PR 434: test only

ory · May 22, 2020 · 692b038 · 692b038
1 parent e02f731
commit 692b038
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/client_authentication_test.go b/client_authentication_test.go
@@ -80,6 +80,10 @@ func TestAuthenticateClient(t *testing.T) {
 	barSecret, err := hasher.Hash(context.TODO(), []byte("bar"))
 	require.NoError(t, err)
 
+	// a secret containing literal characters that would be affected by double-URL-decoding.
+	percentSecret, err := hasher.Hash(context.TODO(), []byte("%66%6F%6F"))
+	require.NoError(t, err)
+
 	key := internal.MustRSAKey()
 	jwks := &jose.JSONWebKeySet{
 		Keys: []jose.JSONWebKey{
@@ -127,6 +131,12 @@ func TestAuthenticateClient(t *testing.T) {
 			form:   url.Values{"client_id": []string{"foo"}},
 			r:      new(http.Request),
 		},
+		{
+			d:      "should pass with client ID and secret containing literal % characters",
+			client: &DefaultOpenIDConnectClient{DefaultClient: &DefaultClient{ID: "foo%20bar", Secret: percentSecret}, TokenEndpointAuthMethod: "client_secret_post"},
+			form:   url.Values{"client_id": []string{"foo%20bar"}, "client_secret": []string{"%66%6F%6F"}},
+			r:      new(http.Request),
+		},
 		{
 			d:         "should fail because auth method is not none",
 			client:    &DefaultOpenIDConnectClient{DefaultClient: &DefaultClient{ID: "foo", Public: true}, TokenEndpointAuthMethod: "client_secret_basic"},