authlete 1.38.0 → 1.39.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (86) hide show
  1. checksums.yaml +5 -5
  2. data/authlete.gemspec +1 -2
  3. data/lib/authlete/model/service.rb +7 -1
  4. data/lib/authlete/version.rb +1 -1
  5. metadata +7 -170
  6. data/test/authlete/model/request/test_authentication-callback-request.rb +0 -100
  7. data/test/authlete/model/request/test_authorization-fail-request.rb +0 -67
  8. data/test/authlete/model/request/test_authorization-issue-request.rb +0 -94
  9. data/test/authlete/model/request/test_authorization-request.rb +0 -57
  10. data/test/authlete/model/request/test_backchannel-authentication-complete-request.rb +0 -102
  11. data/test/authlete/model/request/test_backchannel-authentication-fail-request.rb +0 -71
  12. data/test/authlete/model/request/test_backchannel-authentication-issue-request.rb +0 -57
  13. data/test/authlete/model/request/test_backchannel-authentication-request.rb +0 -75
  14. data/test/authlete/model/request/test_client-authorization-delete-request.rb +0 -57
  15. data/test/authlete/model/request/test_client-authorization-get-list-request.rb +0 -71
  16. data/test/authlete/model/request/test_client-authorization-update-request.rb +0 -63
  17. data/test/authlete/model/request/test_client-registration-request.rb +0 -68
  18. data/test/authlete/model/request/test_device-authorization-request.rb +0 -75
  19. data/test/authlete/model/request/test_device-complete-request.rb +0 -102
  20. data/test/authlete/model/request/test_device-verification-request.rb +0 -57
  21. data/test/authlete/model/request/test_granted-scopes-request.rb +0 -57
  22. data/test/authlete/model/request/test_introspection-request.rb +0 -79
  23. data/test/authlete/model/request/test_pushed-auth-req-request.rb +0 -75
  24. data/test/authlete/model/request/test_revocation-request.rb +0 -67
  25. data/test/authlete/model/request/test_standard-introspection-request.rb +0 -57
  26. data/test/authlete/model/request/test_token-create-request.rb +0 -110
  27. data/test/authlete/model/request/test_token-fail-request.rb +0 -63
  28. data/test/authlete/model/request/test_token-issue-request.rb +0 -70
  29. data/test/authlete/model/request/test_token-request.rb +0 -94
  30. data/test/authlete/model/request/test_token-revoke-request.rb +0 -71
  31. data/test/authlete/model/request/test_token-update-request.rb +0 -82
  32. data/test/authlete/model/request/test_user-info-issue-request.rb +0 -67
  33. data/test/authlete/model/request/test_user-info-request.rb +0 -75
  34. data/test/authlete/model/response/test_access-token.rb +0 -101
  35. data/test/authlete/model/response/test_authorization-fail-response.rb +0 -68
  36. data/test/authlete/model/response/test_authorization-issue-response.rb +0 -92
  37. data/test/authlete/model/response/test_authorization-response.rb +0 -145
  38. data/test/authlete/model/response/test_authorized-client-list-response.rb +0 -83
  39. data/test/authlete/model/response/test_backchannel-authentication-complete-response.rb +0 -132
  40. data/test/authlete/model/response/test_backchannel-authentication-fail-response.rb +0 -68
  41. data/test/authlete/model/response/test_backchannel-authentication-issue-response.rb +0 -80
  42. data/test/authlete/model/response/test_backchannel-authentication-response.rb +0 -156
  43. data/test/authlete/model/response/test_client-list-response.rb +0 -79
  44. data/test/authlete/model/response/test_client-secret-refresh-response.rb +0 -68
  45. data/test/authlete/model/response/test_client-secret-update-response.rb +0 -68
  46. data/test/authlete/model/response/test_device-authorization-response.rb +0 -140
  47. data/test/authlete/model/response/test_device-complete-response.rb +0 -64
  48. data/test/authlete/model/response/test_device-verification-response.rb +0 -112
  49. data/test/authlete/model/response/test_granted-scopes-get-response.rb +0 -84
  50. data/test/authlete/model/response/test_introspection-response.rb +0 -127
  51. data/test/authlete/model/response/test_pushed-auth-req-response.rb +0 -76
  52. data/test/authlete/model/response/test_revocation-response.rb +0 -68
  53. data/test/authlete/model/response/test_service-list-response.rb +0 -72
  54. data/test/authlete/model/response/test_standard-introspection-response.rb +0 -68
  55. data/test/authlete/model/response/test_token-create-response.rb +0 -107
  56. data/test/authlete/model/response/test_token-fail-response.rb +0 -68
  57. data/test/authlete/model/response/test_token-issue-response.rb +0 -127
  58. data/test/authlete/model/response/test_token-list-response.rb +0 -84
  59. data/test/authlete/model/response/test_token-response.rb +0 -147
  60. data/test/authlete/model/response/test_token-revoke-response.rb +0 -63
  61. data/test/authlete/model/response/test_token-update-response.rb +0 -87
  62. data/test/authlete/model/response/test_user-info-issue-response.rb +0 -68
  63. data/test/authlete/model/response/test_user-info-response.rb +0 -107
  64. data/test/authlete/model/test_client-extension.rb +0 -98
  65. data/test/authlete/model/test_client.rb +0 -604
  66. data/test/authlete/model/test_hsk.rb +0 -108
  67. data/test/authlete/model/test_named-uri.rb +0 -83
  68. data/test/authlete/model/test_pair.rb +0 -83
  69. data/test/authlete/model/test_property.rb +0 -88
  70. data/test/authlete/model/test_result.rb +0 -68
  71. data/test/authlete/model/test_scope.rb +0 -104
  72. data/test/authlete/model/test_service-owner.rb +0 -80
  73. data/test/authlete/model/test_service.rb +0 -896
  74. data/test/authlete/model/test_sns-credentials.rb +0 -88
  75. data/test/authlete/model/test_tagged-value.rb +0 -83
  76. data/test/authlete/model/test_trust-anchor.rb +0 -84
  77. data/test/authlete/test_exception.rb +0 -70
  78. data/test/authlete/types/test_application-type.rb +0 -44
  79. data/test/authlete/types/test_client-auth-method.rb +0 -64
  80. data/test/authlete/types/test_delivery-mode.rb +0 -48
  81. data/test/authlete/types/test_grant-type.rb +0 -72
  82. data/test/authlete/types/test_jwealg.rb +0 -104
  83. data/test/authlete/types/test_jweenc.rb +0 -60
  84. data/test/authlete/types/test_jwsalg.rb +0 -96
  85. data/test/authlete/types/test_response-type.rb +0 -68
  86. data/test/authlete/types/test_subject-type.rb +0 -44
data/test/authlete/model/test_client.rb DELETED
@@ -1,604 +0,0 @@
1
- # :nodoc:
2
- #
3
- # Copyright (C) 2014-2022 Authlete, Inc.
4
- #
5
- # Licensed under the Apache License, Version 2.0 (the "License");
6
- # you may not use this file except in compliance with the License.
7
- # You may obtain a copy of the License at
8
- #
9
- # http://www.apache.org/licenses/LICENSE-2.0
10
- #
11
- # Unless required by applicable law or agreed to in writing, software
12
- # distributed under the License is distributed on an "AS IS" BASIS,
13
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
- # See the License for the specific language governing permissions and
15
- # limitations under the License.
16
-
17
-
18
- require 'authlete'
19
- require 'json'
20
- require 'minitest/autorun'
21
-
22
-
23
- class ClientTest < Minitest::Test
24
- NUMBER = 100
25
- SERVICE_NUMBER = 1000
26
- DEVELOPER = '<developer>'
27
- CLIENT_ID = 12345
28
- CLIENT_ID_ALIAS = '<client-id-alias>'
29
- CLIENT_ID_ALIAS_ENABLED = true
30
- CLIENT_SECRET = '<client-secret>'
31
- CLIENT_TYPE = 'PUBLIC'
32
- REDIRECT_URIS = [ '<redirect-uri0>', '<redirect-uri1>' ]
33
- RESPONSE_TYPES = [ 'NONE', 'CODE', 'TOKEN', 'ID_TOKEN' ]
34
- GRANT_TYPES = [ 'AUTHORIZATION_CODE', 'REFRESH_TOKEN' ]
35
- APPLICATION_TYPE = 'WEB'
36
- CONTACTS = [ '<contact0>', '<contact1>' ]
37
- CLIENT_NAME = '<client-name>'
38
- CLIENT_NAME_TAG = '<client-name0-tag>'
39
- CLIENT_NAME_VALUE = '<client-name0-value>'
40
- CLIENT_NAMES = [ Authlete::Model::TaggedValue.new(tag: CLIENT_NAME_TAG, value: CLIENT_NAME_VALUE) ]
41
- LOGO_URI = '<logo-uri>'
42
- LOGO_URI_TAG = '<logo-uri0-tag>'
43
- LOGO_URI_VALUE = '<logo-uri0-value>'
44
- LOGO_URIS = [ Authlete::Model::TaggedValue.new(tag: LOGO_URI_TAG, value: LOGO_URI_VALUE) ]
45
- CLIENT_URI = '<client-uri>'
46
- CLIENT_URI_TAG = '<client-uri0-tag>'
47
- CLIENT_URI_VALUE = '<client-uri0-value>'
48
- CLIENT_URIS = [ Authlete::Model::TaggedValue.new(tag: CLIENT_URI_TAG, value: CLIENT_URI_VALUE) ]
49
- POLICY_URI = '<policy-uri>'
50
- POLICY_URI_TAG = '<policy-uri0-tag>'
51
- POLICY_URI_VALUE = '<policy-uri0-value>'
52
- POLICY_URIS = [ Authlete::Model::TaggedValue.new(tag: POLICY_URI_TAG, value: POLICY_URI_VALUE) ]
53
- TOS_URI = '<tos-uri>'
54
- TOS_URI_TAG = '<tos-uri0-tag>'
55
- TOS_URI_VALUE = '<tos-uri0-value>'
56
- TOS_URIS = [ Authlete::Model::TaggedValue.new(tag: TOS_URI_TAG, value: TOS_URI_VALUE) ]
57
- JWKS_URI = '<jwks-uri>'
58
- JWKS = '{"keys":[]}'
59
- DERIVED_SECTOR_IDENTIFIER = '<derived-sector-identifier>'
60
- SECTOR_IDENTIFIER_URI = '<sector-identifier-uri>'
61
- SUBJECT_TYPE = 'PUBLIC'
62
- ID_TOKEN_SIGN_ALG = 'HS256'
63
- ID_TOKEN_ENCRYPTION_ALG = 'PBES2_HS256_A128KW'
64
- ID_TOKEN_ENCRYPTION_ENC = 'A128CBC_HS256'
65
- USER_INFO_SIGN_ALG = 'HS256'
66
- USER_INFO_ENCRYPTION_ALG = 'PBES2_HS256_A128KW'
67
- USER_INFO_ENCRYPTION_ENC = 'A128CBC_HS256'
68
- REQUEST_SIGN_ALG = 'HS256'
69
- REQUEST_ENCRYPTION_ALG = 'PBES2_HS256_A128KW'
70
- REQUEST_ENCRYPTION_ENC = 'A128CBC_HS256'
71
- TOKEN_AUTH_METHOD = 'CLIENT_SECRET_BASIC'
72
- TOKEN_AUTH_SIGN_ALG = 'HS256'
73
- DEFAULT_MAX_AGE = 1000
74
- DEFAULT_ACRS = [ '<default-acr0>', '<default-acr1>' ]
75
- AUTH_TIME_REQUIRED = true
76
- LOGIN_URI = '<login-uri>'
77
- REQUEST_URIS = [ '<request-uri0>', '<request-uri1>' ]
78
- DESCRIPTION = '<description>'
79
- DESCRIPTION_TAG = '<description0-tag>'
80
- DESCRIPTION_VALUE = '<description0-value>'
81
- DESCRIPTIONS = [ Authlete::Model::TaggedValue.new(tag: DESCRIPTION_TAG, value: DESCRIPTION_VALUE) ]
82
- CREATED_AT = 10000
83
- MODIFIED_AT = 10000
84
- REQUESTABLE_SCOPES = [ '<requestable-scope0>', '<requestable-scope1>' ]
85
- REQUESTABLE_SCOPES_ENABLED = true
86
- ACCESS_TOKEN_DURATION = 10000
87
- REFRESH_TOKEN_DURATION = 10000
88
- TOKEN_EXCHANGE_PERMITTED = false
89
- EXTENSION = Authlete::Model::ClientExtension.new(
90
- requestableScopes: REQUESTABLE_SCOPES,
91
- requestableScopesEnabled: REQUESTABLE_SCOPES_ENABLED,
92
- accessTokenDuration: ACCESS_TOKEN_DURATION,
93
- refreshTokenDuration: REFRESH_TOKEN_DURATION,
94
- tokenExchangePermitted: TOKEN_EXCHANGE_PERMITTED
95
- )
96
- TLS_CLIENT_AUTH_SUBJECT_DN = '<tls-client-auth-subject-dn>'
97
- TLS_CLIENT_AUTH_SAN_DNS = '<tls-client-auth-san-dns>'
98
- TLS_CLIENT_AUTH_SAN_URI = '<tls-client-auth-san-uri>'
99
- TLS_CLIENT_AUTH_SAN_IP = '<tls-client-auth-san-ip>'
100
- TLS_CLIENT_AUTH_SAN_EMAIL = '<tls-client-auth-san-email>'
101
- TLS_CLIENT_CERTIFICATE_BOUND_ACCESS_TOKENS = false
102
- SELF_SIGNED_CERTIFICATE_KEY_ID = '<self-signed-certificate-key-id>'
103
- SOFTWARE_ID = '<software-id>'
104
- SOFTWARE_VERSION = '<software-version>'
105
- AUTHORIZATION_SIGN_ALG = 'HS256'
106
- AUTHORIZATION_ENCRYPTION_ALG = 'PBES2_HS256_A128KW'
107
- AUTHORIZATION_ENCRYPTION_ENC = 'A128CBC_HS256'
108
- BC_DELIVERY_MODE = 'POLL'
109
- BC_NOTIFICATION_ENDPOINT = '<bc-notification-endpoint>'
110
- BC_REQUEST_SIGN_ALG = 'HS256'
111
- BC_USER_CODE_REQUIRED = true
112
- DYNAMICALLY_REGISTERED = false
113
- REGISTRATION_ACCESS_TOKEN_HASH = '<registration-access-token-hash>'
114
- AUTHORIZATION_DETAILS_TYPES = [ '<authorization-details-type0>', '<authorization-details-type1>' ]
115
- PAR_REQUIRED = false
116
- REQUEST_OBJECT_REQUIRED = true
117
- ATTRIBUTE_KEY = '<attribute0-key>'
118
- ATTRIBUTE_VALUE = '<attribute0-value>'
119
- ATTRIBUTES = [ Authlete::Model::Pair.new(key: ATTRIBUTE_KEY, value: ATTRIBUTE_VALUE) ]
120
- CUSTOM_METADATA = '<custom-metadata>'
121
- FRONT_CHANNEL_REQUEST_OBJECT_ENCRYPTION_REQUIRED = false
122
- REQUEST_OBJECT_ENCRYPTION_ALG_MATCH_REQUIRED = false
123
- REQUEST_OBJECT_ENCRYPTION_ENC_MATCH_REQUIRED = false
124
- DIGEST_ALGORITHM = '<digest-algorithm>'
125
- SINGLE_ACCESS_TOKEN_PER_SUBJECT = false
126
- PKCE_REQUIRED = false
127
- PKCE_S256_REQUIRED = false
128
- AUTOMATICALLY_REGISTERED = false
129
- EXPLICITLY_REGISTERED = false
130
- DPOP_REQUIRED = false
131
-
132
- def generate_json
133
- return <<~JSON
134
- {
135
- "number": 100,
136
- "serviceNumber": 1000,
137
- "developer": "<developer>",
138
- "clientId": 12345,
139
- "clientIdAlias": "<client-id-alias>",
140
- "clientIdAliasEnabled": true,
141
- "clientSecret": "<client-secret>",
142
- "clientType": "PUBLIC",
143
- "redirectUris": [ "<redirect-uri0>", "<redirect-uri1>" ],
144
- "responseTypes": [ "NONE", "CODE", "TOKEN", "ID_TOKEN" ],
145
- "grantTypes": [ "AUTHORIZATION_CODE", "REFRESH_TOKEN" ],
146
- "applicationType": "WEB",
147
- "contacts": [ "<contact0>", "<contact1>" ],
148
- "clientName": "<client-name>",
149
- "clientNames": [ { "tag": "<client-name0-tag>", "value": "<client-name0-value>" } ],
150
- "logoUri": "<logo-uri>",
151
- "logoUris": [ { "tag": "<logo-uri0-tag>", "value": "<logo-uri0-value>" } ],
152
- "clientUri": "<client-uri>",
153
- "clientUris": [ { "tag": "<client-uri0-tag>", "value": "<client-uri0-value>" } ],
154
- "policyUri": "<policy-uri>",
155
- "policyUris": [ { "tag": "<policy-uri0-tag>", "value": "<policy-uri0-value>" } ],
156
- "tosUri": "<tos-uri>",
157
- "tosUris": [ { "tag": "<tos-uri0-tag>", "value": "<tos-uri0-value>" } ],
158
- "jwksUri": "<jwks-uri>",
159
- "jwks": "{\\"keys\\":[]}",
160
- "derivedSectorIdentifier": "<derived-sector-identifier>",
161
- "sectorIdentifierUri": "<sector-identifier-uri>",
162
- "subjectType": "PUBLIC",
163
- "idTokenSignAlg": "HS256",
164
- "idTokenEncryptionAlg": "PBES2_HS256_A128KW",
165
- "idTokenEncryptionEnc": "A128CBC_HS256",
166
- "userInfoSignAlg": "HS256",
167
- "userInfoEncryptionAlg": "PBES2_HS256_A128KW",
168
- "userInfoEncryptionEnc": "A128CBC_HS256",
169
- "requestSignAlg": "HS256",
170
- "requestEncryptionAlg": "PBES2_HS256_A128KW",
171
- "requestEncryptionEnc": "A128CBC_HS256",
172
- "tokenAuthMethod": "CLIENT_SECRET_BASIC",
173
- "tokenAuthSignAlg": "HS256",
174
- "defaultMaxAge": 1000,
175
- "defaultAcrs": [ "<default-acr0>", "<default-acr1>" ],
176
- "authTimeRequired": true,
177
- "loginUri": "<login-uri>",
178
- "requestUris": [ "<request-uri0>", "<request-uri1>" ],
179
- "description": "<description>",
180
- "descriptions": [ { "tag": "<description0-tag>", "value": "<description0-value>" } ],
181
- "createdAt": 10000,
182
- "modifiedAt": 10000,
183
- "extension": {
184
- "requestableScopes": [ "<requestable-scope0>", "<requestable-scope1>" ],
185
- "requestableScopesEnabled": true,
186
- "accessTokenDuration": 10000,
187
- "refreshTokenDuration": 10000,
188
- "tokenExchangePermitted": false
189
- },
190
- "tlsClientAuthSubjectDn": "<tls-client-auth-subject-dn>",
191
- "tlsClientAuthSanDns": "<tls-client-auth-san-dns>",
192
- "tlsClientAuthSanUri": "<tls-client-auth-san-uri>",
193
- "tlsClientAuthSanIp": "<tls-client-auth-san-ip>",
194
- "tlsClientAuthSanEmail": "<tls-client-auth-san-email>",
195
- "tlsClientCertificateBoundAccessTokens": false,
196
- "selfSignedCertificateKeyId": "<self-signed-certificate-key-id>",
197
- "softwareId": "<software-id>",
198
- "softwareVersion": "<software-version>",
199
- "authorizationSignAlg": "HS256",
200
- "authorizationEncryptionAlg": "PBES2_HS256_A128KW",
201
- "authorizationEncryptionEnc": "A128CBC_HS256",
202
- "bcDeliveryMode": "POLL",
203
- "bcNotificationEndpoint": "<bc-notification-endpoint>",
204
- "bcRequestSignAlg": "HS256",
205
- "bcUserCodeRequired": true,
206
- "dynamicallyRegistered": false,
207
- "registrationAccessTokenHash": "<registration-access-token-hash>",
208
- "authorizationDetailsTypes": [ "<authorization-details-type0>", "<authorization-details-type1>" ],
209
- "parRequired": false,
210
- "requestObjectRequired": true,
211
- "attributes": [ { "key": "<attribute0-key>", "value": "<attribute0-value>" } ],
212
- "customMetadata": "<custom-metadata>",
213
- "frontChannelRequestObjectEncryptionRequired": false,
214
- "requestObjectEncryptionAlgMatchRequired": false,
215
- "requestObjectEncryptionEncMatchRequired": false,
216
- "digestAlgorithm": "<digest-algorithm>",
217
- "singleAccessTokenPerSubject": false,
218
- "pkceRequired": false,
219
- "pkceS256Required": false,
220
- "automaticallyRegistered": false,
221
- "explicitlyRegistered": false,
222
- "dpopRequired": false
223
- }
224
- JSON
225
- end
226
-
227
-
228
- def generate_hash
229
- {
230
- number: 100,
231
- serviceNumber: 1000,
232
- developer: '<developer>',
233
- clientId: 12345,
234
- clientIdAlias: '<client-id-alias>',
235
- clientIdAliasEnabled: true,
236
- clientSecret: '<client-secret>',
237
- clientType: 'PUBLIC',
238
- redirectUris: [ '<redirect-uri0>', '<redirect-uri1>' ],
239
- responseTypes: [ 'NONE', 'CODE', 'TOKEN', 'ID_TOKEN' ],
240
- grantTypes: [ 'AUTHORIZATION_CODE', 'REFRESH_TOKEN' ],
241
- applicationType: 'WEB',
242
- contacts: [ '<contact0>', '<contact1>' ],
243
- clientName: '<client-name>',
244
- clientNames: [ { tag: '<client-name0-tag>', value: '<client-name0-value>' } ],
245
- logoUri: '<logo-uri>',
246
- logoUris: [ { tag: '<logo-uri0-tag>', value: '<logo-uri0-value>' } ],
247
- clientUri: '<client-uri>',
248
- clientUris: [ { tag: '<client-uri0-tag>', value: '<client-uri0-value>' } ],
249
- policyUri: '<policy-uri>',
250
- policyUris: [ { tag: '<policy-uri0-tag>', value: '<policy-uri0-value>' } ],
251
- tosUri: '<tos-uri>',
252
- tosUris: [ { tag: '<tos-uri0-tag>', value: '<tos-uri0-value>' } ],
253
- jwksUri: '<jwks-uri>',
254
- jwks: '{"keys":[]}',
255
- derivedSectorIdentifier: '<derived-sector-identifier>',
256
- sectorIdentifierUri: '<sector-identifier-uri>',
257
- subjectType: 'PUBLIC',
258
- idTokenSignAlg: 'HS256',
259
- idTokenEncryptionAlg: 'PBES2_HS256_A128KW',
260
- idTokenEncryptionEnc: 'A128CBC_HS256',
261
- userInfoSignAlg: 'HS256',
262
- userInfoEncryptionAlg: 'PBES2_HS256_A128KW',
263
- userInfoEncryptionEnc: 'A128CBC_HS256',
264
- requestSignAlg: 'HS256',
265
- requestEncryptionAlg: 'PBES2_HS256_A128KW',
266
- requestEncryptionEnc: 'A128CBC_HS256',
267
- tokenAuthMethod: 'CLIENT_SECRET_BASIC',
268
- tokenAuthSignAlg: 'HS256',
269
- defaultMaxAge: 1000,
270
- defaultAcrs: [ '<default-acr0>', '<default-acr1>' ],
271
- authTimeRequired: true,
272
- loginUri: '<login-uri>',
273
- requestUris: [ '<request-uri0>', '<request-uri1>' ],
274
- description: '<description>',
275
- descriptions: [ { tag: '<description0-tag>', value: '<description0-value>' } ],
276
- createdAt: 10000,
277
- modifiedAt: 10000,
278
- extension: {
279
- requestableScopes: [ '<requestable-scope0>', '<requestable-scope1>' ],
280
- requestableScopesEnabled: true,
281
- accessTokenDuration: 10000,
282
- refreshTokenDuration: 10000,
283
- tokenExchangePermitted: false
284
- },
285
- tlsClientAuthSubjectDn: '<tls-client-auth-subject-dn>',
286
- tlsClientAuthSanDns: '<tls-client-auth-san-dns>',
287
- tlsClientAuthSanUri: '<tls-client-auth-san-uri>',
288
- tlsClientAuthSanIp: '<tls-client-auth-san-ip>',
289
- tlsClientAuthSanEmail: '<tls-client-auth-san-email>',
290
- tlsClientCertificateBoundAccessTokens: false,
291
- selfSignedCertificateKeyId: '<self-signed-certificate-key-id>',
292
- softwareId: '<software-id>',
293
- softwareVersion: '<software-version>',
294
- authorizationSignAlg: 'HS256',
295
- authorizationEncryptionAlg: 'PBES2_HS256_A128KW',
296
- authorizationEncryptionEnc: 'A128CBC_HS256',
297
- bcDeliveryMode: 'POLL',
298
- bcNotificationEndpoint: '<bc-notification-endpoint>',
299
- bcRequestSignAlg: 'HS256',
300
- bcUserCodeRequired: true,
301
- dynamicallyRegistered: false,
302
- registrationAccessTokenHash: '<registration-access-token-hash>',
303
- authorizationDetailsTypes: [ '<authorization-details-type0>', '<authorization-details-type1>' ],
304
- parRequired: false,
305
- requestObjectRequired: true,
306
- attributes: [ { key: '<attribute0-key>', value: '<attribute0-value>' } ],
307
- customMetadata: '<custom-metadata>',
308
- frontChannelRequestObjectEncryptionRequired: false,
309
- requestObjectEncryptionAlgMatchRequired: false,
310
- requestObjectEncryptionEncMatchRequired: false,
311
- digestAlgorithm: '<digest-algorithm>',
312
- singleAccessTokenPerSubject: false,
313
- pkceRequired: false,
314
- pkceS256Required: false,
315
- automaticallyRegistered: false,
316
- explicitlyRegistered: false,
317
- dpopRequired: false,
318
- }
319
- end
320
-
321
- def set_params(obj)
322
- obj.number = NUMBER
323
- obj.service_number = SERVICE_NUMBER
324
- obj.developer = DEVELOPER
325
- obj.client_id = CLIENT_ID
326
- obj.client_id_alias = CLIENT_ID_ALIAS
327
- obj.client_id_alias_enabled = CLIENT_ID_ALIAS_ENABLED
328
- obj.client_secret = CLIENT_SECRET
329
- obj.client_type = CLIENT_TYPE
330
- obj.redirect_uris = REDIRECT_URIS
331
- obj.response_types = RESPONSE_TYPES
332
- obj.grant_types = GRANT_TYPES
333
- obj.application_type = APPLICATION_TYPE
334
- obj.contacts = CONTACTS
335
- obj.client_name = CLIENT_NAME
336
- obj.client_names = CLIENT_NAMES
337
- obj.logo_uri = LOGO_URI
338
- obj.logo_uris = LOGO_URIS
339
- obj.client_uri = CLIENT_URI
340
- obj.client_uris = CLIENT_URIS
341
- obj.policy_uri = POLICY_URI
342
- obj.policy_uris = POLICY_URIS
343
- obj.tos_uri = TOS_URI
344
- obj.tos_uris = TOS_URIS
345
- obj.jwks_uri = JWKS_URI
346
- obj.jwks = JWKS
347
- obj.derived_sector_identifier = DERIVED_SECTOR_IDENTIFIER
348
- obj.sector_identifier_uri = SECTOR_IDENTIFIER_URI
349
- obj.subject_type = SUBJECT_TYPE
350
- obj.id_token_sign_alg = ID_TOKEN_SIGN_ALG
351
- obj.id_token_encryption_alg = ID_TOKEN_ENCRYPTION_ALG
352
- obj.id_token_encryption_enc = ID_TOKEN_ENCRYPTION_ENC
353
- obj.user_info_sign_alg = USER_INFO_SIGN_ALG
354
- obj.user_info_encryption_alg = USER_INFO_ENCRYPTION_ALG
355
- obj.user_info_encryption_enc = USER_INFO_ENCRYPTION_ENC
356
- obj.request_sign_alg = REQUEST_SIGN_ALG
357
- obj.request_encryption_alg = REQUEST_ENCRYPTION_ALG
358
- obj.request_encryption_enc = REQUEST_ENCRYPTION_ENC
359
- obj.token_auth_method = TOKEN_AUTH_METHOD
360
- obj.token_auth_sign_alg = TOKEN_AUTH_SIGN_ALG
361
- obj.default_max_age = DEFAULT_MAX_AGE
362
- obj.default_acrs = DEFAULT_ACRS
363
- obj.auth_time_required = AUTH_TIME_REQUIRED
364
- obj.login_uri = LOGIN_URI
365
- obj.request_uris = REQUEST_URIS
366
- obj.description = DESCRIPTION
367
- obj.descriptions = DESCRIPTIONS
368
- obj.created_at = CREATED_AT
369
- obj.modified_at = MODIFIED_AT
370
- obj.extension = EXTENSION
371
- obj.tls_client_auth_subject_dn = TLS_CLIENT_AUTH_SUBJECT_DN
372
- obj.tls_client_auth_san_dns = TLS_CLIENT_AUTH_SAN_DNS
373
- obj.tls_client_auth_san_uri = TLS_CLIENT_AUTH_SAN_URI
374
- obj.tls_client_auth_san_ip = TLS_CLIENT_AUTH_SAN_IP
375
- obj.tls_client_auth_san_email = TLS_CLIENT_AUTH_SAN_EMAIL
376
- obj.tls_client_certificate_bound_access_tokens = TLS_CLIENT_CERTIFICATE_BOUND_ACCESS_TOKENS
377
- obj.self_signed_certificate_key_id = SELF_SIGNED_CERTIFICATE_KEY_ID
378
- obj.software_id = SOFTWARE_ID
379
- obj.software_version = SOFTWARE_VERSION
380
- obj.authorization_sign_alg = AUTHORIZATION_SIGN_ALG
381
- obj.authorization_encryption_alg = AUTHORIZATION_ENCRYPTION_ALG
382
- obj.authorization_encryption_enc = AUTHORIZATION_ENCRYPTION_ENC
383
- obj.bc_delivery_mode = BC_DELIVERY_MODE
384
- obj.bc_notification_endpoint = BC_NOTIFICATION_ENDPOINT
385
- obj.bc_request_sign_alg = BC_REQUEST_SIGN_ALG
386
- obj.bc_user_code_required = BC_USER_CODE_REQUIRED
387
- obj.dynamically_registered = DYNAMICALLY_REGISTERED
388
- obj.registration_access_token_hash = REGISTRATION_ACCESS_TOKEN_HASH
389
- obj.authorization_details_types = AUTHORIZATION_DETAILS_TYPES
390
- obj.par_required = PAR_REQUIRED
391
- obj.request_object_required = REQUEST_OBJECT_REQUIRED
392
- obj.attributes = ATTRIBUTES
393
- obj.custom_metadata = CUSTOM_METADATA
394
- obj.frontChannelRequestObjectEncryptionRequired = FRONT_CHANNEL_REQUEST_OBJECT_ENCRYPTION_REQUIRED
395
- obj.requestObjectEncryptionAlgMatchRequired = REQUEST_OBJECT_ENCRYPTION_ALG_MATCH_REQUIRED
396
- obj.requestObjectEncryptionEncMatchRequired = REQUEST_OBJECT_ENCRYPTION_ENC_MATCH_REQUIRED
397
- obj.digestAlgorithm = DIGEST_ALGORITHM
398
- obj.singleAccessTokenPerSubject = SINGLE_ACCESS_TOKEN_PER_SUBJECT
399
- obj.pkceRequired = PKCE_REQUIRED
400
- obj.pkceS256Required = PKCE_S256_REQUIRED
401
- obj.automaticallyRegistered = AUTOMATICALLY_REGISTERED
402
- obj.explicitlyRegistered = EXPLICITLY_REGISTERED
403
- obj.dpopRequired = DPOP_REQUIRED
404
- end
405
-
406
-
407
- def match(obj)
408
- assert_equal NUMBER, obj.number
409
- assert_equal SERVICE_NUMBER, obj.serviceNumber
410
- assert_equal DEVELOPER, obj.developer
411
- assert_equal CLIENT_ID, obj.clientId
412
- assert_equal CLIENT_ID_ALIAS, obj.clientIdAlias
413
- assert_equal CLIENT_ID_ALIAS_ENABLED, obj.clientIdAliasEnabled
414
- assert_equal CLIENT_SECRET, obj.clientSecret
415
- assert_equal CLIENT_TYPE, obj.clientType
416
- assert_equal REDIRECT_URIS, obj.redirectUris
417
- assert_equal RESPONSE_TYPES, obj.responseTypes
418
- assert_equal GRANT_TYPES, obj.grantTypes
419
- assert_equal APPLICATION_TYPE, obj.applicationType
420
- assert_equal CONTACTS, obj.contacts
421
- assert_equal CLIENT_NAME, obj.clientName
422
- assert_equal CLIENT_NAME_TAG, obj.clientNames[0].tag
423
- assert_equal CLIENT_NAME_VALUE, obj.clientNames[0].value
424
- assert_equal LOGO_URI, obj.logoUri
425
- assert_equal LOGO_URI_TAG, obj.logoUris[0].tag
426
- assert_equal LOGO_URI_VALUE, obj.logoUris[0].value
427
- assert_equal CLIENT_URI, obj.clientUri
428
- assert_equal CLIENT_URI_TAG, obj.clientUris[0].tag
429
- assert_equal CLIENT_URI_VALUE, obj.clientUris[0].value
430
- assert_equal POLICY_URI, obj.policyUri
431
- assert_equal POLICY_URI_TAG, obj.policyUris[0].tag
432
- assert_equal POLICY_URI_VALUE, obj.policyUris[0].value
433
- assert_equal TOS_URI, obj.tosUri
434
- assert_equal TOS_URI_TAG, obj.tosUris[0].tag
435
- assert_equal TOS_URI_VALUE, obj.tosUris[0].value
436
- assert_equal JWKS_URI, obj.jwksUri
437
- assert_equal JWKS, obj.jwks
438
- assert_equal DERIVED_SECTOR_IDENTIFIER, obj.derivedSectorIdentifier
439
- assert_equal SECTOR_IDENTIFIER_URI, obj.sectorIdentifierUri
440
- assert_equal SUBJECT_TYPE, obj.subjectType
441
- assert_equal ID_TOKEN_SIGN_ALG, obj.idTokenSignAlg
442
- assert_equal ID_TOKEN_ENCRYPTION_ALG, obj.idTokenEncryptionAlg
443
- assert_equal ID_TOKEN_ENCRYPTION_ENC, obj.idTokenEncryptionEnc
444
- assert_equal USER_INFO_SIGN_ALG, obj.userInfoSignAlg
445
- assert_equal USER_INFO_ENCRYPTION_ALG, obj.userInfoEncryptionAlg
446
- assert_equal USER_INFO_ENCRYPTION_ENC, obj.userInfoEncryptionEnc
447
- assert_equal REQUEST_SIGN_ALG, obj.requestSignAlg
448
- assert_equal REQUEST_ENCRYPTION_ALG, obj.requestEncryptionAlg
449
- assert_equal REQUEST_ENCRYPTION_ENC, obj.requestEncryptionEnc
450
- assert_equal TOKEN_AUTH_METHOD, obj.tokenAuthMethod
451
- assert_equal TOKEN_AUTH_SIGN_ALG, obj.tokenAuthSignAlg
452
- assert_equal DEFAULT_MAX_AGE, obj.defaultMaxAge
453
- assert_equal DEFAULT_ACRS, obj.defaultAcrs
454
- assert_equal AUTH_TIME_REQUIRED, obj.authTimeRequired
455
- assert_equal LOGIN_URI, obj.loginUri
456
- assert_equal REQUEST_URIS, obj.requestUris
457
- assert_equal DESCRIPTION, obj.description
458
- assert_equal DESCRIPTION_TAG, obj.descriptions[0].tag
459
- assert_equal DESCRIPTION_VALUE, obj.descriptions[0].value
460
- assert_equal CREATED_AT, obj.createdAt
461
- assert_equal MODIFIED_AT, obj.modifiedAt
462
- assert_equal REQUESTABLE_SCOPES, obj.extension.requestableScopes
463
- assert_equal REQUESTABLE_SCOPES_ENABLED, obj.extension.requestableScopesEnabled
464
- assert_equal ACCESS_TOKEN_DURATION, obj.extension.accessTokenDuration
465
- assert_equal REFRESH_TOKEN_DURATION, obj.extension.refreshTokenDuration
466
- assert_equal TOKEN_EXCHANGE_PERMITTED, obj.extension.tokenExchangePermitted
467
- assert_equal TLS_CLIENT_AUTH_SUBJECT_DN, obj.tlsClientAuthSubjectDn
468
- assert_equal TLS_CLIENT_AUTH_SAN_DNS, obj.tlsClientAuthSanDns
469
- assert_equal TLS_CLIENT_AUTH_SAN_URI, obj.tlsClientAuthSanUri
470
- assert_equal TLS_CLIENT_AUTH_SAN_IP, obj.tlsClientAuthSanIp
471
- assert_equal TLS_CLIENT_AUTH_SAN_EMAIL, obj.tlsClientAuthSanEmail
472
- assert_equal TLS_CLIENT_CERTIFICATE_BOUND_ACCESS_TOKENS, obj.tlsClientCertificateBoundAccessTokens
473
- assert_equal SELF_SIGNED_CERTIFICATE_KEY_ID, obj.selfSignedCertificateKeyId
474
- assert_equal AUTHORIZATION_SIGN_ALG, obj.authorizationSignAlg
475
- assert_equal AUTHORIZATION_ENCRYPTION_ALG, obj.authorizationEncryptionAlg
476
- assert_equal AUTHORIZATION_ENCRYPTION_ENC, obj.authorizationEncryptionEnc
477
- assert_equal BC_DELIVERY_MODE, obj.bcDeliveryMode
478
- assert_equal BC_NOTIFICATION_ENDPOINT, obj.bcNotificationEndpoint
479
- assert_equal BC_REQUEST_SIGN_ALG, obj.bcRequestSignAlg
480
- assert_equal BC_USER_CODE_REQUIRED, obj.bcUserCodeRequired
481
- assert_equal DYNAMICALLY_REGISTERED, obj.dynamicallyRegistered
482
- assert_equal REGISTRATION_ACCESS_TOKEN_HASH, obj.registrationAccessTokenHash
483
- assert_equal AUTHORIZATION_DETAILS_TYPES, obj.authorizationDetailsTypes
484
- assert_equal PAR_REQUIRED, obj.parRequired
485
- assert_equal REQUEST_OBJECT_REQUIRED, obj.requestObjectRequired
486
- assert_equal ATTRIBUTE_KEY, obj.attributes[0].key
487
- assert_equal ATTRIBUTE_VALUE, obj.attributes[0].value
488
- assert_equal CUSTOM_METADATA, obj.customMetadata
489
- assert_equal FRONT_CHANNEL_REQUEST_OBJECT_ENCRYPTION_REQUIRED, obj.frontChannelRequestObjectEncryptionRequired
490
- assert_equal REQUEST_OBJECT_ENCRYPTION_ALG_MATCH_REQUIRED, obj.requestObjectEncryptionAlgMatchRequired
491
- assert_equal REQUEST_OBJECT_ENCRYPTION_ENC_MATCH_REQUIRED, obj.requestObjectEncryptionEncMatchRequired
492
- assert_equal DIGEST_ALGORITHM, obj.digestAlgorithm
493
- assert_equal SINGLE_ACCESS_TOKEN_PER_SUBJECT, obj.singleAccessTokenPerSubject
494
- assert_equal PKCE_REQUIRED, obj.pkceRequired
495
- assert_equal PKCE_S256_REQUIRED, obj.pkceS256Required
496
- assert_equal AUTOMATICALLY_REGISTERED, obj.automaticallyRegistered
497
- assert_equal EXPLICITLY_REGISTERED, obj.explicitlyRegistered
498
- assert_equal DPOP_REQUIRED, obj.dpopRequired
499
- end
500
-
501
-
502
- def test_from_json
503
- jsn = generate_json
504
- hsh = JSON.parse(jsn)
505
- actual = Authlete::Model::Client.new(hsh)
506
-
507
- match(actual)
508
- end
509
-
510
-
511
- def test_setters
512
- actual = Authlete::Model::Client.new
513
- set_params(actual)
514
-
515
- match(actual)
516
- end
517
-
518
-
519
- def test_to_hash
520
- obj = Authlete::Model::Client.new
521
- set_params(obj)
522
- actual = obj.to_hash
523
- expected = generate_hash
524
-
525
- assert_equal expected, actual
526
- end
527
-
528
-
529
- def test_standard_metadata_full
530
- client = Authlete::Model::Client.new
531
- set_params(client)
532
-
533
- expected_response_types = ['none', 'code', 'token', 'id_token']
534
- expected_grant_types = ['authorization_code', 'refresh_token']
535
- expected_jwks = { "keys" => [] }
536
-
537
- metadata = client.standard_metadata(false, false, false)
538
-
539
- assert_equal "#{CLIENT_ID}", metadata[:client_id]
540
- assert_equal REDIRECT_URIS, metadata[:redirect_uris]
541
- assert_equal expected_response_types, metadata[:response_types]
542
- assert_equal expected_grant_types, metadata[:grant_types]
543
- assert_equal 'web', metadata[:application_type]
544
- assert_equal CONTACTS, metadata[:contacts]
545
- assert_equal CLIENT_NAME, metadata[:client_name]
546
- assert_equal LOGO_URI, metadata[:logo_uri]
547
- assert_equal CLIENT_URI, metadata[:client_uri]
548
- assert_equal POLICY_URI, metadata[:policy_uri]
549
- assert_equal TOS_URI, metadata[:tos_uri]
550
- assert_equal JWKS_URI, metadata[:jwks_uri]
551
- assert_equal expected_jwks, metadata[:jwks]
552
- assert_equal SECTOR_IDENTIFIER_URI, metadata[:sector_identifier_uri]
553
- assert_equal 'public', metadata[:subject_type]
554
- assert_equal 'HS256', metadata[:id_token_signed_response_alg]
555
- assert_equal 'PBES2-HS256+A128KW', metadata[:id_token_encrypted_response_alg]
556
- assert_equal 'A128CBC-HS256', metadata[:id_token_encrypted_response_enc]
557
- assert_equal 'HS256', metadata[:userinfo_signed_response_alg]
558
- assert_equal 'PBES2-HS256+A128KW', metadata[:userinfo_encrypted_response_alg]
559
- assert_equal 'A128CBC-HS256', metadata[:userinfo_encrypted_response_enc]
560
- assert_equal 'HS256', metadata[:request_object_signing_alg]
561
- assert_equal 'PBES2-HS256+A128KW', metadata[:request_object_encryption_alg]
562
- assert_equal 'A128CBC-HS256', metadata[:request_object_encryption_enc]
563
- assert_equal 'client_secret_basic', metadata[:token_endpoint_auth_method]
564
- assert_equal 'HS256', metadata[:token_endpoint_auth_signing_alg]
565
- assert_equal DEFAULT_MAX_AGE, metadata[:default_max_age]
566
- assert_equal DEFAULT_ACRS, metadata[:default_acr_values]
567
- assert_equal AUTH_TIME_REQUIRED, metadata[:require_auth_time]
568
- assert_equal LOGIN_URI, metadata[:initiate_login_uri]
569
- assert_equal REQUEST_URIS, metadata[:request_uris]
570
- assert_equal TLS_CLIENT_AUTH_SUBJECT_DN, metadata[:tls_client_auth_subject_dn]
571
- assert_equal TLS_CLIENT_AUTH_SAN_DNS, metadata[:tls_client_auth_san_dns]
572
- assert_equal TLS_CLIENT_AUTH_SAN_URI, metadata[:tls_client_auth_san_uri]
573
- assert_equal TLS_CLIENT_AUTH_SAN_IP, metadata[:tls_client_auth_san_ip]
574
- assert_equal TLS_CLIENT_AUTH_SAN_EMAIL, metadata[:tls_client_auth_san_email]
575
- assert_equal TLS_CLIENT_CERTIFICATE_BOUND_ACCESS_TOKENS, metadata[:tls_client_certificate_bound_access_tokens]
576
- assert_equal SOFTWARE_ID, metadata[:software_id]
577
- assert_equal SOFTWARE_VERSION, metadata[:software_version]
578
- assert_equal 'HS256', metadata[:authorization_signed_response_alg]
579
- assert_equal 'PBES2-HS256+A128KW', metadata[:authorization_encrypted_response_alg]
580
- assert_equal 'A128CBC-HS256', metadata[:authorization_encrypted_response_enc]
581
- assert_equal 'poll', metadata[:backchannel_token_delivery_mode]
582
- assert_equal BC_NOTIFICATION_ENDPOINT, metadata[:backchannel_client_notification_endpoint]
583
- assert_equal 'HS256', metadata[:backchannel_authentication_request_signing_alg]
584
- assert_equal BC_USER_CODE_REQUIRED, metadata[:backchannel_user_code_parameter]
585
- assert_equal AUTHORIZATION_DETAILS_TYPES, metadata[:authorization_details_types]
586
- assert_equal DIGEST_ALGORITHM, metadata[:digest_algorithm]
587
- end
588
-
589
-
590
- def test_standard_metadata_minimum
591
- client = Authlete::Model::Client.new
592
- set_params(client)
593
-
594
- client.default_max_age = 0
595
- client.auth_time_required = false
596
- client.login_uri = nil
597
-
598
- metadata = client.standard_metadata
599
-
600
- assert_nil metadata[:default_max_age]
601
- assert_nil metadata[:require_auth_time]
602
- assert_nil metadata[:initiate_login_uri]
603
- end
604
- end