Improve OAuth2 Resource Server tests #7118
Assignees
Labels
in: oauth2
An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)
type: enhancement
A general enhancement
Milestone
Comments
henriquels25
changed the title
spring-projects-issues
added
the
status: waiting-for-triage
|
@henriquels25 I agree that additional tests would be helpful; would you be interested in submitting a PR? |
jzheaux
added
in: oauth2
|
@jzheaux I submitted a PR with examples for a POST request. I didn't create examples for the other HTTP methods to keep the sample small, as the code for testing them is not different. |
henriquels25
added a commit
to henriquels25/spring-security
that referenced
this issue
Aug 1, 2019
- Add a post endpoint in /messages - Changes the security config to require the read scope to GET a message and the write scope to POST a new message. - Changes the jwks of the mock server so I could create a new access token with the write scope. - Creates tests and integration-tests for the POST endpoint. - Changes the README to add an example of a POST request. Fixes spring-projectsgh-7118
jzheaux
pushed a commit
that referenced
this issue
Aug 6, 2019
- Add a post endpoint in /messages - Changes the security config to require the read scope to GET a message and the write scope to POST a new message. - Changes the jwks of the mock server so I could create a new access token with the write scope. - Creates tests and integration-tests for the POST endpoint. - Changes the README to add an example of a POST request. Fixes gh-7118
kostya05983
pushed a commit
to kostya05983/spring-security
that referenced
this issue
Aug 26, 2019
- Add a post endpoint in /messages - Changes the security config to require the read scope to GET a message and the write scope to POST a new message. - Changes the jwks of the mock server so I could create a new access token with the write scope. - Creates tests and integration-tests for the POST endpoint. - Changes the README to add an example of a POST request. Fixes spring-projectsgh-7118
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Summary
The tests for the OAuth2 Resource Server sample only include GET requests.
I believe it would be useful to add examples for other HTTP methods (POST, PUT, PATCH, DELETE) because the code for testing them is different.
Sample
In this project it's possible to see that if the same technique used for testing the GET requests is used for a POST, the test fails without sending the CSRF token in the request.
In this example, I created a working POST request test example based on the sample, based on the explanation contained on this StackOverflow question.
The text was updated successfully, but these errors were encountered: