helpers

package
v0.34.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 7, 2026 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Overview

Package helpers provides test utilities for auth server integration tests.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetFreePort

func GetFreePort(tb testing.TB) int

GetFreePort returns an available TCP port on localhost.

func NewEmbeddedAuthServer

func NewEmbeddedAuthServer(
	ctx context.Context,
	tb testing.TB,
	cfg *authserver.RunConfig,
) *authserverrunner.EmbeddedAuthServer

NewEmbeddedAuthServer creates an embedded auth server for testing. Returns the server and handles cleanup on test completion.

func NewOAuth2Upstream added in v0.34.0

func NewOAuth2Upstream(name, upstreamURL string) authserver.UpstreamRunConfig

NewOAuth2Upstream builds an OAuth2 upstream run config pointing at the given mock upstream base URL. It has no userinfo endpoint, so the auth server resolves a synthetic identity for it — sufficient for exercising chain traversal.

func NewTestAuthServerConfig

func NewTestAuthServerConfig(tb testing.TB, upstreamURL string, opts ...AuthServerOption) *authserver.RunConfig

NewTestAuthServerConfig creates a minimal valid RunConfig for testing. Uses development mode defaults (ephemeral signing keys, ephemeral HMAC secrets).

Types

type AuthServerOption

type AuthServerOption func(*authServerConfig)

AuthServerOption is a functional option for configuring a test auth server.

func WithBaselineClientScopes added in v0.27.2

func WithBaselineClientScopes(scopes []string) AuthServerOption

WithBaselineClientScopes sets the baseline client scopes that are unioned into every DCR registration response regardless of what the client requested.

func WithScopesSupported

func WithScopesSupported(scopes []string) AuthServerOption

WithScopesSupported sets the supported scopes.

func WithSigningKey

func WithSigningKey(cfg *authserver.SigningKeyRunConfig) AuthServerOption

WithSigningKey sets the signing key configuration.

func WithUpstreams

func WithUpstreams(upstreams []authserver.UpstreamRunConfig) AuthServerOption

WithUpstreams overrides the default single test upstream with an explicit, ordered list of upstream providers. Used to exercise multi-upstream authorization chains.

type MockUpstreamIDP

type MockUpstreamIDP struct {
	Server           *httptest.Server
	AuthorizeHandler func(w http.ResponseWriter, r *http.Request)
	TokenHandler     func(w http.ResponseWriter, r *http.Request)
	UserInfoHandler  func(w http.ResponseWriter, r *http.Request)
	// contains filtered or unexported fields
}

MockUpstreamIDP creates a mock OAuth2/OIDC upstream identity provider. It provides minimal endpoints needed for testing the auth server integration.

func NewMockUpstreamIDP

func NewMockUpstreamIDP(tb testing.TB, opts ...MockUpstreamOption) *MockUpstreamIDP

NewMockUpstreamIDP creates a mock upstream IDP for testing. The server is automatically started and will be ready when this function returns.

func (*MockUpstreamIDP) URL

func (m *MockUpstreamIDP) URL() string

URL returns the base URL of the mock upstream.

type MockUpstreamOption

type MockUpstreamOption func(*MockUpstreamIDP)

MockUpstreamOption is a functional option for configuring the mock upstream.

type OAuthClient

type OAuthClient struct {
	// contains filtered or unexported fields
}

OAuthClient provides helper methods for testing OAuth flows.

func NewOAuthClient

func NewOAuthClient(baseURL string) *OAuthClient

NewOAuthClient creates an HTTP client configured for OAuth testing. The client does NOT follow redirects automatically, allowing tests to verify redirect behavior.

func (*OAuthClient) Callback added in v0.34.0

func (c *OAuthClient) Callback(code, state string) (*http.Response, error)

Callback drives the upstream callback leg: GET /oauth/callback with the given code and internal state. The client does not follow redirects, so the returned response exposes what the server issues — an onward redirect to the next upstream, or a redirect back to the client with an authorization code.

func (*OAuthClient) ExchangeToken

func (c *OAuthClient) ExchangeToken(params url.Values) (map[string]interface{}, int, error)

ExchangeToken performs a token exchange at the token endpoint.

func (*OAuthClient) GetJWKS

func (c *OAuthClient) GetJWKS() (map[string]interface{}, int, error)

GetJWKS fetches the JWKS endpoint and returns the parsed response.

func (*OAuthClient) GetOAuthDiscovery

func (c *OAuthClient) GetOAuthDiscovery() (map[string]interface{}, int, error)

GetOAuthDiscovery fetches the OAuth Authorization Server Metadata endpoint.

func (*OAuthClient) GetOIDCDiscovery

func (c *OAuthClient) GetOIDCDiscovery() (map[string]interface{}, int, error)

GetOIDCDiscovery fetches the OIDC Discovery endpoint.

func (*OAuthClient) RegisterClient

func (c *OAuthClient) RegisterClient(clientMetadata map[string]interface{}) (map[string]interface{}, int, error)

RegisterClient performs dynamic client registration.

func (*OAuthClient) StartAuthorization

func (c *OAuthClient) StartAuthorization(params url.Values) (*http.Response, error)

StartAuthorization initiates the OAuth authorization flow. Returns the HTTP response including the redirect location.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL