Skip to content

JwtDecodersTests and ClientRegistrationsTest should explicitly test for trailing slash #6234

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
jzheaux opened this issue Dec 5, 2018 · 0 comments
Closed

JwtDecodersTests and ClientRegistrationsTest should explicitly test for trailing slash #6234

jzheaux opened this issue Dec 5, 2018 · 0 comments
Assignees
@jzheaux
Labels
in: test An issue in spring-security-test type: enhancement A general enhancement
Milestone
5.2.0.M1

Comments

@jzheaux
Copy link
Contributor

jzheaux commented Dec 5, 2018

From the Open ID Discovery Spec:

If the Issuer value contains a path component, any terminating / MUST be removed before appending /.well-known/openid-configuration.

Coincidentally, this is taken care of by virtue of using UriComponentsBuilder, which both JwtDecoders and ClientRegistrations (via RestTemplate) use.

And, MockWebServer automatically adds a trailing slash to its base path, which means that JwtDecodersTests and ClientRegistrationsTest have been testing this scenario implicitly all along.

We should add at least one explicit test to each of these that confirms that when the issuer contains a slash at the end, then these classes still work correctly. This way, if these classes stop using MockWebServer then that specific behavior will continue to be tested.

Related to spring-projects/spring-boot#15324
@jzheaux jzheaux added in: test An issue in spring-security-test type: enhancement A general enhancement labels Dec 5, 2018
@jzheaux jzheaux added this to the 5.2.0.M1 milestone Dec 5, 2018
@jzheaux jzheaux self-assigned this Dec 5, 2018
@jzheaux jzheaux closed this as completed in 566bc6a Dec 5, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzheaux jzheaux

Labels
in: test An issue in spring-security-test type: enhancement A general enhancement
Projects
None yet
Milestone
5.2.0.M1
Development

No branches or pull requests
1 participant
@jzheaux