feat(test): add integration tests for OIDC

chartgerink commented

2025-08-08 21:05:04 +00:00

Owner

add url and wiremock dev dependencies
add oidc integration test

Fixes #47.

- add `url` and `wiremock` dev dependencies - add oidc integration test Fixes #47.

chartgerink added 2 commits

2025-08-08 21:05:04 +00:00

add url and wiremock dev dependencies a1d2933572

add oidc integration test 506b21e1e5

chartgerink commented

2025-08-08 21:05:46 +00:00

Author

Owner

For reference, here is the key generating script used to generate the private and public keys used in testing:

#!/bin/bash

echo "Generating RSA key pair for OIDC testing..."

# 1. Generate private key
openssl genrsa -out private.pem 2048

# 2. Convert to PKCS#8 format (for jsonwebtoken)
openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in private.pem -out private_pkcs8.pem

# 3. Extract public key
openssl rsa -in private.pem -pubout -out public.pem

# 4. Get modulus and exponent for JWKS
# This extracts the modulus (n) and exponent (e) in the format needed for JWKS

echo ""
echo "Extracting JWKS components..."

# Extract modulus and exponent, then convert to base64url
# First, get the public key components in hex
openssl rsa -pubin -in public.pem -text -noout > public_components.txt

# For JWKS, we need to extract n and e in base64url format
# Here's a Python script to do the conversion properly
cat > extract_jwks.py << 'EOF'
import subprocess
import base64
import re

# Get the public key components
result = subprocess.run(['openssl', 'rsa', '-pubin', '-in', 'public.pem', '-modulus', '-noout'], 
                       capture_output=True, text=True)
modulus_hex = result.stdout.split('=')[1].strip()

# Convert hex to bytes then to base64url
modulus_bytes = bytes.fromhex(modulus_hex)
modulus_b64url = base64.urlsafe_b64encode(modulus_bytes).rstrip(b'=').decode('ascii')

# Exponent is almost always 65537 (AQAB in base64url)
exponent_b64url = "AQAB"

print("\n=== Copy this to your test file ===\n")
print("const TEST_RSA_PRIVATE_KEY: &str = r#\"", end="")
with open('private_pkcs8.pem', 'r') as f:
    print(f.read().rstrip(), end="")
print("\"#;")

print("\n=== Use this in your JWKS mock ===\n")
print(f'"n": "{modulus_b64url}",')
print(f'"e": "{exponent_b64url}"')

print("\n=== Complete JWKS key object ===\n")
print(f'''{{
    "kty": "RSA",
    "use": "sig",
    "kid": "test-key-id",
    "alg": "RS256",
    "n": "{modulus_b64url}",
    "e": "{exponent_b64url}"
}}''')
EOF

# Run the Python script
python3 extract_jwks.py

# Clean up temporary files
rm -f private.pem public.pem public_components.txt extract_jwks.py

echo ""
echo "Keys generated successfully!"
echo "The private key has been saved to: private_pkcs8.pem"
echo "Copy the output above into your test file."

For reference, here is the key generating script used to generate the private and public keys used in testing: ```sh #!/bin/bash echo "Generating RSA key pair for OIDC testing..." # 1. Generate private key openssl genrsa -out private.pem 2048 # 2. Convert to PKCS#8 format (for jsonwebtoken) openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in private.pem -out private_pkcs8.pem # 3. Extract public key openssl rsa -in private.pem -pubout -out public.pem # 4. Get modulus and exponent for JWKS # This extracts the modulus (n) and exponent (e) in the format needed for JWKS echo "" echo "Extracting JWKS components..." # Extract modulus and exponent, then convert to base64url # First, get the public key components in hex openssl rsa -pubin -in public.pem -text -noout > public_components.txt # For JWKS, we need to extract n and e in base64url format # Here's a Python script to do the conversion properly cat > extract_jwks.py << 'EOF' import subprocess import base64 import re # Get the public key components result = subprocess.run(['openssl', 'rsa', '-pubin', '-in', 'public.pem', '-modulus', '-noout'], capture_output=True, text=True) modulus_hex = result.stdout.split('=')[1].strip() # Convert hex to bytes then to base64url modulus_bytes = bytes.fromhex(modulus_hex) modulus_b64url = base64.urlsafe_b64encode(modulus_bytes).rstrip(b'=').decode('ascii') # Exponent is almost always 65537 (AQAB in base64url) exponent_b64url = "AQAB" print("\n=== Copy this to your test file ===\n") print("const TEST_RSA_PRIVATE_KEY: &str = r#\"", end="") with open('private_pkcs8.pem', 'r') as f: print(f.read().rstrip(), end="") print("\"#;") print("\n=== Use this in your JWKS mock ===\n") print(f'"n": "{modulus_b64url}",') print(f'"e": "{exponent_b64url}"') print("\n=== Complete JWKS key object ===\n") print(f'''{{ "kty": "RSA", "use": "sig", "kid": "test-key-id", "alg": "RS256", "n": "{modulus_b64url}", "e": "{exponent_b64url}" }}''') EOF # Run the Python script python3 extract_jwks.py # Clean up temporary files rm -f private.pem public.pem public_components.txt extract_jwks.py echo "" echo "Keys generated successfully!" echo "The private key has been saved to: private_pkcs8.pem" echo "Copy the output above into your test file." ```

chartgerink commented

2025-08-10 17:41:15 +00:00

Author

Owner

Merging this and leaving a note that the private key is only made public here because it is a throwaway key – it is not (to be) used anywhere else. The only exception is reusing it in other tests.

chartgerink merged commit e6d1ac3bdf into main

2025-08-10 17:41:20 +00:00

chartgerink deleted branch fix/47

2025-08-10 17:41:20 +00:00

chartgerink referenced this pull request from a commit

2025-08-10 17:41:21 +00:00

feat(test): add integration tests for OIDC (#50)

Rows
Columns

feat(test): add integration tests for OIDC #50