test: more discovery coverage

Author: panva

tap/end2end.ts

@@ -140,7 +140,15 @@ export default (QUnit: QUnit) => {
         execute.push(client.useIdTokenResponseType)
       }
       const config = await client.discovery(
-        issuerIdentifier,
+        random()
+          ? new URL(issuerIdentifier.origin)
+          : new URL(
+              `${issuerIdentifier.origin}/${
+                random()
+                  ? '.well-known/openid-configuration'
+                  : '.well-known/oauth-authorization-server'
+              }`,
+            ),
         metadata.client_id,
         metadata,
         undefined,

tap/helper.ts

@@ -129,10 +129,17 @@ export async function setup(
   }
 
   const configuration = await lib.dynamicClientRegistration(
-    new URL('http://localhost:3000'),
+    new URL(
+      random()
+        ? 'http://localhost:3000'
+        : random()
+          ? 'http://localhost:3000/.well-known/openid-configuration'
+          : 'http://localhost:3000/.well-known/oauth-authorization-server',
+    ),
     metadata,
     undefined,
     {
+      algorithm: random() ? 'oauth2' : 'oidc',
       execute: [lib.allowInsecureRequests],
     },
   )
@@ -151,6 +158,6 @@ export async function setup(
       kid: clientEncJwk.kid,
       key: encKp.privateKey,
     },
-    issuerIdentifier: new URL('http://localhost:3000'),
+    issuerIdentifier: new URL(configuration.serverMetadata().issuer),
   }
 }

test/issuer-check.test.ts

@@ -0,0 +1,84 @@
+import test from 'ava'
+import * as client from '../src/index.js'
+import * as undici from 'undici'
+
+test('issuer discovery matching', async (t) => {
+  let agent = new undici.MockAgent()
+  agent.disableNetConnect()
+
+  const url = new URL('https://op.example.com')
+
+  const mockAgent = agent.get(url.origin)
+  let i = 0
+
+  mockAgent
+    .intercept({
+      method: 'GET',
+      path: '.well-known/openid-configuration',
+    })
+    .reply(
+      200,
+      function () {
+        switch (i++) {
+          case 0:
+            return { issuer: 'https://op.example.com/' }
+          case 1:
+            return { issuer: 'https://op.example.com' }
+          case 2:
+            return { issuer: 'https://op.example.com/pathname' }
+          case 3:
+            return { issuer: 'https://op.example.com/pathname' }
+        }
+      },
+      {
+        headers: {
+          'content-type': 'application/json',
+        },
+      },
+    )
+    .times(4)
+
+  await t.notThrowsAsync(
+    client.discovery(url, 'decoy', 'decoy', undefined, {
+      // @ts-ignore
+      [client.customFetch](url, options) {
+        return undici.fetch(url, { ...options, dispatcher: agent })
+      },
+    }),
+  )
+
+  await t.notThrowsAsync(
+    client.discovery(url, 'decoy', 'decoy', undefined, {
+      // @ts-ignore
+      [client.customFetch](url, options) {
+        return undici.fetch(url, { ...options, dispatcher: agent })
+      },
+    }),
+  )
+
+  await t.throwsAsync(
+    client.discovery(url, 'decoy', 'decoy', undefined, {
+      // @ts-ignore
+      [client.customFetch](url, options) {
+        return undici.fetch(url, { ...options, dispatcher: agent })
+      },
+    }),
+  )
+
+  await t.notThrowsAsync(
+    client.discovery(
+      new URL('https://op.example.com/.well-known/openid-configuration'),
+      'decoy',
+      'decoy',
+      undefined,
+      {
+        // @ts-ignore
+        [client.customFetch](url, options) {
+          return undici.fetch(url, { ...options, dispatcher: agent })
+        },
+      },
+    ),
+  )
+
+  t.notThrows(() => agent.assertNoPendingInterceptors())
+})