From 485b0a69152bee433e9aa27aa1b85544d5518f59 Mon Sep 17 00:00:00 2001 From: wangsijie Date: Fri, 12 Jul 2024 14:56:11 +0800 Subject: [PATCH] test: add resource test cases for token exchange (#6216) * feat(core): handle dpop and client certificate for token exchange * refactor(core): refactor organizations in grants * test: add resource test cases for token exchange --- .../src/tests/api/oidc/token-exchange.test.ts | 41 +++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/packages/integration-tests/src/tests/api/oidc/token-exchange.test.ts b/packages/integration-tests/src/tests/api/oidc/token-exchange.test.ts index 92aefa80a..a6ec845f4 100644 --- a/packages/integration-tests/src/tests/api/oidc/token-exchange.test.ts +++ b/packages/integration-tests/src/tests/api/oidc/token-exchange.test.ts @@ -207,6 +207,47 @@ describe('Token Exchange', () => { }); }); + describe('get access token for resource', () => { + it('should exchange an access token with resource as `aud`', async () => { + const { subjectToken } = await createSubjectToken(testUserId); + + const { access_token } = await oidcApi + .post('token', { + headers: formUrlEncodedHeaders, + body: new URLSearchParams({ + client_id: testApplicationId, + grant_type: GrantType.TokenExchange, + subject_token: subjectToken, + subject_token_type: 'urn:ietf:params:oauth:token-type:access_token', + resource: testApiResourceInfo.indicator, + }), + }) + .json<{ access_token: string }>(); + + expect(getAccessTokenPayload(access_token)).toHaveProperty( + 'aud', + testApiResourceInfo.indicator + ); + }); + + it('should fail with invalid resource', async () => { + const { subjectToken } = await createSubjectToken(testUserId); + + await expect( + oidcApi.post('token', { + headers: formUrlEncodedHeaders, + body: new URLSearchParams({ + client_id: testApplicationId, + grant_type: GrantType.TokenExchange, + subject_token: subjectToken, + subject_token_type: 'urn:ietf:params:oauth:token-type:access_token', + resource: 'invalid_resource', + }), + }) + ).rejects.toThrow(); + }); + }); + describe('get access token for organization', () => { const scopeName = `read:${randomString()}`;