auth0mock/auth/jwt_test.go

package auth

import (
	"encoding/json"
	"testing"
)

func TestNewJWTService(t *testing.T) {
	service, err := NewJWTService("https://test.example.com/", "https://audience", "https://admin", "https://email")
	if err != nil {
		t.Fatalf("failed to create JWT service: %v", err)
	}

	if service.Issuer() != "https://test.example.com/" {
		t.Errorf("expected issuer https://test.example.com/, got %s", service.Issuer())
	}

	if service.Audience() != "https://audience" {
		t.Errorf("expected audience https://audience, got %s", service.Audience())
	}
}

func TestSignToken(t *testing.T) {
	service, err := NewJWTService("https://test.example.com/", "https://audience", "https://admin", "https://email")
	if err != nil {
		t.Fatalf("failed to create JWT service: %v", err)
	}

	claims := map[string]interface{}{
		"sub": "test-subject",
		"aud": "test-audience",
	}

	token, err := service.SignToken(claims)
	if err != nil {
		t.Fatalf("failed to sign token: %v", err)
	}

	if token == "" {
		t.Error("expected non-empty token")
	}

	// Verify token can be decoded
	decoded, err := service.DecodeToken(token)
	if err != nil {
		t.Fatalf("failed to decode token: %v", err)
	}

	if decoded["sub"] != "test-subject" {
		t.Errorf("expected sub=test-subject, got %v", decoded["sub"])
	}
}

func TestSignAccessToken(t *testing.T) {
	service, err := NewJWTService("https://test.example.com/", "https://audience", "https://admin", "https://email")
	if err != nil {
		t.Fatalf("failed to create JWT service: %v", err)
	}

	customClaims := []map[string]interface{}{
		{"https://admin": true},
	}

	token, err := service.SignAccessToken("auth0|user@example.com", "client-id", "user@example.com", customClaims)
	if err != nil {
		t.Fatalf("failed to sign access token: %v", err)
	}

	decoded, err := service.DecodeToken(token)
	if err != nil {
		t.Fatalf("failed to decode token: %v", err)
	}

	if decoded["sub"] != "auth0|user@example.com" {
		t.Errorf("expected sub=auth0|user@example.com, got %v", decoded["sub"])
	}

	if decoded["https://email"] != "user@example.com" {
		t.Errorf("expected email claim, got %v", decoded["https://email"])
	}
}

func TestSignIDToken(t *testing.T) {
	service, err := NewJWTService("https://test.example.com/", "https://audience", "https://admin", "https://email")
	if err != nil {
		t.Fatalf("failed to create JWT service: %v", err)
	}

	token, err := service.SignIDToken(
		"auth0|user@example.com",
		"client-id",
		"test-nonce",
		"user@example.com",
		"Test User",
		"Test",
		"User",
		"https://example.com/picture.jpg",
		nil,
	)
	if err != nil {
		t.Fatalf("failed to sign ID token: %v", err)
	}

	decoded, err := service.DecodeToken(token)
	if err != nil {
		t.Fatalf("failed to decode token: %v", err)
	}

	if decoded["name"] != "Test User" {
		t.Errorf("expected name=Test User, got %v", decoded["name"])
	}

	if decoded["nonce"] != "test-nonce" {
		t.Errorf("expected nonce=test-nonce, got %v", decoded["nonce"])
	}
}

func TestGetJWKS(t *testing.T) {
	service, err := NewJWTService("https://test.example.com/", "https://audience", "https://admin", "https://email")
	if err != nil {
		t.Fatalf("failed to create JWT service: %v", err)
	}

	jwks, err := service.GetJWKS()
	if err != nil {
		t.Fatalf("failed to get JWKS: %v", err)
	}

	var result map[string]interface{}
	if err := json.Unmarshal(jwks, &result); err != nil {
		t.Fatalf("failed to parse JWKS: %v", err)
	}

	keys, ok := result["keys"].([]interface{})
	if !ok {
		t.Fatal("expected keys array in JWKS")
	}

	if len(keys) != 1 {
		t.Errorf("expected 1 key, got %d", len(keys))
	}

	key := keys[0].(map[string]interface{})
	if key["kty"] != "RSA" {
		t.Errorf("expected kty=RSA, got %v", key["kty"])
	}

	if key["use"] != "sig" {
		t.Errorf("expected use=sig, got %v", key["use"])
	}
}