assertJWTAuth will assert the basic JWT auth assertions. It will return the url.Values from the request body for any additional assertions to be made.
(t testing.TB, r *http.Request)
| 329 | // assertJWTAuth will assert the basic JWT auth assertions. It will return the |
| 330 | // url.Values from the request body for any additional assertions to be made. |
| 331 | func assertJWTAuth(t testing.TB, r *http.Request) url.Values { |
| 332 | body, err := io.ReadAll(r.Body) |
| 333 | if !assert.NoError(t, err) { |
| 334 | return nil |
| 335 | } |
| 336 | vals, err := url.ParseQuery(string(body)) |
| 337 | if !assert.NoError(t, err) { |
| 338 | return nil |
| 339 | } |
| 340 | |
| 341 | assert.Equal(t, "urn:ietf:params:oauth:client-assertion-type:jwt-bearer", vals.Get("client_assertion_type")) |
| 342 | jwtToken := vals.Get("client_assertion") |
| 343 | // No need to actually verify the jwt is signed right. |
| 344 | parsedToken, _, err := (&jwt.Parser{}).ParseUnverified(jwtToken, jwt.MapClaims{}) |
| 345 | if !assert.NoError(t, err, "failed to parse jwt token") { |
| 346 | return nil |
| 347 | } |
| 348 | |
| 349 | // Azure requirements |
| 350 | assert.NotEmpty(t, parsedToken.Header["x5t"], "hashed cert missing") |
| 351 | assert.Equal(t, "RS256", parsedToken.Header["alg"], "azure only accepts RS256") |
| 352 | assert.Equal(t, "JWT", parsedToken.Header["typ"], "azure only accepts JWT") |
| 353 | |
| 354 | return vals |
| 355 | } |
no test coverage detected