Skip to content

Missing Test Verification for Automatic OIDC Access Token Refreshing and JWT Expiration Claim Parsing#487

Open
aniket866 wants to merge 1 commit into
microcks:masterfrom
aniket866:fix/Automatic-OIDC-Access-Token
Open

Missing Test Verification for Automatic OIDC Access Token Refreshing and JWT Expiration Claim Parsing#487
aniket866 wants to merge 1 commit into
microcks:masterfrom
aniket866:fix/Automatic-OIDC-Access-Token

Conversation

@aniket866

Copy link
Copy Markdown
Contributor

Describe the bug

  • Location: pkg/connectors/microcks_client.go -> refreshAuthToken

  • Detailed Description:
    When you run the CLI for a long time (like keeping it active in the background), the security token it got when you logged in will eventually expire. To prevent commands from failing, we have code that reads the cached security token, parses it to see when it expires, and automatically requests a new one from the server if it's running out of time.

    Currently, we have zero tests checking this check-and-refresh logic. If a bug is introduced here, the CLI will suddenly stop working after a while and throw unauthorized errors (like HTTP 401) out of nowhere. We need to make sure the token checks are accurate and that the refresh requests are triggered correctly.

  • Test Requirements:

    • Verify that a valid, fresh token does not trigger a refresh.
    • Verify that a token close to expiry or already expired triggers the refresh server call.
    • Check that the CLI successfully updates the local configuration file with the new token.
    • Make sure the CLI handles cases where the refresh token itself has expired and tells the user to log in again.

Simulation Diagram

sequenceDiagram
    autonumber
    actor Test as Test Runner
    participant MC as microcksClient
    participant mockKC as Mock Keycloak Server (httptest)

    Test->>MC: Trigger refreshAuthToken() with Expired JWT
    activate MC
    MC->>MC: Parse JWT Claims & Detect Expiration (exp <= now)
    Note over MC: Expiration detected. Initiating refresh flow...
    MC->>mockKC: POST /protocol/openid-connect/token (refresh_token grant)
    activate mockKC
    mockKC-->>MC: HTTP 200 OK (New Auth & Refresh Tokens)
    deactivate mockKC
    MC->>MC: Save new tokens to localconfig YAML file
    MC-->>Test: Success (Token Refreshed)
    deactivate MC
Loading

Closes #486

Signed-off-by: aniket866 <iamaniketkumarmaner@gmail.com>
@Harsh4902

Copy link
Copy Markdown
Member

Hey @aniket866, is this a fix? As I am not able to see any actual code changes. I can only see a test file. Correct me if I am missing any context.

@aniket866 aniket866 changed the title Missing Verification for Automatic OIDC Access Token Refreshing and JWT Expiration Claim Parsing TEST: Missing Verification for Automatic OIDC Access Token Refreshing and JWT Expiration Claim Parsing Jun 30, 2026
@aniket866 aniket866 changed the title TEST: Missing Verification for Automatic OIDC Access Token Refreshing and JWT Expiration Claim Parsing Missing Test Verification for Automatic OIDC Access Token Refreshing and JWT Expiration Claim Parsing Jun 30, 2026
@aniket866

Copy link
Copy Markdown
Contributor Author

Hey @aniket866, is this a fix? As I am not able to see any actual code changes. I can only see a test file. Correct me if I am missing any context.

hi @Harsh4902 sorry I forgot to mention that this fix only includes missing tests here is the explainations:

Before this change, there was zero test coverage for the CLI's token refresh mechanism. If a developer accidentally introduced a bug in refreshAuthToken (for example, breaking how the JWT is parsed or how the new token is saved), all existing tests would still pass, but users in production would suddenly experience crashes or 401 Unauthorized errors after a few hours when their tokens expired.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Missing Verification for Automatic OIDC Access Token Refreshing and JWT Expiration Claim Parsing

2 participants