Documentation
¶
Overview ¶
Package crpcauthtesting provides test helpers for stdcrpcauthfx that use real JWT signing and validation. A local JWKS server is started so the real authentication code path runs in tests.
Index ¶
Constants ¶
const ( // TestAudience is the audience claim used in test JWTs. TestAudience = "urn:test:audience" // TestKeyID is the key ID used for signing test JWTs. TestKeyID = "test-key" )
Variables ¶
var TestClockTime = time.Date(2026, 4, 1, 0, 0, 0, 0, time.UTC)
TestClockTime is the fixed wall-clock time used for JWT validation in tests.
Functions ¶
Types ¶
type TokenSigner ¶
type TokenSigner struct {
// contains filtered or unexported fields
}
TokenSigner signs JWTs using a test RSA key pair.
func NewJWKSServer ¶
func NewJWKSServer(tb testing.TB) (serverURL string, signer *TokenSigner)
NewJWKSServer starts a local JWKS httptest.Server and returns the server URL and a TokenSigner. The server is automatically closed when the test completes. The server URL can be used as TOKEN_ISSUER and the server serves the public key at /.well-known/jwks.json.
func (*TokenSigner) Sign ¶
Sign creates a signed JWT with the given subject and scopes (via the "scope" claim).
func (*TokenSigner) SignWithPermissions ¶ added in v0.0.219
func (s *TokenSigner) SignWithPermissions(tb testing.TB, subject string, permissions []string) string
SignWithPermissions creates a signed JWT with the given subject and permissions (via the "permissions" claim as a JSON array, matching the Auth0 SPA token format).
Source Files