mirror of
https://github.com/logto-io/logto.git
synced 2024-12-16 20:26:19 -05:00
test: add resource test cases for token exchange (#6216)
* feat(core): handle dpop and client certificate for token exchange * refactor(core): refactor organizations in grants * test: add resource test cases for token exchange
This commit is contained in:
parent
608349e8ea
commit
485b0a6915
1 changed files with 41 additions and 0 deletions
|
@ -207,6 +207,47 @@ describe('Token Exchange', () => {
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
|
describe('get access token for resource', () => {
|
||||||
|
it('should exchange an access token with resource as `aud`', async () => {
|
||||||
|
const { subjectToken } = await createSubjectToken(testUserId);
|
||||||
|
|
||||||
|
const { access_token } = await oidcApi
|
||||||
|
.post('token', {
|
||||||
|
headers: formUrlEncodedHeaders,
|
||||||
|
body: new URLSearchParams({
|
||||||
|
client_id: testApplicationId,
|
||||||
|
grant_type: GrantType.TokenExchange,
|
||||||
|
subject_token: subjectToken,
|
||||||
|
subject_token_type: 'urn:ietf:params:oauth:token-type:access_token',
|
||||||
|
resource: testApiResourceInfo.indicator,
|
||||||
|
}),
|
||||||
|
})
|
||||||
|
.json<{ access_token: string }>();
|
||||||
|
|
||||||
|
expect(getAccessTokenPayload(access_token)).toHaveProperty(
|
||||||
|
'aud',
|
||||||
|
testApiResourceInfo.indicator
|
||||||
|
);
|
||||||
|
});
|
||||||
|
|
||||||
|
it('should fail with invalid resource', async () => {
|
||||||
|
const { subjectToken } = await createSubjectToken(testUserId);
|
||||||
|
|
||||||
|
await expect(
|
||||||
|
oidcApi.post('token', {
|
||||||
|
headers: formUrlEncodedHeaders,
|
||||||
|
body: new URLSearchParams({
|
||||||
|
client_id: testApplicationId,
|
||||||
|
grant_type: GrantType.TokenExchange,
|
||||||
|
subject_token: subjectToken,
|
||||||
|
subject_token_type: 'urn:ietf:params:oauth:token-type:access_token',
|
||||||
|
resource: 'invalid_resource',
|
||||||
|
}),
|
||||||
|
})
|
||||||
|
).rejects.toThrow();
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
describe('get access token for organization', () => {
|
describe('get access token for organization', () => {
|
||||||
const scopeName = `read:${randomString()}`;
|
const scopeName = `read:${randomString()}`;
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue