This is an automated email from the ASF dual-hosted git repository.
AlinsRan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git
The following commit(s) were added to refs/heads/master by this push:
new c24803a00 test(openid-connect): stop logout tests from calling live
IdPs (#13608)
c24803a00 is described below
commit c24803a002ce51c82b250ebaf1c39d856b1ed2ad
Author: AlinsRan <[email protected]>
AuthorDate: Fri Jun 26 11:56:16 2026 +0800
test(openid-connect): stop logout tests from calling live IdPs (#13608)
---
t/lib/server.lua | 14 ++++++++++++++
t/plugin/openid-connect.t | 28 ++++++++++++++--------------
2 files changed, 28 insertions(+), 14 deletions(-)
diff --git a/t/lib/server.lua b/t/lib/server.lua
index 88b8e603e..d933478cd 100644
--- a/t/lib/server.lua
+++ b/t/lib/server.lua
@@ -496,6 +496,20 @@ function _M._well_known_openid_configuration()
ngx.say(openid_data)
end
+-- Same discovery document but advertising an end_session_endpoint, so the
+-- openid-connect logout flow can be exercised without reaching a live
provider.
+function _M._well_known_openid_configuration_with_end_session()
+ local t = require("lib.test_admin")
+ local openid_data =
json_decode(t.read_file("t/plugin/openid-connect/configuration.json"))
+ if not openid_data then
+ ngx.status = 500
+ ngx.say("failed to decode openid discovery fixture")
+ return
+ end
+ openid_data.end_session_endpoint = "https://samples.auth0.com/v2/logout"
+ ngx.say(json_encode(openid_data))
+end
+
function _M.google_logging_token()
local args = ngx.req.get_uri_args()
local args_token_type = args.token_type or "Bearer"
diff --git a/t/plugin/openid-connect.t b/t/plugin/openid-connect.t
index 7f8ebe961..312104c67 100644
--- a/t/plugin/openid-connect.t
+++ b/t/plugin/openid-connect.t
@@ -1384,9 +1384,10 @@ x-userinfo: ey.*
"openid-connect": {
"client_id":
"kbyuFDidLLm280LIwVFiazOqjO3ty8KH",
"client_secret":
"60Op4HFM0I8ajz0WdiStAbziZ-VFQttXuxixHHs2R7r7-CW8GR79l-mmLqMhc-Sa",
- "discovery":
"https://samples.auth0.com/.well-known/openid-configuration",
+ "discovery":
"http://127.0.0.1:1980/.well-known/openid-configuration",
"redirect_uri": "https://iresty.com",
"post_logout_redirect_uri":
"https://iresty.com",
+ "ssl_verify": false,
"scope": "openid profile",
"session": {
"secret":
"jwcE5v3pM9VhqLxmxFOH9uZaLo8u7KQK"
@@ -1414,8 +1415,7 @@ passed
-=== TEST 36: Check whether auth0 can redirect normally using
post_logout_redirect_uri configuration
---- custom_trusted_cert: /etc/ssl/certs/ca-certificates.crt
+=== TEST 36: Redirect to post_logout_redirect_uri when provider has no
end_session_endpoint
--- config
location /t {
content_by_lua_block {
@@ -1424,9 +1424,9 @@ passed
local uri = "http://127.0.0.1:" .. ngx.var.server_port .. "/logout"
local res, err = httpc:request_uri(uri, {method = "GET"})
ngx.status = res.status
- local location = res.headers['Location']
- if location and string.find(location, 'https://iresty.com') ~= -1
and
- string.find(location,
'post_logout_redirect_uri=https://iresty.com') ~= -1 then
+ local location = ngx.unescape_uri(res.headers['Location'] or "")
+ if location:find('https://iresty.com', 1, true) and
+ location:find('post_logout_redirect_uri=https://iresty.com',
1, true) then
ngx.say(true)
end
}
@@ -1447,11 +1447,12 @@ true
ngx.HTTP_PUT,
[[{ "plugins": {
"openid-connect": {
- "client_id":
"942299072001-vhduu1uljmdhhbbp7g22m3qsmo246a75.apps.googleusercontent.com",
- "client_secret":
"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",
- "discovery":
"https://accounts.google.com/.well-known/openid-configuration",
+ "client_id":
"kbyuFDidLLm280LIwVFiazOqjO3ty8KH",
+ "client_secret":
"60Op4HFM0I8ajz0WdiStAbziZ-VFQttXuxixHHs2R7r7-CW8GR79l-mmLqMhc-Sa",
+ "discovery":
"http://127.0.0.1:1980/.well-known/openid-configuration-with-end-session",
"redirect_uri": "https://iresty.com",
"post_logout_redirect_uri":
"https://iresty.com",
+ "ssl_verify": false,
"scope": "openid profile",
"session": {
"secret":
"jwcE5v3pM9VhqLxmxFOH9uZaLo8u7KQK"
@@ -1479,8 +1480,7 @@ passed
-=== TEST 38: Check whether google can redirect normally using
post_logout_redirect_uri configuration
---- custom_trusted_cert: /etc/ssl/certs/ca-certificates.crt
+=== TEST 38: Redirect to end_session_endpoint with post_logout_redirect_uri
when provider exposes it
--- config
location /t {
content_by_lua_block {
@@ -1489,9 +1489,9 @@ passed
local uri = "http://127.0.0.1:" .. ngx.var.server_port .. "/logout"
local res, err = httpc:request_uri(uri, {method = "GET"})
ngx.status = res.status
- local location = res.headers['Location']
- if location and string.find(location, 'https://iresty.com') ~= -1
and
- string.find(location,
'post_logout_redirect_uri=https://iresty.com') ~= -1 then
+ local location = ngx.unescape_uri(res.headers['Location'] or "")
+ if location:find('https://samples.auth0.com/v2/logout', 1, true)
and
+ location:find('post_logout_redirect_uri=https://iresty.com',
1, true) then
ngx.say(true)
end
}