This is an automated email from the ASF dual-hosted git repository.

AlinsRan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git


The following commit(s) were added to refs/heads/master by this push:
     new c24803a00 test(openid-connect): stop logout tests from calling live 
IdPs (#13608)
c24803a00 is described below

commit c24803a002ce51c82b250ebaf1c39d856b1ed2ad
Author: AlinsRan <[email protected]>
AuthorDate: Fri Jun 26 11:56:16 2026 +0800

    test(openid-connect): stop logout tests from calling live IdPs (#13608)
---
 t/lib/server.lua          | 14 ++++++++++++++
 t/plugin/openid-connect.t | 28 ++++++++++++++--------------
 2 files changed, 28 insertions(+), 14 deletions(-)

diff --git a/t/lib/server.lua b/t/lib/server.lua
index 88b8e603e..d933478cd 100644
--- a/t/lib/server.lua
+++ b/t/lib/server.lua
@@ -496,6 +496,20 @@ function _M._well_known_openid_configuration()
     ngx.say(openid_data)
 end
 
+-- Same discovery document but advertising an end_session_endpoint, so the
+-- openid-connect logout flow can be exercised without reaching a live 
provider.
+function _M._well_known_openid_configuration_with_end_session()
+    local t = require("lib.test_admin")
+    local openid_data = 
json_decode(t.read_file("t/plugin/openid-connect/configuration.json"))
+    if not openid_data then
+        ngx.status = 500
+        ngx.say("failed to decode openid discovery fixture")
+        return
+    end
+    openid_data.end_session_endpoint = "https://samples.auth0.com/v2/logout";
+    ngx.say(json_encode(openid_data))
+end
+
 function _M.google_logging_token()
     local args = ngx.req.get_uri_args()
     local args_token_type = args.token_type or "Bearer"
diff --git a/t/plugin/openid-connect.t b/t/plugin/openid-connect.t
index 7f8ebe961..312104c67 100644
--- a/t/plugin/openid-connect.t
+++ b/t/plugin/openid-connect.t
@@ -1384,9 +1384,10 @@ x-userinfo: ey.*
                             "openid-connect": {
                                 "client_id": 
"kbyuFDidLLm280LIwVFiazOqjO3ty8KH",
                                 "client_secret": 
"60Op4HFM0I8ajz0WdiStAbziZ-VFQttXuxixHHs2R7r7-CW8GR79l-mmLqMhc-Sa",
-                                "discovery": 
"https://samples.auth0.com/.well-known/openid-configuration";,
+                                "discovery": 
"http://127.0.0.1:1980/.well-known/openid-configuration";,
                                 "redirect_uri": "https://iresty.com";,
                                 "post_logout_redirect_uri": 
"https://iresty.com";,
+                                "ssl_verify": false,
                                 "scope": "openid profile",
                                 "session": {
                                     "secret": 
"jwcE5v3pM9VhqLxmxFOH9uZaLo8u7KQK"
@@ -1414,8 +1415,7 @@ passed
 
 
 
-=== TEST 36: Check whether auth0 can redirect normally using 
post_logout_redirect_uri configuration
---- custom_trusted_cert: /etc/ssl/certs/ca-certificates.crt
+=== TEST 36: Redirect to post_logout_redirect_uri when provider has no 
end_session_endpoint
 --- config
     location /t {
         content_by_lua_block {
@@ -1424,9 +1424,9 @@ passed
             local uri = "http://127.0.0.1:"; .. ngx.var.server_port .. "/logout"
             local res, err = httpc:request_uri(uri, {method = "GET"})
             ngx.status = res.status
-            local location = res.headers['Location']
-            if location and string.find(location, 'https://iresty.com') ~= -1 
and
-                string.find(location, 
'post_logout_redirect_uri=https://iresty.com') ~= -1 then
+            local location = ngx.unescape_uri(res.headers['Location'] or "")
+            if location:find('https://iresty.com', 1, true) and
+                location:find('post_logout_redirect_uri=https://iresty.com', 
1, true) then
                 ngx.say(true)
             end
         }
@@ -1447,11 +1447,12 @@ true
                  ngx.HTTP_PUT,
                  [[{ "plugins": {
                             "openid-connect": {
-                                "client_id": 
"942299072001-vhduu1uljmdhhbbp7g22m3qsmo246a75.apps.googleusercontent.com",
-                                "client_secret": 
"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",
-                                "discovery": 
"https://accounts.google.com/.well-known/openid-configuration";,
+                                "client_id": 
"kbyuFDidLLm280LIwVFiazOqjO3ty8KH",
+                                "client_secret": 
"60Op4HFM0I8ajz0WdiStAbziZ-VFQttXuxixHHs2R7r7-CW8GR79l-mmLqMhc-Sa",
+                                "discovery": 
"http://127.0.0.1:1980/.well-known/openid-configuration-with-end-session";,
                                 "redirect_uri": "https://iresty.com";,
                                 "post_logout_redirect_uri": 
"https://iresty.com";,
+                                "ssl_verify": false,
                                 "scope": "openid profile",
                                 "session": {
                                     "secret": 
"jwcE5v3pM9VhqLxmxFOH9uZaLo8u7KQK"
@@ -1479,8 +1480,7 @@ passed
 
 
 
-=== TEST 38: Check whether google can redirect normally using 
post_logout_redirect_uri configuration
---- custom_trusted_cert: /etc/ssl/certs/ca-certificates.crt
+=== TEST 38: Redirect to end_session_endpoint with post_logout_redirect_uri 
when provider exposes it
 --- config
     location /t {
         content_by_lua_block {
@@ -1489,9 +1489,9 @@ passed
             local uri = "http://127.0.0.1:"; .. ngx.var.server_port .. "/logout"
             local res, err = httpc:request_uri(uri, {method = "GET"})
             ngx.status = res.status
-            local location = res.headers['Location']
-            if location and string.find(location, 'https://iresty.com') ~= -1 
and
-                string.find(location, 
'post_logout_redirect_uri=https://iresty.com') ~= -1 then
+            local location = ngx.unescape_uri(res.headers['Location'] or "")
+            if location:find('https://samples.auth0.com/v2/logout', 1, true) 
and
+                location:find('post_logout_redirect_uri=https://iresty.com', 
1, true) then
                 ngx.say(true)
             end
         }

Reply via email to