encodeClaims is a helper func to convert claims to a valid JWT.
(t testing.TB, claims jwt.MapClaims)
| 903 | |
| 904 | // encodeClaims is a helper func to convert claims to a valid JWT. |
| 905 | func (f *FakeIDP) encodeClaims(t testing.TB, claims jwt.MapClaims) string { |
| 906 | t.Helper() |
| 907 | |
| 908 | if _, ok := claims["exp"]; !ok { |
| 909 | claims["exp"] = time.Now().Add(time.Hour).UnixMilli() |
| 910 | } |
| 911 | |
| 912 | if _, ok := claims["aud"]; !ok { |
| 913 | claims["aud"] = f.clientID |
| 914 | } |
| 915 | |
| 916 | if _, ok := claims["iss"]; !ok { |
| 917 | claims["iss"] = f.locked.Issuer() |
| 918 | } |
| 919 | |
| 920 | // Default email_verified to true so that tests that do not care |
| 921 | // about the email_verified flow are not forced to set it. |
| 922 | // Tests that need a different value can set it explicitly. |
| 923 | // Use WithOmitEmailVerifiedDefault() to suppress this default |
| 924 | // for tests that need to exercise the absent-claim path. |
| 925 | if !f.omitEmailVerifiedDefault { |
| 926 | if _, ok := claims["email_verified"]; !ok { |
| 927 | claims["email_verified"] = true |
| 928 | } |
| 929 | } |
| 930 | |
| 931 | signed, err := jwt.NewWithClaims(jwt.SigningMethodRS256, claims).SignedString(f.locked.PrivateKey()) |
| 932 | require.NoError(t, err) |
| 933 | |
| 934 | return signed |
| 935 | } |
| 936 | |
| 937 | // httpHandler is the IDP http server. |
| 938 | func (f *FakeIDP) httpHandler(t testing.TB) http.Handler { |
no test coverage detected