RS256">>]})
     ),
+    application:unset_env(oidcc, max_clock_skew),
 
     ok.