refactor: verify the id token on every request

author: mo khan <mo@mokhan.ca> 2025-04-16 17:01:39 -0600
committer: mo khan <mo@mokhan.ca> 2025-04-16 17:01:39 -0600
commit: 0b29a5a4ca71870ab138687e2fc71d6bce2754db (patch)
tree: 0c8897d6efd734b620eab22e8f86e7e9b4d202ea /pkg/test
parent: 9e83b4b2e95254ba51c66ed15f400d3bec5712f1 (diff)
1 files changed, 61 insertions, 0 deletions
diff --git a/pkg/test/oidc_server.go b/pkg/test/oidc_server.go
new file mode 100644
index 0000000..142d143
--- /dev/null
+++ b/pkg/test/oidc_server.go
@@ -0,0 +1,61 @@
+package test
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"time"
+
+	"github.com/xlgmokha/x/pkg/serde"
+)
+
+func OIDCServer() *httptest.Server {
+	srv := httptest.NewServer(nil)
+	srv.Config = &http.Server{
+		Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			switch r.URL.Path {
+			case "/.well-known/openid-configuration":
+				metadata := map[string]interface{}{
+					"authorization_endpoint":                srv.URL + "/oauth/authorize",
+					"claims_supported":                      []string{"aud"},
+					"code_challenge_methods_supported":      []string{"plain"},
+					"device_authorization_endpoint":         srv.URL + "/device/authorize",
+					"id_token_signing_alg_values_supported": []string{"RS256"},
+					"issuer":                                srv.URL,
+					"jwks_uri":                              srv.URL + "/jwks",
+					"mfa_challenge_endpoint":                srv.URL + "/mfa",
+					"registration_endpoint":                 srv.URL + "/users/new",
+					"request_uri_parameter_supported":       false,
+					"response_modes_supported":              []string{"query"},
+					"response_types_supported":              []string{"code"},
+					"revocation_endpoint":                   srv.URL + "/revoke",
+					"scopes_supported":                      []string{"oidc"},
+					"subject_types_supported":               []string{"public"},
+					"token_endpoint":                        srv.URL + "/token",
+					"token_endpoint_auth_methods_supported": []string{"client_secret_post"},
+					"userinfo_endpoint":                     srv.URL + "/users/me",
+				}
+
+				serde.ToJSON(w, metadata)
+			case "/token":
+				if err := r.ParseForm(); err != nil {
+					w.WriteHeader(http.StatusBadRequest)
+					return
+				}
+				if r.Form["grant_type"][0] == "authorization_code" && r.Form["code"][0] == "code" {
+					w.Header().Add("Content-Type", "application/json")
+					serde.ToJSON(w, map[string]string{
+						"access_token":  "14fa6e71afaabbe5e31ef2b47ccab7ca7a3c26f8dfdb74acce3eca30099af028",
+						"token_type":    "Bearer",
+						"refresh_token": "365b261d4b25ba37e7c1e14e6501902aeecfb7fffc4602c44d6ac22b4c715b0f",
+						// "expiry":        "2025-04-15T19:16:38.78960504-06:00"
+						"expiry":   time.Now().Add(1 * time.Hour).Format(time.RFC3339),
+						"id_token": "eyJ0eXAiOiJKV1QiLCJraWQiOiJ0ZDBTbWRKUTRxUGg1cU5Lek0yNjBDWHgyVWgtd2hHLU1Eam9PS1dmdDhFIiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJodHRwOi8vZ2RrLnRlc3Q6MzAwMCIsInN1YiI6IjEiLCJhdWQiOiJlMzFlMWRhMGI4ZjZiNmUzNWNhNzBjNzkwYjEzYzA0MDZlNDRhY2E2YjJiZjY3ZjU1ZGU3MzU1YTk3OWEyMjRmIiwiZXhwIjoxNzQ0NzM3NDI3LCJpYXQiOjE3NDQ3MzczMDcsImF1dGhfdGltZSI6MTc0NDczNDY0OSwic3ViX2xlZ2FjeSI6IjI0NzRjZjBiMjIxMTY4OGE1NzI5N2FjZTBlMjYwYTE1OTQ0NzU0ZDE2YjFiZDQyYzlkNjc3OWM5MDAzNjc4MDciLCJuYW1lIjoiQWRtaW5pc3RyYXRvciIsIm5pY2tuYW1lIjoicm9vdCIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QiLCJlbWFpbCI6ImFkbWluQGV4YW1wbGUuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsInByb2ZpbGUiOiJodHRwOi8vZ2RrLnRlc3Q6MzAwMC9yb290IiwicGljdHVyZSI6Imh0dHBzOi8vd3d3LmdyYXZhdGFyLmNvbS9hdmF0YXIvMjU4ZDhkYzkxNmRiOGNlYTJjYWZiNmMzY2QwY2IwMjQ2ZWZlMDYxNDIxZGJkODNlYzNhMzUwNDI4Y2FiZGE0Zj9zPTgwJmQ9aWRlbnRpY29uIiwiZ3JvdXBzX2RpcmVjdCI6WyJ0b29sYm94IiwiZ2l0bGFiLW9yZyIsImdudXdnZXQiLCJDb21taXQ0NTEiLCJqYXNoa2VuYXMiLCJmbGlnaHRqcyIsInR3aXR0ZXIiLCJnaXRsYWItZXhhbXBsZXMiLCJnaXRsYWItZXhhbXBsZXMvc2VjdXJpdHkiLCI0MTI3MDgiLCJnaXRsYWItZXhhbXBsZXMvZGVtby1ncm91cCIsImN1c3RvbS1yb2xlcy1yb290LWdyb3VwIiwiNDM0MDQ0LWdyb3VwLTEiLCI0MzQwNDQtZ3JvdXAtMiIsImdpdGxhYi1vcmcxIiwiZ2l0bGFiLW9yZy9zZWN1cmUiLCJnaXRsYWItb3JnL3NlY3VyZS9tYW5hZ2VycyIsImdpdGxhYi1vcmcvc2VjdXJpdHktcHJvZHVjdHMiLCJnaXRsYWItb3JnL3NlY3VyaXR5LXByb2R1Y3RzL2FuYWx5emVycyIsImN1c3RvbS1yb2xlcy1yb290LWdyb3VwL2FhIiwiY3VzdG9tLXJvbGVzLXJvb3QtZ3JvdXAvYWEvYWFhIiwibWFzc19pbnNlcnRfZ3JvdXBfXzBfMTAwIl19.SZu_l7tQ2Kkeogq0z8cRaDWPfv52JTo-RkiExbnud_lrfrXXneS77BIzaGKX_bzq4SM_oO_Q63AzK66B1r6Gp7ACo4DjOUEIWETg7ZBKcDzEZnresB7kmI_MJ5rfIJTmnH75GOfc_pl5l8T896TbaShN6zSpaXXIVEfhyUrflSWb4hhA7Hbwy2b6laXiaDv0qpcn1udPVYMTsll8I5ni_2yzuEPSVRgrcQoQ46OwVDZIi9tlfdT2qNVjH6FxJ3mkBcxtIVjf3_JYAawFEscg2uvQYwFWj9T6LleMknAh3QFJJMrS6mPqlXJGPUE5pTQgsBInfEikfm9PXxezA-IY6g",
+					})
+				}
+			default:
+				w.WriteHeader(http.StatusNotFound)
+			}
+		}),
+	}
+	return srv
+}
author	mo khan <mo@mokhan.ca>	2025-04-16 17:01:39 -0600
committer	mo khan <mo@mokhan.ca>	2025-04-16 17:01:39 -0600
commit	0b29a5a4ca71870ab138687e2fc71d6bce2754db (patch)
tree	0c8897d6efd734b620eab22e8f86e7e9b4d202ea /pkg/test
parent	9e83b4b2e95254ba51c66ed15f400d3bec5712f1 (diff)