-
Notifications
You must be signed in to change notification settings - Fork 0
/
test-responseType.js
53 lines (43 loc) · 1.56 KB
/
test-responseType.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
'use strict'
/* eslint-env mocha */
const request = require('supertest')
const assert = require('assert')
const { strictEqual } = assert
const configuration = {
clients: [{
client_id: 'myClient',
client_secret: 'mySecret',
redirect_uris: ['http://127.0.0.1:8080/cb']
}],
responseTypes: ['code']
}
const app = require('./app')(configuration)
describe('Testing Issues', function () {
before('Start server', function (cb) {
this.server = app.listen(5000, cb)
})
after('Stop server', function (cb) {
this.server.close(cb)
})
it('should fail because response type is not suported', function () {
return request(this.server)
.get('/auth')
.query({
response_type: 'id_token',
client_id: 'myClient',
scope: 'openid',
redirect_uri: 'http://127.0.0.1:8080/cb'
})
.expect(302)
.expect((response) => {
const locURL = new URL(response.header.location.replace("#", "?"))
console.log(locURL)
strictEqual(locURL.searchParams.get('error'), 'unsupported_response_type')
strictEqual(locURL.searchParams.get('error_description'), 'unsupported response_type requested')
})
})
})
/*
The problem seem to be in the middleware order, if we look on lib/actions/authorization/index.js file the "checkResponseType"
middleware is below the "oidcRequired" middleware, but this check don;t have sense if the response type is not supported.
*/