feat: merge the verifier types (#336)

BREAKING CHANGE: - The various verifier types are merged into a oidc.Verifir. - oidc.Verfier became a struct with exported fields * use type aliases for oidc.Verifier this binds the correct contstructor to each verifier usecase. * fix: handle the zero cases for oidc.Time * add unit tests to oidc verifier * fix: correct returned field for JWTTokenRequest JWTTokenRequest.GetIssuedAt() was returning the ExpiresAt field. This change corrects that by returning IssuedAt instead.
2023-03-22 19:18:41 +02:00 · 2023-03-22 19:18:41 +02:00 · 33c716ddcf
commit 33c716ddcf
parent c8cf15e266
29 changed files with 948 additions and 351 deletions
--- a/pkg/op/auth_request_test.go
+++ b/pkg/op/auth_request_test.go
@ -12,6 +12,7 @@ import (
 	"github.com/gorilla/schema"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+	tu "github.com/zitadel/oidc/v3/internal/testutil"
 	httphelper "github.com/zitadel/oidc/v3/pkg/http"
 	"github.com/zitadel/oidc/v3/pkg/oidc"
 	"github.com/zitadel/oidc/v3/pkg/op"
@ -146,7 +147,7 @@ func TestValidateAuthRequest(t *testing.T) {
 	type args struct {
 		authRequest *oidc.AuthRequest
 		storage     op.Storage
-		verifier    op.IDTokenHintVerifier
+		verifier    *op.IDTokenHintVerifier
 	}
 	tests := []struct {
 		name    string
@ -1003,3 +1004,34 @@ func Test_parseAuthorizeCallbackRequest(t *testing.T) {
 		})
 	}
 }
+
+func TestValidateAuthReqIDTokenHint(t *testing.T) {
+	token, _ := tu.ValidIDToken()
+	tests := []struct {
+		name        string
+		idTokenHint string
+		want        string
+		wantErr     error
+	}{
+		{
+			name: "empty",
+		},
+		{
+			name:        "verify err",
+			idTokenHint: "foo",
+			wantErr:     oidc.ErrLoginRequired(),
+		},
+		{
+			name:        "ok",
+			idTokenHint: token,
+			want:        tu.ValidSubject,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := op.ValidateAuthReqIDTokenHint(context.Background(), tt.idTokenHint, op.NewIDTokenHintVerifier(tu.ValidIssuer, tu.KeySet{}))
+			require.ErrorIs(t, err, tt.wantErr)
+			assert.Equal(t, tt.want, got)
+		})
+	}
+}