diff options
| author | Lars Wirzenius <liw@liw.fi> | 2018-11-05 09:56:36 +0200 |
|---|---|---|
| committer | Lars Wirzenius <liw@liw.fi> | 2018-11-05 09:56:36 +0200 |
| commit | df351c2661cd838e1b7de521f1fcd4f84acdf4a0 (patch) | |
| tree | 5ebbab360420bcd299d53ddd330b654fc67837e4 /yarns | |
| parent | 5a74ba9553fd21465e04dd4ace7007e2f865d7f1 (diff) | |
| download | qvisqve-df351c2661cd838e1b7de521f1fcd4f84acdf4a0.tar.gz | |
Add: sub fields to clients, tokens created by client-cred grant
Diffstat (limited to 'yarns')
| -rw-r--r-- | yarns/200-client-creds.yarn | 29 | ||||
| -rw-r--r-- | yarns/900-local.yarn | 4 | ||||
| -rw-r--r-- | yarns/lib.py | 1 |
3 files changed, 34 insertions, 0 deletions
diff --git a/yarns/200-client-creds.yarn b/yarns/200-client-creds.yarn index 9eff22a..418e9b9 100644 --- a/yarns/200-client-creds.yarn +++ b/yarns/200-client-creds.yarn @@ -102,3 +102,32 @@ scopes, as described above. AND token expires in an hour FINALLY Qvisqve is stopped + +API client tied to a subject +----------------------------------------------------------------------------- + + SCENARIO get token using client credentials tied to a subject + + GIVEN an API client "bigco" + AND API client has secret "secrit" + AND API client has allowed scopes "read write" + AND API client has subject "tomjon" + + AND a Qvisqve configuration for "https://qvisqve.example.com" + AND Qvisqve configuration has a token lifetime of 3600 + AND a running Qvisqve instance + + WHEN client requests POST /token + ... with client_id "bigco", client_secret "secrit", and + ... scopes "read write delete" + + THEN HTTP status code is 200 OK + AND Content-Type is application/json + AND body is a correctly signed JWT token + AND token has claim iss as "https://qvisqve.example.com" + AND token has claim sub as "tomjon" + AND token has claim aud as "bigco" + AND token has claim scope as "read write" + AND token expires in an hour + + FINALLY Qvisqve is stopped diff --git a/yarns/900-local.yarn b/yarns/900-local.yarn index cae5db1..276e656 100644 --- a/yarns/900-local.yarn +++ b/yarns/900-local.yarn @@ -31,6 +31,10 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. scopes = get_next_match() V['allowed_scopes'] = scopes.split() + IMPLEMENTS GIVEN API client has subject "(.+)" + sub = get_next_match() + V['sub'] = sub + IMPLEMENTS GIVEN a Qvisqve configuration for "(.+)" V['iss'] = get_next_match() diff --git a/yarns/lib.py b/yarns/lib.py index a9ba526..9d57143 100644 --- a/yarns/lib.py +++ b/yarns/lib.py @@ -190,6 +190,7 @@ def start_qvisqve(): client = { 'hashed_secret': sh.hash(V['client_secret']), 'allowed_scopes': V['allowed_scopes'], + 'sub': V['sub'], } filename = os.path.join(store, 'client', V['client_id']) |