Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement JWT structure and logic for ID token in the provider mock #162

Merged
merged 3 commits into from
Oct 10, 2024

Conversation

denisonbarbosa
Copy link
Member

This implements the /key endpoint for the provider and also reworks the ID token generation in the tests to resemble the "real" ones. By doing this, we are better covered in our tests. More detailed explanations can be seen in the commit messages.

UDENG-3724

@denisonbarbosa denisonbarbosa marked this pull request as ready for review September 19, 2024 12:17
@denisonbarbosa denisonbarbosa requested a review from a team as a code owner September 19, 2024 12:17
Copy link
Collaborator

@3v1n0 3v1n0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice one, I like when tests are closer to reality!

Just few nits, but all good on my side

@adombeck
Copy link
Contributor

adombeck commented Oct 2, 2024

We used to ignore the JWT format in the tests, so we could manually
write the ID Token. Now that we decided to implement the JWT logic
also

I'm missing the context here. Why do we implement JWT logic now?

@adombeck
Copy link
Contributor

adombeck commented Oct 2, 2024

This is one of the key (pun intended) endpoints of an OIDC provider. It
returns the required keys for decripting some of the payloads. We only
care about the JWK needed to decrypt the tokens, so it only returns that
one.

s/decripting/decrypting

@denisonbarbosa
Copy link
Member Author

We used to ignore the JWT format in the tests, so we could manually
write the ID Token. Now that we decided to implement the JWT logic
also

I'm missing the context here. Why do we implement JWT logic now?

Because this is the format used by OIDC to validate and safeguard the ID tokens. We used to ignore it to make our life easier when creating the mock tokens, but it's better to have our code closer to reality.

We used to ignore the JWT format in the tests, so we could manually
write the ID Token. Now that we decided to implement the JWT logic
also, the ID token structure becomes more complex:

{header}.{payload}.{signature_string}

To avoid generating all of this manually, it's better to switch to a
package that already handles this parsing with the right encryption and
encoding.
This is one of the key (pun intended) endpoints of an OIDC provider. It
returns the required keys for decrypting some of the payloads. We only
care about the JWK needed to decrypt the tokens, so it only returns that
one.
Now that the mock respects the JWT format and safety, we no longer need
this option in the tests, so it should be removed.
@denisonbarbosa denisonbarbosa merged commit fb96382 into main Oct 10, 2024
4 checks passed
@denisonbarbosa denisonbarbosa deleted the mock-jwt branch October 10, 2024 12:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants