-
Notifications
You must be signed in to change notification settings - Fork 42
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Oauth 2 JWT token support #54
Add Oauth 2 JWT token support #54
Conversation
According to travis the build is succeeded: https://travis-ci.org/imbo/behat-api-extension but github is waiting for the status. |
I noticed. Tried to re-run the Travis-build, but it didn't help. |
So can this be merged? |
I will try to look through it later today to see if I can merge it. |
Currently it's only possible to match a JWT that is in the first level of the JSON response. If the response contains for instance: {
"some": {
"nested": {
"object": {
"with": {
"jwt": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ"
}
}
}
}
} It would be great if one could m atch this as well, also values in numericallly indexed arrays. Perhaps use a notation like |
It would be nice to be able to use the Then we could do something like this: Then the response body contains a JWT identified by "some JWT reference":
"""
{
"header": {
"alg": "HS256",
"typ": "JWT"
},
"claims": {
"sub": "some subject",
"iss": "some issuer"
},
"secret": "some secret"
}
"""
And the response body contains JSON:
"""
{
"some": {
"object": {
"with": {
"value": "@jwt(some JWT reference)"
}
}
}
}
""" The two steps can then be used together to be able to match JWTs placed anywhere in the body. Does this sound OK @Zwartpet? |
Sounds good to me, i'm not able to update the code in the upcoming days though. Probably after the weekend. |
I can push to your branch though, so I can hack together something tonight. |
Then I'll keep an eye on my inbox to see you're implementation ;) |
To use the jwt custom matcher function the matcher instance must be given a set of tokens it can match against. This step can be used to configure the matcher before using another step to match the actual JWTs present in the response body.
Looks good, is there anything else need to be done? |
Added a method to test JWT tokens