spec/google/api_client/service_account_spec.rb

   1 # Copyright 2012 Google Inc.
   2 #
   3 # Licensed under the Apache License, Version 2.0 (the "License");
   4 # you may not use this file except in compliance with the License.
   5 # You may obtain a copy of the License at
   6 #
   7 #      http://www.apache.org/licenses/LICENSE-2.0
   8 #
   9 # Unless required by applicable law or agreed to in writing, software
  10 # distributed under the License is distributed on an "AS IS" BASIS,
  11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12 # See the License for the specific language governing permissions and
  13 # limitations under the License.
  14
  15 require 'spec_helper'
  16
  17 require 'google/api_client'
  18
  19 describe Google::APIClient::JWTAsserter do
  20   include ConnectionHelpers
  21
  22   before do
  23     @key = OpenSSL::PKey::RSA.new 2048
  24   end
  25
  26   it 'should generate valid JWTs' do
  27     asserter = Google::APIClient::JWTAsserter.new('client1', 'scope1 scope2', @key)
  28     jwt = asserter.to_jwt
  29     jwt.should_not == nil
  30
  31     claim = JWT.decode(jwt, @key.public_key, true)
  32     claim["iss"].should == 'client1'
  33     claim["scope"].should == 'scope1 scope2'
  34   end
  35
  36   it 'should send valid access token request' do
  37     conn = stub_connection do |stub|
  38       stub.post('/o/oauth2/token') do |env|
  39         params = Addressable::URI.form_unencode(env[:body])
  40         JWT.decode(params.assoc("assertion").last, @key.public_key)
  41         params.assoc("grant_type").should == ['grant_type','urn:ietf:params:oauth:grant-type:jwt-bearer']
  42         [200, {}, '{
  43           "access_token" : "1/abcdef1234567890",
  44           "token_type" : "Bearer",
  45           "expires_in" : 3600
  46         }']
  47       end
  48     end
  49     asserter = Google::APIClient::JWTAsserter.new('client1', 'scope1 scope2', @key)
  50     auth = asserter.authorize(nil, { :connection => conn })
  51     auth.should_not == nil?
  52     auth.access_token.should == "1/abcdef1234567890"
  53     conn.verify
  54   end
  55
  56   it 'should be refreshable' do
  57     conn = stub_connection do |stub|
  58       stub.post('/o/oauth2/token') do |env|
  59         params = Addressable::URI.form_unencode(env[:body])
  60         JWT.decode(params.assoc("assertion").last, @key.public_key)
  61         params.assoc("grant_type").should == ['grant_type','urn:ietf:params:oauth:grant-type:jwt-bearer']
  62         [200, {}, '{
  63           "access_token" : "1/abcdef1234567890",
  64           "token_type" : "Bearer",
  65           "expires_in" : 3600
  66         }']
  67       end
  68       stub.post('/o/oauth2/token') do |env|
  69         params = Addressable::URI.form_unencode(env[:body])
  70         JWT.decode(params.assoc("assertion").last, @key.public_key)
  71         params.assoc("grant_type").should == ['grant_type','urn:ietf:params:oauth:grant-type:jwt-bearer']
  72         [200, {}, '{
  73           "access_token" : "1/0987654321fedcba",
  74           "token_type" : "Bearer",
  75           "expires_in" : 3600
  76         }']
  77       end
  78     end
  79     asserter = Google::APIClient::JWTAsserter.new('client1', 'scope1 scope2', @key)
  80     auth = asserter.authorize(nil, { :connection => conn })
  81     auth.should_not == nil?
  82     auth.access_token.should == "1/abcdef1234567890"
  83
  84     auth.fetch_access_token!(:connection => conn)
  85     auth.access_token.should == "1/0987654321fedcba"
  86
  87     conn.verify
  88   end
  89 end
  90