From 7ba2cea8a4358c283004526da990f650a4f262e9 Mon Sep 17 00:00:00 2001 From: Xuyang Tao Date: Mon, 1 Feb 2021 10:23:24 -0800 Subject: [PATCH] Unknown issuer --- tests/env/testdata/fake_jwt.go | 2 ++ tests/integration_test/jwt_auth_integration_test.go | 9 +++++++++ 2 files changed, 11 insertions(+) diff --git a/tests/env/testdata/fake_jwt.go b/tests/env/testdata/fake_jwt.go index eb3027837..31a535a41 100644 --- a/tests/env/testdata/fake_jwt.go +++ b/tests/env/testdata/fake_jwt.go @@ -383,6 +383,8 @@ const ( "2MKZxKsYn8NRVpdyy39Bp3IUv9AUbk4qEKB69pbfSt5H2Z6P_waYfv6m-GieQZWGlhO90Y" + "ytoPuPekKhe8JVV2f5yCwLE89S9ZD8779_1G4UGOsyBfxGvOicoZ9nqtGbJYHnqMN3gjh-" + "BWr3cm9Mswm8TCkP0Lv2cvQ" + // ./gen-jwt.py key.pem -jwks=./jwks.json --expire=3153600000 --iss="unknown_jwks_provider" --aud bookstore_test_client.cloud.goog + FakeUnknownIssuerToken = "eyJhbGciOiJSUzI1NiIsImtpZCI6IkRIRmJwb0lVcXJZOHQyenBBMnFYZkNtcjVWTzVaRXI0UnpIVV8tZW52dlEiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOiJib29rc3RvcmVfdGVzdF9jbGllbnQuY2xvdWQuZ29vZyIsImV4cCI6NDc2NTgwMjQwMSwiaWF0IjoxNjEyMjAyNDAxLCJpc3MiOiJ1bmtub3duX2p3a3NfcHJvdmlkZXIiLCJzdWIiOiJ1bmtub3duX2p3a3NfcHJvdmlkZXIifQ.QyIM87k4eRfvnWQ3VVFo7Jp5shgW63NAW_vw-jQBT8LyNbGUkKti0C2FQuiNhuTuZjfPN6ABocCihF0zOm5IvsaZ09XyWPB8cdoW7Pb9aTupsVf6VrWdQ_9xuJPD5gDvN0K1XdW6JWQM3Xnte-IAiUkhPKlzoMCz4PE275Uz1U-uk_YED4qkT2-HL-SB24oXUfJcEspSjazCV9Xbw9GmZ8F5PVGoIkK7jrpVHpPCWauUmA2CQx4tmVJ2_P3Ou91VCQtalzbqQF45HLXyPgUMtxDo6oDBc9SLWOUCv1qeSUzrLrlFe1jTmyKELwl1k06N1749AG0sXW55tv5w1Q7ytw" // ./gen-jwt.py key.pem -jwks=jwks.json --expire=3153600000 --iss=http://127.0.0.1:32025 --aud=ok_audience FakeOpenIDToken = "eyJhbGciOiJSUzI1NiIsImtpZCI6IkRIRmJwb0lV" + diff --git a/tests/integration_test/jwt_auth_integration_test.go b/tests/integration_test/jwt_auth_integration_test.go index 8256a324f..440893b71 100644 --- a/tests/integration_test/jwt_auth_integration_test.go +++ b/tests/integration_test/jwt_auth_integration_test.go @@ -125,6 +125,15 @@ func TestAsymmetricKeys(t *testing.T) { token: testdata.FakeNonexistJwksProviderToken, wantError: `401 Unauthorized, {"code":401,"message":"Jwks remote fetch is failed"}`, }, + // TODO(b/179038530): should return `JwtUnknownIssuer` + { + desc: "Failed, misleading error message(JWT is missing) on Jwt signed by an unknown issue", + clientProtocol: "http", + httpMethod: "GET", + method: "/v1/shelves?key=api-key", + token: testdata.FakeUnknownIssuerToken, + wantError: `401 Unauthorized, {"code":401,"message":"Jwt is missing"}`, + }, { desc: "Succeeded, using OpenID Connect Discovery", clientProtocol: "http",