authing_ruby 1.0.6

data/lib/authing_ruby/test/mini_test/TestAuthenticationClient.rb

@@ -0,0 +1,232 @@
+# 测试内容: 用户认证模块-认证核心模块
+# 如何运行: ruby ./lib/test/mini_test/TestAuthenticationClient.rb
+
+require "minitest/autorun" # Minitest
+require "./lib/authing_ruby.rb" # 模块主文件
+require "./lib/test/helper.rb"
+require 'dotenv'
+Dotenv.load('.env.test') # 你可以编辑这个文件来修改环境变量
+# 备注: 不要用 staging 或 production 环境的用户池来测试，新建一个用户池专门做测试，因为测试期间会注册随机名字的用户
+
+class TestAuthenticationClient < Minitest::Test
+  def setup
+    options = {
+      appHost: ENV["appHost"], # "https://rails-demo.authing.cn", 
+      appId: ENV["appId"], # "60800b9151d040af9016d60b"
+    }
+    @authenticationClient = AuthingRuby::AuthenticationClient.new(options)
+    @helper = Test::Helper.new
+  end
+
+  # 测试邮箱+密码注册
+  # ruby ./lib/test/mini_test/TestAuthenticationClient.rb -n test_registerByEmail
+  def test_registerByEmail
+    random_string = @helper.randomNumString()
+    email = "#{random_string}@qq.com"
+    password = "12345678"
+    resp = @authenticationClient.registerByEmail(email, password)
+    # 如果失败
+    # {"errors"=>[{"message"=>{"code"=>2026, "message"=>"用户已存在，请直接登录！"}, "locations"=>[{"line"=>2, "column"=>3}], "path"=>["registerByEmail"], "extensions"=>{"code"=>"INTERNAL_SERVER_ERROR"}}], "data"=>{"registerByEmail"=>nil}}
+    
+    # 如果成功
+    # {"id"=>"6083842709f7934053e988f6", "arn"=>"arn:cn:authing:60800b8ee5b66b23128b4980:user:6083842709f7934053e988f6", "userPoolId"=>"60800b8ee5b66b23128b4980", "status"=>"Activated", "username"=>nil, "email"=>"401@qq.com", "emailVerified"=>false, "phone"=>nil, "phoneVerified"=>false, "unionid"=>nil, "openid"=>nil, "nickname"=>nil, "registerSource"=>["basic:email"], "photo"=>"default-user-avatar.png", "password"=>"ec0bad9e7bbdf8d71c8e717849954520", "oauth"=>nil, "token"=>nil, "tokenExpiredAt"=>nil, "loginsCount"=>0, "lastLogin"=>nil, "lastIP"=>nil, "signedUp"=>nil, "blocked"=>false, "isDeleted"=>false, "device"=>nil, "browser"=>nil, "company"=>nil, "name"=>nil, "givenName"=>nil, "familyName"=>nil, "middleName"=>nil, "profile"=>nil, "preferredUsername"=>nil, "website"=>nil, "gender"=>"U", "birthdate"=>nil, "zoneinfo"=>nil, "locale"=>nil, "address"=>nil, "formatted"=>nil, "streetAddress"=>nil, "locality"=>nil, "region"=>nil, "postalCode"=>nil, "city"=>nil, "province"=>nil, "country"=>nil, "createdAt"=>"2021-04-24T02:36:23+00:00", "updatedAt"=>"2021-04-24T02:36:23+00:00", "externalId"=>nil}
+    assert(resp.dig('id'), resp)
+  end
+
+  # 测试用户名+密码注册
+  # ruby ./lib/test/mini_test/TestAuthenticationClient.rb -n test_registerByUsername
+  def test_registerByUsername
+    random_string = @helper.randomString(9)
+    username = random_string
+    password = random_string
+    resp = @authenticationClient.registerByUsername(username, password)
+    assert(resp.dig('id'), resp)
+  end
+
+  # 测试邮箱+密码登录
+  # ruby ./lib/test/mini_test/TestAuthenticationClient.rb -n test_loginByEmail
+  def test_loginByEmail
+    # 第一步：先注册
+    random_string = @helper.randomString(9)
+    email = "#{random_string}@qq.com"
+    password = random_string
+    @authenticationClient.registerByEmail(email, password)
+
+    # 第二步：登录
+    resp = @authenticationClient.loginByEmail(email, password)
+    assert(resp.dig('id'), resp)
+  end
+
+  # 测试用户名+密码登录
+  # ruby ./lib/test/mini_test/TestAuthenticationClient.rb -n test_loginByUsername
+  def test_loginByUsername
+    random_string = @helper.randomString(9)
+    username = random_string
+    password = random_string
+    @authenticationClient.registerByUsername(username, password)
+    resp = @authenticationClient.loginByUsername(username, password)
+    assert(resp.dig('id'), resp)
+  end
+
+  # 测试手机号+密码登录
+  # def test_loginByPhonePassword
+  # end
+
+  # 测试获取当前用户
+  # ruby ./lib/test/mini_test/TestAuthenticationClient.rb -n test_getCurrentUser
+  def test_getCurrentUser
+    # 注册+登录
+    username = "test_getCurrentUser_#{@helper.randomString()}"
+    password = "123456789"
+    @authenticationClient.registerByUsername(username, password)
+    @authenticationClient.loginByUsername(username, password)
+
+    # 获取用户信息
+    user = @authenticationClient.getCurrentUser()
+    assert(user.dig("id"), user)
+  end
+
+  # 测试退出登录
+  # ruby ./lib/test/mini_test/TestAuthenticationClient.rb -n test_logout
+  def test_logout
+    # 如何测试?
+    # 1. 先登录, 用身份去做一些事情 （比如修改 nickname）
+    # 2. 再登出, 做同样的事情，但是这次会失败
+
+    # 注册+登录
+    username = 'zhengcheng123'
+    password = "123456789"
+    @authenticationClient.registerByUsername(username, password)
+    @authenticationClient.loginByUsername(username, password)
+
+    # 更新用户信息  
+    res1 = @authenticationClient.updateProfile({
+      nickname: '昵称修改-这次会成功'
+    })
+
+    # 退出登录
+    @authenticationClient.logout()
+
+    # 更新用户信息
+    begin
+      res2 = @authenticationClient.updateProfile({
+        nickname: '昵称-这次会失败'
+      })
+      puts res2
+    rescue => e
+      assert(e.message == '请先登录!')
+    end
+  end
+
+  # 测试: 修改用户资料
+  # ruby ./lib/test/mini_test/TestAuthenticationClient.rb -n test_updateProfile
+  def test_updateProfile
+    # 先登录
+    username = 'zhengcheng123'
+    password = "123456789"
+    @authenticationClient.loginByUsername(username, password)
+
+    # 进行第一次修改
+    @authenticationClient.updateProfile({
+      nickname: '第一次修改'
+    })
+
+    # 进行第二次修改
+    nickname = '第二次修改'
+    user = @authenticationClient.updateProfile({
+      nickname: nickname
+    })
+    user_nickname = user.dig('nickname')
+    assert(user_nickname == nickname)
+  end
+
+  # 测试: 检查密码强度
+  # ruby ./lib/test/mini_test/TestAuthenticationClient.rb -n test_checkPasswordStrength
+  # 注意, 在 Authing 用户池里 -> "扩展能力" -> "自定义密码加密"，选的是 "用户可使用任意非空字符串作为密码"
+  def test_checkPasswordStrength
+    password = "123"
+    r = @authenticationClient.checkPasswordStrength(password)
+    assert(r['valid'], r)
+
+    # 默认情况下：用户可使用任意非空字符串作为密码，返回是
+    # {"valid"=>true, "message"=>"密码验证成功"}
+    
+    # 如果修改为：用户须使用至少 6 位字符作为密码，返回是：
+    # {"valid"=>false, "message"=>"密码长度不能少于 6 位"}
+
+    # 如果传递一个空字符串
+    password = ""
+    r = @authenticationClient.checkPasswordStrength(password)
+    # {"valid"=>false, "message"=>"请输入密码"}
+    assert(r['valid'] == false, r)
+  end
+
+  # 测试: 更新用户密码
+  # ruby ./lib/test/mini_test/TestAuthenticationClient.rb -n test_updatePassword
+  def test_updatePassword
+    # 例子1：如果不登陆，直接改，会提示尚未登录
+    # oldPassword = "123456789"
+    # newPassword = "123456789-ABC"
+    # res = @authenticationClient.updatePassword(newPassword, oldPassword)
+    # puts res
+    # {"errors"=>[{"message"=>{"code"=>2020, "message"=>"尚未登录，无访问权限"}, "locations"=>[{"line"=>2, "column"=>3}], "path"=>["updatePassword"], "extensions"=>{"code"=>"INTERNAL_SERVER_ERROR"}}], "data"=>nil}
+
+    # 第一步：注册用户
+    username = "username_test_updatePassword_#{@helper.randomString()}"
+    password = "123456789"
+    @authenticationClient.registerByUsername(username, password)
+
+    # 第二步：登录用户
+    @authenticationClient.loginByUsername(username, password)
+
+    # 第三步：更新密码
+    oldPassword = password
+    newPassword = "987654321"
+    result = @authenticationClient.updatePassword(newPassword, oldPassword)
+
+    # 第四步：看返回结果对不对
+    assert(result.dig('id') != nil, result)
+  end
+
+  # 测试: 解绑手机号
+  def test_unbindPhone
+  end
+
+  # 测试: 更新用户手机号
+  def test_updatePhone
+  end
+
+  # 绑定邮箱
+  def test_bindEmail
+  end
+
+  # 解绑邮箱
+  def test_unbindEmail
+  end
+
+  # 测试: 检测 Token 登录状态
+  # ruby ./lib/test/mini_test/TestAuthenticationClient.rb -n test_checkLoginStatus
+  def test_checkLoginStatus
+    # 第一步：先登录然后获取 token
+    username = 'zhengcheng123'
+    password = "123456789"
+    user = @authenticationClient.loginByUsername(username, password)
+    token = user.dig("token")
+
+    # 第二步：检测 Token 登录状态
+    result1 = @authenticationClient.checkLoginStatus(token)
+    # puts result1
+    # {"code"=>200, "message"=>"已登录", "status"=>true, "exp"=>1620911894, "iat"=>1619702294, "data"=>{"id"=>"608966b08b4af522620d2e59", "userPoolId"=>"60800b8ee5b66b23128b4980", "arn"=>nil}
+    assert(result1['code'] == 200, result1)
+
+    # 第三步：登出
+    @authenticationClient.logout()
+
+    # 第四步：再次检测
+    result2 = @authenticationClient.checkLoginStatus(token)
+    # puts result2
+    # {"code"=>2206, "message"=>"登录信息已过期", "status"=>false, "exp"=>nil, "iat"=>nil, "data"=>nil}
+    assert(result2['code'] == 2206, result2)
+  end
+  
+end

data/lib/authing_ruby/test/mini_test/TestAuthenticationClientProtocal.rb

@@ -0,0 +1,238 @@
+# 测试内容: 用户认证模块-标准协议认证模块
+# 这里面的测试几乎全都要手工测
+# 如何运行: ruby ./lib/test/mini_test/TestAuthenticationClientProtocal.rb
+
+# 这个"标准协议认证模块"是什么？可参考文档: 
+# https://docs.authing.cn/v2/reference/sdk-for-node/authentication/StandardProtocol.html
+# 描述：此模块包含 OIDC、OAuth 2.0、SAML、CAS 标准协议的认证、获取令牌、检查令牌、登出等方法。其中发起认证的方法需要在前端使用，获取令牌、检查令牌等方法需要在后端使用。
+
+require "minitest/autorun" # Minitest
+require "./lib/authing_ruby.rb" # 模块主文件
+require "./lib/test/helper.rb"
+require 'dotenv' # 载入环境变量文件
+Dotenv.load('.env.test')
+
+class TestAuthenticationClientProtocal < Minitest::Test
+
+  def setup
+    options = {
+      appId: ENV["appId"],
+      secret: ENV["appSecret"],
+      appHost: ENV["appHost"],
+      redirectUri: ENV["redirectUri"],
+    }
+    @authenticationClient = AuthingRuby::AuthenticationClient.new(options)
+  end
+
+  # 【需手工测试】
+  # 生成 OIDC 协议的用户登录链接
+  # 用户可以通过此链接访问 Authing 的在线登录页面
+  # ruby ./lib/test/mini_test/TestAuthenticationClientProtocal.rb -n test_buildAuthorizeUrl
+  def test_buildAuthorizeUrl
+    client_options = {
+      appHost: ENV["appHost"],
+      appId: ENV["appId"],
+      redirectUri: ENV["redirectUri"],
+      protocol: 'oidc',
+    };
+    client = AuthingRuby::AuthenticationClient.new(client_options)
+    options = { 
+      scope: 'openid profile offline_access',
+    }
+    url = client.buildAuthorizeUrl(options)
+    puts url
+    # 测试方法1：手工把输出的 url 粘贴到浏览器里访问，如果可以正常访问就是成功
+
+    # 测试方法2：照搬 JS SDK 里 src/lib/authentication/AuthenticationClient.spec.ts 的测试
+    # 把生成的 url 检查一下里面的参数（以下是 js 代码）
+    # t.assert(url1Data.hostname === 'oidc1.authing.cn');
+    # t.assert(url1Data.pathname === '/oidc/auth');
+    # t.assert(typeof parseInt(url1Data.searchParams.get('nonce')) === 'number');
+    # t.assert(typeof parseInt(url1Data.searchParams.get('state')) === 'number');
+    # t.assert(
+    # 	url1Data.searchParams.get('scope') === 'openid profile offline_access'
+    # );
+    # t.assert(url1Data.searchParams.get('client_id') === '9072248490655972');
+    # t.assert(url1Data.searchParams.get('redirect_uri') === 'https://baidu.com');
+    # t.assert(url1Data.searchParams.get('response_type') === 'code');
+    # t.assert(url1Data.searchParams.get('prompt') === 'consent');
+    # t.falsy(url1Data.searchParams.get('code_verifier'));
+  end
+
+  # 需手工测试
+  # PKCE 场景使用示例
+  # ruby ./lib/test/mini_test/TestAuthenticationClientProtocal.rb -n test_buildAuthorizeUrl_2
+  def test_buildAuthorizeUrl_2
+    client_options = {
+      appHost: ENV["appHost"],
+      appId: ENV["appId"],
+      redirectUri: ENV["redirectUri"],
+      protocol: 'oidc',
+    }
+    client = AuthingRuby::AuthenticationClient.new(client_options)
+
+    # PKCE 场景使用示例
+    # 生成一个 code_verifier
+    codeChallenge = client.generateCodeChallenge()
+    # 计算 code_verifier 的 SHA256 摘要
+    codeChallengeDigest = client.getCodeChallengeDigest({ codeChallenge: codeChallenge, method: 'S256' })
+    # 构造 OIDC 授权码 + PKCE 模式登录 URL
+    url2 = client.buildAuthorizeUrl({ codeChallenge: codeChallengeDigest, codeChallengeMethod: 'S256' })
+    puts url2
+    # 测试方法同样是把 url2 复制粘贴到浏览器里访问
+  end
+
+  # 需手工测试
+  # 测试 Code 换 Token
+  # ruby ./lib/test/mini_test/TestAuthenticationClientProtocal.rb -n test_getAccessTokenByCode
+  def test_getAccessTokenByCode
+    # 第一步：ruby ./lib/test/mini_test/TestAuthenticationClientProtocal.rb -n test_buildAuthorizeUrl
+    # 登录
+
+    # 比如登录成功后跳转到了这个 URL
+    # http://localhost:3000/authing_callback?code=BRWx1zB95MSSi_n3ZeC0t_Rnpyx8-ZvG7Afq7A1pEWP&state=5119168221224539
+
+    # 那么把 code 复制过来
+    code = 'BRWx1zB95MSSi_n3ZeC0t_Rnpyx8-ZvG7Afq7A1pEWP' #【你需要填写这里】
+    resp = @authenticationClient.getAccessTokenByCode(code);
+    # 如果失败：（比如 secret 填写成了用户池密钥是错的，应该填应用密钥）
+    # {"error":"invalid_client","error_description":"client authentication failed"}
+
+    # 如果 code 第二次使用（也会失败）
+    # {"error"=>"invalid_grant", "error_description"=>"grant request is invalid"}
+
+    # 如果成功
+    # {"access_token":"[省略]","expires_in":1209600,"id_token":"[省略]","scope":"openid profile","token_type":"Bearer"}
+    json = JSON.parse(resp.body)
+    # puts JSON.pretty_generate(json)
+
+    assert(json.dig('access_token') != nil)
+    assert(json.dig('expires_in') != nil)
+    assert(json.dig('id_token') != nil)
+    assert(json.dig('scope') != nil)
+    assert(json.dig('token_type') != nil)
+  end
+
+  # Token 换用户信息
+  # ruby ./lib/test/mini_test/TestAuthenticationClientProtocal.rb -n test_getUserInfoByAccessToken
+  def test_getUserInfoByAccessToken
+    # 1. 获得登录页面的 url，浏览器访问
+    # ruby ./lib/test/mini_test/TestAuthenticationClientProtocal.rb -n test_buildAuthorizeUrl
+    
+    # 2. 登录并获得 code
+    code = "IAf-hgTKExt7d3RtVT-vSSADeycotgqqa2omB6fRvUY"
+
+    # 3. 用 code 换取 access token
+    resp = @authenticationClient.getAccessTokenByCode(code);
+    json = JSON.parse(resp.body)
+    puts json
+    access_token = json.dig('access_token')
+    
+    if access_token == nil
+      puts json
+    else
+      # 4. token 获取用户信息 
+      puts "accessToken 是 #{access_token}"
+      userInfo = @authenticationClient.getUserInfoByAccessToken(access_token)
+      userInfoJson = JSON.parse(userInfo.body)
+      puts userInfoJson
+      # {"sub"=>"608b9b52414bd3b71fad04ef", "birthdate"=>nil, "family_name"=>nil, "gender"=>"U", "given_name"=>nil, "locale"=>nil, "middle_name"=>nil, "name"=>nil, "nickname"=>nil, "picture"=>"https://files.authing.co/authing-console/default-user-avatar.png", "preferred_username"=>nil, "profile"=>nil, "updated_at"=>"2021-04-30T05:53:26.782Z", "website"=>nil, "zoneinfo"=>nil}
+    end
+  end
+
+  # 为了获取 refresh token
+  # 只有授权码模式和密码模式支持 Refresh Token。
+  # 注意 ⚠️⚠️⚠️：使用授权码模式时必须在请求授权端点（/oidc/auth） 时携带 scope 参数，值必须包含 offline_access，还必须携带 prompt 参数，值必须为 consent。否则 Authing 不会返回任何 Refresh Token。
+  # ruby ./lib/test/mini_test/TestAuthenticationClientProtocal.rb -n test_get_refreshTokenBuildAuthorizeUrl
+  def test_get_refreshTokenBuildAuthorizeUrl
+    client_options = {
+      appHost: ENV["appHost"],
+      appId: ENV["appId"],
+      redirectUri: ENV["redirectUri"],
+      protocol: 'oidc',
+    };
+    client = AuthingRuby::AuthenticationClient.new(client_options)
+    options = { 
+      scope: 'openid profile offline_access',
+    }
+    url = client.buildAuthorizeUrl(options)
+    puts url
+  end
+
+  # 刷新 Access Token
+  # 只有授权码模式和密码模式支持 Refresh Token。
+  # https://docs.authing.cn/v2/guides/federation/oidc.html#%E5%88%B7%E6%96%B0-access-token
+  # ruby ./lib/test/mini_test/TestAuthenticationClientProtocal.rb -n test_getNewAccessTokenByRefreshToken
+  def test_getNewAccessTokenByRefreshToken
+    # 1. 构建登录 url
+    # ruby ./lib/test/mini_test/TestAuthenticationClientProtocal.rb -n test_get_refreshTokenBuildAuthorizeUrl
+
+    # 2. 登录并获得 code
+    # code = "I54TSnkHhh6IXdPdN8UjMnOaGbmjR61rcKGxm3-neLk"
+
+    # 3. 用 code 换取 token (包含 access token 和 refresh token)
+    # resp = @authenticationClient.getAccessTokenByCode(code);
+    # json = JSON.parse(resp.body)
+    # puts json
+
+    # 返回示例
+    json = {"access_token"=>"[省略]", "expires_in"=>1209600, "id_token"=>"[省略]", "refresh_token"=>"H7jJXZBHYyhPjMObTzt0VdQz2pKwVCTxIqeCzGHrfPE", "scope"=>"openid profile offline_access", "token_type"=>"Bearer"}
+    refresh_token = json['refresh_token']
+    # puts refresh_token
+
+    # 最后用 refresh token 调用方法
+    response = @authenticationClient.getNewAccessTokenByRefreshToken(refresh_token)
+    response_json = JSON.parse(response.body)
+    puts response_json
+    # {"access_token"=>"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImZ6S0U4TUlidkVkdl9Mb3N5a1dHTjdNTmpqbjlQMldvVmxtN0pIcFVZUFUifQ.eyJqdGkiOiJRYUF2ZU9ScUNlS3J0LVpPTWFRSVYiLCJzdWIiOiI2MDhiOWI1MjQxNGJkM2I3MWZhZDA0ZWYiLCJpYXQiOjE2MTk3ODE2NDYsImV4cCI6MTYyMDk5MTI0Niwic2NvcGUiOiJvcGVuaWQgcHJvZmlsZSBvZmZsaW5lX2FjY2VzcyIsImlzcyI6Imh0dHBzOi8vcmFpbHMtZGVtby5hdXRoaW5nLmNuL29pZGMiLCJhdWQiOiI2MDgwMGI5MTUxZDA0MGFmOTAxNmQ2MGIifQ.WNwR3yOx4XoPU-xGwPxPDlJI7V-EZ6aKwxk5tPg1bpfhhxkMW-o6mJU4_n7ZCMSeXJqikD0e5phGkg79brawGCkmBfW6khS5d5xCiPJg20Ru7NQZMVBTrsislnXIZn18cSrZz8MeDLOQTYCNW686Uz-D0eJu_JTeocjijHq3uwZX_5YR7yOgl2lbjZ2jo1zpbtkCrNHMO3HXVvv1zpNFLg6e11u5xFjGq_HugEvbeL-YSCT9g83_C0IAqg-letoJTWxUkWkxlPWrVAnv9KIjPuGaynQTYc0GEuvASt58uS1dzRRQ73G2x5fKHfX8E-0qyuqfsRr5_CpjIlLHMt2c8Q", "expires_in"=>1209600, "id_token"=>"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI2MDhiOWI1MjQxNGJkM2I3MWZhZDA0ZWYiLCJiaXJ0aGRhdGUiOm51bGwsImZhbWlseV9uYW1lIjpudWxsLCJnZW5kZXIiOiJVIiwiZ2l2ZW5fbmFtZSI6bnVsbCwibG9jYWxlIjpudWxsLCJtaWRkbGVfbmFtZSI6bnVsbCwibmFtZSI6bnVsbCwibmlja25hbWUiOm51bGwsInBpY3R1cmUiOiJodHRwczovL2ZpbGVzLmF1dGhpbmcuY28vYXV0aGluZy1jb25zb2xlL2RlZmF1bHQtdXNlci1hdmF0YXIucG5nIiwicHJlZmVycmVkX3VzZXJuYW1lIjpudWxsLCJwcm9maWxlIjpudWxsLCJ1cGRhdGVkX2F0IjoiMjAyMS0wNC0zMFQwNTo1MzoyNi43ODJaIiwid2Vic2l0ZSI6bnVsbCwiem9uZWluZm8iOm51bGwsIm5vbmNlIjoiNDc1MzQ0NDcyNDczODA5MCIsImF0X2hhc2giOiJMUE90dlpiR2lBSjMzanJ5OW9GQ2t3IiwiYXVkIjoiNjA4MDBiOTE1MWQwNDBhZjkwMTZkNjBiIiwiZXhwIjoxNjIwOTkxMjQ2LCJpYXQiOjE2MTk3ODE2NDYsImlzcyI6Imh0dHBzOi8vcmFpbHMtZGVtby5hdXRoaW5nLmNuL29pZGMifQ.u44mKaDN_zAEBuoIXcXH9Nfxx6HSwOzduu5TtOR18VQ", "refresh_token"=>"H7jJXZBHYyhPjMObTzt0VdQz2pKwVCTxIqeCzGHrfPE", "scope"=>"openid profile offline_access", "token_type"=>"Bearer"}
+  end
+
+  # 测试 检查 Access Token 或 Refresh token 的状态
+  # ruby ./lib/test/mini_test/TestAuthenticationClientProtocal.rb -n test_introspectToken
+  def test_introspectToken
+    access_token = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImZ6S0U4TUlidkVkdl9Mb3N5a1dHTjdNTmpqbjlQMldvVmxtN0pIcFVZUFUifQ.eyJqdGkiOiJRYUF2ZU9ScUNlS3J0LVpPTWFRSVYiLCJzdWIiOiI2MDhiOWI1MjQxNGJkM2I3MWZhZDA0ZWYiLCJpYXQiOjE2MTk3ODE2NDYsImV4cCI6MTYyMDk5MTI0Niwic2NvcGUiOiJvcGVuaWQgcHJvZmlsZSBvZmZsaW5lX2FjY2VzcyIsImlzcyI6Imh0dHBzOi8vcmFpbHMtZGVtby5hdXRoaW5nLmNuL29pZGMiLCJhdWQiOiI2MDgwMGI5MTUxZDA0MGFmOTAxNmQ2MGIifQ.WNwR3yOx4XoPU-xGwPxPDlJI7V-EZ6aKwxk5tPg1bpfhhxkMW-o6mJU4_n7ZCMSeXJqikD0e5phGkg79brawGCkmBfW6khS5d5xCiPJg20Ru7NQZMVBTrsislnXIZn18cSrZz8MeDLOQTYCNW686Uz-D0eJu_JTeocjijHq3uwZX_5YR7yOgl2lbjZ2jo1zpbtkCrNHMO3HXVvv1zpNFLg6e11u5xFjGq_HugEvbeL-YSCT9g83_C0IAqg-letoJTWxUkWkxlPWrVAnv9KIjPuGaynQTYc0GEuvASt58uS1dzRRQ73G2x5fKHfX8E-0qyuqfsRr5_CpjIlLHMt2c8Q"
+    token = access_token
+    res = @authenticationClient.introspectToken(token)
+    json = JSON.parse(res.body)
+    puts json
+    # {"active"=>true, "sub"=>"608b9b52414bd3b71fad04ef", "client_id"=>"60800b9151d040af9016d60b", "exp"=>1620991246, "iat"=>1619781646, "iss"=>"https://core.authing.cn/oidc", "jti"=>"QaAveORqCeKrt-ZOMaQIV", "scope"=>"openid profile offline_access", "token_type"=>"Bearer"}
+  end
+
+
+  # 检验 Id Token 或 Access Token 的合法性
+  # ruby ./lib/test/mini_test/TestAuthenticationClientProtocal.rb -n test_validateToken
+  def test_validateToken
+    idToken = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI2MDhiOWI1MjQxNGJkM2I3MWZhZDA0ZWYiLCJiaXJ0aGRhdGUiOm51bGwsImZhbWlseV9uYW1lIjpudWxsLCJnZW5kZXIiOiJVIiwiZ2l2ZW5fbmFtZSI6bnVsbCwibG9jYWxlIjpudWxsLCJtaWRkbGVfbmFtZSI6bnVsbCwibmFtZSI6bnVsbCwibmlja25hbWUiOm51bGwsInBpY3R1cmUiOiJodHRwczovL2ZpbGVzLmF1dGhpbmcuY28vYXV0aGluZy1jb25zb2xlL2RlZmF1bHQtdXNlci1hdmF0YXIucG5nIiwicHJlZmVycmVkX3VzZXJuYW1lIjpudWxsLCJwcm9maWxlIjpudWxsLCJ1cGRhdGVkX2F0IjoiMjAyMS0wNC0zMFQwNTo1MzoyNi43ODJaIiwid2Vic2l0ZSI6bnVsbCwiem9uZWluZm8iOm51bGwsIm5vbmNlIjoiNDc1MzQ0NDcyNDczODA5MCIsImF0X2hhc2giOiJMUE90dlpiR2lBSjMzanJ5OW9GQ2t3IiwiYXVkIjoiNjA4MDBiOTE1MWQwNDBhZjkwMTZkNjBiIiwiZXhwIjoxNjIwOTkxMjQ2LCJpYXQiOjE2MTk3ODE2NDYsImlzcyI6Imh0dHBzOi8vcmFpbHMtZGVtby5hdXRoaW5nLmNuL29pZGMifQ.u44mKaDN_zAEBuoIXcXH9Nfxx6HSwOzduu5TtOR18VQ"
+    options = {
+      idToken: idToken
+    }
+    res = @authenticationClient.validateToken(options)
+    json = JSON.parse(res.body)
+    puts json
+    # {"sub"=>"608b9b52414bd3b71fad04ef", "birthdate"=>nil, "family_name"=>nil, "gender"=>"U", "given_name"=>nil, "locale"=>nil, "middle_name"=>nil, "name"=>nil, "nickname"=>nil, "picture"=>"https://files.authing.co/authing-console/default-user-avatar.png", "preferred_username"=>nil, "profile"=>nil, "updated_at"=>"2021-04-30T05:53:26.782Z", "website"=>nil, "zoneinfo"=>nil, "nonce"=>"4753444724738090", "at_hash"=>"LPOtvZbGiAJ33jry9oFCkw", "aud"=>"60800b9151d040af9016d60b", "exp"=>1620991246, "iat"=>1619781646, "iss"=>"https://rails-demo.authing.cn/oidc"
+
+    accessToken = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImZ6S0U4TUlidkVkdl9Mb3N5a1dHTjdNTmpqbjlQMldvVmxtN0pIcFVZUFUifQ.eyJqdGkiOiJRYUF2ZU9ScUNlS3J0LVpPTWFRSVYiLCJzdWIiOiI2MDhiOWI1MjQxNGJkM2I3MWZhZDA0ZWYiLCJpYXQiOjE2MTk3ODE2NDYsImV4cCI6MTYyMDk5MTI0Niwic2NvcGUiOiJvcGVuaWQgcHJvZmlsZSBvZmZsaW5lX2FjY2VzcyIsImlzcyI6Imh0dHBzOi8vcmFpbHMtZGVtby5hdXRoaW5nLmNuL29pZGMiLCJhdWQiOiI2MDgwMGI5MTUxZDA0MGFmOTAxNmQ2MGIifQ.WNwR3yOx4XoPU-xGwPxPDlJI7V-EZ6aKwxk5tPg1bpfhhxkMW-o6mJU4_n7ZCMSeXJqikD0e5phGkg79brawGCkmBfW6khS5d5xCiPJg20Ru7NQZMVBTrsislnXIZn18cSrZz8MeDLOQTYCNW686Uz-D0eJu_JTeocjijHq3uwZX_5YR7yOgl2lbjZ2jo1zpbtkCrNHMO3HXVvv1zpNFLg6e11u5xFjGq_HugEvbeL-YSCT9g83_C0IAqg-letoJTWxUkWkxlPWrVAnv9KIjPuGaynQTYc0GEuvASt58uS1dzRRQ73G2x5fKHfX8E-0qyuqfsRr5_CpjIlLHMt2c8Q"
+    options = {
+      accessToken: accessToken
+    }
+    res = @authenticationClient.validateToken(options)
+    json = JSON.parse(res.body)
+    puts json
+    # {"jti"=>"QaAveORqCeKrt-ZOMaQIV", "sub"=>"608b9b52414bd3b71fad04ef", "iat"=>1619781646, "exp"=>1620991246, "scope"=>"openid profile offline_access", "iss"=>"https://rails-demo.authing.cn/oidc", "aud"=>"60800b9151d040af9016d60b"}
+  end
+
+  # 撤回 Access Token 或 Refresh token
+  # ruby ./lib/test/mini_test/TestAuthenticationClientProtocal.rb -n test_revokeToken
+  def test_revokeToken
+    accessToken = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImZ6S0U4TUlidkVkdl9Mb3N5a1dHTjdNTmpqbjlQMldvVmxtN0pIcFVZUFUifQ.eyJqdGkiOiJRYUF2ZU9ScUNlS3J0LVpPTWFRSVYiLCJzdWIiOiI2MDhiOWI1MjQxNGJkM2I3MWZhZDA0ZWYiLCJpYXQiOjE2MTk3ODE2NDYsImV4cCI6MTYyMDk5MTI0Niwic2NvcGUiOiJvcGVuaWQgcHJvZmlsZSBvZmZsaW5lX2FjY2VzcyIsImlzcyI6Imh0dHBzOi8vcmFpbHMtZGVtby5hdXRoaW5nLmNuL29pZGMiLCJhdWQiOiI2MDgwMGI5MTUxZDA0MGFmOTAxNmQ2MGIifQ.WNwR3yOx4XoPU-xGwPxPDlJI7V-EZ6aKwxk5tPg1bpfhhxkMW-o6mJU4_n7ZCMSeXJqikD0e5phGkg79brawGCkmBfW6khS5d5xCiPJg20Ru7NQZMVBTrsislnXIZn18cSrZz8MeDLOQTYCNW686Uz-D0eJu_JTeocjijHq3uwZX_5YR7yOgl2lbjZ2jo1zpbtkCrNHMO3HXVvv1zpNFLg6e11u5xFjGq_HugEvbeL-YSCT9g83_C0IAqg-letoJTWxUkWkxlPWrVAnv9KIjPuGaynQTYc0GEuvASt58uS1dzRRQ73G2x5fKHfX8E-0qyuqfsRr5_CpjIlLHMt2c8Q"
+    # accessToken = "auefaouea222"
+    result = @authenticationClient.revokeToken(accessToken)
+    if result.class == Faraday::Response
+      puts "body 是 #{result.body}"
+    else
+      puts result
+    end
+    # 这个没法测, 瞎写一个 accessToken 也不会报错，算了不管它
+  end
+
+end

data/lib/authing_ruby/test/mini_test/TestHttpClient.rb

@@ -0,0 +1,53 @@
+# 测试 lib/common/HttpClient.rb
+# 运行: ruby ./lib/test/mini_test/TestHttpClient.rb
+
+require "minitest/autorun"
+require './lib/common/HttpClient.rb'
+
+class TestAuthenticationClient < Minitest::Test
+
+  # 测试初始化，初始化不应该报错
+  def test_init
+    httpClient = AuthingRuby::Common::HttpClient.new
+  end
+  
+  # 测试简单的 get 方法
+  # ruby ./lib/test/mini_test/TestHttpClient.rb -n test_get
+  def test_get
+    httpClient = AuthingRuby::Common::HttpClient.new
+    url = "https://postman-echo.com/get"
+    # url = "https://postman-echo.com/get?foo1=bar1&foo2=bar2"
+    params = {
+      "a": 3,
+      "b": 4,
+    }
+    resp = httpClient.request({
+      method: 'GET',
+      url: url,
+      params: params,
+    })
+    json = JSON.parse(resp.body)
+    # puts JSON.pretty_generate(json)
+    assert(json.dig('args', "a") == "3")
+  end
+
+  # 测试 post 方法
+  # ruby ./lib/test/mini_test/TestHttpClient.rb -n test_post
+  def test_post
+    httpClient = AuthingRuby::Common::HttpClient.new
+    url = "https://postman-echo.com/post"
+    resp = httpClient.request({
+      method: 'POST',
+      url: url,
+      data: {
+        "x": 100,
+        "y": 200,
+      }
+    })
+    json = JSON.parse(resp.body)
+    # puts JSON.pretty_generate(json)
+    assert(json.dig('json', "x") == "100")
+  end
+
+
+end