Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Avoid duplicate access token parsing #19

Merged
merged 2 commits into from
Jan 21, 2025

Avoid extra parse of access token

d6ff003
Select commit
Loading
Failed to load commit list.
Sign in for the full log view
Merged

Avoid duplicate access token parsing #19

Avoid extra parse of access token
d6ff003
Select commit
Loading
Failed to load commit list.
GitHub Actions / Test results succeeded Jan 20, 2025 in 0s

84 passed, 0 failed and 0 skipped

Tests passed successfully

✅ test/AspNetCore.Authentication.JwtBearer.Tests/TestResults/Tests.trx

84 tests were completed in 11s with 84 passed, 0 failed and 0 skipped.

Test suite Passed Failed Skipped Time
Duende.AspNetCore.Authentication.JwtBearer.DPoP.AccessTokenCnfTests 14✅ 585ms
Duende.AspNetCore.Authentication.JwtBearer.DPoP.FreshnessTests 35✅ 432ms
Duende.AspNetCore.Authentication.JwtBearer.DPoP.HeaderTests 15✅ 370ms
Duende.AspNetCore.Authentication.JwtBearer.DPoP.PayloadTests 9✅ 27ms
Duende.AspNetCore.Authentication.JwtBearer.DPoP.ReplayTests 7✅ 312ms
Duende.AspNetCore.Authentication.JwtBearer.DPoPIntegrationTests 4✅ 6s

✅ Duende.AspNetCore.Authentication.JwtBearer.DPoP.AccessTokenCnfTests

✅ cnf_missing_jkt_should_fail
✅ empty_cnf_value_should_fail
✅ mismatched_jkt_should_fail
✅ missing_cnf_should_fail
✅ non_json_object_cnf_should_fail(cnf: "[]")
✅ non_json_object_cnf_should_fail(cnf: "[\"asdf\"]")
✅ non_json_object_cnf_should_fail(cnf: "[123]")
✅ non_json_object_cnf_should_fail(cnf: "0")
✅ non_json_object_cnf_should_fail(cnf: "1")
✅ non_json_object_cnf_should_fail(cnf: "3.14159")
✅ non_json_object_cnf_should_fail(cnf: "false")
✅ non_json_object_cnf_should_fail(cnf: "not-a-json-object")
✅ non_json_object_cnf_should_fail(cnf: "null")
✅ non_json_object_cnf_should_fail(cnf: "true")

✅ Duende.AspNetCore.Authentication.JwtBearer.DPoP.FreshnessTests

✅ can_retrieve_issued_at_unix_time_from_nonce
✅ expiration_check_is_correct_at_boundaries(issuedAt: 1704088800, validFor: 100, clockSkew: 0, now: 1704088799, expected: True)
✅ expiration_check_is_correct_at_boundaries(issuedAt: 1704088800, validFor: 100, clockSkew: 0, now: 1704088800, expected: False)
✅ expiration_check_is_correct_at_boundaries(issuedAt: 1704088800, validFor: 100, clockSkew: 0, now: 1704088801, expected: False)
✅ expiration_check_is_correct_at_boundaries(issuedAt: 1704088800, validFor: 100, clockSkew: 0, now: 1704088899, expected: False)
✅ expiration_check_is_correct_at_boundaries(issuedAt: 1704088800, validFor: 100, clockSkew: 0, now: 1704088900, expected: False)
✅ expiration_check_is_correct_at_boundaries(issuedAt: 1704088800, validFor: 100, clockSkew: 0, now: 1704088901, expected: True)
✅ expiration_check_is_correct_at_boundaries(issuedAt: 1704088800, validFor: 100, clockSkew: 10, now: 1704088789, expected: True)
✅ expiration_check_is_correct_at_boundaries(issuedAt: 1704088800, validFor: 100, clockSkew: 10, now: 1704088790, expected: False)
✅ expiration_check_is_correct_at_boundaries(issuedAt: 1704088800, validFor: 100, clockSkew: 10, now: 1704088791, expected: False)
✅ expiration_check_is_correct_at_boundaries(issuedAt: 1704088800, validFor: 100, clockSkew: 10, now: 1704088799, expected: False)
✅ expiration_check_is_correct_at_boundaries(issuedAt: 1704088800, validFor: 100, clockSkew: 10, now: 1704088800, expected: False)
✅ expiration_check_is_correct_at_boundaries(issuedAt: 1704088800, validFor: 100, clockSkew: 10, now: 1704088801, expected: False)
✅ expiration_check_is_correct_at_boundaries(issuedAt: 1704088800, validFor: 100, clockSkew: 10, now: 1704088899, expected: False)
✅ expiration_check_is_correct_at_boundaries(issuedAt: 1704088800, validFor: 100, clockSkew: 10, now: 1704088900, expected: False)
✅ expiration_check_is_correct_at_boundaries(issuedAt: 1704088800, validFor: 100, clockSkew: 10, now: 1704088901, expected: False)
✅ expiration_check_is_correct_at_boundaries(issuedAt: 1704088800, validFor: 100, clockSkew: 10, now: 1704088909, expected: False)
✅ expiration_check_is_correct_at_boundaries(issuedAt: 1704088800, validFor: 100, clockSkew: 10, now: 1704088910, expected: False)
✅ expiration_check_is_correct_at_boundaries(issuedAt: 1704088800, validFor: 100, clockSkew: 10, now: 1704088911, expected: True)
✅ expired_nonce_returns_use_dpop_nonce_with_server_issued_nonce
✅ expired_proofs_set_errors
✅ invalid_nonce_is_treated_as_zero
✅ invalid_nonce_returns_use_dpop_nonce_with_server_issued_nonce(nonce: "garbage")
✅ invalid_nonce_returns_use_dpop_nonce_with_server_issued_nonce(nonce: "null")
✅ missing_nonce_returns_use_dpop_nonce_with_server_issued_nonce(nonce: " ")
✅ missing_nonce_returns_use_dpop_nonce_with_server_issued_nonce(nonce: "")
✅ missing_nonce_returns_use_dpop_nonce_with_server_issued_nonce(nonce: null)
✅ nonce_contains_data_protected_issued_at_unix_time
✅ unexpired_proofs_do_not_set_errors
✅ use_client_or_server_clock_skew_depending_on_validation_mode(clientClockSkew: 0, serverClockSkew: 10, mode: Nonce)
✅ use_client_or_server_clock_skew_depending_on_validation_mode(clientClockSkew: 10, serverClockSkew: 0, mode: IssuedAt)
✅ validate_iat_when_option_is_set(mode: Both)
✅ validate_iat_when_option_is_set(mode: IssuedAt)
✅ validate_nonce_when_option_is_set(mode: Both)
✅ validate_nonce_when_option_is_set(mode: Nonce)

✅ Duende.AspNetCore.Authentication.JwtBearer.DPoP.HeaderTests

✅ disallowed_algorithms_fail(alg: "HS256")
✅ disallowed_algorithms_fail(alg: "HS384")
✅ disallowed_algorithms_fail(alg: "HS512")
✅ disallowed_algorithms_fail(alg: "none")
✅ malformed_proof_tokens_fail
✅ proof_tokens_with_incorrect_typ_header_fail
✅ valid_algorithms_succeed(alg: "ES256")
✅ valid_algorithms_succeed(alg: "ES384")
✅ valid_algorithms_succeed(alg: "ES512")
✅ valid_algorithms_succeed(alg: "PS256")
✅ valid_algorithms_succeed(alg: "PS384")
✅ valid_algorithms_succeed(alg: "PS512")
✅ valid_algorithms_succeed(alg: "RS256")
✅ valid_algorithms_succeed(alg: "RS384")
✅ valid_algorithms_succeed(alg: "RS512")

✅ Duende.AspNetCore.Authentication.JwtBearer.DPoP.PayloadTests

✅ expired_payload_fails
✅ mismatched_ath_fails
✅ missing_ath_fails
✅ missing_htm_fails
✅ missing_htu_fails
✅ missing_iat_fails
✅ missing_jti_fails
✅ missing_payload_fails
✅ valid_payload_succeeds

✅ Duende.AspNetCore.Authentication.JwtBearer.DPoP.ReplayTests

✅ new_proof_tokens_are_added_to_replay_cache(validateIat: False, validateNonce: True, clientClockSkew: 0, serverClockSkew: 10)
✅ new_proof_tokens_are_added_to_replay_cache(validateIat: True, validateNonce: False, clientClockSkew: 10, serverClockSkew: 0)
✅ new_proof_tokens_are_added_to_replay_cache(validateIat: True, validateNonce: True, clientClockSkew: 10, serverClockSkew: 20)
✅ new_proof_tokens_are_added_to_replay_cache(validateIat: True, validateNonce: True, clientClockSkew: 20, serverClockSkew: 10)
✅ new_proof_tokens_are_added_to_replay_cache(validateIat: True, validateNonce: True, clientClockSkew: 20, serverClockSkew: 20)
✅ replays_detected_in_ValidatePayload_fail
✅ replays_detected_in_ValidateReplay_fail

✅ Duende.AspNetCore.Authentication.JwtBearer.DPoPIntegrationTests

✅ excessively_large_proof_fails
✅ incorrect_token_type_fails
✅ missing_token_fails
✅ valid_token_and_proof_succeeds
View more details on GitHub Actions