Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs: Update TokenDialect option details in go-auth0 documentation #414

Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 10 additions & 1 deletion management/resource_server.go
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,16 @@ type ResourceServer struct {
// Enables the enforcement of the authorization policies.
EnforcePolicies *bool `json:"enforce_policies,omitempty"`

// The dialect for the access token ["access_token" or "access_token_authz"].
// TokenDialect specifies the dialect of access tokens that should be issued for this resource server.
//
// Available options:
// - "access_token": A JWT containing standard Auth0 claims.
// - "rfc9068_profile": A JWT conforming to the IETF JWT Access Token Profile.
// - "access_token_authz": A JWT containing standard Auth0 claims, including RBAC permissions claims.
// - "rfc9068_profile_authz": A JWT conforming to the IETF JWT Access Token Profile, including RBAC permissions claims.
//
// Note: RBAC permissions claims are available if RBAC (enforce_policies) is enabled for this API."
// For more details, see the Access Token Profiles documentation : https://auth0.com/docs/secure/tokens/access-tokens/access-token-profiles.
TokenDialect *string `json:"token_dialect,omitempty"`
}

Expand Down
86 changes: 86 additions & 0 deletions management/resource_server_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,8 @@ func TestResourceServer_Create(t *testing.T) {
Description: auth0.String("Create Resource"),
},
},
EnforcePolicies: auth0.Bool(true),
TokenDialect: auth0.String("rfc9068_profile_authz"),
}

err := api.ResourceServer.Create(context.Background(), expectedResourceServer)
Expand Down Expand Up @@ -70,6 +72,8 @@ func TestResourceServer_Update(t *testing.T) {
Description: auth0.String("Update Resource"),
})
expectedResourceServer.Scopes = &scopes
expectedResourceServer.EnforcePolicies = auth0.Bool(true)
expectedResourceServer.TokenDialect = auth0.String("access_token_authz")

err := api.ResourceServer.Update(context.Background(), resourceServerID, expectedResourceServer)

Expand All @@ -80,6 +84,86 @@ func TestResourceServer_Update(t *testing.T) {
assert.Equal(t, expectedResourceServer.GetTokenLifetime(), 7200)
assert.Equal(t, expectedResourceServer.GetTokenLifetimeForWeb(), 5400)
assert.Equal(t, len(expectedResourceServer.GetScopes()), 2)
assert.Equal(t, expectedResourceServer.GetTokenDialect(), "access_token_authz")
assert.Equal(t, expectedResourceServer.GetEnforcePolicies(), true)
}

func TestResourceServer_TokenDialect(t *testing.T) {
t.Run("When_TokenDialect_is_rfc9068_profile_should_succeed", func(t *testing.T) {
configureHTTPTestRecordings(t)
expectedResourceServer := givenAResourceServer(t)

resourceServerID := expectedResourceServer.GetID()

expectedResourceServer.ID = nil // Read-Only: Additional properties not allowed.
expectedResourceServer.Identifier = nil // Read-Only: Additional properties not allowed.
expectedResourceServer.SigningSecret = nil

expectedResourceServer.TokenDialect = auth0.String("rfc9068_profile")
expectedResourceServer.EnforcePolicies = auth0.Bool(false)

err := api.ResourceServer.Update(context.Background(), resourceServerID, expectedResourceServer)
assert.NoError(t, err)
assert.Equal(t, expectedResourceServer.GetTokenDialect(), "rfc9068_profile")
assert.Equal(t, expectedResourceServer.GetEnforcePolicies(), false)
})

t.Run("When_TokenDialect_is_access_token_authz_and_RBAC_enabled_should_succeed", func(t *testing.T) {
configureHTTPTestRecordings(t)
expectedResourceServer := givenAResourceServer(t)

resourceServerID := expectedResourceServer.GetID()

expectedResourceServer.ID = nil // Read-Only: Additional properties not allowed.
expectedResourceServer.Identifier = nil // Read-Only: Additional properties not allowed.
expectedResourceServer.SigningSecret = nil

expectedResourceServer.TokenDialect = auth0.String("access_token_authz")
expectedResourceServer.EnforcePolicies = auth0.Bool(true)

err := api.ResourceServer.Update(context.Background(), resourceServerID, expectedResourceServer)
assert.NoError(t, err)
assert.Equal(t, expectedResourceServer.GetTokenDialect(), "access_token_authz")
assert.Equal(t, expectedResourceServer.GetEnforcePolicies(), true)
})

t.Run("When_TokenDialect_is_rfc9068_profile_authz_and_RBAC_enabled_should_succeed", func(t *testing.T) {
configureHTTPTestRecordings(t)
expectedResourceServer := givenAResourceServer(t)

resourceServerID := expectedResourceServer.GetID()

expectedResourceServer.ID = nil // Read-Only: Additional properties not allowed.
expectedResourceServer.Identifier = nil // Read-Only: Additional properties not allowed.
expectedResourceServer.SigningSecret = nil

expectedResourceServer.TokenDialect = auth0.String("rfc9068_profile_authz")
expectedResourceServer.EnforcePolicies = auth0.Bool(true)

err := api.ResourceServer.Update(context.Background(), resourceServerID, expectedResourceServer)
assert.NoError(t, err)
assert.Equal(t, expectedResourceServer.GetTokenDialect(), "rfc9068_profile_authz")
assert.Equal(t, expectedResourceServer.GetEnforcePolicies(), true)
})

t.Run("When_TokenDialect_is_access_token_should_succeed", func(t *testing.T) {
configureHTTPTestRecordings(t)
expectedResourceServer := givenAResourceServer(t)

resourceServerID := expectedResourceServer.GetID()

expectedResourceServer.ID = nil // Read-Only: Additional properties not allowed.
expectedResourceServer.Identifier = nil // Read-Only: Additional properties not allowed.
expectedResourceServer.SigningSecret = nil

expectedResourceServer.TokenDialect = auth0.String("access_token")
expectedResourceServer.EnforcePolicies = auth0.Bool(false)

err := api.ResourceServer.Update(context.Background(), resourceServerID, expectedResourceServer)
assert.NoError(t, err)
assert.Equal(t, expectedResourceServer.GetTokenDialect(), "access_token")
assert.Equal(t, expectedResourceServer.GetEnforcePolicies(), false)
})
}

func TestResourceServer_Delete(t *testing.T) {
Expand Down Expand Up @@ -117,6 +201,8 @@ func givenAResourceServer(t *testing.T) *ResourceServer {
SigningAlgorithm: auth0.String("HS256"),
TokenLifetime: auth0.Int(7200),
TokenLifetimeForWeb: auth0.Int(3600),
TokenDialect: auth0.String("access_token"),
EnforcePolicies: auth0.Bool(false),
Scopes: &[]ResourceServerScope{
{
Value: auth0.String("create:resource"),
Expand Down
18 changes: 9 additions & 9 deletions test/data/recordings/TestResourceServer_Create.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,20 +6,20 @@ interactions:
proto: HTTP/1.1
proto_major: 1
proto_minor: 1
content_length: 239
content_length: 303
transfer_encoding: []
trailer: {}
host: go-auth0-dev.eu.auth0.com
remote_addr: ""
request_uri: ""
body: |
{"name":"Test Resource Server (Jan 25 18:49:46.683)","identifier":"https://api.example.com/","scopes":[{"value":"create:resource","description":"Create Resource"}],"signing_alg":"HS256","token_lifetime":7200,"token_lifetime_for_web":3600}
{"name":"Test Resource Server (Jun 11 18:23:31.182)","identifier":"https://api.example.com/","scopes":[{"value":"create:resource","description":"Create Resource"}],"signing_alg":"HS256","token_lifetime":7200,"token_lifetime_for_web":3600,"enforce_policies":true,"token_dialect":"rfc9068_profile_authz"}
form: {}
headers:
Content-Type:
- application/json
User-Agent:
- Go-Auth0-SDK/latest
- Go-Auth0/1.6.0
url: https://go-auth0-dev.eu.auth0.com/api/v2/resource-servers
method: POST
response:
Expand All @@ -28,15 +28,15 @@ interactions:
proto_minor: 0
transfer_encoding: []
trailer: {}
content_length: 407
content_length: 471
uncompressed: false
body: '{"id":"63d16bba207a38efeafd7ad8","name":"Test Resource Server (Jan 25 18:49:46.683)","identifier":"https://api.example.com/","scopes":[{"value":"create:resource","description":"Create Resource"}],"signing_alg":"HS256","allow_offline_access":false,"token_lifetime":7200,"token_lifetime_for_web":3600,"skip_consent_for_verifiable_first_party_clients":false}'
body: '{"id":"666848cb019f67554fa3c298","name":"Test Resource Server (Jun 11 18:23:31.182)","identifier":"https://api.example.com/","scopes":[{"value":"create:resource","description":"Create Resource"}],"signing_alg":"HS256","allow_offline_access":false,"token_lifetime":7200,"token_lifetime_for_web":3600,"skip_consent_for_verifiable_first_party_clients":false,"enforce_policies":true,"token_dialect":"rfc9068_profile_authz"}'
headers:
Content-Type:
- application/json; charset=utf-8
status: 201 Created
code: 201
duration: 122.111125ms
duration: 675.655583ms
- id: 1
request:
proto: HTTP/1.1
Expand All @@ -54,8 +54,8 @@ interactions:
Content-Type:
- application/json
User-Agent:
- Go-Auth0-SDK/latest
url: https://go-auth0-dev.eu.auth0.com/api/v2/resource-servers/63d16bba207a38efeafd7ad8
- Go-Auth0/1.6.0
url: https://go-auth0-dev.eu.auth0.com/api/v2/resource-servers/666848cb019f67554fa3c298
method: DELETE
response:
proto: HTTP/2.0
Expand All @@ -71,4 +71,4 @@ interactions:
- application/json; charset=utf-8
status: 204 No Content
code: 204
duration: 177.992ms
duration: 377.692875ms
35 changes: 17 additions & 18 deletions test/data/recordings/TestResourceServer_Delete.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,20 +6,20 @@ interactions:
proto: HTTP/1.1
proto_major: 1
proto_minor: 1
content_length: 239
content_length: 295
transfer_encoding: []
trailer: {}
host: go-auth0-dev.eu.auth0.com
remote_addr: ""
request_uri: ""
body: |
{"name":"Test Resource Server (Jan 25 18:49:47.811)","identifier":"https://api.example.com/","scopes":[{"value":"create:resource","description":"Create Resource"}],"signing_alg":"HS256","token_lifetime":7200,"token_lifetime_for_web":3600}
{"name":"Test Resource Server (Jun 11 18:23:34.193)","identifier":"https://api.example.com/","scopes":[{"value":"create:resource","description":"Create Resource"}],"signing_alg":"HS256","token_lifetime":7200,"token_lifetime_for_web":3600,"enforce_policies":false,"token_dialect":"access_token"}
form: {}
headers:
Content-Type:
- application/json
User-Agent:
- Go-Auth0-SDK/latest
- Go-Auth0/1.6.0
url: https://go-auth0-dev.eu.auth0.com/api/v2/resource-servers
method: POST
response:
Expand All @@ -28,15 +28,15 @@ interactions:
proto_minor: 0
transfer_encoding: []
trailer: {}
content_length: 407
content_length: 463
uncompressed: false
body: '{"id":"63d16bbca3bf4713e249e733","name":"Test Resource Server (Jan 25 18:49:47.811)","identifier":"https://api.example.com/","scopes":[{"value":"create:resource","description":"Create Resource"}],"signing_alg":"HS256","allow_offline_access":false,"token_lifetime":7200,"token_lifetime_for_web":3600,"skip_consent_for_verifiable_first_party_clients":false}'
body: '{"id":"666848ce019f67554fa3c2a1","name":"Test Resource Server (Jun 11 18:23:34.193)","identifier":"https://api.example.com/","scopes":[{"value":"create:resource","description":"Create Resource"}],"signing_alg":"HS256","allow_offline_access":false,"token_lifetime":7200,"token_lifetime_for_web":3600,"skip_consent_for_verifiable_first_party_clients":false,"enforce_policies":false,"token_dialect":"access_token"}'
headers:
Content-Type:
- application/json; charset=utf-8
status: 201 Created
code: 201
duration: 178.781875ms
duration: 299.760792ms
- id: 1
request:
proto: HTTP/1.1
Expand All @@ -54,8 +54,8 @@ interactions:
Content-Type:
- application/json
User-Agent:
- Go-Auth0-SDK/latest
url: https://go-auth0-dev.eu.auth0.com/api/v2/resource-servers/63d16bbca3bf4713e249e733
- Go-Auth0/1.6.0
url: https://go-auth0-dev.eu.auth0.com/api/v2/resource-servers/666848ce019f67554fa3c2a1
method: DELETE
response:
proto: HTTP/2.0
Expand All @@ -71,27 +71,26 @@ interactions:
- application/json; charset=utf-8
status: 204 No Content
code: 204
duration: 152.950333ms
duration: 377.525834ms
- id: 2
request:
proto: HTTP/1.1
proto_major: 1
proto_minor: 1
content_length: 5
content_length: 0
transfer_encoding: []
trailer: {}
host: go-auth0-dev.eu.auth0.com
remote_addr: ""
request_uri: ""
body: |
null
body: ""
form: {}
headers:
Content-Type:
- application/json
User-Agent:
- Go-Auth0-SDK/latest
url: https://go-auth0-dev.eu.auth0.com/api/v2/resource-servers/63d16bbca3bf4713e249e733
- Go-Auth0/1.6.0
url: https://go-auth0-dev.eu.auth0.com/api/v2/resource-servers/666848ce019f67554fa3c2a1
method: GET
response:
proto: HTTP/2.0
Expand All @@ -107,7 +106,7 @@ interactions:
- application/json; charset=utf-8
status: 404 Not Found
code: 404
duration: 97.4345ms
duration: 276.600375ms
- id: 3
request:
proto: HTTP/1.1
Expand All @@ -125,8 +124,8 @@ interactions:
Content-Type:
- application/json
User-Agent:
- Go-Auth0-SDK/latest
url: https://go-auth0-dev.eu.auth0.com/api/v2/resource-servers/63d16bbca3bf4713e249e733
- Go-Auth0/1.6.0
url: https://go-auth0-dev.eu.auth0.com/api/v2/resource-servers/666848ce019f67554fa3c2a1
method: DELETE
response:
proto: HTTP/2.0
Expand All @@ -142,4 +141,4 @@ interactions:
- application/json; charset=utf-8
status: 204 No Content
code: 204
duration: 111.92575ms
duration: 303.999208ms
Loading