oauthtest

package
v1.6.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 30, 2026 License: Apache-2.0, CC-BY-4.0, MIT Imports: 15 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type ClientCredentialsConfig added in v1.6.0 

type ClientCredentialsConfig struct {
	// Enabled controls whether the /token endpoint accepts
	// grant_type=client_credentials and returns an access token
	// if client authentication succeeds.
	Enabled bool
}

ClientCredentialsConfig configures support for the client_credentials grant type (RFC 6749 Section 4.4) on a FakeAuthorizationServer.

type ClientInfo 

type ClientInfo struct {
	Secret       string
	RedirectURIs []string
}

type Config 

type Config struct {
	// The optional path component of the issuer URL.
	// If non-empty, it should start with a "/". It should not end with a "/".
	// It affects the paths of the server endpoints.
	IssuerPath string
	// Configuration of the metadata endpoint.
	MetadataEndpointConfig *MetadataEndpointConfig
	// Configuration for client registration.
	RegistrationConfig *RegistrationConfig
	// JWTBearerConfig enables RFC 7523 JWT Bearer grant at the /token endpoint.
	// If non-nil, the server accepts grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer.
	JWTBearerConfig *JWTBearerConfig
	// ClientCredentialsConfig enables RFC 6749 Section 4.4 client credentials
	// grant at the /token endpoint.
	ClientCredentialsConfig *ClientCredentialsConfig
}

Config holds configuration for FakeAuthorizationServer.

type FakeAuthorizationServer 

type FakeAuthorizationServer struct {
	Mux *http.ServeMux
	// contains filtered or unexported fields
}

FakeAuthorizationServer is a fake OAuth 2.0 Authorization Server for testing.

func NewFakeAuthorizationServer 

func NewFakeAuthorizationServer(config Config) *FakeAuthorizationServer

NewFakeAuthorizationServer creates a new FakeAuthorizationServer. The server is simple and should not be used outside of testing. It supports: - Only the authorization Code Grant - PKCE verification - Client tracking & dynamic registration - Client authentication

func (*FakeAuthorizationServer) Start 

func (s *FakeAuthorizationServer) Start(t testing.TB)

Start starts the HTTP server and registers a cleanup function on t to close the server.

func (*FakeAuthorizationServer) URL 

func (s *FakeAuthorizationServer) URL() string

URL returns the base URL of the server (Issuer).

type FakeIdPServer added in v1.6.0 

type FakeIdPServer struct {
	// contains filtered or unexported fields
}

FakeIdPServer is a fake OIDC Identity Provider for testing. It supports:

  • OIDC discovery (/.well-known/openid-configuration)
  • Authorization Code Grant with PKCE
  • ID Token issuance (fake JWTs)
  • RFC 8693 Token Exchange (ID Token → ID-JAG), if configured

func NewFakeIdPServer added in v1.6.0 

func NewFakeIdPServer(config IdPConfig) *FakeIdPServer

NewFakeIdPServer creates a new FakeIdPServer.

func (*FakeIdPServer) Start added in v1.6.0 

func (s *FakeIdPServer) Start(t testing.TB)

Start starts the HTTP server and registers a cleanup function on t.

func (*FakeIdPServer) URL added in v1.6.0 

func (s *FakeIdPServer) URL() string

URL returns the base URL of the server (issuer).

type IdPConfig added in v1.6.0 

type IdPConfig struct {
	// PreregisteredClients maps client IDs to their info.
	PreregisteredClients map[string]ClientInfo

	// TokenExchangeConfig enables RFC 8693 token exchange at the /token endpoint.
	// If non-nil, the server accepts grant_type=urn:ietf:params:oauth:grant-type:token-exchange.
	TokenExchangeConfig *TokenExchangeConfig
}

IdPConfig holds configuration for FakeIdPServer.

type JWTBearerConfig added in v1.6.0 

type JWTBearerConfig struct {
	// ValidAssertions is the set of assertion values that are accepted.
	// If empty, any non-empty assertion is accepted.
	ValidAssertions []string
}

JWTBearerConfig configures support for the JWT Bearer grant type (RFC 7523) on a FakeAuthorizationServer.

type MetadataEndpointConfig 

type MetadataEndpointConfig struct {
	// Whether to serve the OAuth Authorization Server Metadata at
	// /.well-known/oauth-authorization-server + issuerPath.
	ServeOAuthInsertedEndpoint bool
	// Whether to serve the OAuth Authorization Server Metadata at
	// /.well-known/openid-configuration + issuerPath.
	ServeOpenIDInsertedEndpoint bool
	// Whether to serve the OAuth Authorization Server Metadata at
	// issuerPath + /.well-known/openid-configuration.
	// Should be used when issuerPath is not empty.
	ServeOpenIDAppendedEndpoint bool
}

type RegistrationConfig 

type RegistrationConfig struct {
	// Whether the client ID metadata document is supported.
	ClientIDMetadataDocumentSupported bool
	// PreregisteredClients is a map of valid ClientIDs to ClientSecrets.
	PreregisteredClients map[string]ClientInfo
	// Whether dynamic client registration is enabled.
	DynamicClientRegistrationEnabled bool
}

type TokenExchangeConfig added in v1.6.0 

type TokenExchangeConfig struct {
	// IDJAGToken is the ID-JAG value returned from token exchange.
	// Defaults to "test-id-jag-token" if empty.
	IDJAGToken string
}

TokenExchangeConfig configures RFC 8693 token exchange support on a FakeIdPServer.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.