diff --git a/Changes b/Changes index c1fc1db..55843f4 100644 --- a/Changes +++ b/Changes @@ -1,4 +1,5 @@ {{$NEXT}} + - Bug fix in `validate_token` and `validate_id_token` methods. 0.001 2024-09-30 03:56:03+00:00 UTC - Initial release diff --git a/lib/WebService/Hydra/Client.pm b/lib/WebService/Hydra/Client.pm index ad0eafd..7e239a6 100644 --- a/lib/WebService/Hydra/Client.pm +++ b/lib/WebService/Hydra/Client.pm @@ -354,7 +354,7 @@ method validate_id_token ($id_token) { try { my $payload = decode_jwt( token => $id_token, - kid_keys => $jwks + kid_keys => $self->jwks ); return $payload; } catch ($e) { @@ -385,8 +385,8 @@ method validate_token ($token) { token => $token, verify_iat => 1, verify_exp => 1, - verify_iss => $oidc_config->{issuer}, - kid_keys => $jwks + verify_iss => $self->oidc_config->{issuer}, + kid_keys => $self->jwks ); return $payload; } diff --git a/t/unit/hydra_client.t b/t/unit/hydra_client.t index 9122e23..a1793c9 100644 --- a/t/unit/hydra_client.t +++ b/t/unit/hydra_client.t @@ -416,7 +416,7 @@ subtest 'revoke_login_sessions' => sub { is_deeply $got , $mock_api_response->{data}, 'api_call response correctly parsed'; @params = (); - $got = $client->revoke_login_sessions(sid => '1234'); + $got = $client->revoke_login_sessions(sid => '1234'); is $params[1], 'DELETE', 'DELETE request method'; is $params[2], 'http://dummyhydra.com/admin/admin/oauth2/auth/sessions/login?sid=1234', 'Request URL built with correct parameters'; @@ -539,6 +539,62 @@ subtest 'oidc_config' => sub { }; +subtest 'validate_token' => sub { + my $mock_hydra = Test::MockModule->new('WebService::Hydra::Client'); + my $mock_token = 'mock.jwt.token'; + my $mock_oidc_config = {issuer => 'https://example.com'}; + my $mock_jwks = {keys => [{kid => 'key1', kty => 'RSA', n => '...', e => '...'}]}; + my $mock_payload = { + sub => '1234567890', + name => 'John Doe', + admin => 'true' + }; + + $mock_hydra->redefine( + 'decode_jwt', + sub { + my %args = @_; + if ($args{token} eq $mock_token) { + return $mock_payload; + } else { + die "Invalid token"; + } + }); + + $mock_hydra->redefine( + 'fetch_openid_configuration', + sub { + return $mock_oidc_config; + }); + + $mock_hydra->redefine( + 'fetch_jwks', + sub { + return $mock_jwks; + }); + + my $client = WebService::Hydra::Client->new( + admin_endpoint => 'http://dummyhydra.com/admin', + public_endpoint => 'http://dummyhydra.com' + ); + + subtest 'validate_token' => sub { + my $decoded_payload; + + lives_ok { + $decoded_payload = $client->validate_token($mock_token); + } + 'Token validation should succeed'; + + is_deeply($decoded_payload, $mock_payload, 'Decoded payload should match expected payload'); + + throws_ok { + $client->validate_token('invalid.token'); + } + qr/Invalid token/, 'Invalid token should throw an exception'; + }; +}; + done_testing(); 1;