victorolinasc
commented
3 weeks ago Hi @Nezteb !
To conjure a proper test suite using joken_jwks or joken you need to have a test configuration that you can access the signers.
There are currently two crypto types of algorithms one can use with joken: symmetric and asymmetric (see joken docs).
If you are using symmetric your test config must set the shared secret. If you are using asymmetric crypto, then your test configuration must set both public and private keys. You will generate tokens with the private key and verify them with the public key.
If your application uses a public (internet) jwks endpoint, then I would advise you to mock the request (the Tesla adapter) that fetches the public key. This way you can make your application code use a public key you yourself will generate (or set).
For this case, the flow would be:
- generate key pair
- use private key in a test utils function that generates tokens
- set the public key (in a proper jwks response) in your jwks http mock
- run tests
Does it help?
I have a project using
joken_jwks. I've been writing some unit tests for my business logic, but whenever I try toverify_and_validatea token in a unit test, I get various failures because the tokens I'm testing with aren't valid according to the JWKS signers fetched.I found some useful testing code that I tried copying:
The one thing I didn't copy was the Tesla mock for the JWKS URL, but maybe that's required?
Even then, when I create a token in a unit test it fails verification/validation. Perhaps there is a way to configure
joken_jwksinconfig/test.exsto make this easier? Or something I can add to the module I'm callinguse JokenJwks.DefaultStrategyTemplatein? I could mock/stub myuse Joken.Configmodule and itsverify_and_exit/1call, but I'd prefer not to mock/stub.Any advice would be appreciated; thanks! 🙏