@@ -142,6 +142,156 @@ describe("when cookies shall be sent with the introspection call", function()
142142 end )
143143end )
144144
145+ describe (" when auth_accept_token_as is header" function ()
146+ test_support .start_server ({
147+ introspection_opts = {
148+ auth_accept_token_as = " header"
149+ }
150+ })
151+ teardown (test_support .stop_server )
152+ local jwt = test_support .trim (http .request (" http://127.0.0.1/jwt"
153+ describe (" without any Authorization header" function ()
154+ local _ , status = http .request ({
155+ url = " http://127.0.0.1/introspect"
156+ })
157+ it (" the token is invalid" function ()
158+ assert .are .equals (401 , status )
159+ end )
160+ it (" an error is logged" function ()
161+ assert .error_log_contains (" no Authorization header found"
162+ end )
163+ end )
164+ describe (" with a bearer token" function ()
165+ local _ , status = http .request ({
166+ url = " http://127.0.0.1/introspect"
167+ headers = { authorization = " Bearer " .. jwt }
168+ })
169+ it (" the request contains the client_id parameter" function ()
170+ assert_introspection_endpoint_call_contains (" client_id=client_id"
171+ end )
172+ it (" the request contains the client_secret parameter" function ()
173+ assert_introspection_endpoint_call_contains (" client_secret=client_secret"
174+ end )
175+ it (" the request contains the token parameter" function ()
176+ assert_introspection_endpoint_call_contains (" token=" .. jwt :gsub (" %-" " %%%-"
177+ end )
178+ it (" no cookies are sent with the introspecion request" function ()
179+ assert .error_log_contains (" no cookie in introspecion call"
180+ end )
181+ it (" the response is valid" function ()
182+ assert .are .equals (200 , status )
183+ end )
184+ end )
185+ end )
186+
187+ describe (" when auth_accept_token_as is cookie and default cookie name is used" function ()
188+ test_support .start_server ({
189+ introspection_opts = {
190+ auth_accept_token_as = " cookie"
191+ }
192+ })
193+ teardown (test_support .stop_server )
194+ local jwt = test_support .trim (http .request (" http://127.0.0.1/jwt"
195+ describe (" without any cookie" function ()
196+ local _ , status = http .request ({
197+ url = " http://127.0.0.1/introspect"
198+ })
199+ it (" the token is invalid" function ()
200+ assert .are .equals (401 , status )
201+ end )
202+ it (" an error is logged" function ()
203+ assert .error_log_contains (" no Cookie header found"
204+ end )
205+ end )
206+ describe (" without default cookie" function ()
207+ local _ , status = http .request ({
208+ url = " http://127.0.0.1/introspect"
209+ headers = { cookie = " token=" .. jwt }
210+ })
211+ it (" the token is invalid" function ()
212+ assert .are .equals (401 , status )
213+ end )
214+ it (" an error is logged" function ()
215+ assert .error_log_contains (" no Cookie PA.global found"
216+ end )
217+ end )
218+ describe (" with proper cookie" function ()
219+ local _ , status = http .request ({
220+ url = " http://127.0.0.1/introspect"
221+ headers = { cookie = " PA.global=" .. jwt }
222+ })
223+ it (" the request contains the client_id parameter" function ()
224+ assert_introspection_endpoint_call_contains (" client_id=client_id"
225+ end )
226+ it (" the request contains the client_secret parameter" function ()
227+ assert_introspection_endpoint_call_contains (" client_secret=client_secret"
228+ end )
229+ it (" the request contains the token parameter" function ()
230+ assert_introspection_endpoint_call_contains (" token=" .. jwt :gsub (" %-" " %%%-"
231+ end )
232+ it (" no cookies are sent with the introspecion request" function ()
233+ assert .error_log_contains (" no cookie in introspecion call"
234+ end )
235+ it (" the response is valid" function ()
236+ assert .are .equals (200 , status )
237+ end )
238+ end )
239+ end )
240+
241+ describe (" when auth_accept_token_as is cookie:foo" function ()
242+ test_support .start_server ({
243+ introspection_opts = {
244+ auth_accept_token_as = " cookie:foo"
245+ }
246+ })
247+ teardown (test_support .stop_server )
248+ local jwt = test_support .trim (http .request (" http://127.0.0.1/jwt"
249+ describe (" without any cookie" function ()
250+ local _ , status = http .request ({
251+ url = " http://127.0.0.1/introspect"
252+ })
253+ it (" the token is invalid" function ()
254+ assert .are .equals (401 , status )
255+ end )
256+ it (" an error is logged" function ()
257+ assert .error_log_contains (" no Cookie header found"
258+ end )
259+ end )
260+ describe (" without foo cookie" function ()
261+ local _ , status = http .request ({
262+ url = " http://127.0.0.1/introspect"
263+ headers = { cookie = " token=" .. jwt }
264+ })
265+ it (" the token is invalid" function ()
266+ assert .are .equals (401 , status )
267+ end )
268+ it (" an error is logged" function ()
269+ assert .error_log_contains (" no Cookie foo found"
270+ end )
271+ end )
272+ describe (" with proper cookie" function ()
273+ local _ , status = http .request ({
274+ url = " http://127.0.0.1/introspect"
275+ headers = { cookie = " foo=" .. jwt }
276+ })
277+ it (" the request contains the client_id parameter" function ()
278+ assert_introspection_endpoint_call_contains (" client_id=client_id"
279+ end )
280+ it (" the request contains the client_secret parameter" function ()
281+ assert_introspection_endpoint_call_contains (" client_secret=client_secret"
282+ end )
283+ it (" the request contains the token parameter" function ()
284+ assert_introspection_endpoint_call_contains (" token=" .. jwt :gsub (" %-" " %%%-"
285+ end )
286+ it (" no cookies are sent with the introspecion request" function ()
287+ assert .error_log_contains (" no cookie in introspecion call"
288+ end )
289+ it (" the response is valid" function ()
290+ assert .are .equals (200 , status )
291+ end )
292+ end )
293+ end )
294+
145295describe (" when the response is inactive" function ()
146296 test_support .start_server ({
147297 introspection_response = {
0 commit comments