With the following JSON
{
"issuer": "http://idp.192-168-1-5.sslip.io:8080",
"authorization_endpoint": "http://idp.192-168-1-5.sslip.io:8080/auth",
"token_endpoint": "http://idp.192-168-1-5.sslip.io:8080/token",
"jwks_uri": "http://idp.192-168-1-5.sslip.io:8080/keys",
"userinfo_endpoint": "http://idp.192-168-1-5.sslip.io:8080/userinfo",
"device_authorization_endpoint": "http://idp.192-168-1-5.sslip.io:8080/device/code",
"introspection_endpoint": "http://idp.192-168-1-5.sslip.io:8080/token/introspect",
"grant_types_supported": [
"authorization_code",
"refresh_token",
"urn:ietf:params:oauth:grant-type:device_code",
"urn:ietf:params:oauth:grant-type:token-exchange"
],
"response_types_supported": [
"code"
],
"subject_types_supported": [
"public"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"code_challenge_methods_supported": [
"S256",
"plain"
],
"scopes_supported": [
"openid",
"email",
"groups",
"profile",
"offline_access"
],
"token_endpoint_auth_methods_supported": [
"client_secret_basic",
"client_secret_post"
],
"claims_supported": [
"iss",
"sub",
"aud",
"iat",
"exp",
"email",
"email_verified",
"locale",
"name",
"preferred_username",
"at_hash"
]
}as the response body returned in the following feature description
Feature: Dex IDP
Background:
Given Kubernetes namespace security
And URL: http://dexidp.security.svc:5556
Scenario: OIDC configuration
When send GET /.well-known/openid-configuration
Then verify HTTP response expression: .issuer is "http://idp.192-168-1-5.sslip.io:8080"
And expect HTTP response expression: $.scopes_supported[?(@=='openid')] is "openid"
And expect HTTP response expression: $.scopes_supported is "openid,email,groups,profile,offline_access"
And expect HTTP response expression: "$.scopes_supported[?(@ in [\"openid\",\"email\",\"groups\",\"profile\"])]" is "openid,email,groups,profile"
Then receive HTTP 200 OK
fails. The .issuer works. Also, the filter expression $.scopes_supported[?(@=='openid')] is correctly evaluated to "openid". Same goes for $.scopes_supported is "openid,email,groups,profile,offline_access". However, the filter expression .scopes_supported[?(@ in [\"openid\",\"email\",\"groups\",\"profile\"])]" is "openid,email,groups,profile" does not and fails with
Run 1: The step 'expect HTTP response expression: "$.scopes_supported[?(@ in [\"openid\",\"email\",\"groups\",\"profile\"])]" is "openid,email,groups,profile"' is undefined.
[...]
You can implement this step using the snippet(s) below:
@Then("expect HTTP response expression: {string} is {string}")
I have tried several ways of escaping, and have verified that $.scopes_supported[?(@ in ['openid','email','groups','profile'])] returns the expected results under flyway, using https://jsonpath.fly.dev.
My assumption is that there is a problem with the regex at
|
@Then("^(?:expect|verify) HTTP response expression: ([^\\s]+)(?:=| is )\"(.+)\"$") |
The way I read it, whitespace is generally forbidden in the expression part. But since whitespace is widely used in filters, that should be adjusted.
With the following JSON
{ "issuer": "http://idp.192-168-1-5.sslip.io:8080", "authorization_endpoint": "http://idp.192-168-1-5.sslip.io:8080/auth", "token_endpoint": "http://idp.192-168-1-5.sslip.io:8080/token", "jwks_uri": "http://idp.192-168-1-5.sslip.io:8080/keys", "userinfo_endpoint": "http://idp.192-168-1-5.sslip.io:8080/userinfo", "device_authorization_endpoint": "http://idp.192-168-1-5.sslip.io:8080/device/code", "introspection_endpoint": "http://idp.192-168-1-5.sslip.io:8080/token/introspect", "grant_types_supported": [ "authorization_code", "refresh_token", "urn:ietf:params:oauth:grant-type:device_code", "urn:ietf:params:oauth:grant-type:token-exchange" ], "response_types_supported": [ "code" ], "subject_types_supported": [ "public" ], "id_token_signing_alg_values_supported": [ "RS256" ], "code_challenge_methods_supported": [ "S256", "plain" ], "scopes_supported": [ "openid", "email", "groups", "profile", "offline_access" ], "token_endpoint_auth_methods_supported": [ "client_secret_basic", "client_secret_post" ], "claims_supported": [ "iss", "sub", "aud", "iat", "exp", "email", "email_verified", "locale", "name", "preferred_username", "at_hash" ] }as the response body returned in the following feature description
fails. The
.issuerworks. Also, the filter expression$.scopes_supported[?(@=='openid')]is correctly evaluated to "openid". Same goes for$.scopes_supported is "openid,email,groups,profile,offline_access". However, the filter expression.scopes_supported[?(@ in [\"openid\",\"email\",\"groups\",\"profile\"])]" is "openid,email,groups,profile"does not and fails withI have tried several ways of escaping, and have verified that
$.scopes_supported[?(@ in ['openid','email','groups','profile'])]returns the expected results under flyway, using https://jsonpath.fly.dev.My assumption is that there is a problem with the regex at
yaks/java/steps/yaks-http/src/main/java/org/citrusframework/yaks/http/HttpClientSteps.java
Line 314 in 634664f
The way I read it, whitespace is generally forbidden in the expression part. But since whitespace is widely used in filters, that should be adjusted.