Missing Test Verification for Automatic OIDC Access Token Refreshing and JWT Expiration Claim Parsing#487
Conversation
Signed-off-by: aniket866 <iamaniketkumarmaner@gmail.com>
|
Hey @aniket866, is this a fix? As I am not able to see any actual code changes. I can only see a test file. Correct me if I am missing any context. |
hi @Harsh4902 sorry I forgot to mention that this fix only includes missing tests here is the explainations: Before this change, there was zero test coverage for the CLI's token refresh mechanism. If a developer accidentally introduced a bug in refreshAuthToken (for example, breaking how the JWT is parsed or how the new token is saved), all existing tests would still pass, but users in production would suddenly experience crashes or 401 Unauthorized errors after a few hours when their tokens expired. |
Describe the bug
Location: pkg/connectors/microcks_client.go ->
refreshAuthTokenDetailed Description:
When you run the CLI for a long time (like keeping it active in the background), the security token it got when you logged in will eventually expire. To prevent commands from failing, we have code that reads the cached security token, parses it to see when it expires, and automatically requests a new one from the server if it's running out of time.
Currently, we have zero tests checking this check-and-refresh logic. If a bug is introduced here, the CLI will suddenly stop working after a while and throw unauthorized errors (like HTTP 401) out of nowhere. We need to make sure the token checks are accurate and that the refresh requests are triggered correctly.
Test Requirements:
Simulation Diagram
sequenceDiagram autonumber actor Test as Test Runner participant MC as microcksClient participant mockKC as Mock Keycloak Server (httptest) Test->>MC: Trigger refreshAuthToken() with Expired JWT activate MC MC->>MC: Parse JWT Claims & Detect Expiration (exp <= now) Note over MC: Expiration detected. Initiating refresh flow... MC->>mockKC: POST /protocol/openid-connect/token (refresh_token grant) activate mockKC mockKC-->>MC: HTTP 200 OK (New Auth & Refresh Tokens) deactivate mockKC MC->>MC: Save new tokens to localconfig YAML file MC-->>Test: Success (Token Refreshed) deactivate MCCloses #486