进行测试以验证 connect2id 给出 "invalid_client" 错误
Go test to validate connect2id gives "invalid_client" error
我正在尝试使用 Go 测试验证 Connect2id 设置,但出现以下错误。
"Client authentication failed: Missing client authentication","error":"invalid_client"
完整的场景输出如下所示。
Feature: Test Identity Provider
Scenario: # features/idp.feature:3
Given identity provider 'hf1-idp.json' # main_test.go:72 -> *Scaffold
When I request an access token as 'cc_test' # main_test.go:83 -> *Scaffold
oauth2: cannot fetch token: 401 Unauthorized
Response: {"error_description":"Client authentication failed: Missing client authentication","error":"invalid_client"}
Then the token should have a claim 'scope' # main_test.go:92 -> *Scaffold
And the token should have a claim 'sub' with value 'dips-mra' # main_test.go:106 -> *Scaffold
And the token should have a claim 'hso:userid' with value 'dips-mra' # main_test.go:106 -> *Scaffold
我的 hf1-idp.json 文件如下所示。
{
"kind": "PING",
"issuer": "https://my.issuer.com/c2id",
"insecure": true,
"clients": {
"cc_test": {
"flow": "clientcredentials",
"id": "clientId",
"secret": "",
"scopes": ["openid", "solr"],
"values": {
"resource": ["https://my.solrnode1.com/solr/", "https://my.solrnode2.com/solr/"]
}
},
Connect2id 在设置环境中工作正常。例如,当我 运行 遵循具有正确值
的 Curl 命令时,我得到了预期的结果
curl -k -s -H "Content-Type: application/json" -XPOST https://my.issuer.com/c2id/direct-authz/rest/v2 \
-H "Authorization: Bearer ztucBearerToken" \
-d '{
"sub_session" : { "sub" : "alice" },
"client_id" : "clientId",
"scope" : [ "openid", "solr" ],
"claims" : [ "name", "email", "email_verified", "access_token:hso:subject:system", "access_token:hso:subject:id", "access_token:hso:subject:name", "access_token:hso:subject:role:system", "access_token:hso:subject:role:id", "access_token:hso:subject:role:name", "access_token:hso:subject:organization:system", "access_token:hso:subject:organization:id", "access_token:hso:subject:organization:name", "access_token:hso:subject:organization:child-organization:system", "access_token:hso:subject:organization:child-organization:id", "access_token:hso:subject:organization:child-organization:name", "access_token:hso:purpose:system", "access_token:hso:purpose:id", "access_token:hso:purpose:description", "access_token:hso:resource:system", "access_token:hso:resource:id" ]
}'
更新了以下代码
main_test.go
func (sc *Scaffold) readIdentityProvider(filename string) error {
idp, err := idp.ReadIdentityProvider(context.Background(), "testdata/"+filename)
// More code goes here
}
provider.go
func ReadIdentityProvider(ctx context.Context, filename string) (*IdentityProvider, error) {
config, err := readIdentityProvider(filename)
if err != nil {
return nil, err
}
return NewIdentityProvider(ctx, config)
}
func NewIdentityProvider(ctx context.Context, config *Config) (*IdentityProvider, error) {
ctx = context.WithValue(ctx, oauth2.HTTPClient, &http.Client{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: config.Insecure,
},
},
})
provider, err := oidc.NewProvider(ctx, config.Issuer)
// More code goes here
}
oidc.go
func NewProvider(ctx context.Context, issuer string) (*Provider, error) {
wellKnown := strings.TrimSuffix(issuer, "/") + "/direct-authz/rest/v2"
req, err := http.NewRequest("POST", wellKnown, nil)
if err != nil {
return nil, err
}
resp, err := doRequest(ctx, req) // Herer I get 401 Unauthorized
if err != nil {
return nil, err
}
// More code goes here
}
您在请求中缺少 Bearer 令牌。 (https://connect2id.com/products/server/docs/integration/direct-authz#error-401)
当您卷曲时,您使用 -H 参数添加授权承载令牌
-H "Authorization: Bearer ztucBearerToken"
您需要在您的 Go 应用程序中执行相同的操作。
func NewProvider(ctx context.Context, issuer string) (*Provider, error) {
wellKnown := strings.TrimSuffix(issuer, "/") + "/direct-authz/rest/v2"
req, err := http.NewRequest("POST", wellKnown, nil)
bearer := "Bearer ztucBearerToken"
req.Header.Add("Authorization", bearer)
if err != nil {
return nil, err
}
resp, err := doRequest(ctx, req) // Herer I get 401 Unauthorized
if err != nil {
return nil, err
}
// More code goes here
}
一些支持性的事实
类似的 SO 讨论 here。
摆脱
400 Bad Request: {"error_description":"Bad request: Invalid JSON:
Unexpected token at position 0.","error":"invalid_request"}
您需要做的是传递必要的请求正文,如下所示。
req, err := http.NewRequest("POST", wellKnown, bytes.NewBuffer(bytesRepresentation))
有关更多信息,请访问与 net/http
相关的 Golang 文档
我正在尝试使用 Go 测试验证 Connect2id 设置,但出现以下错误。
"Client authentication failed: Missing client authentication","error":"invalid_client"
完整的场景输出如下所示。
Feature: Test Identity Provider
Scenario: # features/idp.feature:3
Given identity provider 'hf1-idp.json' # main_test.go:72 -> *Scaffold
When I request an access token as 'cc_test' # main_test.go:83 -> *Scaffold
oauth2: cannot fetch token: 401 Unauthorized
Response: {"error_description":"Client authentication failed: Missing client authentication","error":"invalid_client"}
Then the token should have a claim 'scope' # main_test.go:92 -> *Scaffold
And the token should have a claim 'sub' with value 'dips-mra' # main_test.go:106 -> *Scaffold
And the token should have a claim 'hso:userid' with value 'dips-mra' # main_test.go:106 -> *Scaffold
我的 hf1-idp.json 文件如下所示。
{
"kind": "PING",
"issuer": "https://my.issuer.com/c2id",
"insecure": true,
"clients": {
"cc_test": {
"flow": "clientcredentials",
"id": "clientId",
"secret": "",
"scopes": ["openid", "solr"],
"values": {
"resource": ["https://my.solrnode1.com/solr/", "https://my.solrnode2.com/solr/"]
}
},
Connect2id 在设置环境中工作正常。例如,当我 运行 遵循具有正确值
的 Curl 命令时,我得到了预期的结果curl -k -s -H "Content-Type: application/json" -XPOST https://my.issuer.com/c2id/direct-authz/rest/v2 \
-H "Authorization: Bearer ztucBearerToken" \
-d '{
"sub_session" : { "sub" : "alice" },
"client_id" : "clientId",
"scope" : [ "openid", "solr" ],
"claims" : [ "name", "email", "email_verified", "access_token:hso:subject:system", "access_token:hso:subject:id", "access_token:hso:subject:name", "access_token:hso:subject:role:system", "access_token:hso:subject:role:id", "access_token:hso:subject:role:name", "access_token:hso:subject:organization:system", "access_token:hso:subject:organization:id", "access_token:hso:subject:organization:name", "access_token:hso:subject:organization:child-organization:system", "access_token:hso:subject:organization:child-organization:id", "access_token:hso:subject:organization:child-organization:name", "access_token:hso:purpose:system", "access_token:hso:purpose:id", "access_token:hso:purpose:description", "access_token:hso:resource:system", "access_token:hso:resource:id" ]
}'
更新了以下代码
main_test.go
func (sc *Scaffold) readIdentityProvider(filename string) error {
idp, err := idp.ReadIdentityProvider(context.Background(), "testdata/"+filename)
// More code goes here
}
provider.go
func ReadIdentityProvider(ctx context.Context, filename string) (*IdentityProvider, error) {
config, err := readIdentityProvider(filename)
if err != nil {
return nil, err
}
return NewIdentityProvider(ctx, config)
}
func NewIdentityProvider(ctx context.Context, config *Config) (*IdentityProvider, error) {
ctx = context.WithValue(ctx, oauth2.HTTPClient, &http.Client{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: config.Insecure,
},
},
})
provider, err := oidc.NewProvider(ctx, config.Issuer)
// More code goes here
}
oidc.go
func NewProvider(ctx context.Context, issuer string) (*Provider, error) {
wellKnown := strings.TrimSuffix(issuer, "/") + "/direct-authz/rest/v2"
req, err := http.NewRequest("POST", wellKnown, nil)
if err != nil {
return nil, err
}
resp, err := doRequest(ctx, req) // Herer I get 401 Unauthorized
if err != nil {
return nil, err
}
// More code goes here
}
您在请求中缺少 Bearer 令牌。 (https://connect2id.com/products/server/docs/integration/direct-authz#error-401)
当您卷曲时,您使用 -H 参数添加授权承载令牌
-H "Authorization: Bearer ztucBearerToken"
您需要在您的 Go 应用程序中执行相同的操作。
func NewProvider(ctx context.Context, issuer string) (*Provider, error) {
wellKnown := strings.TrimSuffix(issuer, "/") + "/direct-authz/rest/v2"
req, err := http.NewRequest("POST", wellKnown, nil)
bearer := "Bearer ztucBearerToken"
req.Header.Add("Authorization", bearer)
if err != nil {
return nil, err
}
resp, err := doRequest(ctx, req) // Herer I get 401 Unauthorized
if err != nil {
return nil, err
}
// More code goes here
}
一些支持性的事实
类似的 SO 讨论 here。
摆脱
400 Bad Request: {"error_description":"Bad request: Invalid JSON: Unexpected token at position 0.","error":"invalid_request"}
您需要做的是传递必要的请求正文,如下所示。
req, err := http.NewRequest("POST", wellKnown, bytes.NewBuffer(bytesRepresentation))
有关更多信息,请访问与 net/http
相关的 Golang 文档