jwt-verify 0.1.0

JWT verification library for AWS Cognito tokens and any OIDC-compatible IDP
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77

#[cfg(test)]
mod tests {
    use crate::common::error::JwtError;
    // use crate::common::token::TokenParser;
    use crate::cognito::token::CognitoTokenParser as TokenParser;
    use base64::Engine;

    // Helper function to create a test token
    fn create_test_token(header: &str, payload: &str, signature: &str) -> String {
        format!("{}.{}.{}", header, payload, signature)
    }

    // Helper function to create a base64 encoded string
    fn base64_encode(data: &str) -> String {
        base64::engine::general_purpose::URL_SAFE_NO_PAD.encode(data)
    }

    #[test]
    fn test_parse_token_payload() {
        // Create a test token with valid payload
        let header = base64_encode(r#"{"alg":"RS256","kid":"test-key-id"}"#);
        let payload = base64_encode(
            r#"{"iss":"https://example.com","token_use":"id","client_id":"client123","exp":4070908800}"#,
        );
        let token = create_test_token(&header, &payload, "signature");

        let result = TokenParser::parse_token_payload(&token);
        assert!(result.is_ok());

        let payload = result.unwrap();
        assert_eq!(payload.iss, "https://example.com");
        assert_eq!(payload.token_use, Some("id".to_string()));
        assert_eq!(payload.client_id, Some("client123".to_string()));
        assert_eq!(payload.exp, Some(4070908800));
    }

    #[test]
    fn test_parse_token_payload_empty_token() {
        let result = TokenParser::parse_token_payload("");
        assert!(result.is_err());
        assert!(matches!(result.unwrap_err(), JwtError::MissingToken));
    }

    #[test]
    fn test_parse_token_payload_invalid_format() {
        // Token with only one part
        let result = TokenParser::parse_token_payload("header");
        assert!(result.is_err());
        assert!(matches!(result.unwrap_err(), JwtError::ParseError { .. }));

        // Token with two parts
        let result = TokenParser::parse_token_payload("header.payload");
        assert!(result.is_err());
        assert!(matches!(result.unwrap_err(), JwtError::ParseError { .. }));
    }

    #[test]
    fn test_parse_token_payload_invalid_base64() {
        // Invalid base64 in payload
        let header = base64_encode(r#"{"alg":"RS256","kid":"test-key-id"}"#);
        let token = create_test_token(&header, "invalid!base64", "signature");
        let result = TokenParser::parse_token_payload(&token);
        assert!(result.is_err());
        assert!(matches!(result.unwrap_err(), JwtError::ParseError { .. }));
    }

    #[test]
    fn test_parse_token_payload_invalid_json() {
        // Invalid JSON in payload
        let header = base64_encode(r#"{"alg":"RS256","kid":"test-key-id"}"#);
        let payload = base64_encode("not json");
        let token = create_test_token(&header, &payload, "signature");
        let result = TokenParser::parse_token_payload(&token);
        assert!(result.is_err());
        assert!(matches!(result.unwrap_err(), JwtError::ParseError { .. }));
    }
}