History

Alessandro (Ale) Segala c47907d1a5 Chore: use a single package for all Feature structs (#3278 ) Signed-off-by: ItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com> Co-authored-by: Bernd Verst <github@bernd.dev>		2024-01-08 09:07:10 -08:00
..
resources	Certification tests + fixes for Bearer HTTP Middleware (#2673 )	2023-03-16 20:40:24 +00:00
README.md	Certification tests + fixes for Bearer HTTP Middleware (#2673 )	2023-03-16 20:40:24 +00:00
bearer_test.go	Chore: use a single package for all Feature structs (#3278 )	2024-01-08 09:07:10 -08:00
config.yaml	Certification tests + fixes for Bearer HTTP Middleware (#2673 )	2023-03-16 20:40:24 +00:00
jwks.json	Merge conformance and certification coverage report (#2681 )	2023-03-31 17:41:33 +00:00
private.json	Merge conformance and certification coverage report (#2681 )	2023-03-31 17:41:33 +00:00

Rate Limiter HTTP Middleware certification

The purpose of this module is to provide tests that certify the Rate Limiter HTTP Middleware as a stable component

Test Plan

Ensure that bearer tokens in the Authorization header are validated correctly, in two separate sidecars:
- Tokens must begin with prefix Bearer (case-insensitive)
- JWTs must be present in the header and correctly-formatted
- Do not validate invalid tokens: tokens that are expired, not yet valid ("nbf" claim), for the wrong issuer, or for the wrong audience
- Ensure we allow some clock skew when validating time validity bounds
- JWTs signed with "alg": "none" should be rejected (context)
Ensure the OpenID Connect document and JWKS keybag are fetched correctly:
- If no JWKS URL is passed explicitly, the component should fetch the OpenID Configuration document depending on the value of the issuer metadata property
- The issuer property in the OpenID Configuration document must match the issuer metadata property
- Simulate failures in fetching the OpenID Configuration document or the JWKS keybag