summaryrefslogtreecommitdiff
path: root/tests/client-workflow.scm
diff options
context:
space:
mode:
Diffstat (limited to 'tests/client-workflow.scm')
-rw-r--r--tests/client-workflow.scm117
1 files changed, 80 insertions, 37 deletions
diff --git a/tests/client-workflow.scm b/tests/client-workflow.scm
index ed1c1b4..63d505a 100644
--- a/tests/client-workflow.scm
+++ b/tests/client-workflow.scm
@@ -19,9 +19,15 @@
#:use-module ((webid-oidc client accounts) #:prefix client:)
#:use-module ((webid-oidc jwk) #:prefix jwk:)
#:use-module (webid-oidc testing)
+ #:use-module (webid-oidc oidc-configuration)
+ #:use-module (webid-oidc server endpoint)
+ #:use-module (webid-oidc server endpoint resource-server)
+ #:use-module (webid-oidc server endpoint identity-provider)
+ #:use-module (webid-oidc server endpoint client)
+ #:use-module (webid-oidc server endpoint authentication)
#:use-module ((webid-oidc stubs) #:prefix stubs:)
#:use-module ((webid-oidc refresh-token) #:prefix refresh:)
- #:use-module ((webid-oidc simulation) #:prefix sim:)
+ #:use-module (webid-oidc simulation)
#:use-module ((webid-oidc parameters) #:prefix p:)
#:use-module (web uri)
#:use-module (web request)
@@ -33,6 +39,7 @@
#:use-module (ice-9 hash-table)
#:use-module (ice-9 match)
#:use-module (oop goops)
+ #:declarative? #t
#:duplicates (merge-generics))
;; In this example, a user firsts requests an account, then logs in
@@ -59,39 +66,75 @@
(with-test-environment
"client-workflow"
(lambda ()
- (let ((simulation (sim:make-simulation))
+ (let ((simulation
+ (make <simulation>
+ #:endpoint
+ (make <router>
+ #:routed
+ (list
+ (make <identity-provider>
+ #:host "server.client-workflow.scm"
+ #:oidc-discovery
+ (make <oidc-discovery>
+ #:path "/.well-known/openid-configuration"
+ #:configuration
+ (make <oidc-configuration>
+ #:jwks-uri "https://server.client-workflow.scm/keys"
+ #:authorization-endpoint "https://server.client-workflow.scm/authorize"
+ #:token-endpoint "https://server.client-workflow.scm/token"))
+ #:authorization-endpoint
+ (make <authorization-endpoint>
+ #:path "/authorize"
+ #:subject "https://server.client-workflow.scm/alice#me"
+ #:encrypted-password (crypt "password" "$6$password")
+ #:key-file "key-file.jwk")
+ #:token-endpoint
+ (make <token-endpoint>
+ #:path "/token"
+ #:issuer "https://server.client-workflow.scm"
+ #:key-file "key-file.jwk")
+ #:jwks-endpoint
+ (make <jwks-endpoint>
+ #:path "/keys"
+ #:key-file "key-file.jwk")
+ #:default
+ (make <authenticator>
+ #:backend
+ (make <resource-server>
+ #:server-name "https://server.client-workflow.scm"
+ #:owner "https://server.client-workflow.scm/alice#me")
+ #:server-uri "https://server.client-workflow.scm"))
+ (make <client-id>
+ #:host "client.client-workflow.scm"
+ #:client-id "https://client.client-workflow.scm/id"
+ #:redirect-uris '("https://client.client-workflow.scm/authorized")
+ #:client-name "Client workflow test"
+ #:client-uri "https://client.client-workflow.scm/about"
+ #:grant-types '(authorization_code refresh_token)
+ #:response-types '(code))))))
(account #f))
- (sim:add-server! simulation
- (string->uri "https://server@client-workflow.scm")
- (string->uri "https://server@client-workflow.scm/alice#me"))
- (sim:add-client! simulation
- (string->uri "https://client@client-workflow.scm")
- (string->uri "https://client@client-workflow.scm/id")
- (string->uri "https://client@client-workflow.scm/authorized")
- "Client workflow test"
- (string->uri "https://client@client-workflow.scm/about"))
(parameterize ((client:client
(make <client:client>
- #:client-id "https://client@client-workflow.scm/id"
+ #:client-id "https://client.client-workflow.scm/id"
#:redirect-uri
- (string->uri "https://client@client-workflow.scm/authorized")))
+ (string->uri "https://client.client-workflow.scm/authorized")))
(p:anonymous-http-request
- (cute sim:request simulation <...>)))
+ (cute (@ (webid-oidc simulation) request) simulation <...>)))
(parameterize ((p:current-date 0)
(client:authorization-process
(lambda* (uri #:key reason)
- (sim:grant-authorization simulation uri))))
+ (grant-authorization simulation uri))))
(receive (new-account response response-body)
(begin
(set! account
- (make <client:account> #:issuer "https://server@client-workflow.scm"))
+ (make <client:account> #:issuer "https://server.client-workflow.scm"))
(client:request account
- (string->uri "https://server@client-workflow.scm/")))
+ (string->uri "https://server.client-workflow.scm/")))
(set! account new-account)
(unless (eqv? (response-code response) 200)
;; Only Alice can read that resource.
(exit 3)))
- (match (sim:simulation-scroll-log! simulation)
+ (match (scroll-log! simulation)
;; 1. The client gets the oidc configuration of the
;; server.
@@ -124,39 +167,39 @@
(and
;; 1. Get the authorization endpoint.
(equal? (request-uri get-oidc-config-request)
- (string->uri "https://server@client-workflow.scm/.well-known/openid-configuration"))
+ (string->uri "https://server.client-workflow.scm/.well-known/openid-configuration"))
(eqv? (response-code get-oidc-config-response) 200)
;; 2. The server checks the client ID.
(equal? (request-uri get-client-id-request)
- (string->uri "https://client@client-workflow.scm/id"))
+ (string->uri "https://client.client-workflow.scm/id"))
(eqv? (response-code get-client-id-response) 200)
;; 3. The authorization request completes.
(string-prefix?
- "https://server@client-workflow.scm/authorize?"
+ "https://server.client-workflow.scm/authorize?"
(uri->string (request-uri authorization-request)))
(eq? (request-method authorization-request) 'POST)
(eqv? (response-code authorization-response) 302)
(string-prefix?
- "https://client@client-workflow.scm/authorized?"
+ "https://client.client-workflow.scm/authorized?"
(uri->string (response-location authorization-response)))
;; 4. Token negociation.
(equal? (request-uri token-request)
- (string->uri "https://server@client-workflow.scm/token"))
+ (string->uri "https://server.client-workflow.scm/token"))
(eqv? (response-code token-response) 200)
;; 5. The final request.
(equal? (request-uri final-request)
- (string->uri "https://server@client-workflow.scm/"))
+ (string->uri "https://server.client-workflow.scm/"))
(eqv? (response-code final-response) 200))
(exit 4)))))
;; 1 hour later, the access token should have expired.
(parameterize ((p:current-date 3600))
(receive (new-account response response-body)
- (client:request account (string->uri "https://server@client-workflow.scm/"))
+ (client:request account (string->uri "https://server.client-workflow.scm/"))
(set! account new-account)
(unless (eqv? (response-code response) 200)
;; Only Alice can read that resource.
(exit 5)))
- (match (sim:simulation-scroll-log! simulation)
+ (match (scroll-log! simulation)
;; 1. and 2. The client starts sending the request, the server
;; querries the identity provider and keys.
@@ -187,39 +230,39 @@
;; 3. The client realizes that the access token is
;; expired.
(equal? (request-uri naively-try-request)
- (string->uri "https://server@client-workflow.scm/"))
+ (string->uri "https://server.client-workflow.scm/"))
(eqv? (response-code naively-try-response) 401)
(eqv? (time-second (date->time-utc (response-date naively-try-response)))
3600)
;; 4. The client discovers the token endpoint.
(equal? (request-uri get-token-endpoint-request)
- (string->uri "https://server@client-workflow.scm/.well-known/openid-configuration"))
+ (string->uri "https://server.client-workflow.scm/.well-known/openid-configuration"))
(eqv? (response-code get-token-endpoint-response) 200)
;; 5. Refresh the access token.
(equal? (request-uri refresh-request)
- (string->uri "https://server@client-workflow.scm/token"))
+ (string->uri "https://server.client-workflow.scm/token"))
(eqv? (response-code refresh-response) 200)
;; 10. Send again.
(equal? (request-uri with-new-refresh-token-request)
- (string->uri "https://server@client-workflow.scm/"))
+ (string->uri "https://server.client-workflow.scm/"))
(eqv? (response-code with-new-refresh-token-response) 200))
(exit 6)))))
;; Wait another hour, and we’ll need to update the refresh
;; token again, but this time it’s not there anymore.
(parameterize ((p:current-date 7200))
(refresh:remove-refresh-token
- (string->uri "https://server@client-workflow.scm/alice#me")
- (string->uri "https://client@client-workflow.scm/id"))
+ (string->uri "https://server.client-workflow.scm/alice#me")
+ (string->uri "https://client.client-workflow.scm/id"))
(with-exception-handler
(lambda (error)
(unless (client:refresh-token-expired? error)
(exit 7)))
(lambda ()
- (client:request account (string->uri "https://server@client-workflow.scm/"))
+ (client:request account (string->uri "https://server.client-workflow.scm/"))
(exit 8))
#:unwind? #t
#:unwind-for-type client:&refresh-token-expired)
- (match (sim:simulation-scroll-log! simulation)
+ (match (scroll-log! simulation)
;; 1. and 2. The client starts sending the request, the server
;; querries the identity provider and keys.
@@ -239,15 +282,15 @@
;; 3. The client realizes that the access token is
;; expired.
(equal? (request-uri naively-try-request)
- (string->uri "https://server@client-workflow.scm/"))
+ (string->uri "https://server.client-workflow.scm/"))
(eqv? (response-code naively-try-response) 401)
(eqv? (time-second (date->time-utc (response-date naively-try-response)))
7200)
;; 4. The client discovers the token endpoint.
(equal? (request-uri get-token-endpoint-request)
- (string->uri "https://server@client-workflow.scm/.well-known/openid-configuration"))
+ (string->uri "https://server.client-workflow.scm/.well-known/openid-configuration"))
(eqv? (response-code get-token-endpoint-response) 200)
;; 5. The client tries to refresh.
(equal? (request-uri refresh-request)
- (string->uri "https://server@client-workflow.scm/token"))
+ (string->uri "https://server.client-workflow.scm/token"))
(eqv? (response-code refresh-response) 403))))))))
generated by cgit v1.2.3 (git 2.44.0) at 2024-05-18 09:16:45 +0000