MCPcopy Create free account
hub / github.com/coder/coder / assertJWTAuth

Function assertJWTAuth

coderd/oauthpki/okidcpki_test.go:331–355  ·  view source on GitHub ↗

assertJWTAuth will assert the basic JWT auth assertions. It will return the url.Values from the request body for any additional assertions to be made.

(t testing.TB, r *http.Request)

Source from the content-addressed store, hash-verified

329// assertJWTAuth will assert the basic JWT auth assertions. It will return the
330// url.Values from the request body for any additional assertions to be made.
331func assertJWTAuth(t testing.TB, r *http.Request) url.Values {
332 body, err := io.ReadAll(r.Body)
333 if !assert.NoError(t, err) {
334 return nil
335 }
336 vals, err := url.ParseQuery(string(body))
337 if !assert.NoError(t, err) {
338 return nil
339 }
340
341 assert.Equal(t, "urn:ietf:params:oauth:client-assertion-type:jwt-bearer", vals.Get("client_assertion_type"))
342 jwtToken := vals.Get("client_assertion")
343 // No need to actually verify the jwt is signed right.
344 parsedToken, _, err := (&jwt.Parser{}).ParseUnverified(jwtToken, jwt.MapClaims{})
345 if !assert.NoError(t, err, "failed to parse jwt token") {
346 return nil
347 }
348
349 // Azure requirements
350 assert.NotEmpty(t, parsedToken.Header["x5t"], "hashed cert missing")
351 assert.Equal(t, "RS256", parsedToken.Header["alg"], "azure only accepts RS256")
352 assert.Equal(t, "JWT", parsedToken.Header["typ"], "azure only accepts JWT")
353
354 return vals
355}

Callers 3

TestAzureADPKIOIDCFunction · 0.85
TestAzureAKPKIWithCoderdFunction · 0.85
TestSavedAzureADPKIOIDCFunction · 0.85

Calls 4

NotEmptyMethod · 0.80
GetMethod · 0.65
ReadAllMethod · 0.45
EqualMethod · 0.45

Tested by

no test coverage detected