Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

test(jans-cedarling): add tests and fix bugs caught in testing #9995

Open
28 tasks done
rmarinn opened this issue Oct 31, 2024 · 0 comments · May be fixed by #9999
Open
28 tasks done

test(jans-cedarling): add tests and fix bugs caught in testing #9995

rmarinn opened this issue Oct 31, 2024 · 0 comments · May be fixed by #9999
Assignees
@rmarinn
Labels
area-CI Issue or changes required in automatic builds or CI infrastructure comp-jans-cedarling Touching folder /jans-cedarling enhancement

Comments

@rmarinn
Copy link
Contributor

rmarinn commented Oct 31, 2024
edited
Loading

Is your feature request related to a problem? Please describe.

Certain scenarios that should be considered invalid are incorrectly marked as valid in the JwtValidation process. This can lead to security vulnerabilities and unexpected behavior in the application.

Describe the solution you'd like

Enhance the test suite to ensure comprehensive coverage for all edge cases related to JWT validation. Specifically, the tests should verify that invalid tokens are correctly identified and flagged as such. The following cases should be included:

Access Token

  • success if the signature of the access_token is valid
  • fail if the signature of the access_token is NOT valid
  • fail if token is missing any of these claims: iss, aud, sub, exp
  • fail if token is expired
  • fail if token is used before nbf

ID Token

  • success if the iss of the id_token is the same as the access_token
  • success if the aud of the id_token is the same as the access_token
  • success if the signature of the id_token is valid
  • fail if the iss of the id_token is NOT the same as the access_token
  • fail if the aud of the id_token is NOT the same as the access_token
  • fail if the signature of the id_token is NOT valid
  • fail if token is missing any of these claims: iss, aud, sub, exp
  • fail if token is expired
  • fail if token is used before nbf

Userinfo Token

  • success if the iss of the userinfo_token is the same as the access_token
  • success if the aud of the userinfo_token is the same as the access_token
  • success if the sub of the userinfo_token is the same as the id_token
  • success if the signature of the userinfo_token is valid
  • fail if the iss of the userinfo_token is NOT the same as the access_token
  • fail if the aud of the userinfo_token is NOT the same as the access_token
  • fail if the sub of the userinfo_token is NOT the same as the id_token
  • fail if the signature of the userinfo_token is NOT valid
  • fail if token is missing any of these claims: iss, aud, sub, exp
  • fail if token is expired
  • fail if token is used before nbf

Key Service

  • success if the KeyService can update it's local keystore
  • fail if KeyService cannot fetch openid configuration from openid_configuration_uri
  • fail if KeyService cannot fetch JWKS from jwks_uri
@rmarinn rmarinn added comp-jans-cedarling Touching folder /jans-cedarling enhancement labels Oct 31, 2024
@rmarinn rmarinn self-assigned this Oct 31, 2024
@mo-auto mo-auto added the area-CI Issue or changes required in automatic builds or CI infrastructure label Oct 31, 2024
@rmarinn rmarinn linked a pull request Oct 31, 2024 that will close this issue
Open
5 tasks
@rmarinn rmarinn linked a pull request Oct 31, 2024 that will close this issue
test(jans-cedarling): add tests and fix bugs caught in testing #9999
Open
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rmarinn rmarinn

Labels
area-CI Issue or changes required in automatic builds or CI infrastructure comp-jans-cedarling Touching folder /jans-cedarling enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

test(jans-cedarling): add tests and fix bugs caught in testing JanssenProject/jans
2 participants
@rmarinn @mo-auto