From aa82dbc040c29162df8332fe16797a432fed79e6 Mon Sep 17 00:00:00 2001 From: KShivendu Date: Tue, 12 Sep 2023 15:31:45 +0530 Subject: [PATCH] test: Add test for ignore protected props in create session --- tests/sessions/test_access_token_version.py | 23 +++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/tests/sessions/test_access_token_version.py b/tests/sessions/test_access_token_version.py index acfb5c269..6e4fe68e2 100644 --- a/tests/sessions/test_access_token_version.py +++ b/tests/sessions/test_access_token_version.py @@ -203,6 +203,29 @@ async def test_should_validate_v3_tokens_with_check_database_enabled(app: TestCl } +async def test_ignore_protected_props_in_create_session(app: TestClient): + init(**get_st_init_args([session.init()])) # type:ignore + start_st() + + create_session_res = app.post("/create", data={"sub": "asdf"}) + + assert create_session_res.status_code == 200 + + info = extract_info(create_session_res) + assert info["accessTokenFromAny"] is not None + assert info["refreshTokenFromAny"] is not None + assert info["frontToken"] is not None + + parsed_token = parse_jwt_without_signature_verification(info["accessTokenFromAny"]) + assert parsed_token.payload["sub"] != "asdf" + + s = await create_new_session_without_request_response( + "public", "user-id", {"sub": "asdf"} + ) + payload = parse_jwt_without_signature_verification(s.access_token).payload + assert payload["sub"] != "asdf" + + async def test_validation_logic_with_keys_that_can_use_json_nulls_values_in_claims(): """We want to make sure that for access token claims that can be null, the SDK does not fail access token validation if the core does not send them as part of the payload. For this we verify that validation passes when the keys are None, empty,