package oidctest

v3 – github.com/coreos/go-oidc/v3/oidc/oidctest Index | Files

package oidctest

import "github.com/coreos/go-oidc/v3/oidc/oidctest"

Package oidctest implements a test OpenID Connect server.

For convinence, methods in this package panic rather than returning errors. This package is NOT suitable for use outside of tests.

This package is primarily intended to be used with the standard library's net/http/httpttest package. Users should configure a key pair and setup a server:

priv, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
	// ...
}
s := &oidctest.Server{
	PublicKeys: []oidctest.PublicKey{
		{
			PublicKey: priv.Public(),
			KeyID:     "my-key-id",
			Algorithm: oidc.ES256,
		},
	},
}
srv := httptest.NewServer(s)
defer srv.Close()
s.SetIssuer(srv.URL)

Then sign a token:

rawClaims := `{
	"iss": "` + srv.URL + `",
	"aud": "my-client-id",
	"sub": "foo",
	"email": "foo@example.com",
	"email_verified": true
}`
token := oidctest.SignIDToken(priv, "my-key-id", oidc.RS256, rawClaims)

And finaly, verify through the oidc package:

ctx := context.Background()
p, err := oidc.NewProvider(ctx, srv.URL)
if err != nil {
	// ...
}
config := &oidc.Config{
	ClientID:        "my-client-id",
	SkipExpiryCheck: true,
}
v := p.VerifierContext(ctx, config)

idToken, err := v.Verify(ctx, token)
if err != nil {
	// ...
}

Index ¶

func SignIDToken(priv crypto.PrivateKey, keyID, alg, claims string) string
type PublicKey
type Server

func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request)
func (s *Server) SetIssuer(issuerURL string)

Functions ¶

func SignIDToken ¶

func SignIDToken(priv crypto.PrivateKey, keyID, alg, claims string) string

SignIDToken uses a private key to sign provided claims.

A minimal set of claims may look like:

rawClaims := `{
	"iss": "` + srv.URL + `",
	"aud": "my-client-id",
	"sub": "foo",
	"exp": ` + strconv.FormatInt(time.Now().Add(time.Hour).Unix(), 10) + `,
	"email": "foo@example.com",
	"email_verified": true
}`
token := oidctest.SignIDToken(priv, "my-key-id", oidc.RS256, rawClaims)

Types ¶

type PublicKey ¶

type PublicKey struct {
	// Either *rsa.PublicKey or *ecdsa.PublicKey.
	PublicKey crypto.PublicKey
	// The ID of the key. Should match the value passed to [SignIDToken].
	KeyID string
	// Signature algorithm used by the public key, such as "RS256" or "RS256".
	Algorithm string
}

PublicKey holds a public key as well as additional metadata about that key.

type Server ¶

type Server struct {
	// Public keys advertised by the server that can be used to sign tokens.
	PublicKeys []PublicKey
	// The set of signing algorithms used by the server. Defaults to "RS256".
	Algorithms []string
	// contains filtered or unexported fields
}

Server holds configuration for the OpenID Connect test server.

func (*Server) ServeHTTP ¶

func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request)

ServeHTTP is the server's implementation of http.Handler.

func (*Server) SetIssuer ¶

func (s *Server) SetIssuer(issuerURL string)

SetIssuer must be called before serving traffic. This is usually the [httptest.Server.URL].

Source Files ¶

oidctest.go

Version: v3.14.1 (latest)
Published: Apr 3, 2025
Platform: linux/amd64
Imports: 6 packages
Last checked: 2 months ago –

Tools for package owners.

?	: This menu
/	: Search site
f	: Jump to identifier
g then g	: Go to top of page
g then b	: Go to end of page
G	: Go to end of page
g then i	: Go to index
g then e	: Go to examples