Wiremock extension for matching requests with JSON Web Tokens (JWT)
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
gradle/wrapper
src
.gitignore
.travis.yml
LICENSE
README.md
build.gradle
gradlew
gradlew.bat
test-helpers.sh
test-request-match.sh
test-stub-transformer.sh
wiremock-jwt-extension.iml

README.md

Overview

Build Status Maven Central

wiremock-jwt-extension consists of a request matcher extension and a stub mapping transformer extension for WireMock.

The request matcher extracts and matches against fields in the "payload" or "header" portion of JWT tokens in the "Authorization" header of a request. The stub mapping transformer can transform recorded stub mappings to use the request matcher if there exists a JWT token in the "Authorization" header. JWE (JSON Web Encryption) is not currently supported, and no signature verification is done.

Building

Run gradle jar to build the JAR without WireMock or gradle standalone to build a standalone JAR. These will be placed in build/libs/.

Running

Standalone server:

java -jar build/libs/wiremock-jwt-extension-0.4-standalone.jar

With WireMock standalone JAR:

wget -nc http://repo1.maven.org/maven2/com/github/tomakehurst/wiremock-standalone/2.14.0/wiremock-standalone-2.14.0.jar
java \
        -cp wiremock-standalone-2.14.0.jar:build/libs/wiremock-jwt-extension-0.4.jar \
        com.github.tomakehurst.wiremock.standalone.WireMockServerRunner \
        --extensions="com.github.masonm.JwtMatcherExtension,com.github.masonm.JwtStubMappingTransformer"

Programmatically in Java:

new WireMockServer(wireMockConfig()
    .extensions("com.github.masonm.JwtMatcherExtension", "com.github.masonm.JwtStubMappingTransformer"))

Request matcher usage

When used as a "customerMatcher" via JSON, use the name "jwt-matcher". Accepted parameters:

  • header: Key-value map of header fields to match, e.g. { "alg": "HS256" }
  • payload: Key-value map of payload fields to match, e.g. { "admin": true }
  • request: Any additional request matchers.

Here's a cURL command to create an example stub mapping:

curl -d@- http://localhost:8080/__admin/mappings <<-EOD
{
    "request" : {
        "customMatcher" : {
            "name" : "jwt-matcher",
            "parameters" : {
                "header" : {
                    "alg" : "HS256",
                    "typ": "JWT"
                },
                "payload": {
                    "name" : "John Doe"
                },
                "request" : {
                    "url" : "/some_url",
                    "method" : "GET"
                }
            }
        }
    },
    "response" : {
        "status" : 200,
        "body": "success"
    }
}
EOD

Example request that matches the above stub mapping:

curl -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.XbPfbIHMI6arZ3Y922BhjWgQzWXcXNrz0ogtVhfEd2o' http://localhost:8080/some_url

Stub mapping transformer usage

The transformer has the name "jwt-stub-mapping-transformer" and accepts a list of payload fields to match against via the parameter "payloadFields". Example request to POST /__admin/recordings/snapshot:

{
    "transformers" : [ "jwt-stub-mapping-transformer" ],
    "transformerParameters" : {
        "payloadFields" : [ "name", "admin" ]
    }
}