|
|
|
@ -163,7 +163,7 @@ MCowBQYDK2VwAyEA5c+4NKZSNQcR1T8qN6SjwgdPZQ0Ge12Ylx/YeGAJ35k=
|
|
|
|
|
Wire: &wireprovisioner.Options{
|
|
|
|
|
OIDC: &wireprovisioner.OIDCOptions{
|
|
|
|
|
Provider: &wireprovisioner.Provider{
|
|
|
|
|
IssuerURL: "http://issuerexample.com",
|
|
|
|
|
IssuerURL: "http://issuer.example.com",
|
|
|
|
|
},
|
|
|
|
|
Config: &wireprovisioner.Config{
|
|
|
|
|
ClientID: "test",
|
|
|
|
@ -249,14 +249,16 @@ MCowBQYDK2VwAyEA5c+4NKZSNQcR1T8qN6SjwgdPZQ0Ge12Ylx/YeGAJ35k=
|
|
|
|
|
jose.Claims
|
|
|
|
|
Challenge string `json:"chal,omitempty"`
|
|
|
|
|
Handle string `json:"handle,omitempty"`
|
|
|
|
|
ClientID string `json:"client_id,omitempty"`
|
|
|
|
|
Nonce string `json:"nonce,omitempty"`
|
|
|
|
|
HTU string `json:"htu,omitempty"`
|
|
|
|
|
}{
|
|
|
|
|
Claims: jose.Claims{
|
|
|
|
|
Subject: "wireapp://CzbfFjDOQrenCbDxVmgnFw!594930e9d50bb175@wire.com",
|
|
|
|
|
},
|
|
|
|
|
Challenge: "token",
|
|
|
|
|
Handle: "wireapp://%40alice_wire@wire.com",
|
|
|
|
|
ClientID: "wireapp://CzbfFjDOQrenCbDxVmgnFw!594930e9d50bb175@wire.com",
|
|
|
|
|
Nonce: "nonce",
|
|
|
|
|
HTU: "http://issuer.example.com",
|
|
|
|
|
})
|
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
dpop, err := dpopSigner.Sign(dpopBytes)
|
|
|
|
@ -266,6 +268,7 @@ MCowBQYDK2VwAyEA5c+4NKZSNQcR1T8qN6SjwgdPZQ0Ge12Ylx/YeGAJ35k=
|
|
|
|
|
tokenBytes, err := json.Marshal(struct {
|
|
|
|
|
jose.Claims
|
|
|
|
|
Challenge string `json:"chal,omitempty"`
|
|
|
|
|
Nonce string `json:"nonce,omitempty"`
|
|
|
|
|
Cnf struct {
|
|
|
|
|
Kid string `json:"kid,omitempty"`
|
|
|
|
|
} `json:"cnf"`
|
|
|
|
@ -280,6 +283,7 @@ MCowBQYDK2VwAyEA5c+4NKZSNQcR1T8qN6SjwgdPZQ0Ge12Ylx/YeGAJ35k=
|
|
|
|
|
Expiry: jose.NewNumericDate(time.Now().Add(1 * time.Minute)),
|
|
|
|
|
},
|
|
|
|
|
Challenge: "token",
|
|
|
|
|
Nonce: "nonce",
|
|
|
|
|
Cnf: struct {
|
|
|
|
|
Kid string `json:"kid,omitempty"`
|
|
|
|
|
}{
|
|
|
|
@ -318,7 +322,7 @@ MCowBQYDK2VwAyEA5c+4NKZSNQcR1T8qN6SjwgdPZQ0Ge12Ylx/YeGAJ35k=
|
|
|
|
|
Wire: &wireprovisioner.Options{
|
|
|
|
|
OIDC: &wireprovisioner.OIDCOptions{
|
|
|
|
|
Provider: &wireprovisioner.Provider{
|
|
|
|
|
IssuerURL: "http://issuerexample.com",
|
|
|
|
|
IssuerURL: "http://issuer.example.com",
|
|
|
|
|
},
|
|
|
|
|
Config: &wireprovisioner.Config{
|
|
|
|
|
ClientID: "test",
|
|
|
|
@ -328,6 +332,7 @@ MCowBQYDK2VwAyEA5c+4NKZSNQcR1T8qN6SjwgdPZQ0Ge12Ylx/YeGAJ35k=
|
|
|
|
|
TransformTemplate: "",
|
|
|
|
|
},
|
|
|
|
|
DPOP: &wireprovisioner.DPOPOptions{
|
|
|
|
|
Target: "http://issuer.example.com",
|
|
|
|
|
SigningKey: signerPEMBytes,
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
@ -385,14 +390,16 @@ MCowBQYDK2VwAyEA5c+4NKZSNQcR1T8qN6SjwgdPZQ0Ge12Ylx/YeGAJ35k=
|
|
|
|
|
jose.Claims
|
|
|
|
|
Challenge string `json:"chal,omitempty"`
|
|
|
|
|
Handle string `json:"handle,omitempty"`
|
|
|
|
|
ClientID string `json:"client_id,omitempty"`
|
|
|
|
|
Nonce string `json:"nonce,omitempty"`
|
|
|
|
|
HTU string `json:"htu,omitempty"`
|
|
|
|
|
}{
|
|
|
|
|
Claims: jose.Claims{
|
|
|
|
|
Subject: "wireapp://CzbfFjDOQrenCbDxVmgnFw!594930e9d50bb175@wire.com",
|
|
|
|
|
},
|
|
|
|
|
Challenge: "token",
|
|
|
|
|
Handle: "wireapp://%40alice_wire@wire.com",
|
|
|
|
|
ClientID: "wireapp://CzbfFjDOQrenCbDxVmgnFw!594930e9d50bb175@wire.com",
|
|
|
|
|
Nonce: "nonce",
|
|
|
|
|
HTU: "http://issuer.example.com",
|
|
|
|
|
})
|
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
dpop, err := dpopSigner.Sign(dpopBytes)
|
|
|
|
@ -402,6 +409,7 @@ MCowBQYDK2VwAyEA5c+4NKZSNQcR1T8qN6SjwgdPZQ0Ge12Ylx/YeGAJ35k=
|
|
|
|
|
tokenBytes, err := json.Marshal(struct {
|
|
|
|
|
jose.Claims
|
|
|
|
|
Challenge string `json:"chal,omitempty"`
|
|
|
|
|
Nonce string `json:"nonce,omitempty"`
|
|
|
|
|
Cnf struct {
|
|
|
|
|
Kid string `json:"kid,omitempty"`
|
|
|
|
|
} `json:"cnf"`
|
|
|
|
@ -416,6 +424,7 @@ MCowBQYDK2VwAyEA5c+4NKZSNQcR1T8qN6SjwgdPZQ0Ge12Ylx/YeGAJ35k=
|
|
|
|
|
Expiry: jose.NewNumericDate(time.Now().Add(1 * time.Minute)),
|
|
|
|
|
},
|
|
|
|
|
Challenge: "token",
|
|
|
|
|
Nonce: "nonce",
|
|
|
|
|
Cnf: struct {
|
|
|
|
|
Kid string `json:"kid,omitempty"`
|
|
|
|
|
}{
|
|
|
|
@ -468,6 +477,7 @@ MCowBQYDK2VwAyEA5c+4NKZSNQcR1T8qN6SjwgdPZQ0Ge12Ylx/YeGAJ35k=
|
|
|
|
|
TransformTemplate: "",
|
|
|
|
|
},
|
|
|
|
|
DPOP: &wireprovisioner.DPOPOptions{
|
|
|
|
|
Target: "http://issuer.example.com",
|
|
|
|
|
SigningKey: signerPEMBytes,
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
@ -529,14 +539,16 @@ MCowBQYDK2VwAyEA5c+4NKZSNQcR1T8qN6SjwgdPZQ0Ge12Ylx/YeGAJ35k=
|
|
|
|
|
jose.Claims
|
|
|
|
|
Challenge string `json:"chal,omitempty"`
|
|
|
|
|
Handle string `json:"handle,omitempty"`
|
|
|
|
|
ClientID string `json:"client_id,omitempty"`
|
|
|
|
|
Nonce string `json:"nonce,omitempty"`
|
|
|
|
|
HTU string `json:"htu,omitempty"`
|
|
|
|
|
}{
|
|
|
|
|
Claims: jose.Claims{
|
|
|
|
|
Subject: "wireapp://CzbfFjDOQrenCbDxVmgnFw!594930e9d50bb175@wire.com",
|
|
|
|
|
},
|
|
|
|
|
Challenge: "token",
|
|
|
|
|
Handle: "wireapp://%40alice_wire@wire.com",
|
|
|
|
|
ClientID: "wireapp://CzbfFjDOQrenCbDxVmgnFw!594930e9d50bb175@wire.com",
|
|
|
|
|
Nonce: "nonce",
|
|
|
|
|
HTU: "http://issuer.example.com",
|
|
|
|
|
})
|
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
dpop, err := dpopSigner.Sign(dpopBytes)
|
|
|
|
@ -546,6 +558,7 @@ MCowBQYDK2VwAyEA5c+4NKZSNQcR1T8qN6SjwgdPZQ0Ge12Ylx/YeGAJ35k=
|
|
|
|
|
tokenBytes, err := json.Marshal(struct {
|
|
|
|
|
jose.Claims
|
|
|
|
|
Challenge string `json:"chal,omitempty"`
|
|
|
|
|
Nonce string `json:"nonce,omitempty"`
|
|
|
|
|
Cnf struct {
|
|
|
|
|
Kid string `json:"kid,omitempty"`
|
|
|
|
|
} `json:"cnf"`
|
|
|
|
@ -560,6 +573,7 @@ MCowBQYDK2VwAyEA5c+4NKZSNQcR1T8qN6SjwgdPZQ0Ge12Ylx/YeGAJ35k=
|
|
|
|
|
Expiry: jose.NewNumericDate(time.Now().Add(1 * time.Minute)),
|
|
|
|
|
},
|
|
|
|
|
Challenge: "token",
|
|
|
|
|
Nonce: "nonce",
|
|
|
|
|
Cnf: struct {
|
|
|
|
|
Kid string `json:"kid,omitempty"`
|
|
|
|
|
}{
|
|
|
|
@ -598,7 +612,7 @@ MCowBQYDK2VwAyEA5c+4NKZSNQcR1T8qN6SjwgdPZQ0Ge12Ylx/YeGAJ35k=
|
|
|
|
|
Wire: &wireprovisioner.Options{
|
|
|
|
|
OIDC: &wireprovisioner.OIDCOptions{
|
|
|
|
|
Provider: &wireprovisioner.Provider{
|
|
|
|
|
IssuerURL: "http://issuerexample.com",
|
|
|
|
|
IssuerURL: "http://issuer.example.com",
|
|
|
|
|
},
|
|
|
|
|
Config: &wireprovisioner.Config{
|
|
|
|
|
ClientID: "test",
|
|
|
|
@ -612,6 +626,7 @@ MCowBQYDK2VwAyEA5c+4NKZSNQcR1T8qN6SjwgdPZQ0Ge12Ylx/YeGAJ35k=
|
|
|
|
|
TransformTemplate: "",
|
|
|
|
|
},
|
|
|
|
|
DPOP: &wireprovisioner.DPOPOptions{
|
|
|
|
|
Target: "http://issuer.example.com",
|
|
|
|
|
SigningKey: signerPEMBytes,
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
@ -673,14 +688,16 @@ MCowBQYDK2VwAyEA5c+4NKZSNQcR1T8qN6SjwgdPZQ0Ge12Ylx/YeGAJ35k=
|
|
|
|
|
jose.Claims
|
|
|
|
|
Challenge string `json:"chal,omitempty"`
|
|
|
|
|
Handle string `json:"handle,omitempty"`
|
|
|
|
|
ClientID string `json:"client_id,omitempty"`
|
|
|
|
|
Nonce string `json:"nonce,omitempty"`
|
|
|
|
|
HTU string `json:"htu,omitempty"`
|
|
|
|
|
}{
|
|
|
|
|
Claims: jose.Claims{
|
|
|
|
|
Subject: "wireapp://CzbfFjDOQrenCbDxVmgnFw!594930e9d50bb175@wire.com",
|
|
|
|
|
},
|
|
|
|
|
Challenge: "token",
|
|
|
|
|
Handle: "wireapp://%40alice_wire@wire.com",
|
|
|
|
|
ClientID: "wireapp://CzbfFjDOQrenCbDxVmgnFw!594930e9d50bb175@wire.com",
|
|
|
|
|
Nonce: "nonce",
|
|
|
|
|
HTU: "http://issuer.example.com",
|
|
|
|
|
})
|
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
dpop, err := dpopSigner.Sign(dpopBytes)
|
|
|
|
@ -690,6 +707,7 @@ MCowBQYDK2VwAyEA5c+4NKZSNQcR1T8qN6SjwgdPZQ0Ge12Ylx/YeGAJ35k=
|
|
|
|
|
tokenBytes, err := json.Marshal(struct {
|
|
|
|
|
jose.Claims
|
|
|
|
|
Challenge string `json:"chal,omitempty"`
|
|
|
|
|
Nonce string `json:"nonce,omitempty"`
|
|
|
|
|
Cnf struct {
|
|
|
|
|
Kid string `json:"kid,omitempty"`
|
|
|
|
|
} `json:"cnf"`
|
|
|
|
@ -704,6 +722,7 @@ MCowBQYDK2VwAyEA5c+4NKZSNQcR1T8qN6SjwgdPZQ0Ge12Ylx/YeGAJ35k=
|
|
|
|
|
Expiry: jose.NewNumericDate(time.Now().Add(1 * time.Minute)),
|
|
|
|
|
},
|
|
|
|
|
Challenge: "token",
|
|
|
|
|
Nonce: "nonce",
|
|
|
|
|
Cnf: struct {
|
|
|
|
|
Kid string `json:"kid,omitempty"`
|
|
|
|
|
}{
|
|
|
|
@ -742,7 +761,7 @@ MCowBQYDK2VwAyEA5c+4NKZSNQcR1T8qN6SjwgdPZQ0Ge12Ylx/YeGAJ35k=
|
|
|
|
|
Wire: &wireprovisioner.Options{
|
|
|
|
|
OIDC: &wireprovisioner.OIDCOptions{
|
|
|
|
|
Provider: &wireprovisioner.Provider{
|
|
|
|
|
IssuerURL: "http://issuerexample.com",
|
|
|
|
|
IssuerURL: "http://issuer.example.com",
|
|
|
|
|
},
|
|
|
|
|
Config: &wireprovisioner.Config{
|
|
|
|
|
ClientID: "test",
|
|
|
|
@ -756,6 +775,7 @@ MCowBQYDK2VwAyEA5c+4NKZSNQcR1T8qN6SjwgdPZQ0Ge12Ylx/YeGAJ35k=
|
|
|
|
|
TransformTemplate: "",
|
|
|
|
|
},
|
|
|
|
|
DPOP: &wireprovisioner.DPOPOptions{
|
|
|
|
|
Target: "http://issuer.example.com",
|
|
|
|
|
SigningKey: signerPEMBytes,
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
@ -824,14 +844,16 @@ MCowBQYDK2VwAyEA5c+4NKZSNQcR1T8qN6SjwgdPZQ0Ge12Ylx/YeGAJ35k=
|
|
|
|
|
jose.Claims
|
|
|
|
|
Challenge string `json:"chal,omitempty"`
|
|
|
|
|
Handle string `json:"handle,omitempty"`
|
|
|
|
|
ClientID string `json:"client_id,omitempty"`
|
|
|
|
|
Nonce string `json:"nonce,omitempty"`
|
|
|
|
|
HTU string `json:"htu,omitempty"`
|
|
|
|
|
}{
|
|
|
|
|
Claims: jose.Claims{
|
|
|
|
|
Subject: "wireapp://CzbfFjDOQrenCbDxVmgnFw!594930e9d50bb175@wire.com",
|
|
|
|
|
},
|
|
|
|
|
Challenge: "token",
|
|
|
|
|
Handle: "wireapp://%40alice_wire@wire.com",
|
|
|
|
|
ClientID: "wireapp://CzbfFjDOQrenCbDxVmgnFw!594930e9d50bb175@wire.com",
|
|
|
|
|
Nonce: "nonce",
|
|
|
|
|
HTU: "http://issuer.example.com",
|
|
|
|
|
})
|
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
dpop, err := dpopSigner.Sign(dpopBytes)
|
|
|
|
@ -841,6 +863,7 @@ MCowBQYDK2VwAyEA5c+4NKZSNQcR1T8qN6SjwgdPZQ0Ge12Ylx/YeGAJ35k=
|
|
|
|
|
tokenBytes, err := json.Marshal(struct {
|
|
|
|
|
jose.Claims
|
|
|
|
|
Challenge string `json:"chal,omitempty"`
|
|
|
|
|
Nonce string `json:"nonce,omitempty"`
|
|
|
|
|
Cnf struct {
|
|
|
|
|
Kid string `json:"kid,omitempty"`
|
|
|
|
|
} `json:"cnf"`
|
|
|
|
@ -855,6 +878,7 @@ MCowBQYDK2VwAyEA5c+4NKZSNQcR1T8qN6SjwgdPZQ0Ge12Ylx/YeGAJ35k=
|
|
|
|
|
Expiry: jose.NewNumericDate(time.Now().Add(1 * time.Minute)),
|
|
|
|
|
},
|
|
|
|
|
Challenge: "token",
|
|
|
|
|
Nonce: "nonce",
|
|
|
|
|
Cnf: struct {
|
|
|
|
|
Kid string `json:"kid,omitempty"`
|
|
|
|
|
}{
|
|
|
|
@ -893,7 +917,7 @@ MCowBQYDK2VwAyEA5c+4NKZSNQcR1T8qN6SjwgdPZQ0Ge12Ylx/YeGAJ35k=
|
|
|
|
|
Wire: &wireprovisioner.Options{
|
|
|
|
|
OIDC: &wireprovisioner.OIDCOptions{
|
|
|
|
|
Provider: &wireprovisioner.Provider{
|
|
|
|
|
IssuerURL: "http://issuerexample.com",
|
|
|
|
|
IssuerURL: "http://issuer.example.com",
|
|
|
|
|
},
|
|
|
|
|
Config: &wireprovisioner.Config{
|
|
|
|
|
ClientID: "test",
|
|
|
|
@ -907,6 +931,7 @@ MCowBQYDK2VwAyEA5c+4NKZSNQcR1T8qN6SjwgdPZQ0Ge12Ylx/YeGAJ35k=
|
|
|
|
|
TransformTemplate: "",
|
|
|
|
|
},
|
|
|
|
|
DPOP: &wireprovisioner.DPOPOptions{
|
|
|
|
|
Target: "http://issuer.example.com",
|
|
|
|
|
SigningKey: signerPEMBytes,
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
@ -1931,7 +1956,6 @@ MCowBQYDK2VwAyEA5c+4NKZSNQcR1T8qN6SjwgdPZQ0Ge12Ylx/YeGAJ35k=
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func Test_parseAndVerifyWireAccessToken(t *testing.T) {
|
|
|
|
|
t.Skip("skip this until capturing a new e2e flow with proper values")
|
|
|
|
|
key := `
|
|
|
|
|
-----BEGIN PUBLIC KEY-----
|
|
|
|
|
MCowBQYDK2VwAyEAB2IYqBWXAouDt3WcCZgCM3t9gumMEKMlgMsGenSu+fA=
|
|
|
|
|