New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create testing suite targeting `auth.js` in API #1524

Open

Matte22 opened this issue Feb 10, 2025 · 0 comments

Assignees

Labels

Collaborator

Matte22 commented Feb 10, 2025 •

edited

Loading

this discussion was started based on #1517

This should probably become its own new section of our tests directory structure.

We need to add tests in a CI workflow (via binaries) to bring up the API with specific environment values and validate how config.oauth.claims are handled. These tests should query the API to get some of these values back.
Ensure proper error handling when tokens fail at:
- jwt.decode()
- jwt.verify()

Test Cases:

Provide the API with a handcrafted invalid token and verify that it is correctly rejected.
Generate a valid JWT but set the exp (expiration) claim in the past.
Modify the kid field in the JWT header to a non-existent key.
Send tokens that lack required claims
Provide a valid token with incorrect or insufficient scopes? (not sure if this should be done)

The text was updated successfully, but these errors were encountered:

csmig added tests workflow labels

csmig assigned Matte22

cd-rite changed the title ~~Create testing suite for api authentication code~~ Create testing suite targeting auth.js in API

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment