authenticateOIDCClientRequest enforces the client_id and client_secret are valid.
(t testing.TB, req *http.Request)
| 875 | |
| 876 | // authenticateOIDCClientRequest enforces the client_id and client_secret are valid. |
| 877 | func (f *FakeIDP) authenticateOIDCClientRequest(t testing.TB, req *http.Request) (url.Values, error) { |
| 878 | t.Helper() |
| 879 | |
| 880 | if f.hookAuthenticateClient != nil { |
| 881 | return f.hookAuthenticateClient(t, req) |
| 882 | } |
| 883 | |
| 884 | data, err := io.ReadAll(req.Body) |
| 885 | if !assert.NoError(t, err, "read token request body") { |
| 886 | return nil, xerrors.Errorf("authenticate request, read body: %w", err) |
| 887 | } |
| 888 | values, err := url.ParseQuery(string(data)) |
| 889 | if !assert.NoError(t, err, "parse token request values") { |
| 890 | return nil, xerrors.New("invalid token request") |
| 891 | } |
| 892 | |
| 893 | if !assert.Equal(t, f.clientID, values.Get("client_id"), "client_id mismatch") { |
| 894 | return nil, xerrors.New("client_id mismatch") |
| 895 | } |
| 896 | |
| 897 | if !assert.Equal(t, f.clientSecret, values.Get("client_secret"), "client_secret mismatch") { |
| 898 | return nil, xerrors.New("client_secret mismatch") |
| 899 | } |
| 900 | |
| 901 | return values, nil |
| 902 | } |
| 903 | |
| 904 | // encodeClaims is a helper func to convert claims to a valid JWT. |
| 905 | func (f *FakeIDP) encodeClaims(t testing.TB, claims jwt.MapClaims) string { |