Open Nezteb opened 2 months ago
Hi @Nezteb !
To conjure a proper test suite using joken_jwks or joken you need to have a test configuration that you can access the signers.
There are currently two crypto types of algorithms one can use with joken: symmetric and asymmetric (see joken docs).
If you are using symmetric your test config must set the shared secret. If you are using asymmetric crypto, then your test configuration must set both public and private keys. You will generate tokens with the private key and verify them with the public key.
If your application uses a public (internet) jwks endpoint, then I would advise you to mock the request (the Tesla adapter) that fetches the public key. This way you can make your application code use a public key you yourself will generate (or set).
For this case, the flow would be:
Does it help?
I have a project using
joken_jwks
. I've been writing some unit tests for my business logic, but whenever I try toverify_and_validate
a token in a unit test, I get various failures because the tokens I'm testing with aren't valid according to the JWKS signers fetched.I found some useful testing code that I tried copying:
The one thing I didn't copy was the Tesla mock for the JWKS URL, but maybe that's required?
Even then, when I create a token in a unit test it fails verification/validation. Perhaps there is a way to configure
joken_jwks
inconfig/test.exs
to make this easier? Or something I can add to the module I'm callinguse JokenJwks.DefaultStrategyTemplate
in? I could mock/stub myuse Joken.Config
module and itsverify_and_exit/1
call, but I'd prefer not to mock/stub.Any advice would be appreciated; thanks! 🙏