Get an openid configuration on the web

2 files changed, 144 insertions, 1 deletions

diff --git a/tests/Makefile.am b/tests/Makefile.am
index c8b4e9a..1959c84 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -15,7 +15,8 @@ TESTS = %reldir%/load-library.scm \
   %reldir%/verification-failed.scm \
   %reldir%/jws.scm \
   %reldir%/cache-valid.scm \
-  %reldir%/cache-revalidate.scm
+  %reldir%/cache-revalidate.scm \
+  %reldir%/oidc-configuration.scm
 
 EXTRA_DIST += $(TESTS)
 
diff --git a/tests/oidc-configuration.scm b/tests/oidc-configuration.scm
new file mode 100644
index 0000000..6c613b3
--- /dev/null
+++ b/tests/oidc-configuration.scm
@@ -0,0 +1,142 @@
+(use-modules (webid-oidc oidc-configuration)
+             (webid-oidc jwk)
+             (webid-oidc cache)
+             (webid-oidc testing)
+             ((webid-oidc stubs) #:prefix stubs:)
+             (web uri)
+             (web response)
+             (srfi srfi-19)
+             (ice-9 receive))
+
+(with-test-environment
+ "jwks-get"
+ (lambda ()
+   (define* (respond uri #:key (headers '()))
+     (unless (null? headers)
+       (exit 1))
+     (when (string? uri)
+       (set! uri (string->uri uri)))
+     (cond
+      ((string=? (uri->string uri) "https://example.com/keys")
+       (values
+        (build-response #:headers `((expires . ,(time-utc->date (make-time time-utc 0 10)))
+                                    (content-type application/json)))
+        "{
+  \"keys\": [
+    {
+      \"e\": \"AQAB\",
+      \"use\": \"sig\",
+      \"kid\": \"dedc012d07f52aedfd5f97784e1bcbe23c19724d\",
+      \"n\": \"sV158-MQ-5-sP2iTJibiMap1ug8tNY97laOud3Se_3jd4INq36NwhLpgU3FC5SCfJOs9wehTLzv_hBuo-sW0JNjAEtMEE-SDtx5486gjymDR-5Iwv7bgt25tD0cDgiboZLt1RLn-nP-V3zgYHZa_s9zLjpNyArsWWcSh6tWe2R8yW6BqS8l4_9z8jkKeyAwWmdpkY8BtKS0zZ9yljiCxKvs8CKjfHmrayg45sZ8V1-aRcjtR2ECxATHjE8L96_oNddZ-rj2axf2vTmnkx3OvIMgx0tZ0ycMG6Wy8wxxaR5ir2LV3Gkyfh72U7tI8Q1sokPmH6G62JcduNY66jEQlvQ\",
+      \"alg\": \"RS256\",
+      \"kty\": \"RSA\"
+    },
+    {
+      \"alg\": \"RS256\",
+      \"kid\": \"2e3025f26b595f96eac907cc2b9471422bcaeb93\",
+      \"e\": \"AQAB\",
+      \"use\": \"sig\",
+      \"kty\": \"RSA\",
+      \"n\": \"syWuIlYmoWSl5rBQGOtYGwO5OCCZnhoWBCyl-x5gby5ofc4HNhBoVVMUggk-f_MH-pyMI5yRYsS_aPQ2bmSox2s4i9cPhxqtSAYMhTPwSwQ2BROC7xxi_N0ovp5Ivut5q8TwAn5kQZa_jR9d7JO20BUB7UqbMkBsqg2J8QTtMJ9YtA5BmUn4Y6vhIjTFtvrA6iM4i1cKoUD5Rirt5CYpcKwsLxBZbVk4E4rqgv7G0UlWt6NAs-z7XDkchlNBVpMUuiUBzxHl4LChc7dsWXRaO5vhu3j_2WnxuWCQZPlGoB51jD_ynZ027hhIcoa_tXg28_qb5Al78ZttiRCQDKueAQ\"
+    }
+  ]
+}
+"))
+      ((string=? (uri->string uri) "https://example.com/.well-known/openid-configuration")
+       (values
+        (build-response #:headers `((expires . ,(time-utc->date (make-time time-utc 0 10)))
+                                    (content-type application/json)))
+        "{
+  \"issuer\": \"https://accounts.google.com\",
+  \"authorization_endpoint\": \"https://accounts.google.com/o/oauth2/v2/auth\",
+  \"device_authorization_endpoint\": \"https://oauth2.googleapis.com/device/code\",
+  \"token_endpoint\": \"https://oauth2.googleapis.com/token\",
+  \"userinfo_endpoint\": \"https://openidconnect.googleapis.com/v1/userinfo\",
+  \"revocation_endpoint\": \"https://oauth2.googleapis.com/revoke\",
+  \"jwks_uri\": \"https://example.com/keys\",
+  \"response_types_supported\": [
+    \"code\",
+    \"token\",
+    \"id_token\",
+    \"code token\",
+    \"code id_token\",
+    \"token id_token\",
+    \"code token id_token\",
+    \"none\"
+  ],
+  \"subject_types_supported\": [
+    \"public\"
+  ],
+  \"id_token_signing_alg_values_supported\": [
+    \"RS256\"
+  ],
+  \"scopes_supported\": [
+    \"openid\",
+    \"email\",
+    \"profile\"
+  ],
+  \"token_endpoint_auth_methods_supported\": [
+    \"client_secret_post\",
+    \"client_secret_basic\"
+  ],
+  \"claims_supported\": [
+    \"aud\",
+    \"email\",
+    \"email_verified\",
+    \"exp\",
+    \"family_name\",
+    \"given_name\",
+    \"iat\",
+    \"iss\",
+    \"locale\",
+    \"name\",
+    \"picture\",
+    \"sub\"
+  ],
+  \"code_challenge_methods_supported\": [
+    \"plain\",
+    \"S256\"
+  ]
+}"))
+      (else (exit 2))))
+   (define current-time 0)
+   (define cache-http-get
+     (with-cache
+      #:current-time
+      (lambda ()
+        (make-time time-utc 0 current-time))
+      #:http-get respond))
+   (define cfg (get-oidc-configuration
+                "example.com"
+                #:http-get cache-http-get))
+   (define jwks (oidc-configuration-jwks 
+                 cfg
+                 #:http-get cache-http-get))
+   (unless (oidc-configuration? cfg)
+     (exit 3))
+   (unless (jwks? jwks)
+     (exit 4))
+   (let ((my-oidc (make-oidc-configuration
+                   "https://example.com/keys"
+                   "https://example.com/authorize"
+                   "https://example.com/token")))
+     (receive (response response-body)
+         (serve-oidc-configuration (time-utc->date (make-time time-utc 0 3600))
+                                   my-oidc)
+       (unless (eqv? (car (response-content-type response)) 'application/json)
+         (exit 5))
+       (let ((parsed (stubs:json-string->scm response-body)))
+         (unless (oidc-configuration? parsed)
+           (exit 6))
+         (unless (equal? (assq-ref parsed 'jwks_uri)
+                         "https://example.com/keys")
+           (exit 7))
+         (unless (equal? (assq-ref parsed 'authorization_endpoint)
+                         "https://example.com/authorize")
+           (exit 8))
+         (unless (equal? (assq-ref parsed 'token_endpoint)
+                         "https://example.com/token")
+           (exit 9))
+         (unless (equal? (assq-ref parsed 'solid_oidc_supported)
+                         "https://solidproject.org/TR/solid-oidc")
+           (exit 10)))))))