use cts_common::Crn;
use crate::{SecretToken, Token};
pub(crate) fn raw_token(access_token: &str) -> Token {
Token {
access_token: SecretToken::new(access_token),
token_type: "Bearer".to_string(),
expires_at: u64::MAX,
refresh_token: Some(SecretToken::new("refresh-token")),
region: None,
client_id: None,
device_instance_id: None,
}
}
pub(crate) fn jwt_token(claims: serde_json::Value) -> Token {
use jsonwebtoken::{encode, EncodingKey, Header};
let jwt = encode(
&Header::default(),
&claims,
&EncodingKey::from_secret(b"test-secret"),
)
.expect("encode JWT");
raw_token(&jwt)
}
pub(crate) fn claims_with_workspace(workspace: &str) -> serde_json::Value {
serde_json::json!({
"workspace": workspace,
"iss": "https://cts.example.com",
"sub": "user-123",
"aud": "https://cts.example.com",
"iat": 1_700_000_000u64,
"exp": 1_700_003_600u64,
"scope": "dataset:create",
})
}
pub(crate) fn crn_with_workspace(workspace: &str) -> Crn {
format!("crn:ap-southeast-2.aws:{workspace}")
.parse()
.expect("test CRN parses")
}
pub(crate) fn jwt_with_workspace(workspace: &str) -> String {
use jsonwebtoken::{encode, EncodingKey, Header};
use std::time::{SystemTime, UNIX_EPOCH};
let now = SystemTime::now()
.duration_since(UNIX_EPOCH)
.expect("system clock")
.as_secs();
let claims = serde_json::json!({
"iss": "https://cts.example.com/",
"sub": "CS|test-principal",
"aud": "test-audience",
"iat": now,
"exp": now + 3600,
"workspace": workspace,
"scope": "",
});
encode(
&Header::default(),
&claims,
&EncodingKey::from_secret(b"test-secret"),
)
.expect("JWT encode")
}