authenticateBearerTokenRequest enforces the access token is valid.
(t testing.TB, req *http.Request)
| 857 | |
| 858 | // authenticateBearerTokenRequest enforces the access token is valid. |
| 859 | func (f *FakeIDP) authenticateBearerTokenRequest(t testing.TB, req *http.Request) (string, error) { |
| 860 | t.Helper() |
| 861 | |
| 862 | auth := req.Header.Get("Authorization") |
| 863 | token := strings.TrimPrefix(auth, "Bearer ") |
| 864 | authToken, ok := f.accessTokens.Load(token) |
| 865 | if !ok { |
| 866 | return "", xerrors.New("invalid access token") |
| 867 | } |
| 868 | |
| 869 | if !authToken.exp.IsZero() && authToken.exp.Before(time.Now()) { |
| 870 | return "", xerrors.New("access token expired") |
| 871 | } |
| 872 | |
| 873 | return token, nil |
| 874 | } |
| 875 | |
| 876 | // authenticateOIDCClientRequest enforces the client_id and client_secret are valid. |
| 877 | func (f *FakeIDP) authenticateOIDCClientRequest(t testing.TB, req *http.Request) (url.Values, error) { |