TestAzureAKPKIWithCoderd uses a fake IDP and a real Coderd to test PKI auth. nolint:bodyclose
(t *testing.T)
| 131 | // TestAzureAKPKIWithCoderd uses a fake IDP and a real Coderd to test PKI auth. |
| 132 | // nolint:bodyclose |
| 133 | func TestAzureAKPKIWithCoderd(t *testing.T) { |
| 134 | t.Parallel() |
| 135 | |
| 136 | scopes := []string{"openid", "email", "profile", "offline_access"} |
| 137 | fake := oidctest.NewFakeIDP(t, |
| 138 | oidctest.WithIssuer("https://login.microsoftonline.com/fake_app"), |
| 139 | oidctest.WithCustomClientAuth(func(t testing.TB, req *http.Request) (url.Values, error) { |
| 140 | values := assertJWTAuth(t, req) |
| 141 | if values == nil { |
| 142 | return nil, xerrors.New("authorizatin failed in request") |
| 143 | } |
| 144 | return values, nil |
| 145 | }), |
| 146 | oidctest.WithServing(), |
| 147 | oidctest.WithLogging(t, nil), |
| 148 | ) |
| 149 | cfg := fake.OIDCConfig(t, scopes, func(cfg *coderd.OIDCConfig) { |
| 150 | cfg.AllowSignups = true |
| 151 | }) |
| 152 | |
| 153 | oauthCfg := cfg.OAuth2Config.(*oauth2.Config) |
| 154 | // Create the oauthpki config |
| 155 | pki, err := oauthpki.NewOauth2PKIConfig(oauthpki.ConfigParams{ |
| 156 | ClientID: oauthCfg.ClientID, |
| 157 | TokenURL: oauthCfg.Endpoint.TokenURL, |
| 158 | Scopes: scopes, |
| 159 | PemEncodedKey: []byte(testClientKey), |
| 160 | PemEncodedCert: []byte(testClientCert), |
| 161 | Config: oauthCfg, |
| 162 | }) |
| 163 | require.NoError(t, err) |
| 164 | cfg.OAuth2Config = pki |
| 165 | |
| 166 | owner, _, api := coderdtest.NewWithAPI(t, &coderdtest.Options{ |
| 167 | OIDCConfig: cfg, |
| 168 | }) |
| 169 | |
| 170 | // Create a user and login |
| 171 | const email = "alice@coder.com" |
| 172 | claims := jwt.MapClaims{ |
| 173 | "email": email, |
| 174 | "sub": uuid.NewString(), |
| 175 | } |
| 176 | helper := oidctest.NewLoginHelper(owner, fake) |
| 177 | user, _ := helper.Login(t, claims) |
| 178 | |
| 179 | // Try refreshing the token more than once. |
| 180 | for i := 0; i < 2; i++ { |
| 181 | helper.ForceRefresh(t, api.Database, user, claims) |
| 182 | } |
| 183 | } |
| 184 | |
| 185 | // TestSavedAzureADPKIOIDC was created by capturing actual responses from an Azure |
| 186 | // AD instance and saving them to replay, removing some details. |
nothing calls this directly
no test coverage detected