authlete 1.3.0 → 1.8.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/lib/authlete.rb +1 -0
- data/lib/authlete/model/client.rb +169 -145
- data/lib/authlete/model/hsk.rb +67 -0
- data/lib/authlete/model/service.rb +258 -218
- data/lib/authlete/version.rb +1 -1
- data/test/authlete/model/test_client.rb +416 -396
- data/test/authlete/model/test_hsk.rb +108 -0
- data/test/authlete/model/test_service.rb +499 -451
- metadata +6 -4
|
@@ -0,0 +1,108 @@
|
|
|
1
|
+
# :nodoc:
|
|
2
|
+
#
|
|
3
|
+
# Copyright (C) 2014-2021 Authlete, Inc.
|
|
4
|
+
#
|
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
6
|
+
# you may not use this file except in compliance with the License.
|
|
7
|
+
# You may obtain a copy of the License at
|
|
8
|
+
#
|
|
9
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
|
10
|
+
#
|
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
14
|
+
# See the License for the specific language governing permissions and
|
|
15
|
+
# limitations under the License.
|
|
16
|
+
|
|
17
|
+
|
|
18
|
+
require 'authlete'
|
|
19
|
+
require 'json'
|
|
20
|
+
require 'minitest/autorun'
|
|
21
|
+
|
|
22
|
+
|
|
23
|
+
class HskTest < Minitest::Test
|
|
24
|
+
KTY = 'EC'
|
|
25
|
+
USE = 'sig'
|
|
26
|
+
ALG = 'ES256'
|
|
27
|
+
KID = 'jane'
|
|
28
|
+
HSM_NAME = 'google'
|
|
29
|
+
HANDLE = '<handle>'
|
|
30
|
+
PUBLIC_KEY = '<public-key>'
|
|
31
|
+
|
|
32
|
+
|
|
33
|
+
def generate_json
|
|
34
|
+
return <<~JSON
|
|
35
|
+
{
|
|
36
|
+
"kty": "EC",
|
|
37
|
+
"use": "sig",
|
|
38
|
+
"alg": "ES256",
|
|
39
|
+
"kid": "jane",
|
|
40
|
+
"hsmName": "google",
|
|
41
|
+
"handle": "<handle>",
|
|
42
|
+
"publicKey": "<public-key>"
|
|
43
|
+
}
|
|
44
|
+
JSON
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
|
|
48
|
+
def generate_hash
|
|
49
|
+
{
|
|
50
|
+
kty: 'EC',
|
|
51
|
+
use: 'sig',
|
|
52
|
+
alg: 'ES256',
|
|
53
|
+
kid: 'jane',
|
|
54
|
+
hsmName: 'google',
|
|
55
|
+
handle: '<handle>',
|
|
56
|
+
publicKey: '<public-key>'
|
|
57
|
+
}
|
|
58
|
+
end
|
|
59
|
+
|
|
60
|
+
|
|
61
|
+
def set_params(obj)
|
|
62
|
+
obj.kty = KTY
|
|
63
|
+
obj.use = USE
|
|
64
|
+
obj.alg = ALG
|
|
65
|
+
obj.kid = KID
|
|
66
|
+
obj.hsmName = HSM_NAME
|
|
67
|
+
obj.handle = HANDLE
|
|
68
|
+
obj.publicKey = PUBLIC_KEY
|
|
69
|
+
end
|
|
70
|
+
|
|
71
|
+
|
|
72
|
+
def match(obj)
|
|
73
|
+
assert_equal KTY, obj.kty
|
|
74
|
+
assert_equal USE, obj.use
|
|
75
|
+
assert_equal ALG, obj.alg
|
|
76
|
+
assert_equal KID, obj.kid
|
|
77
|
+
assert_equal HSM_NAME, obj.hsmName
|
|
78
|
+
assert_equal HANDLE, obj.handle
|
|
79
|
+
assert_equal PUBLIC_KEY, obj.publicKey
|
|
80
|
+
end
|
|
81
|
+
|
|
82
|
+
|
|
83
|
+
def test_from_json
|
|
84
|
+
jsn = generate_json
|
|
85
|
+
hsh = JSON.parse(jsn)
|
|
86
|
+
actual = Authlete::Model::Hsk.new(hsh)
|
|
87
|
+
|
|
88
|
+
match(actual)
|
|
89
|
+
end
|
|
90
|
+
|
|
91
|
+
|
|
92
|
+
def test_setters
|
|
93
|
+
actual = Authlete::Model::Hsk.new
|
|
94
|
+
set_params(actual)
|
|
95
|
+
|
|
96
|
+
match(actual)
|
|
97
|
+
end
|
|
98
|
+
|
|
99
|
+
|
|
100
|
+
def test_to_hash
|
|
101
|
+
obj = Authlete::Model::Hsk.new
|
|
102
|
+
set_params(obj)
|
|
103
|
+
actual = obj.to_hash
|
|
104
|
+
expected = generate_hash
|
|
105
|
+
|
|
106
|
+
assert_equal expected, actual
|
|
107
|
+
end
|
|
108
|
+
end
|
|
@@ -21,239 +21,260 @@ require 'minitest/autorun'
|
|
|
21
21
|
|
|
22
22
|
|
|
23
23
|
class ServiceTest < Minitest::Test
|
|
24
|
-
NUMBER
|
|
25
|
-
SERVICE_OWNER_NUMBER
|
|
26
|
-
SERVICE_NAME
|
|
27
|
-
API_KEY
|
|
28
|
-
API_SECRET
|
|
29
|
-
ISSUER
|
|
30
|
-
AUTHORIZATION_ENDPOINT
|
|
31
|
-
TOKEN_ENDPOINT
|
|
32
|
-
REVOCATION_ENDPOINT
|
|
33
|
-
SUPPORTED_REVOCATION_AUTH_METHODS
|
|
34
|
-
USER_INFO_ENDPOINT
|
|
35
|
-
JWKS_URI
|
|
36
|
-
JWKS
|
|
37
|
-
REGISTRATION_ENDPOINT
|
|
38
|
-
REGISTRATION_MANAGEMENT_ENDPOINT
|
|
39
|
-
SUPPORTED_SCOPE_NAME
|
|
40
|
-
SUPPORTED_SCOPE_DESCRIPTION
|
|
41
|
-
SUPPORTED_SCOPES
|
|
42
|
-
SUPPORTED_RESPONSE_TYPES
|
|
43
|
-
SUPPORTED_GRANT_TYPES
|
|
44
|
-
SUPPORTED_ACRS
|
|
45
|
-
SUPPORTED_TOKEN_AUTH_METHODS
|
|
46
|
-
SUPPORTED_DISPLAYS
|
|
47
|
-
SUPPORTED_CLAIM_TYPES
|
|
48
|
-
SUPPORTED_CLAIMS
|
|
49
|
-
SERVICE_DOCUMENTATION
|
|
50
|
-
SUPPORTED_CLAIM_LOCALES
|
|
51
|
-
SUPPORTED_UI_LOCALES
|
|
52
|
-
POLICY_URI
|
|
53
|
-
TOS_URI
|
|
54
|
-
AUTHENTICATION_CALLBACK_ENDPOINT
|
|
55
|
-
AUTHENTICATION_CALLBACK_API_KEY
|
|
56
|
-
AUTHENTICATION_CALLBACK_API_SECRET
|
|
57
|
-
SUPPORTED_SNSES
|
|
58
|
-
SNS_CREDENTIALS_SNS
|
|
59
|
-
SNS_CREDENTIALS_API_KEY
|
|
60
|
-
SNS_CREDENTIALS_API_SECRET
|
|
61
|
-
SNS_CREDENTIALS
|
|
62
|
-
CREATED_AT
|
|
63
|
-
MODIFIED_AT
|
|
64
|
-
DEVELOPER_AUTHENTICATION_CALLBACK_ENDPOINT
|
|
65
|
-
DEVELOPER_AUTHENTICATION_CALLBACK_API_KEY
|
|
66
|
-
DEVELOPER_AUTHENTICATION_CALLBACK_API_SECRET
|
|
67
|
-
SUPPORTED_DEVELOPER_SNSES
|
|
68
|
-
DEVELOPER_SNS_CREDENTIALS_SNS
|
|
69
|
-
DEVELOPER_SNS_CREDENTIALS_API_KEY
|
|
70
|
-
DEVELOPER_SNS_CREDENTIALS_API_SECRET
|
|
71
|
-
DEVELOPER_SNS_CREDENTIALS
|
|
72
|
-
CLIENTS_PER_DEVELOPER
|
|
73
|
-
DIRECT_AUTHORIZATION_ENDPOINT_ENABLED
|
|
74
|
-
DIRECT_TOKEN_ENDPOINT_ENABLED
|
|
75
|
-
DIRECT_REVOCATION_ENDPOINT_ENABLED
|
|
76
|
-
DIRECT_USER_INFO_ENDPOINT_ENABLED
|
|
77
|
-
DIRECT_JWKS_ENDPOINT_ENABLED
|
|
78
|
-
DIRECT_INTROSPECTION_ENDPOINT_ENABLED
|
|
79
|
-
SINGLE_ACCESS_TOKEN_PER_SUBJECT
|
|
80
|
-
PKCE_REQUIRED
|
|
81
|
-
PKCE_S256_REQUIRED
|
|
82
|
-
REFRESH_TOKEN_KEPT
|
|
83
|
-
REFRESH_TOKEN_DURATION_KEPT
|
|
84
|
-
ERROR_DESCRIPTION_OMITTED
|
|
85
|
-
ERROR_URI_OMITTED
|
|
86
|
-
CLIENT_ID_ALIAS_ENABLED
|
|
87
|
-
SUPPORTED_SERVICE_PROFILES
|
|
88
|
-
TLS_CLIENT_CERTIFICATE_BOUND_ACCESS_TOKENS
|
|
89
|
-
INTROSPECTION_ENDPOINT
|
|
90
|
-
SUPPORTED_INTROSPECTION_AUTH_METHODS
|
|
91
|
-
MUTUAL_TLS_VALIDATE_PKI_CERT_CHAIN
|
|
92
|
-
TRUSTED_ROOT_CERTIFICATES
|
|
93
|
-
DYNAMIC_REGISTRATION_SUPPORTED
|
|
94
|
-
END_SESSION_ENDPOINT
|
|
95
|
-
DESCRIPTION
|
|
96
|
-
ACCESS_TOKEN_TYPE
|
|
97
|
-
ACCESS_TOKEN_SIGN_ALG
|
|
98
|
-
ACCESS_TOKEN_DURATION
|
|
99
|
-
REFRESH_TOKEN_DURATION
|
|
100
|
-
ID_TOKEN_DURATION
|
|
101
|
-
AUTHORIZATION_RESPONSE_DURATION
|
|
102
|
-
PUSHED_AUTH_REQ_DURATION
|
|
103
|
-
METADATA_KEY
|
|
104
|
-
METADATA_VALUE
|
|
105
|
-
METADATA
|
|
106
|
-
ACCESS_TOKEN_SIGNATURE_KEY_ID
|
|
107
|
-
AUTHORIZATION_SIGNATURE_KEY_ID
|
|
108
|
-
ID_TOKEN_SIGNATURE_KEY_ID
|
|
109
|
-
USER_INFO_SIGNATURE_KEY_ID
|
|
110
|
-
SUPPORTED_BACKCHANNEL_TOKEN_DELIVERY_MODES
|
|
111
|
-
BACKCHANNEL_AUTHENTICATION_ENDPOINT
|
|
112
|
-
BACKCHANNEL_USER_CODE_PARAMETER_SUPPORTED
|
|
113
|
-
BACKCHANNEL_AUTH_REQ_ID_DURATION
|
|
114
|
-
BACKCHANNEL_POLLING_INTERVAL
|
|
115
|
-
BACKCHANNEL_BINDING_MESSAGE_REQUIRED_IN_FAPI
|
|
116
|
-
ALLOWABLE_CLOCK_SKEW
|
|
117
|
-
DEVICE_AUTHORIZATION_ENDPOINT
|
|
118
|
-
DEVICE_VERIFICATION_URI
|
|
119
|
-
DEVICE_VERIFICATION_URI_COMPLETE
|
|
120
|
-
DEVICE_FLOW_CODE_DURATION
|
|
121
|
-
DEVICE_FLOW_POLLING_INTERVAL
|
|
122
|
-
USER_CODE_CHARSET
|
|
123
|
-
USER_CODE_LENGTH
|
|
124
|
-
PUSHED_AUTH_REQ_ENDPOINT
|
|
125
|
-
MTLS_ENDPOINT_ALIAS_NAME
|
|
126
|
-
MTLS_ENDPOINT_ALIAS_URI
|
|
127
|
-
MTLS_ENDPOINT_ALIASES
|
|
128
|
-
|
|
129
|
-
SUPPORTED_TRUST_FRAMEWORKS
|
|
130
|
-
SUPPORTED_EVIDENCE
|
|
131
|
-
SUPPORTED_IDENTITY_DOCUMENTS
|
|
132
|
-
SUPPORTED_VERIFICATION_METHODS
|
|
133
|
-
SUPPORTED_VERIFIED_CLAIMS
|
|
134
|
-
MISSING_CLIENT_ID_ALLOWED
|
|
135
|
-
PAR_REQUIRED
|
|
136
|
-
REQUEST_OBJECT_REQUIRED
|
|
137
|
-
TRADITIONAL_REQUEST_OBJECT_PROCESSING_APPLIED
|
|
138
|
-
CLAIM_SHORTCUT_RESTRICTIVE
|
|
139
|
-
SCOPE_REQUIRED
|
|
140
|
-
NBF_OPTIONAL
|
|
141
|
-
ISS_SUPPRESSED
|
|
142
|
-
ATTRIBUTE_KEY
|
|
143
|
-
ATTRIBUTE_VALUE
|
|
144
|
-
ATTRIBUTES
|
|
24
|
+
NUMBER = 1000
|
|
25
|
+
SERVICE_OWNER_NUMBER = 12345
|
|
26
|
+
SERVICE_NAME = '<service-name>'
|
|
27
|
+
API_KEY = '<api-key>'
|
|
28
|
+
API_SECRET = '<api-secret>'
|
|
29
|
+
ISSUER = '<issuer>'
|
|
30
|
+
AUTHORIZATION_ENDPOINT = '<authorization-endpoint>'
|
|
31
|
+
TOKEN_ENDPOINT = '<token-endpoint>'
|
|
32
|
+
REVOCATION_ENDPOINT = '<revocation-endpoint>'
|
|
33
|
+
SUPPORTED_REVOCATION_AUTH_METHODS = [ 'NONE', 'CLIENT_SECRET_BASIC' ]
|
|
34
|
+
USER_INFO_ENDPOINT = '<user-info-endpoint>'
|
|
35
|
+
JWKS_URI = '<jwks-uri>'
|
|
36
|
+
JWKS = '<jwks>'
|
|
37
|
+
REGISTRATION_ENDPOINT = '<registration-endpoint>'
|
|
38
|
+
REGISTRATION_MANAGEMENT_ENDPOINT = '<registration-management-endpoint>'
|
|
39
|
+
SUPPORTED_SCOPE_NAME = 'scope0'
|
|
40
|
+
SUPPORTED_SCOPE_DESCRIPTION = '<scope0-description>'
|
|
41
|
+
SUPPORTED_SCOPES = [ Authlete::Model::Scope.new(name: SUPPORTED_SCOPE_NAME, description: SUPPORTED_SCOPE_DESCRIPTION) ]
|
|
42
|
+
SUPPORTED_RESPONSE_TYPES = [ 'NONE', 'CODE', 'TOKEN', 'ID_TOKEN' ]
|
|
43
|
+
SUPPORTED_GRANT_TYPES = [ 'AUTHORIZATION_CODE', 'REFRESH_TOKEN' ]
|
|
44
|
+
SUPPORTED_ACRS = [ '<supported-acr0>', '<supported-acr1>' ]
|
|
45
|
+
SUPPORTED_TOKEN_AUTH_METHODS = [ 'NONE', 'CLIENT_SECRET_BASIC' ]
|
|
46
|
+
SUPPORTED_DISPLAYS = [ 'PAGE', 'POPUP', 'TOUCH', 'WAP' ]
|
|
47
|
+
SUPPORTED_CLAIM_TYPES = [ 'NORMAL' ]
|
|
48
|
+
SUPPORTED_CLAIMS = [ '<supported-claim0>', '<supported-claim1>' ]
|
|
49
|
+
SERVICE_DOCUMENTATION = '<service-documentation>'
|
|
50
|
+
SUPPORTED_CLAIM_LOCALES = [ 'en-US' ]
|
|
51
|
+
SUPPORTED_UI_LOCALES = [ 'en-US' ]
|
|
52
|
+
POLICY_URI = '<policy-uri>'
|
|
53
|
+
TOS_URI = '<tos-uri>'
|
|
54
|
+
AUTHENTICATION_CALLBACK_ENDPOINT = '<authentication-callback-endpoint>'
|
|
55
|
+
AUTHENTICATION_CALLBACK_API_KEY = '<authentication-callback-api-key>'
|
|
56
|
+
AUTHENTICATION_CALLBACK_API_SECRET = '<authentication-callback-api-secret>'
|
|
57
|
+
SUPPORTED_SNSES = [ 'FACEBOOK' ]
|
|
58
|
+
SNS_CREDENTIALS_SNS = 'FACEBOOK'
|
|
59
|
+
SNS_CREDENTIALS_API_KEY = '<sns-credentials0-api-key>'
|
|
60
|
+
SNS_CREDENTIALS_API_SECRET = '<sns-credentials0-api-secret>'
|
|
61
|
+
SNS_CREDENTIALS = [ Authlete::Model::SnsCredentials.new(sns: SNS_CREDENTIALS_SNS, apiKey: SNS_CREDENTIALS_API_KEY, apiSecret: SNS_CREDENTIALS_API_SECRET) ]
|
|
62
|
+
CREATED_AT = 10000
|
|
63
|
+
MODIFIED_AT = 10000
|
|
64
|
+
DEVELOPER_AUTHENTICATION_CALLBACK_ENDPOINT = '<developer-authentication-callback-endpoint>'
|
|
65
|
+
DEVELOPER_AUTHENTICATION_CALLBACK_API_KEY = '<developer-authentication-callback-api-key>'
|
|
66
|
+
DEVELOPER_AUTHENTICATION_CALLBACK_API_SECRET = '<developer-authentication-callback-api-secret>'
|
|
67
|
+
SUPPORTED_DEVELOPER_SNSES = [ 'FACEBOOK' ]
|
|
68
|
+
DEVELOPER_SNS_CREDENTIALS_SNS = 'FACEBOOK'
|
|
69
|
+
DEVELOPER_SNS_CREDENTIALS_API_KEY = '<developer-sns-credentials0-api-key>'
|
|
70
|
+
DEVELOPER_SNS_CREDENTIALS_API_SECRET = '<developer-sns-credentials0-api-secret>'
|
|
71
|
+
DEVELOPER_SNS_CREDENTIALS = [ Authlete::Model::SnsCredentials.new(sns: DEVELOPER_SNS_CREDENTIALS_SNS, apiKey: DEVELOPER_SNS_CREDENTIALS_API_KEY, apiSecret: DEVELOPER_SNS_CREDENTIALS_API_SECRET) ]
|
|
72
|
+
CLIENTS_PER_DEVELOPER = 10
|
|
73
|
+
DIRECT_AUTHORIZATION_ENDPOINT_ENABLED = true
|
|
74
|
+
DIRECT_TOKEN_ENDPOINT_ENABLED = true
|
|
75
|
+
DIRECT_REVOCATION_ENDPOINT_ENABLED = true
|
|
76
|
+
DIRECT_USER_INFO_ENDPOINT_ENABLED = true
|
|
77
|
+
DIRECT_JWKS_ENDPOINT_ENABLED = true
|
|
78
|
+
DIRECT_INTROSPECTION_ENDPOINT_ENABLED = true
|
|
79
|
+
SINGLE_ACCESS_TOKEN_PER_SUBJECT = false
|
|
80
|
+
PKCE_REQUIRED = true
|
|
81
|
+
PKCE_S256_REQUIRED = true
|
|
82
|
+
REFRESH_TOKEN_KEPT = true
|
|
83
|
+
REFRESH_TOKEN_DURATION_KEPT = true
|
|
84
|
+
ERROR_DESCRIPTION_OMITTED = false
|
|
85
|
+
ERROR_URI_OMITTED = false
|
|
86
|
+
CLIENT_ID_ALIAS_ENABLED = true
|
|
87
|
+
SUPPORTED_SERVICE_PROFILES = [ 'FAPI', 'OPEN_BANKING' ]
|
|
88
|
+
TLS_CLIENT_CERTIFICATE_BOUND_ACCESS_TOKENS = true
|
|
89
|
+
INTROSPECTION_ENDPOINT = '<introspection-endpoint>'
|
|
90
|
+
SUPPORTED_INTROSPECTION_AUTH_METHODS = [ 'NONE', 'CLIENT_SECRET_BASIC' ]
|
|
91
|
+
MUTUAL_TLS_VALIDATE_PKI_CERT_CHAIN = true
|
|
92
|
+
TRUSTED_ROOT_CERTIFICATES = [ '<trusted-root-certificate0>', '<trusted-root-certificate1>' ]
|
|
93
|
+
DYNAMIC_REGISTRATION_SUPPORTED = true
|
|
94
|
+
END_SESSION_ENDPOINT = '<end-session-endpoint>'
|
|
95
|
+
DESCRIPTION = '<description>'
|
|
96
|
+
ACCESS_TOKEN_TYPE = 'Bearer'
|
|
97
|
+
ACCESS_TOKEN_SIGN_ALG = 'HS256'
|
|
98
|
+
ACCESS_TOKEN_DURATION = 300
|
|
99
|
+
REFRESH_TOKEN_DURATION = 300
|
|
100
|
+
ID_TOKEN_DURATION = 300
|
|
101
|
+
AUTHORIZATION_RESPONSE_DURATION = 300
|
|
102
|
+
PUSHED_AUTH_REQ_DURATION = 300
|
|
103
|
+
METADATA_KEY = '<metadata0-key>'
|
|
104
|
+
METADATA_VALUE = '<metadata0-value>'
|
|
105
|
+
METADATA = [ Authlete::Model::Pair.new(key: METADATA_KEY, value: METADATA_VALUE) ]
|
|
106
|
+
ACCESS_TOKEN_SIGNATURE_KEY_ID = '<access-token-signature-key-id>'
|
|
107
|
+
AUTHORIZATION_SIGNATURE_KEY_ID = '<authorization-signature-key-id>'
|
|
108
|
+
ID_TOKEN_SIGNATURE_KEY_ID = '<id-token-signature-key-id>'
|
|
109
|
+
USER_INFO_SIGNATURE_KEY_ID = '<user-info-signature-key-id>'
|
|
110
|
+
SUPPORTED_BACKCHANNEL_TOKEN_DELIVERY_MODES = [ 'POLL', 'PING', 'PUSH' ]
|
|
111
|
+
BACKCHANNEL_AUTHENTICATION_ENDPOINT = '<backchannel-authentication-endpoint>'
|
|
112
|
+
BACKCHANNEL_USER_CODE_PARAMETER_SUPPORTED = true
|
|
113
|
+
BACKCHANNEL_AUTH_REQ_ID_DURATION = 300
|
|
114
|
+
BACKCHANNEL_POLLING_INTERVAL = 10
|
|
115
|
+
BACKCHANNEL_BINDING_MESSAGE_REQUIRED_IN_FAPI = true
|
|
116
|
+
ALLOWABLE_CLOCK_SKEW = 100
|
|
117
|
+
DEVICE_AUTHORIZATION_ENDPOINT = '<device-authorization-endpoint>'
|
|
118
|
+
DEVICE_VERIFICATION_URI = '<device-verification-uri>'
|
|
119
|
+
DEVICE_VERIFICATION_URI_COMPLETE = '<device-verification-uri-complete>'
|
|
120
|
+
DEVICE_FLOW_CODE_DURATION = 300
|
|
121
|
+
DEVICE_FLOW_POLLING_INTERVAL = 10
|
|
122
|
+
USER_CODE_CHARSET = 'BASE20'
|
|
123
|
+
USER_CODE_LENGTH = 100
|
|
124
|
+
PUSHED_AUTH_REQ_ENDPOINT = '<pushed-auth-req-endpoint>'
|
|
125
|
+
MTLS_ENDPOINT_ALIAS_NAME = '<mtls-endpoint-alias0-name>'
|
|
126
|
+
MTLS_ENDPOINT_ALIAS_URI = '<mtls-endpoint-alias0-uri>'
|
|
127
|
+
MTLS_ENDPOINT_ALIASES = [ Authlete::Model::NamedUri.new(name: MTLS_ENDPOINT_ALIAS_NAME, uri: MTLS_ENDPOINT_ALIAS_URI) ]
|
|
128
|
+
SUPPORTED_AUTHORIZATION_DETAILS_TYPES = [ '<supported-authorization-details-type0>', '<supported-authorization-details-type1>' ]
|
|
129
|
+
SUPPORTED_TRUST_FRAMEWORKS = [ '<supported-trust-framework0>', '<supported-trust-framework1>' ]
|
|
130
|
+
SUPPORTED_EVIDENCE = [ '<supported-evidence0>', '<supported-evidence1>' ]
|
|
131
|
+
SUPPORTED_IDENTITY_DOCUMENTS = [ '<supported-identity-document0>', '<supported-identity-document1>' ]
|
|
132
|
+
SUPPORTED_VERIFICATION_METHODS = [ '<supported-verification-method0>', '<supported-verification-method1>' ]
|
|
133
|
+
SUPPORTED_VERIFIED_CLAIMS = [ '<supported-verified-claim0>', '<supported-verified-claim1>' ]
|
|
134
|
+
MISSING_CLIENT_ID_ALLOWED = false
|
|
135
|
+
PAR_REQUIRED = false
|
|
136
|
+
REQUEST_OBJECT_REQUIRED = true
|
|
137
|
+
TRADITIONAL_REQUEST_OBJECT_PROCESSING_APPLIED = false
|
|
138
|
+
CLAIM_SHORTCUT_RESTRICTIVE = false
|
|
139
|
+
SCOPE_REQUIRED = true
|
|
140
|
+
NBF_OPTIONAL = true
|
|
141
|
+
ISS_SUPPRESSED = false
|
|
142
|
+
ATTRIBUTE_KEY = '<attribute0-key>'
|
|
143
|
+
ATTRIBUTE_VALUE = '<attribute0-value>'
|
|
144
|
+
ATTRIBUTES = [ Authlete::Model::Pair.new(key: ATTRIBUTE_KEY, value: ATTRIBUTE_VALUE) ]
|
|
145
|
+
SUPPORTED_CUSTOM_CLIENT_METADATA = [ '<supported-custom-client-metadata0>', '<supported-custom-client-metadata1>' ]
|
|
146
|
+
TOKEN_EXPIRATION_LINKED = false
|
|
147
|
+
FRONT_CHANNEL_REQUEST_OBJECT_ENCRYPTION_REQUIRED = false
|
|
148
|
+
REQUEST_OBJECT_ENCRYPTION_ALG_MATCH_REQUIRED = false
|
|
149
|
+
REQUEST_OBJECT_ENCRYPTION_ENC_MATCH_REQUIRED = false
|
|
150
|
+
HSKS_KTY = 'EC'
|
|
151
|
+
HSKS_USE = 'sig'
|
|
152
|
+
HSKS_ALG = 'ES256'
|
|
153
|
+
HSKS_KID = 'jane'
|
|
154
|
+
HSKS_HSMNAME = 'google'
|
|
155
|
+
HSKS_HANDLE = '<handle>'
|
|
156
|
+
HSKS_PUBLICKEY = '<public-key>'
|
|
157
|
+
HSKS = [ Authlete::Model::Hsk.new(kty: HSKS_KTY, use: HSKS_USE, alg: HSKS_ALG, kid: HSKS_KID, hsmName: HSKS_HSMNAME, handle: HSKS_HANDLE, publicKey: HSKS_PUBLICKEY) ]
|
|
158
|
+
HSM_ENABLED = false
|
|
145
159
|
|
|
146
160
|
|
|
147
161
|
def generate_json
|
|
148
162
|
return <<~JSON
|
|
149
163
|
{
|
|
150
|
-
"number":
|
|
151
|
-
"serviceOwnerNumber":
|
|
152
|
-
"serviceName":
|
|
153
|
-
"apiKey":
|
|
154
|
-
"apiSecret":
|
|
155
|
-
"issuer":
|
|
156
|
-
"authorizationEndpoint":
|
|
157
|
-
"tokenEndpoint":
|
|
158
|
-
"revocationEndpoint":
|
|
159
|
-
"supportedRevocationAuthMethods":
|
|
160
|
-
"userInfoEndpoint":
|
|
161
|
-
"jwksUri":
|
|
162
|
-
"jwks":
|
|
163
|
-
"
|
|
164
|
-
"
|
|
165
|
-
"
|
|
166
|
-
"
|
|
167
|
-
"
|
|
168
|
-
"
|
|
169
|
-
"
|
|
170
|
-
"
|
|
171
|
-
"
|
|
172
|
-
"
|
|
173
|
-
"
|
|
174
|
-
"
|
|
175
|
-
"
|
|
176
|
-
"
|
|
177
|
-
"
|
|
178
|
-
"
|
|
179
|
-
"
|
|
180
|
-
"
|
|
181
|
-
"
|
|
182
|
-
"
|
|
183
|
-
"
|
|
184
|
-
"
|
|
185
|
-
"
|
|
186
|
-
"
|
|
187
|
-
"
|
|
188
|
-
"
|
|
189
|
-
"
|
|
190
|
-
"
|
|
191
|
-
"
|
|
192
|
-
"
|
|
193
|
-
"
|
|
194
|
-
"
|
|
195
|
-
"
|
|
196
|
-
"
|
|
197
|
-
"
|
|
198
|
-
"
|
|
199
|
-
"
|
|
200
|
-
"
|
|
201
|
-
"
|
|
202
|
-
"
|
|
203
|
-
"
|
|
204
|
-
"
|
|
205
|
-
"
|
|
206
|
-
"
|
|
207
|
-
"
|
|
208
|
-
"
|
|
209
|
-
"
|
|
210
|
-
"
|
|
211
|
-
"
|
|
212
|
-
"
|
|
213
|
-
"
|
|
214
|
-
"
|
|
215
|
-
"
|
|
216
|
-
"
|
|
217
|
-
"
|
|
218
|
-
"
|
|
219
|
-
"
|
|
220
|
-
"
|
|
221
|
-
"
|
|
222
|
-
"
|
|
223
|
-
"
|
|
224
|
-
"
|
|
225
|
-
"
|
|
226
|
-
"
|
|
227
|
-
"
|
|
228
|
-
"
|
|
229
|
-
"
|
|
230
|
-
"
|
|
231
|
-
"
|
|
232
|
-
"
|
|
233
|
-
"
|
|
234
|
-
"
|
|
235
|
-
"
|
|
236
|
-
"
|
|
237
|
-
"
|
|
238
|
-
"
|
|
239
|
-
"
|
|
240
|
-
"
|
|
241
|
-
"
|
|
242
|
-
"
|
|
243
|
-
"
|
|
244
|
-
"
|
|
245
|
-
"
|
|
246
|
-
"
|
|
247
|
-
"
|
|
248
|
-
"
|
|
249
|
-
"
|
|
250
|
-
"
|
|
251
|
-
"
|
|
252
|
-
"
|
|
253
|
-
"
|
|
254
|
-
"
|
|
255
|
-
"
|
|
256
|
-
"
|
|
164
|
+
"number": 1000,
|
|
165
|
+
"serviceOwnerNumber": 12345,
|
|
166
|
+
"serviceName": "<service-name>",
|
|
167
|
+
"apiKey": "<api-key>",
|
|
168
|
+
"apiSecret": "<api-secret>",
|
|
169
|
+
"issuer": "<issuer>",
|
|
170
|
+
"authorizationEndpoint": "<authorization-endpoint>",
|
|
171
|
+
"tokenEndpoint": "<token-endpoint>",
|
|
172
|
+
"revocationEndpoint": "<revocation-endpoint>",
|
|
173
|
+
"supportedRevocationAuthMethods": [ "NONE", "CLIENT_SECRET_BASIC" ],
|
|
174
|
+
"userInfoEndpoint": "<user-info-endpoint>",
|
|
175
|
+
"jwksUri": "<jwks-uri>",
|
|
176
|
+
"jwks": "<jwks>",
|
|
177
|
+
"hsks": [ { "kty": "EC", "use": "sig", "alg": "ES256", "kid": "jane", "hsmName": "google", "handle": "<handle>", "publicKey": "<public-key>" } ],
|
|
178
|
+
"hsmEnabled": false,
|
|
179
|
+
"registrationEndpoint": "<registration-endpoint>",
|
|
180
|
+
"registrationManagementEndpoint": "<registration-management-endpoint>",
|
|
181
|
+
"supportedScopes": [ { "name": "scope0", "description": "<scope0-description>" } ],
|
|
182
|
+
"supportedResponseTypes": [ "NONE", "CODE", "TOKEN", "ID_TOKEN" ],
|
|
183
|
+
"supportedGrantTypes": [ "AUTHORIZATION_CODE", "REFRESH_TOKEN" ],
|
|
184
|
+
"supportedAcrs": [ "<supported-acr0>", "<supported-acr1>" ],
|
|
185
|
+
"supportedTokenAuthMethods": [ "NONE", "CLIENT_SECRET_BASIC" ],
|
|
186
|
+
"supportedDisplays": [ "PAGE", "POPUP", "TOUCH", "WAP" ],
|
|
187
|
+
"supportedClaimTypes": [ "NORMAL" ],
|
|
188
|
+
"supportedClaims": [ "<supported-claim0>", "<supported-claim1>" ],
|
|
189
|
+
"serviceDocumentation": "<service-documentation>",
|
|
190
|
+
"supportedClaimLocales": [ "en-US" ],
|
|
191
|
+
"supportedUiLocales": [ "en-US" ],
|
|
192
|
+
"policyUri": "<policy-uri>",
|
|
193
|
+
"tosUri": "<tos-uri>",
|
|
194
|
+
"authenticationCallbackEndpoint": "<authentication-callback-endpoint>",
|
|
195
|
+
"authenticationCallbackApiKey": "<authentication-callback-api-key>",
|
|
196
|
+
"authenticationCallbackApiSecret": "<authentication-callback-api-secret>",
|
|
197
|
+
"supportedSnses": [ "FACEBOOK" ],
|
|
198
|
+
"snsCredentials": [ { "sns": "FACEBOOK", "apiKey": "<sns-credentials0-api-key>", "apiSecret": "<sns-credentials0-api-secret>" } ],
|
|
199
|
+
"createdAt": 10000,
|
|
200
|
+
"modifiedAt": 10000,
|
|
201
|
+
"developerAuthenticationCallbackEndpoint": "<developer-authentication-callback-endpoint>",
|
|
202
|
+
"developerAuthenticationCallbackApiKey": "<developer-authentication-callback-api-key>",
|
|
203
|
+
"developerAuthenticationCallbackApiSecret": "<developer-authentication-callback-api-secret>",
|
|
204
|
+
"supportedDeveloperSnses": [ "FACEBOOK" ],
|
|
205
|
+
"developerSnsCredentials": [ { "sns": "FACEBOOK", "apiKey": "<developer-sns-credentials0-api-key>", "apiSecret": "<developer-sns-credentials0-api-secret>" } ],
|
|
206
|
+
"clientsPerDeveloper": 10,
|
|
207
|
+
"directAuthorizationEndpointEnabled": true,
|
|
208
|
+
"directTokenEndpointEnabled": true,
|
|
209
|
+
"directRevocationEndpointEnabled": true,
|
|
210
|
+
"directUserInfoEndpointEnabled": true,
|
|
211
|
+
"directJwksEndpointEnabled": true,
|
|
212
|
+
"directIntrospectionEndpointEnabled": true,
|
|
213
|
+
"singleAccessTokenPerSubject": false,
|
|
214
|
+
"pkceRequired": true,
|
|
215
|
+
"pkceS256Required": true,
|
|
216
|
+
"refreshTokenKept": true,
|
|
217
|
+
"refreshTokenDurationKept": true,
|
|
218
|
+
"errorDescriptionOmitted": false,
|
|
219
|
+
"errorUriOmitted": false,
|
|
220
|
+
"clientIdAliasEnabled": true,
|
|
221
|
+
"supportedServiceProfiles": [ "FAPI", "OPEN_BANKING" ],
|
|
222
|
+
"tlsClientCertificateBoundAccessTokens": true,
|
|
223
|
+
"introspectionEndpoint": "<introspection-endpoint>",
|
|
224
|
+
"supportedIntrospectionAuthMethods": [ "NONE", "CLIENT_SECRET_BASIC" ],
|
|
225
|
+
"mutualTlsValidatePkiCertChain": true,
|
|
226
|
+
"trustedRootCertificates": [ "<trusted-root-certificate0>", "<trusted-root-certificate1>" ],
|
|
227
|
+
"dynamicRegistrationSupported": true,
|
|
228
|
+
"endSessionEndpoint": "<end-session-endpoint>",
|
|
229
|
+
"description": "<description>",
|
|
230
|
+
"accessTokenType": "Bearer",
|
|
231
|
+
"accessTokenSignAlg": "HS256",
|
|
232
|
+
"accessTokenDuration": 300,
|
|
233
|
+
"refreshTokenDuration": 300,
|
|
234
|
+
"idTokenDuration": 300,
|
|
235
|
+
"authorizationResponseDuration": 300,
|
|
236
|
+
"pushedAuthReqDuration": 300,
|
|
237
|
+
"metadata": [ { "key": "<metadata0-key>", "value": "<metadata0-value>" } ],
|
|
238
|
+
"accessTokenSignatureKeyId": "<access-token-signature-key-id>",
|
|
239
|
+
"authorizationSignatureKeyId": "<authorization-signature-key-id>",
|
|
240
|
+
"idTokenSignatureKeyId": "<id-token-signature-key-id>",
|
|
241
|
+
"userInfoSignatureKeyId": "<user-info-signature-key-id>",
|
|
242
|
+
"supportedBackchannelTokenDeliveryModes": [ "POLL", "PING", "PUSH" ],
|
|
243
|
+
"backchannelAuthenticationEndpoint": "<backchannel-authentication-endpoint>",
|
|
244
|
+
"backchannelUserCodeParameterSupported": true,
|
|
245
|
+
"backchannelAuthReqIdDuration": 300,
|
|
246
|
+
"backchannelPollingInterval": 10,
|
|
247
|
+
"backchannelBindingMessageRequiredInFapi": true,
|
|
248
|
+
"allowableClockSkew": 100,
|
|
249
|
+
"deviceAuthorizationEndpoint": "<device-authorization-endpoint>",
|
|
250
|
+
"deviceVerificationUri": "<device-verification-uri>",
|
|
251
|
+
"deviceVerificationUriComplete": "<device-verification-uri-complete>",
|
|
252
|
+
"deviceFlowCodeDuration": 300,
|
|
253
|
+
"deviceFlowPollingInterval": 10,
|
|
254
|
+
"userCodeCharset": "BASE20",
|
|
255
|
+
"userCodeLength": 100,
|
|
256
|
+
"pushedAuthReqEndpoint": "<pushed-auth-req-endpoint>",
|
|
257
|
+
"mtlsEndpointAliases": [ { "name": "<mtls-endpoint-alias0-name>", "uri": "<mtls-endpoint-alias0-uri>" } ],
|
|
258
|
+
"supportedAuthorizationDetailsTypes": [ "<supported-authorization-details-type0>", "<supported-authorization-details-type1>" ],
|
|
259
|
+
"supportedTrustFrameworks": [ "<supported-trust-framework0>", "<supported-trust-framework1>" ],
|
|
260
|
+
"supportedEvidence": [ "<supported-evidence0>", "<supported-evidence1>" ],
|
|
261
|
+
"supportedIdentityDocuments": [ "<supported-identity-document0>", "<supported-identity-document1>" ],
|
|
262
|
+
"supportedVerificationMethods": [ "<supported-verification-method0>", "<supported-verification-method1>" ],
|
|
263
|
+
"supportedVerifiedClaims": [ "<supported-verified-claim0>", "<supported-verified-claim1>" ],
|
|
264
|
+
"missingClientIdAllowed": false,
|
|
265
|
+
"parRequired": false,
|
|
266
|
+
"requestObjectRequired": true,
|
|
267
|
+
"traditionalRequestObjectProcessingApplied": false,
|
|
268
|
+
"claimShortcutRestrictive": false,
|
|
269
|
+
"scopeRequired": true,
|
|
270
|
+
"nbfOptional": true,
|
|
271
|
+
"issSuppressed": false,
|
|
272
|
+
"attributes": [{ "key": "<attribute0-key>", "value": "<attribute0-value>" }],
|
|
273
|
+
"supportedCustomClientMetadata": [ "<supported-custom-client-metadata0>", "<supported-custom-client-metadata1>" ],
|
|
274
|
+
"tokenExpirationLinked": false,
|
|
275
|
+
"frontChannelRequestObjectEncryptionRequired": false,
|
|
276
|
+
"requestObjectEncryptionAlgMatchRequired": false,
|
|
277
|
+
"requestObjectEncryptionEncMatchRequired": false
|
|
257
278
|
}
|
|
258
279
|
JSON
|
|
259
280
|
end
|
|
@@ -261,113 +282,120 @@ class ServiceTest < Minitest::Test
|
|
|
261
282
|
|
|
262
283
|
def generate_hash
|
|
263
284
|
{
|
|
264
|
-
number:
|
|
265
|
-
serviceOwnerNumber:
|
|
266
|
-
serviceName:
|
|
267
|
-
apiKey:
|
|
268
|
-
apiSecret:
|
|
269
|
-
issuer:
|
|
270
|
-
authorizationEndpoint:
|
|
271
|
-
tokenEndpoint:
|
|
272
|
-
revocationEndpoint:
|
|
273
|
-
supportedRevocationAuthMethods:
|
|
274
|
-
userInfoEndpoint:
|
|
275
|
-
jwksUri:
|
|
276
|
-
jwks:
|
|
277
|
-
registrationEndpoint:
|
|
278
|
-
registrationManagementEndpoint:
|
|
279
|
-
supportedScopes:
|
|
280
|
-
supportedResponseTypes:
|
|
281
|
-
supportedGrantTypes:
|
|
282
|
-
supportedAcrs:
|
|
283
|
-
supportedTokenAuthMethods:
|
|
284
|
-
supportedDisplays:
|
|
285
|
-
supportedClaimTypes:
|
|
286
|
-
supportedClaims:
|
|
287
|
-
serviceDocumentation:
|
|
288
|
-
supportedClaimLocales:
|
|
289
|
-
supportedUiLocales:
|
|
290
|
-
policyUri:
|
|
291
|
-
tosUri:
|
|
292
|
-
authenticationCallbackEndpoint:
|
|
293
|
-
authenticationCallbackApiKey:
|
|
294
|
-
authenticationCallbackApiSecret:
|
|
295
|
-
supportedSnses:
|
|
296
|
-
snsCredentials:
|
|
297
|
-
createdAt:
|
|
298
|
-
modifiedAt:
|
|
299
|
-
developerAuthenticationCallbackEndpoint:
|
|
300
|
-
developerAuthenticationCallbackApiKey:
|
|
301
|
-
developerAuthenticationCallbackApiSecret:
|
|
302
|
-
supportedDeveloperSnses:
|
|
303
|
-
developerSnsCredentials:
|
|
304
|
-
clientsPerDeveloper:
|
|
305
|
-
directAuthorizationEndpointEnabled:
|
|
306
|
-
directTokenEndpointEnabled:
|
|
307
|
-
directRevocationEndpointEnabled:
|
|
308
|
-
directUserInfoEndpointEnabled:
|
|
309
|
-
directJwksEndpointEnabled:
|
|
310
|
-
directIntrospectionEndpointEnabled:
|
|
311
|
-
singleAccessTokenPerSubject:
|
|
312
|
-
pkceRequired:
|
|
313
|
-
pkceS256Required:
|
|
314
|
-
refreshTokenKept:
|
|
315
|
-
refreshTokenDurationKept:
|
|
316
|
-
errorDescriptionOmitted:
|
|
317
|
-
errorUriOmitted:
|
|
318
|
-
clientIdAliasEnabled:
|
|
319
|
-
supportedServiceProfiles:
|
|
320
|
-
tlsClientCertificateBoundAccessTokens:
|
|
321
|
-
introspectionEndpoint:
|
|
322
|
-
supportedIntrospectionAuthMethods:
|
|
323
|
-
mutualTlsValidatePkiCertChain:
|
|
324
|
-
trustedRootCertificates:
|
|
325
|
-
dynamicRegistrationSupported:
|
|
326
|
-
endSessionEndpoint:
|
|
327
|
-
description:
|
|
328
|
-
accessTokenType:
|
|
329
|
-
accessTokenSignAlg:
|
|
330
|
-
accessTokenDuration:
|
|
331
|
-
refreshTokenDuration:
|
|
332
|
-
idTokenDuration:
|
|
333
|
-
authorizationResponseDuration:
|
|
334
|
-
pushedAuthReqDuration:
|
|
335
|
-
metadata:
|
|
336
|
-
accessTokenSignatureKeyId:
|
|
337
|
-
authorizationSignatureKeyId:
|
|
338
|
-
idTokenSignatureKeyId:
|
|
339
|
-
userInfoSignatureKeyId:
|
|
340
|
-
supportedBackchannelTokenDeliveryModes:
|
|
341
|
-
backchannelAuthenticationEndpoint:
|
|
342
|
-
backchannelUserCodeParameterSupported:
|
|
343
|
-
backchannelAuthReqIdDuration:
|
|
344
|
-
backchannelPollingInterval:
|
|
345
|
-
backchannelBindingMessageRequiredInFapi:
|
|
346
|
-
allowableClockSkew:
|
|
347
|
-
deviceAuthorizationEndpoint:
|
|
348
|
-
deviceVerificationUri:
|
|
349
|
-
deviceVerificationUriComplete:
|
|
350
|
-
deviceFlowCodeDuration:
|
|
351
|
-
deviceFlowPollingInterval:
|
|
352
|
-
userCodeCharset:
|
|
353
|
-
userCodeLength:
|
|
354
|
-
pushedAuthReqEndpoint:
|
|
355
|
-
mtlsEndpointAliases:
|
|
356
|
-
|
|
357
|
-
supportedTrustFrameworks:
|
|
358
|
-
supportedEvidence:
|
|
359
|
-
supportedIdentityDocuments:
|
|
360
|
-
supportedVerificationMethods:
|
|
361
|
-
supportedVerifiedClaims:
|
|
362
|
-
missingClientIdAllowed:
|
|
363
|
-
parRequired:
|
|
364
|
-
requestObjectRequired:
|
|
365
|
-
traditionalRequestObjectProcessingApplied:
|
|
366
|
-
claimShortcutRestrictive:
|
|
367
|
-
scopeRequired:
|
|
368
|
-
nbfOptional:
|
|
369
|
-
issSuppressed:
|
|
370
|
-
attributes:
|
|
285
|
+
number: 1000,
|
|
286
|
+
serviceOwnerNumber: 12345,
|
|
287
|
+
serviceName: '<service-name>',
|
|
288
|
+
apiKey: '<api-key>',
|
|
289
|
+
apiSecret: '<api-secret>',
|
|
290
|
+
issuer: '<issuer>',
|
|
291
|
+
authorizationEndpoint: '<authorization-endpoint>',
|
|
292
|
+
tokenEndpoint: '<token-endpoint>',
|
|
293
|
+
revocationEndpoint: '<revocation-endpoint>',
|
|
294
|
+
supportedRevocationAuthMethods: [ 'NONE', 'CLIENT_SECRET_BASIC' ],
|
|
295
|
+
userInfoEndpoint: '<user-info-endpoint>',
|
|
296
|
+
jwksUri: '<jwks-uri>',
|
|
297
|
+
jwks: '<jwks>',
|
|
298
|
+
registrationEndpoint: '<registration-endpoint>',
|
|
299
|
+
registrationManagementEndpoint: '<registration-management-endpoint>',
|
|
300
|
+
supportedScopes: [ { name: 'scope0', description: '<scope0-description>', defaultEntry: false, descriptions: nil, attributes: nil } ],
|
|
301
|
+
supportedResponseTypes: [ 'NONE', 'CODE', 'TOKEN', 'ID_TOKEN' ],
|
|
302
|
+
supportedGrantTypes: [ 'AUTHORIZATION_CODE', 'REFRESH_TOKEN' ],
|
|
303
|
+
supportedAcrs: [ '<supported-acr0>', '<supported-acr1>' ],
|
|
304
|
+
supportedTokenAuthMethods: [ 'NONE', 'CLIENT_SECRET_BASIC' ],
|
|
305
|
+
supportedDisplays: [ 'PAGE', 'POPUP', 'TOUCH', 'WAP' ],
|
|
306
|
+
supportedClaimTypes: [ 'NORMAL' ],
|
|
307
|
+
supportedClaims: [ '<supported-claim0>', '<supported-claim1>' ],
|
|
308
|
+
serviceDocumentation: '<service-documentation>',
|
|
309
|
+
supportedClaimLocales: [ 'en-US' ],
|
|
310
|
+
supportedUiLocales: [ 'en-US' ],
|
|
311
|
+
policyUri: '<policy-uri>',
|
|
312
|
+
tosUri: '<tos-uri>',
|
|
313
|
+
authenticationCallbackEndpoint: '<authentication-callback-endpoint>',
|
|
314
|
+
authenticationCallbackApiKey: '<authentication-callback-api-key>',
|
|
315
|
+
authenticationCallbackApiSecret: '<authentication-callback-api-secret>',
|
|
316
|
+
supportedSnses: [ 'FACEBOOK' ],
|
|
317
|
+
snsCredentials: [ { sns: 'FACEBOOK', apiKey: '<sns-credentials0-api-key>', apiSecret: '<sns-credentials0-api-secret>' } ],
|
|
318
|
+
createdAt: 10000,
|
|
319
|
+
modifiedAt: 10000,
|
|
320
|
+
developerAuthenticationCallbackEndpoint: '<developer-authentication-callback-endpoint>',
|
|
321
|
+
developerAuthenticationCallbackApiKey: '<developer-authentication-callback-api-key>',
|
|
322
|
+
developerAuthenticationCallbackApiSecret: '<developer-authentication-callback-api-secret>',
|
|
323
|
+
supportedDeveloperSnses: [ 'FACEBOOK' ],
|
|
324
|
+
developerSnsCredentials: [ { sns: 'FACEBOOK', apiKey: '<developer-sns-credentials0-api-key>', apiSecret: '<developer-sns-credentials0-api-secret>' } ],
|
|
325
|
+
clientsPerDeveloper: 10,
|
|
326
|
+
directAuthorizationEndpointEnabled: true,
|
|
327
|
+
directTokenEndpointEnabled: true,
|
|
328
|
+
directRevocationEndpointEnabled: true,
|
|
329
|
+
directUserInfoEndpointEnabled: true,
|
|
330
|
+
directJwksEndpointEnabled: true,
|
|
331
|
+
directIntrospectionEndpointEnabled: true,
|
|
332
|
+
singleAccessTokenPerSubject: false,
|
|
333
|
+
pkceRequired: true,
|
|
334
|
+
pkceS256Required: true,
|
|
335
|
+
refreshTokenKept: true,
|
|
336
|
+
refreshTokenDurationKept: true,
|
|
337
|
+
errorDescriptionOmitted: false,
|
|
338
|
+
errorUriOmitted: false,
|
|
339
|
+
clientIdAliasEnabled: true,
|
|
340
|
+
supportedServiceProfiles: [ 'FAPI', 'OPEN_BANKING' ],
|
|
341
|
+
tlsClientCertificateBoundAccessTokens: true,
|
|
342
|
+
introspectionEndpoint: '<introspection-endpoint>',
|
|
343
|
+
supportedIntrospectionAuthMethods: [ 'NONE', 'CLIENT_SECRET_BASIC' ],
|
|
344
|
+
mutualTlsValidatePkiCertChain: true,
|
|
345
|
+
trustedRootCertificates: [ '<trusted-root-certificate0>', '<trusted-root-certificate1>' ],
|
|
346
|
+
dynamicRegistrationSupported: true,
|
|
347
|
+
endSessionEndpoint: '<end-session-endpoint>',
|
|
348
|
+
description: '<description>',
|
|
349
|
+
accessTokenType: 'Bearer',
|
|
350
|
+
accessTokenSignAlg: 'HS256',
|
|
351
|
+
accessTokenDuration: 300,
|
|
352
|
+
refreshTokenDuration: 300,
|
|
353
|
+
idTokenDuration: 300,
|
|
354
|
+
authorizationResponseDuration: 300,
|
|
355
|
+
pushedAuthReqDuration: 300,
|
|
356
|
+
metadata: [ { key: '<metadata0-key>', value: '<metadata0-value>' } ],
|
|
357
|
+
accessTokenSignatureKeyId: '<access-token-signature-key-id>',
|
|
358
|
+
authorizationSignatureKeyId: '<authorization-signature-key-id>',
|
|
359
|
+
idTokenSignatureKeyId: '<id-token-signature-key-id>',
|
|
360
|
+
userInfoSignatureKeyId: '<user-info-signature-key-id>',
|
|
361
|
+
supportedBackchannelTokenDeliveryModes: [ 'POLL', 'PING', 'PUSH' ],
|
|
362
|
+
backchannelAuthenticationEndpoint: '<backchannel-authentication-endpoint>',
|
|
363
|
+
backchannelUserCodeParameterSupported: true,
|
|
364
|
+
backchannelAuthReqIdDuration: 300,
|
|
365
|
+
backchannelPollingInterval: 10,
|
|
366
|
+
backchannelBindingMessageRequiredInFapi: true,
|
|
367
|
+
allowableClockSkew: 100,
|
|
368
|
+
deviceAuthorizationEndpoint: '<device-authorization-endpoint>',
|
|
369
|
+
deviceVerificationUri: '<device-verification-uri>',
|
|
370
|
+
deviceVerificationUriComplete: '<device-verification-uri-complete>',
|
|
371
|
+
deviceFlowCodeDuration: 300,
|
|
372
|
+
deviceFlowPollingInterval: 10,
|
|
373
|
+
userCodeCharset: 'BASE20',
|
|
374
|
+
userCodeLength: 100,
|
|
375
|
+
pushedAuthReqEndpoint: '<pushed-auth-req-endpoint>',
|
|
376
|
+
mtlsEndpointAliases: [ { name: '<mtls-endpoint-alias0-name>', uri: '<mtls-endpoint-alias0-uri>' } ],
|
|
377
|
+
supportedAuthorizationDetailsTypes: [ '<supported-authorization-details-type0>', '<supported-authorization-details-type1>' ],
|
|
378
|
+
supportedTrustFrameworks: [ '<supported-trust-framework0>', '<supported-trust-framework1>' ],
|
|
379
|
+
supportedEvidence: [ '<supported-evidence0>', '<supported-evidence1>' ],
|
|
380
|
+
supportedIdentityDocuments: [ '<supported-identity-document0>', '<supported-identity-document1>' ],
|
|
381
|
+
supportedVerificationMethods: [ '<supported-verification-method0>', '<supported-verification-method1>' ],
|
|
382
|
+
supportedVerifiedClaims: [ '<supported-verified-claim0>', '<supported-verified-claim1>' ],
|
|
383
|
+
missingClientIdAllowed: false,
|
|
384
|
+
parRequired: false,
|
|
385
|
+
requestObjectRequired: true,
|
|
386
|
+
traditionalRequestObjectProcessingApplied: false,
|
|
387
|
+
claimShortcutRestrictive: false,
|
|
388
|
+
scopeRequired: true,
|
|
389
|
+
nbfOptional: true,
|
|
390
|
+
issSuppressed: false,
|
|
391
|
+
attributes: [{ key: '<attribute0-key>', value: '<attribute0-value>' }],
|
|
392
|
+
supportedCustomClientMetadata: [ '<supported-custom-client-metadata0>', '<supported-custom-client-metadata1>' ],
|
|
393
|
+
tokenExpirationLinked: false,
|
|
394
|
+
frontChannelRequestObjectEncryptionRequired: false,
|
|
395
|
+
requestObjectEncryptionAlgMatchRequired: false,
|
|
396
|
+
requestObjectEncryptionEncMatchRequired: false,
|
|
397
|
+
hsks: [ { kty: 'EC', use: 'sig', alg: 'ES256', kid: 'jane', hsmName: 'google', handle: '<handle>', publicKey: '<public-key>' } ],
|
|
398
|
+
hsmEnabled: false
|
|
371
399
|
}
|
|
372
400
|
end
|
|
373
401
|
|
|
@@ -465,7 +493,7 @@ class ServiceTest < Minitest::Test
|
|
|
465
493
|
obj.user_code_length = USER_CODE_LENGTH
|
|
466
494
|
obj.pushed_auth_req_endpoint = PUSHED_AUTH_REQ_ENDPOINT
|
|
467
495
|
obj.mtls_endpoint_aliases = MTLS_ENDPOINT_ALIASES
|
|
468
|
-
obj.
|
|
496
|
+
obj.supported_authorization_details_types = SUPPORTED_AUTHORIZATION_DETAILS_TYPES
|
|
469
497
|
obj.supported_trust_frameworks = SUPPORTED_TRUST_FRAMEWORKS
|
|
470
498
|
obj.supported_evidence = SUPPORTED_EVIDENCE
|
|
471
499
|
obj.supported_identity_documents = SUPPORTED_IDENTITY_DOCUMENTS
|
|
@@ -480,125 +508,145 @@ class ServiceTest < Minitest::Test
|
|
|
480
508
|
obj.nbf_optional = NBF_OPTIONAL
|
|
481
509
|
obj.iss_suppressed = ISS_SUPPRESSED
|
|
482
510
|
obj.attributes = ATTRIBUTES
|
|
511
|
+
obj.supported_custom_client_metadata = SUPPORTED_CUSTOM_CLIENT_METADATA
|
|
512
|
+
obj.token_expiration_linked = TOKEN_EXPIRATION_LINKED
|
|
513
|
+
obj.frontChannelRequestObjectEncryptionRequired = FRONT_CHANNEL_REQUEST_OBJECT_ENCRYPTION_REQUIRED
|
|
514
|
+
obj.requestObjectEncryptionAlgMatchRequired = REQUEST_OBJECT_ENCRYPTION_ALG_MATCH_REQUIRED
|
|
515
|
+
obj.requestObjectEncryptionEncMatchRequired = REQUEST_OBJECT_ENCRYPTION_ENC_MATCH_REQUIRED
|
|
516
|
+
obj.hsks = HSKS
|
|
517
|
+
obj.hsm_enabled = HSM_ENABLED
|
|
483
518
|
end
|
|
484
519
|
|
|
485
520
|
|
|
486
521
|
def match(obj)
|
|
487
|
-
assert_equal NUMBER,
|
|
488
|
-
assert_equal SERVICE_OWNER_NUMBER,
|
|
489
|
-
assert_equal SERVICE_NAME,
|
|
490
|
-
assert_equal API_KEY,
|
|
491
|
-
assert_equal API_SECRET,
|
|
492
|
-
assert_equal ISSUER,
|
|
493
|
-
assert_equal AUTHORIZATION_ENDPOINT,
|
|
494
|
-
assert_equal TOKEN_ENDPOINT,
|
|
495
|
-
assert_equal REVOCATION_ENDPOINT,
|
|
496
|
-
assert_equal SUPPORTED_REVOCATION_AUTH_METHODS,
|
|
497
|
-
assert_equal USER_INFO_ENDPOINT,
|
|
498
|
-
assert_equal JWKS_URI,
|
|
499
|
-
assert_equal JWKS,
|
|
500
|
-
assert_equal REGISTRATION_ENDPOINT,
|
|
501
|
-
assert_equal REGISTRATION_MANAGEMENT_ENDPOINT,
|
|
502
|
-
assert_equal SUPPORTED_SCOPE_NAME,
|
|
503
|
-
assert_equal SUPPORTED_SCOPE_DESCRIPTION,
|
|
504
|
-
assert_equal SUPPORTED_RESPONSE_TYPES,
|
|
505
|
-
assert_equal SUPPORTED_GRANT_TYPES,
|
|
506
|
-
assert_equal SUPPORTED_ACRS,
|
|
507
|
-
assert_equal SUPPORTED_TOKEN_AUTH_METHODS,
|
|
508
|
-
assert_equal SUPPORTED_DISPLAYS,
|
|
509
|
-
assert_equal SUPPORTED_CLAIM_TYPES,
|
|
510
|
-
assert_equal SUPPORTED_CLAIMS,
|
|
511
|
-
assert_equal SERVICE_DOCUMENTATION,
|
|
512
|
-
assert_equal SUPPORTED_CLAIM_LOCALES,
|
|
513
|
-
assert_equal SUPPORTED_UI_LOCALES,
|
|
514
|
-
assert_equal POLICY_URI,
|
|
515
|
-
assert_equal TOS_URI,
|
|
516
|
-
assert_equal AUTHENTICATION_CALLBACK_ENDPOINT,
|
|
517
|
-
assert_equal AUTHENTICATION_CALLBACK_API_KEY,
|
|
518
|
-
assert_equal AUTHENTICATION_CALLBACK_API_SECRET,
|
|
519
|
-
assert_equal SUPPORTED_SNSES,
|
|
520
|
-
assert_equal SNS_CREDENTIALS_SNS,
|
|
521
|
-
assert_equal SNS_CREDENTIALS_API_KEY,
|
|
522
|
-
assert_equal SNS_CREDENTIALS_API_SECRET,
|
|
523
|
-
assert_equal CREATED_AT,
|
|
524
|
-
assert_equal MODIFIED_AT,
|
|
525
|
-
assert_equal DEVELOPER_AUTHENTICATION_CALLBACK_ENDPOINT,
|
|
526
|
-
assert_equal DEVELOPER_AUTHENTICATION_CALLBACK_API_KEY,
|
|
527
|
-
assert_equal DEVELOPER_AUTHENTICATION_CALLBACK_API_SECRET,
|
|
528
|
-
assert_equal SUPPORTED_DEVELOPER_SNSES,
|
|
529
|
-
assert_equal DEVELOPER_SNS_CREDENTIALS_SNS,
|
|
530
|
-
assert_equal DEVELOPER_SNS_CREDENTIALS_API_KEY,
|
|
531
|
-
assert_equal DEVELOPER_SNS_CREDENTIALS_API_SECRET,
|
|
532
|
-
assert_equal CLIENTS_PER_DEVELOPER,
|
|
533
|
-
assert_equal DIRECT_AUTHORIZATION_ENDPOINT_ENABLED,
|
|
534
|
-
assert_equal DIRECT_TOKEN_ENDPOINT_ENABLED,
|
|
535
|
-
assert_equal DIRECT_REVOCATION_ENDPOINT_ENABLED,
|
|
536
|
-
assert_equal DIRECT_USER_INFO_ENDPOINT_ENABLED,
|
|
537
|
-
assert_equal DIRECT_JWKS_ENDPOINT_ENABLED,
|
|
538
|
-
assert_equal DIRECT_INTROSPECTION_ENDPOINT_ENABLED,
|
|
539
|
-
assert_equal SINGLE_ACCESS_TOKEN_PER_SUBJECT,
|
|
540
|
-
assert_equal PKCE_REQUIRED,
|
|
541
|
-
assert_equal PKCE_S256_REQUIRED,
|
|
542
|
-
assert_equal REFRESH_TOKEN_KEPT,
|
|
543
|
-
assert_equal REFRESH_TOKEN_DURATION_KEPT,
|
|
544
|
-
assert_equal ERROR_DESCRIPTION_OMITTED,
|
|
545
|
-
assert_equal ERROR_URI_OMITTED,
|
|
546
|
-
assert_equal CLIENT_ID_ALIAS_ENABLED,
|
|
547
|
-
assert_equal SUPPORTED_SERVICE_PROFILES,
|
|
548
|
-
assert_equal TLS_CLIENT_CERTIFICATE_BOUND_ACCESS_TOKENS,
|
|
549
|
-
assert_equal INTROSPECTION_ENDPOINT,
|
|
550
|
-
assert_equal SUPPORTED_INTROSPECTION_AUTH_METHODS,
|
|
551
|
-
assert_equal MUTUAL_TLS_VALIDATE_PKI_CERT_CHAIN,
|
|
552
|
-
assert_equal TRUSTED_ROOT_CERTIFICATES,
|
|
553
|
-
assert_equal DYNAMIC_REGISTRATION_SUPPORTED,
|
|
554
|
-
assert_equal END_SESSION_ENDPOINT,
|
|
555
|
-
assert_equal DESCRIPTION,
|
|
556
|
-
assert_equal ACCESS_TOKEN_TYPE,
|
|
557
|
-
assert_equal ACCESS_TOKEN_SIGN_ALG,
|
|
558
|
-
assert_equal ACCESS_TOKEN_DURATION,
|
|
559
|
-
assert_equal REFRESH_TOKEN_DURATION,
|
|
560
|
-
assert_equal ID_TOKEN_DURATION,
|
|
561
|
-
assert_equal AUTHORIZATION_RESPONSE_DURATION,
|
|
562
|
-
assert_equal PUSHED_AUTH_REQ_DURATION,
|
|
563
|
-
assert_equal METADATA_KEY,
|
|
564
|
-
assert_equal METADATA_VALUE,
|
|
565
|
-
assert_equal ACCESS_TOKEN_SIGNATURE_KEY_ID,
|
|
566
|
-
assert_equal AUTHORIZATION_SIGNATURE_KEY_ID,
|
|
567
|
-
assert_equal ID_TOKEN_SIGNATURE_KEY_ID,
|
|
568
|
-
assert_equal USER_INFO_SIGNATURE_KEY_ID,
|
|
569
|
-
assert_equal SUPPORTED_BACKCHANNEL_TOKEN_DELIVERY_MODES,
|
|
570
|
-
assert_equal BACKCHANNEL_AUTHENTICATION_ENDPOINT,
|
|
571
|
-
assert_equal BACKCHANNEL_USER_CODE_PARAMETER_SUPPORTED,
|
|
572
|
-
assert_equal BACKCHANNEL_AUTH_REQ_ID_DURATION,
|
|
573
|
-
assert_equal BACKCHANNEL_POLLING_INTERVAL,
|
|
574
|
-
assert_equal BACKCHANNEL_BINDING_MESSAGE_REQUIRED_IN_FAPI,
|
|
575
|
-
assert_equal ALLOWABLE_CLOCK_SKEW,
|
|
576
|
-
assert_equal DEVICE_AUTHORIZATION_ENDPOINT,
|
|
577
|
-
assert_equal DEVICE_VERIFICATION_URI,
|
|
578
|
-
assert_equal DEVICE_VERIFICATION_URI_COMPLETE,
|
|
579
|
-
assert_equal DEVICE_FLOW_CODE_DURATION,
|
|
580
|
-
assert_equal DEVICE_FLOW_POLLING_INTERVAL,
|
|
581
|
-
assert_equal USER_CODE_CHARSET,
|
|
582
|
-
assert_equal USER_CODE_LENGTH,
|
|
583
|
-
assert_equal PUSHED_AUTH_REQ_ENDPOINT,
|
|
584
|
-
assert_equal MTLS_ENDPOINT_ALIAS_NAME,
|
|
585
|
-
assert_equal MTLS_ENDPOINT_ALIAS_URI,
|
|
586
|
-
assert_equal
|
|
587
|
-
assert_equal SUPPORTED_TRUST_FRAMEWORKS,
|
|
588
|
-
assert_equal SUPPORTED_EVIDENCE,
|
|
589
|
-
assert_equal SUPPORTED_IDENTITY_DOCUMENTS,
|
|
590
|
-
assert_equal SUPPORTED_VERIFICATION_METHODS,
|
|
591
|
-
assert_equal SUPPORTED_VERIFIED_CLAIMS,
|
|
592
|
-
assert_equal MISSING_CLIENT_ID_ALLOWED,
|
|
593
|
-
assert_equal PAR_REQUIRED,
|
|
594
|
-
assert_equal REQUEST_OBJECT_REQUIRED,
|
|
595
|
-
assert_equal TRADITIONAL_REQUEST_OBJECT_PROCESSING_APPLIED,
|
|
596
|
-
assert_equal CLAIM_SHORTCUT_RESTRICTIVE,
|
|
597
|
-
assert_equal SCOPE_REQUIRED,
|
|
598
|
-
assert_equal NBF_OPTIONAL,
|
|
599
|
-
assert_equal ISS_SUPPRESSED,
|
|
600
|
-
assert_equal ATTRIBUTE_KEY,
|
|
601
|
-
assert_equal ATTRIBUTE_VALUE,
|
|
522
|
+
assert_equal NUMBER, obj.number
|
|
523
|
+
assert_equal SERVICE_OWNER_NUMBER, obj.serviceOwnerNumber
|
|
524
|
+
assert_equal SERVICE_NAME, obj.serviceName
|
|
525
|
+
assert_equal API_KEY, obj.apiKey
|
|
526
|
+
assert_equal API_SECRET, obj.apiSecret
|
|
527
|
+
assert_equal ISSUER, obj.issuer
|
|
528
|
+
assert_equal AUTHORIZATION_ENDPOINT, obj.authorizationEndpoint
|
|
529
|
+
assert_equal TOKEN_ENDPOINT, obj.tokenEndpoint
|
|
530
|
+
assert_equal REVOCATION_ENDPOINT, obj.revocationEndpoint
|
|
531
|
+
assert_equal SUPPORTED_REVOCATION_AUTH_METHODS, obj.supportedRevocationAuthMethods
|
|
532
|
+
assert_equal USER_INFO_ENDPOINT, obj.userInfoEndpoint
|
|
533
|
+
assert_equal JWKS_URI, obj.jwksUri
|
|
534
|
+
assert_equal JWKS, obj.jwks
|
|
535
|
+
assert_equal REGISTRATION_ENDPOINT, obj.registrationEndpoint
|
|
536
|
+
assert_equal REGISTRATION_MANAGEMENT_ENDPOINT, obj.registrationManagementEndpoint
|
|
537
|
+
assert_equal SUPPORTED_SCOPE_NAME, obj.supportedScopes[0].name
|
|
538
|
+
assert_equal SUPPORTED_SCOPE_DESCRIPTION, obj.supportedScopes[0].description
|
|
539
|
+
assert_equal SUPPORTED_RESPONSE_TYPES, obj.supportedResponseTypes
|
|
540
|
+
assert_equal SUPPORTED_GRANT_TYPES, obj.supportedGrantTypes
|
|
541
|
+
assert_equal SUPPORTED_ACRS, obj.supportedAcrs
|
|
542
|
+
assert_equal SUPPORTED_TOKEN_AUTH_METHODS, obj.supportedTokenAuthMethods
|
|
543
|
+
assert_equal SUPPORTED_DISPLAYS, obj.supportedDisplays
|
|
544
|
+
assert_equal SUPPORTED_CLAIM_TYPES, obj.supportedClaimTypes
|
|
545
|
+
assert_equal SUPPORTED_CLAIMS, obj.supportedClaims
|
|
546
|
+
assert_equal SERVICE_DOCUMENTATION, obj.serviceDocumentation
|
|
547
|
+
assert_equal SUPPORTED_CLAIM_LOCALES, obj.supportedClaimLocales
|
|
548
|
+
assert_equal SUPPORTED_UI_LOCALES, obj.supportedUiLocales
|
|
549
|
+
assert_equal POLICY_URI, obj.policyUri
|
|
550
|
+
assert_equal TOS_URI, obj.tosUri
|
|
551
|
+
assert_equal AUTHENTICATION_CALLBACK_ENDPOINT, obj.authenticationCallbackEndpoint
|
|
552
|
+
assert_equal AUTHENTICATION_CALLBACK_API_KEY, obj.authenticationCallbackApiKey
|
|
553
|
+
assert_equal AUTHENTICATION_CALLBACK_API_SECRET, obj.authenticationCallbackApiSecret
|
|
554
|
+
assert_equal SUPPORTED_SNSES, obj.supportedSnses
|
|
555
|
+
assert_equal SNS_CREDENTIALS_SNS, obj.snsCredentials[0].sns
|
|
556
|
+
assert_equal SNS_CREDENTIALS_API_KEY, obj.snsCredentials[0].apiKey
|
|
557
|
+
assert_equal SNS_CREDENTIALS_API_SECRET, obj.snsCredentials[0].apiSecret
|
|
558
|
+
assert_equal CREATED_AT, obj.createdAt
|
|
559
|
+
assert_equal MODIFIED_AT, obj.modifiedAt
|
|
560
|
+
assert_equal DEVELOPER_AUTHENTICATION_CALLBACK_ENDPOINT, obj.developerAuthenticationCallbackEndpoint
|
|
561
|
+
assert_equal DEVELOPER_AUTHENTICATION_CALLBACK_API_KEY, obj.developerAuthenticationCallbackApiKey
|
|
562
|
+
assert_equal DEVELOPER_AUTHENTICATION_CALLBACK_API_SECRET, obj.developerAuthenticationCallbackApiSecret
|
|
563
|
+
assert_equal SUPPORTED_DEVELOPER_SNSES, obj.supportedDeveloperSnses
|
|
564
|
+
assert_equal DEVELOPER_SNS_CREDENTIALS_SNS, obj.developerSnsCredentials[0].sns
|
|
565
|
+
assert_equal DEVELOPER_SNS_CREDENTIALS_API_KEY, obj.developerSnsCredentials[0].apiKey
|
|
566
|
+
assert_equal DEVELOPER_SNS_CREDENTIALS_API_SECRET, obj.developerSnsCredentials[0].apiSecret
|
|
567
|
+
assert_equal CLIENTS_PER_DEVELOPER, obj.clientsPerDeveloper
|
|
568
|
+
assert_equal DIRECT_AUTHORIZATION_ENDPOINT_ENABLED, obj.directAuthorizationEndpointEnabled
|
|
569
|
+
assert_equal DIRECT_TOKEN_ENDPOINT_ENABLED, obj.directTokenEndpointEnabled
|
|
570
|
+
assert_equal DIRECT_REVOCATION_ENDPOINT_ENABLED, obj.directRevocationEndpointEnabled
|
|
571
|
+
assert_equal DIRECT_USER_INFO_ENDPOINT_ENABLED, obj.directUserInfoEndpointEnabled
|
|
572
|
+
assert_equal DIRECT_JWKS_ENDPOINT_ENABLED, obj.directJwksEndpointEnabled
|
|
573
|
+
assert_equal DIRECT_INTROSPECTION_ENDPOINT_ENABLED, obj.directIntrospectionEndpointEnabled
|
|
574
|
+
assert_equal SINGLE_ACCESS_TOKEN_PER_SUBJECT, obj.singleAccessTokenPerSubject
|
|
575
|
+
assert_equal PKCE_REQUIRED, obj.pkceRequired
|
|
576
|
+
assert_equal PKCE_S256_REQUIRED, obj.pkceS256Required
|
|
577
|
+
assert_equal REFRESH_TOKEN_KEPT, obj.refreshTokenKept
|
|
578
|
+
assert_equal REFRESH_TOKEN_DURATION_KEPT, obj.refreshTokenDurationKept
|
|
579
|
+
assert_equal ERROR_DESCRIPTION_OMITTED, obj.errorDescriptionOmitted
|
|
580
|
+
assert_equal ERROR_URI_OMITTED, obj.errorUriOmitted
|
|
581
|
+
assert_equal CLIENT_ID_ALIAS_ENABLED, obj.clientIdAliasEnabled
|
|
582
|
+
assert_equal SUPPORTED_SERVICE_PROFILES, obj.supportedServiceProfiles
|
|
583
|
+
assert_equal TLS_CLIENT_CERTIFICATE_BOUND_ACCESS_TOKENS, obj.tlsClientCertificateBoundAccessTokens
|
|
584
|
+
assert_equal INTROSPECTION_ENDPOINT, obj.introspectionEndpoint
|
|
585
|
+
assert_equal SUPPORTED_INTROSPECTION_AUTH_METHODS, obj.supportedIntrospectionAuthMethods
|
|
586
|
+
assert_equal MUTUAL_TLS_VALIDATE_PKI_CERT_CHAIN, obj.mutualTlsValidatePkiCertChain
|
|
587
|
+
assert_equal TRUSTED_ROOT_CERTIFICATES, obj.trustedRootCertificates
|
|
588
|
+
assert_equal DYNAMIC_REGISTRATION_SUPPORTED, obj.dynamicRegistrationSupported
|
|
589
|
+
assert_equal END_SESSION_ENDPOINT, obj.endSessionEndpoint
|
|
590
|
+
assert_equal DESCRIPTION, obj.description
|
|
591
|
+
assert_equal ACCESS_TOKEN_TYPE, obj.accessTokenType
|
|
592
|
+
assert_equal ACCESS_TOKEN_SIGN_ALG, obj.accessTokenSignAlg
|
|
593
|
+
assert_equal ACCESS_TOKEN_DURATION, obj.accessTokenDuration
|
|
594
|
+
assert_equal REFRESH_TOKEN_DURATION, obj.refreshTokenDuration
|
|
595
|
+
assert_equal ID_TOKEN_DURATION, obj.idTokenDuration
|
|
596
|
+
assert_equal AUTHORIZATION_RESPONSE_DURATION, obj.authorizationResponseDuration
|
|
597
|
+
assert_equal PUSHED_AUTH_REQ_DURATION, obj.pushedAuthReqDuration
|
|
598
|
+
assert_equal METADATA_KEY, obj.metadata[0].key
|
|
599
|
+
assert_equal METADATA_VALUE, obj.metadata[0].value
|
|
600
|
+
assert_equal ACCESS_TOKEN_SIGNATURE_KEY_ID, obj.accessTokenSignatureKeyId
|
|
601
|
+
assert_equal AUTHORIZATION_SIGNATURE_KEY_ID, obj.authorizationSignatureKeyId
|
|
602
|
+
assert_equal ID_TOKEN_SIGNATURE_KEY_ID, obj.idTokenSignatureKeyId
|
|
603
|
+
assert_equal USER_INFO_SIGNATURE_KEY_ID, obj.userInfoSignatureKeyId
|
|
604
|
+
assert_equal SUPPORTED_BACKCHANNEL_TOKEN_DELIVERY_MODES, obj.supportedBackchannelTokenDeliveryModes
|
|
605
|
+
assert_equal BACKCHANNEL_AUTHENTICATION_ENDPOINT, obj.backchannelAuthenticationEndpoint
|
|
606
|
+
assert_equal BACKCHANNEL_USER_CODE_PARAMETER_SUPPORTED, obj.backchannelUserCodeParameterSupported
|
|
607
|
+
assert_equal BACKCHANNEL_AUTH_REQ_ID_DURATION, obj.backchannelAuthReqIdDuration
|
|
608
|
+
assert_equal BACKCHANNEL_POLLING_INTERVAL, obj.backchannelPollingInterval
|
|
609
|
+
assert_equal BACKCHANNEL_BINDING_MESSAGE_REQUIRED_IN_FAPI, obj.backchannelBindingMessageRequiredInFapi
|
|
610
|
+
assert_equal ALLOWABLE_CLOCK_SKEW, obj.allowableClockSkew
|
|
611
|
+
assert_equal DEVICE_AUTHORIZATION_ENDPOINT, obj.deviceAuthorizationEndpoint
|
|
612
|
+
assert_equal DEVICE_VERIFICATION_URI, obj.deviceVerificationUri
|
|
613
|
+
assert_equal DEVICE_VERIFICATION_URI_COMPLETE, obj.deviceVerificationUriComplete
|
|
614
|
+
assert_equal DEVICE_FLOW_CODE_DURATION, obj.deviceFlowCodeDuration
|
|
615
|
+
assert_equal DEVICE_FLOW_POLLING_INTERVAL, obj.deviceFlowPollingInterval
|
|
616
|
+
assert_equal USER_CODE_CHARSET, obj.userCodeCharset
|
|
617
|
+
assert_equal USER_CODE_LENGTH, obj.userCodeLength
|
|
618
|
+
assert_equal PUSHED_AUTH_REQ_ENDPOINT, obj.pushedAuthReqEndpoint
|
|
619
|
+
assert_equal MTLS_ENDPOINT_ALIAS_NAME, obj.mtlsEndpointAliases[0].name
|
|
620
|
+
assert_equal MTLS_ENDPOINT_ALIAS_URI, obj.mtlsEndpointAliases[0].uri
|
|
621
|
+
assert_equal SUPPORTED_AUTHORIZATION_DETAILS_TYPES, obj.supportedAuthorizationDetailsTypes
|
|
622
|
+
assert_equal SUPPORTED_TRUST_FRAMEWORKS, obj.supportedTrustFrameworks
|
|
623
|
+
assert_equal SUPPORTED_EVIDENCE, obj.supportedEvidence
|
|
624
|
+
assert_equal SUPPORTED_IDENTITY_DOCUMENTS, obj.supportedIdentityDocuments
|
|
625
|
+
assert_equal SUPPORTED_VERIFICATION_METHODS, obj.supportedVerificationMethods
|
|
626
|
+
assert_equal SUPPORTED_VERIFIED_CLAIMS, obj.supportedVerifiedClaims
|
|
627
|
+
assert_equal MISSING_CLIENT_ID_ALLOWED, obj.missingClientIdAllowed
|
|
628
|
+
assert_equal PAR_REQUIRED, obj.parRequired
|
|
629
|
+
assert_equal REQUEST_OBJECT_REQUIRED, obj.requestObjectRequired
|
|
630
|
+
assert_equal TRADITIONAL_REQUEST_OBJECT_PROCESSING_APPLIED, obj.traditionalRequestObjectProcessingApplied
|
|
631
|
+
assert_equal CLAIM_SHORTCUT_RESTRICTIVE, obj.claimShortcutRestrictive
|
|
632
|
+
assert_equal SCOPE_REQUIRED, obj.scopeRequired
|
|
633
|
+
assert_equal NBF_OPTIONAL, obj.nbfOptional
|
|
634
|
+
assert_equal ISS_SUPPRESSED, obj.issSuppressed
|
|
635
|
+
assert_equal ATTRIBUTE_KEY, obj.attributes[0].key
|
|
636
|
+
assert_equal ATTRIBUTE_VALUE, obj.attributes[0].value
|
|
637
|
+
assert_equal SUPPORTED_CUSTOM_CLIENT_METADATA, obj.supportedCustomClientMetadata
|
|
638
|
+
assert_equal TOKEN_EXPIRATION_LINKED, obj.tokenExpirationLinked
|
|
639
|
+
assert_equal FRONT_CHANNEL_REQUEST_OBJECT_ENCRYPTION_REQUIRED, obj.frontChannelRequestObjectEncryptionRequired
|
|
640
|
+
assert_equal REQUEST_OBJECT_ENCRYPTION_ALG_MATCH_REQUIRED, obj.requestObjectEncryptionAlgMatchRequired
|
|
641
|
+
assert_equal REQUEST_OBJECT_ENCRYPTION_ENC_MATCH_REQUIRED, obj.requestObjectEncryptionEncMatchRequired
|
|
642
|
+
assert_equal HSKS_KTY, obj.hsks[0].kty
|
|
643
|
+
assert_equal HSKS_USE, obj.hsks[0].use
|
|
644
|
+
assert_equal HSKS_ALG, obj.hsks[0].alg
|
|
645
|
+
assert_equal HSKS_KID, obj.hsks[0].kid
|
|
646
|
+
assert_equal HSKS_HSMNAME, obj.hsks[0].hsmName
|
|
647
|
+
assert_equal HSKS_HANDLE, obj.hsks[0].handle
|
|
648
|
+
assert_equal HSKS_PUBLICKEY, obj.hsks[0].publicKey
|
|
649
|
+
assert_equal HSM_ENABLED, obj.hsmEnabled
|
|
602
650
|
end
|
|
603
651
|
|
|
604
652
|
|