Skip to content

Commit

Permalink
docs: Update TokenDialect option details in go-auth0 documentation (#414
Browse files Browse the repository at this point in the history 
)
  • Loading branch information
@developerkunal
developerkunal authored Jun 11, 2024
1 parent 7221b14 commit 208065f
Show file tree
Hide file tree
Showing 11 changed files with 606 additions and 74 deletions.
11 changes: 10 additions & 1 deletion management/resource_server.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,16 @@ type ResourceServer struct {
// Enables the enforcement of the authorization policies.
EnforcePolicies *bool `json:"enforce_policies,omitempty"`

// The dialect for the access token ["access_token" or "access_token_authz"].
// TokenDialect specifies the dialect of access tokens that should be issued for this resource server.
//
// Available options:
// - "access_token": A JWT containing standard Auth0 claims.
// - "rfc9068_profile": A JWT conforming to the IETF JWT Access Token Profile.
// - "access_token_authz": A JWT containing standard Auth0 claims, including RBAC permissions claims.
// - "rfc9068_profile_authz": A JWT conforming to the IETF JWT Access Token Profile, including RBAC permissions claims.
//
// Note: RBAC permissions claims are available if RBAC (enforce_policies) is enabled for this API."
// For more details, see the Access Token Profiles documentation : https://auth0.com/docs/secure/tokens/access-tokens/access-token-profiles.
TokenDialect *string `json:"token_dialect,omitempty"`
}

Expand Down
86 changes: 86 additions & 0 deletions management/resource_server_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,8 @@ func TestResourceServer_Create(t *testing.T) {
Description: auth0.String("Create Resource"),
},
},
EnforcePolicies: auth0.Bool(true),
TokenDialect: auth0.String("rfc9068_profile_authz"),
}

err := api.ResourceServer.Create(context.Background(), expectedResourceServer)
Expand Down Expand Up @@ -70,6 +72,8 @@ func TestResourceServer_Update(t *testing.T) {
Description: auth0.String("Update Resource"),
})
expectedResourceServer.Scopes = &scopes
expectedResourceServer.EnforcePolicies = auth0.Bool(true)
expectedResourceServer.TokenDialect = auth0.String("access_token_authz")

err := api.ResourceServer.Update(context.Background(), resourceServerID, expectedResourceServer)

Expand All @@ -80,6 +84,86 @@ func TestResourceServer_Update(t *testing.T) {
assert.Equal(t, expectedResourceServer.GetTokenLifetime(), 7200)
assert.Equal(t, expectedResourceServer.GetTokenLifetimeForWeb(), 5400)
assert.Equal(t, len(expectedResourceServer.GetScopes()), 2)
assert.Equal(t, expectedResourceServer.GetTokenDialect(), "access_token_authz")
assert.Equal(t, expectedResourceServer.GetEnforcePolicies(), true)
}

func TestResourceServer_TokenDialect(t *testing.T) {
t.Run("When_TokenDialect_is_rfc9068_profile_should_succeed", func(t *testing.T) {
configureHTTPTestRecordings(t)
expectedResourceServer := givenAResourceServer(t)

resourceServerID := expectedResourceServer.GetID()

expectedResourceServer.ID = nil // Read-Only: Additional properties not allowed.
expectedResourceServer.Identifier = nil // Read-Only: Additional properties not allowed.
expectedResourceServer.SigningSecret = nil

expectedResourceServer.TokenDialect = auth0.String("rfc9068_profile")
expectedResourceServer.EnforcePolicies = auth0.Bool(false)

err := api.ResourceServer.Update(context.Background(), resourceServerID, expectedResourceServer)
assert.NoError(t, err)
assert.Equal(t, expectedResourceServer.GetTokenDialect(), "rfc9068_profile")
assert.Equal(t, expectedResourceServer.GetEnforcePolicies(), false)
})

t.Run("When_TokenDialect_is_access_token_authz_and_RBAC_enabled_should_succeed", func(t *testing.T) {
configureHTTPTestRecordings(t)
expectedResourceServer := givenAResourceServer(t)

resourceServerID := expectedResourceServer.GetID()

expectedResourceServer.ID = nil // Read-Only: Additional properties not allowed.
expectedResourceServer.Identifier = nil // Read-Only: Additional properties not allowed.
expectedResourceServer.SigningSecret = nil

expectedResourceServer.TokenDialect = auth0.String("access_token_authz")
expectedResourceServer.EnforcePolicies = auth0.Bool(true)

err := api.ResourceServer.Update(context.Background(), resourceServerID, expectedResourceServer)
assert.NoError(t, err)
assert.Equal(t, expectedResourceServer.GetTokenDialect(), "access_token_authz")
assert.Equal(t, expectedResourceServer.GetEnforcePolicies(), true)
})

t.Run("When_TokenDialect_is_rfc9068_profile_authz_and_RBAC_enabled_should_succeed", func(t *testing.T) {
configureHTTPTestRecordings(t)
expectedResourceServer := givenAResourceServer(t)

resourceServerID := expectedResourceServer.GetID()

expectedResourceServer.ID = nil // Read-Only: Additional properties not allowed.
expectedResourceServer.Identifier = nil // Read-Only: Additional properties not allowed.
expectedResourceServer.SigningSecret = nil

expectedResourceServer.TokenDialect = auth0.String("rfc9068_profile_authz")
expectedResourceServer.EnforcePolicies = auth0.Bool(true)

err := api.ResourceServer.Update(context.Background(), resourceServerID, expectedResourceServer)
assert.NoError(t, err)
assert.Equal(t, expectedResourceServer.GetTokenDialect(), "rfc9068_profile_authz")
assert.Equal(t, expectedResourceServer.GetEnforcePolicies(), true)
})

t.Run("When_TokenDialect_is_access_token_should_succeed", func(t *testing.T) {
configureHTTPTestRecordings(t)
expectedResourceServer := givenAResourceServer(t)

resourceServerID := expectedResourceServer.GetID()

expectedResourceServer.ID = nil // Read-Only: Additional properties not allowed.
expectedResourceServer.Identifier = nil // Read-Only: Additional properties not allowed.
expectedResourceServer.SigningSecret = nil

expectedResourceServer.TokenDialect = auth0.String("access_token")
expectedResourceServer.EnforcePolicies = auth0.Bool(false)

err := api.ResourceServer.Update(context.Background(), resourceServerID, expectedResourceServer)
assert.NoError(t, err)
assert.Equal(t, expectedResourceServer.GetTokenDialect(), "access_token")
assert.Equal(t, expectedResourceServer.GetEnforcePolicies(), false)
})
}

func TestResourceServer_Delete(t *testing.T) {
Expand Down Expand Up @@ -117,6 +201,8 @@ func givenAResourceServer(t *testing.T) *ResourceServer {
SigningAlgorithm: auth0.String("HS256"),
TokenLifetime: auth0.Int(7200),
TokenLifetimeForWeb: auth0.Int(3600),
TokenDialect: auth0.String("access_token"),
EnforcePolicies: auth0.Bool(false),
Scopes: &[]ResourceServerScope{
{
Value: auth0.String("create:resource"),
Expand Down
18 changes: 9 additions & 9 deletions test/data/recordings/TestResourceServer_Create.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,20 +6,20 @@ interactions:
proto: HTTP/1.1
proto_major: 1
proto_minor: 1
content_length: 239
content_length: 303
transfer_encoding: []
trailer: {}
host: go-auth0-dev.eu.auth0.com
remote_addr: ""
request_uri: ""
body: |
{"name":"Test Resource Server (Jan 25 18:49:46.683)","identifier":"https://api.example.com/","scopes":[{"value":"create:resource","description":"Create Resource"}],"signing_alg":"HS256","token_lifetime":7200,"token_lifetime_for_web":3600}
{"name":"Test Resource Server (Jun 11 18:23:31.182)","identifier":"https://api.example.com/","scopes":[{"value":"create:resource","description":"Create Resource"}],"signing_alg":"HS256","token_lifetime":7200,"token_lifetime_for_web":3600,"enforce_policies":true,"token_dialect":"rfc9068_profile_authz"}
form: {}
headers:
Content-Type:
- application/json
User-Agent:
- Go-Auth0-SDK/latest
- Go-Auth0/1.6.0
url: https://go-auth0-dev.eu.auth0.com/api/v2/resource-servers
method: POST
response:
Expand All @@ -28,15 +28,15 @@ interactions:
proto_minor: 0
transfer_encoding: []
trailer: {}
content_length: 407
content_length: 471
uncompressed: false
body: '{"id":"63d16bba207a38efeafd7ad8","name":"Test Resource Server (Jan 25 18:49:46.683)","identifier":"https://api.example.com/","scopes":[{"value":"create:resource","description":"Create Resource"}],"signing_alg":"HS256","allow_offline_access":false,"token_lifetime":7200,"token_lifetime_for_web":3600,"skip_consent_for_verifiable_first_party_clients":false}'
body: '{"id":"666848cb019f67554fa3c298","name":"Test Resource Server (Jun 11 18:23:31.182)","identifier":"https://api.example.com/","scopes":[{"value":"create:resource","description":"Create Resource"}],"signing_alg":"HS256","allow_offline_access":false,"token_lifetime":7200,"token_lifetime_for_web":3600,"skip_consent_for_verifiable_first_party_clients":false,"enforce_policies":true,"token_dialect":"rfc9068_profile_authz"}'
headers:
Content-Type:
- application/json; charset=utf-8
status: 201 Created
code: 201
duration: 122.111125ms
duration: 675.655583ms
- id: 1
request:
proto: HTTP/1.1
Expand All @@ -54,8 +54,8 @@ interactions:
Content-Type:
- application/json
User-Agent:
- Go-Auth0-SDK/latest
url: https://go-auth0-dev.eu.auth0.com/api/v2/resource-servers/63d16bba207a38efeafd7ad8
- Go-Auth0/1.6.0
url: https://go-auth0-dev.eu.auth0.com/api/v2/resource-servers/666848cb019f67554fa3c298
method: DELETE
response:
proto: HTTP/2.0
Expand All @@ -71,4 +71,4 @@ interactions:
- application/json; charset=utf-8
status: 204 No Content
code: 204
duration: 177.992ms
duration: 377.692875ms
35 changes: 17 additions & 18 deletions test/data/recordings/TestResourceServer_Delete.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,20 +6,20 @@ interactions:
proto: HTTP/1.1
proto_major: 1
proto_minor: 1
content_length: 239
content_length: 295
transfer_encoding: []
trailer: {}
host: go-auth0-dev.eu.auth0.com
remote_addr: ""
request_uri: ""
body: |
{"name":"Test Resource Server (Jan 25 18:49:47.811)","identifier":"https://api.example.com/","scopes":[{"value":"create:resource","description":"Create Resource"}],"signing_alg":"HS256","token_lifetime":7200,"token_lifetime_for_web":3600}
{"name":"Test Resource Server (Jun 11 18:23:34.193)","identifier":"https://api.example.com/","scopes":[{"value":"create:resource","description":"Create Resource"}],"signing_alg":"HS256","token_lifetime":7200,"token_lifetime_for_web":3600,"enforce_policies":false,"token_dialect":"access_token"}
form: {}
headers:
Content-Type:
- application/json
User-Agent:
- Go-Auth0-SDK/latest
- Go-Auth0/1.6.0
url: https://go-auth0-dev.eu.auth0.com/api/v2/resource-servers
method: POST
response:
Expand All @@ -28,15 +28,15 @@ interactions:
proto_minor: 0
transfer_encoding: []
trailer: {}
content_length: 407
content_length: 463
uncompressed: false
body: '{"id":"63d16bbca3bf4713e249e733","name":"Test Resource Server (Jan 25 18:49:47.811)","identifier":"https://api.example.com/","scopes":[{"value":"create:resource","description":"Create Resource"}],"signing_alg":"HS256","allow_offline_access":false,"token_lifetime":7200,"token_lifetime_for_web":3600,"skip_consent_for_verifiable_first_party_clients":false}'
body: '{"id":"666848ce019f67554fa3c2a1","name":"Test Resource Server (Jun 11 18:23:34.193)","identifier":"https://api.example.com/","scopes":[{"value":"create:resource","description":"Create Resource"}],"signing_alg":"HS256","allow_offline_access":false,"token_lifetime":7200,"token_lifetime_for_web":3600,"skip_consent_for_verifiable_first_party_clients":false,"enforce_policies":false,"token_dialect":"access_token"}'
headers:
Content-Type:
- application/json; charset=utf-8
status: 201 Created
code: 201
duration: 178.781875ms
duration: 299.760792ms
- id: 1
request:
proto: HTTP/1.1
Expand All @@ -54,8 +54,8 @@ interactions:
Content-Type:
- application/json
User-Agent:
- Go-Auth0-SDK/latest
url: https://go-auth0-dev.eu.auth0.com/api/v2/resource-servers/63d16bbca3bf4713e249e733
- Go-Auth0/1.6.0
url: https://go-auth0-dev.eu.auth0.com/api/v2/resource-servers/666848ce019f67554fa3c2a1
method: DELETE
response:
proto: HTTP/2.0
Expand All @@ -71,27 +71,26 @@ interactions:
- application/json; charset=utf-8
status: 204 No Content
code: 204
duration: 152.950333ms
duration: 377.525834ms
- id: 2
request:
proto: HTTP/1.1
proto_major: 1
proto_minor: 1
content_length: 5
content_length: 0
transfer_encoding: []
trailer: {}
host: go-auth0-dev.eu.auth0.com
remote_addr: ""
request_uri: ""
body: |
null
body: ""
form: {}
headers:
Content-Type:
- application/json
User-Agent:
- Go-Auth0-SDK/latest
url: https://go-auth0-dev.eu.auth0.com/api/v2/resource-servers/63d16bbca3bf4713e249e733
- Go-Auth0/1.6.0
url: https://go-auth0-dev.eu.auth0.com/api/v2/resource-servers/666848ce019f67554fa3c2a1
method: GET
response:
proto: HTTP/2.0
Expand All @@ -107,7 +106,7 @@ interactions:
- application/json; charset=utf-8
status: 404 Not Found
code: 404
duration: 97.4345ms
duration: 276.600375ms
- id: 3
request:
proto: HTTP/1.1
Expand All @@ -125,8 +124,8 @@ interactions:
Content-Type:
- application/json
User-Agent:
- Go-Auth0-SDK/latest
url: https://go-auth0-dev.eu.auth0.com/api/v2/resource-servers/63d16bbca3bf4713e249e733
- Go-Auth0/1.6.0
url: https://go-auth0-dev.eu.auth0.com/api/v2/resource-servers/666848ce019f67554fa3c2a1
method: DELETE
response:
proto: HTTP/2.0
Expand All @@ -142,4 +141,4 @@ interactions:
- application/json; charset=utf-8
status: 204 No Content
code: 204
duration: 111.92575ms
duration: 303.999208ms
Loading

0 comments on commit 208065f

Please sign in to comment.