feat: basic schema validation for spec-defined objects

Signed-off-by: Berend Sliedrecht <[email protected]>

.github/workflows/pipeline.yaml

@@ -37,17 +37,16 @@ jobs:
               run: pnpm install
 
             - name: Check formatting
-              run: pnpm check-format:ci
+              run: pnpm check:style
 
             - name: Build
               run: pnpm build
 
             - name: Check types
-              run: pnpm check-types
+              run: pnpm check:types
 
-            # TODO: In pnpm the tests are failing when there is not a node_modules present in the package. Haven't found a fix for it yet.
-            # - name: Test
-            #   run: pnpm test
+            - name: Test
+              run: pnpm test
 
     continious-deployment:
         if: github.event_name == 'workflow_dispatch'
@@ -100,4 +99,4 @@ jobs:
                   prerelease: ${{ inputs.release-type == 'alpha' }}
                   token: ${{ secrets.GH_TOKEN }}
                   tag_name: v${{ steps.publish.outputs.LERNA_VERSION }}
-                  name: Release v${{ steps.publish.outputs.LERNA_VERSION }}
+                  name: Release v${{ steps.publish.outputs.LERNA_VERSION }}

package.json

@@ -2,32 +2,28 @@
   "name": "openid-federation-ts",
   "private": true,
   "version": "0.1.0",
-  "description": "",
-  "main": "src/index.ts",
-  "keywords": [],
+  "description": "Openid Federation implementation",
   "author": "Animo Solutions",
   "license": "Apache-2.0",
   "scripts": {
     "clean": "rimraf **/build",
     "clean:deps ": "pnpm clean && rimraf node_modules",
     "build": "pnpm -r build",
-    "check-format": "pnpm biome check .",
-    "check-format:ci": "pnpm biome ci .",
-    "check-types": "pnpm build --noEmit",
-    "format": "pnpm check-format --write",
+    "check:style": "pnpm biome check .",
+    "check:types": "pnpm build --noEmit",
+    "format": "pnpm check:style --write --unsafe",
     "test": "pnpm -r test",
     "release": "lerna publish"
   },
   "devDependencies": {
     "@biomejs/biome": "1.8.0",
-    "rimraf": "^5.0.7",
-    "tsx": "^4.13.1"
+    "rimraf": "^5.0.7"
   },
   "pnpm": {
     "overrides": {
       "typescript": "~5.3.2",
       "@types/node": "^20.11.1",
-      "tsx": "^4.13.1"
+      "ts-node": "^10.9.2"
     }
   }
 }

packages/core/__tests__/fixtures/constraintsFigure17.ts

@@ -0,0 +1,8 @@
+export const constraintsFigure17 = {
+  max_path_length: 2,
+  naming_constraints: {
+    permitted: ['https://.example.com'],
+    excluded: ['https://east.example.com'],
+  },
+  allowed_entity_types: ['openid_provider', 'openid_relying_party'],
+}

packages/core/__tests__/fixtures/entityConfigurationFigure18.ts

@@ -0,0 +1,23 @@
+export const entityConfigurationFigure18 = {
+  iss: 'https://rp.example.it/spid/',
+  sub: 'https://rp.example.it/spid/',
+  iat: 1516239022,
+  exp: 1516298022,
+  // Added property as the example in the spec is invalid
+  jwks: { keys: [] },
+  trust_marks: [
+    {
+      id: 'https://www.spid.gov.it/certification/rp',
+      trust_mark:
+        'eyJraWQiOiJmdWtDdUtTS3hwWWJjN09lZUk3Ynlya3N5a0E1bDhPb2RFSXVyOHJoNFlBIiwidHlwIjoidHJ1c3QtbWFyaytqd3QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL3d3dy5hZ2lkLmdvdi5pdCIsInN1YiI6Imh0dHBzOi8vcnAuZXhhbXBsZS5pdC9zcGlkIiwiaWF0IjoxNTc5NjIxMTYwLCJpZCI6Imh0dHBzOi8vd3d3LnNwaWQuZ292Lml0L2NlcnRpZmljYXRpb24vcnAiLCJsb2dvX3VyaSI6Imh0dHBzOi8vd3d3LmFnaWQuZ292Lml0L3RoZW1lcy9jdXN0b20vYWdpZC9sb2dvLnN2ZyIsInJlZiI6Imh0dHBzOi8vZG9jcy5pdGFsaWEuaXQvZG9jcy9zcGlkLWNpZS1vaWRjLWRvY3MvaXQvdmVyc2lvbmUtY29ycmVudGUvIn0.AGf5Y4MoJt22rznH4i7Wqpb2EF2LzE6BFEkTzY1dCBMCK-8P_vj4Boz7335pUF45XXr2jx5_waDRgDoS5vOO-wfc0NWb4Zb_T1RCwcryrzV0z3jJICePMPM_1hZnBZjTNQd4EsFNvKmUo_teR2yzAZjguR2Rid30O5PO8kJtGaXDmz-rWaHbmfLhlNGJnqcp9Lo1bhkU_4Cjpn2bdX7RN0JyfHVY5IJXwdxUMENxZd-VtA5QYiw7kPExT53XcJO89ebe_ik4D0dl-vINwYhrIz2RPnqgA1OdbK7jg0vm8Tb3aemRLG7oLntHwqLO-gGYr6evM2_SgqwA0lQ9mB9yhw',
+    },
+  ],
+  metadata: {
+    openid_relying_party: {
+      application_type: 'web',
+      client_registration_types: ['automatic'],
+      client_name: 'https://rp.example.it/spid/',
+      contacts: ['[email protected]'],
+    },
+  },
+}

packages/core/__tests__/fixtures/entityConfigurationFigure43.ts

@@ -0,0 +1,42 @@
+export const entityConfigurationFigure43 = {
+  iss: 'https://openid.sunet.se',
+  sub: 'https://openid.sunet.se',
+  iat: 1516239022,
+  exp: 1516298022,
+  metadata: {
+    federation_entity: {
+      contacts: ['[email protected]'],
+      federation_fetch_endpoint: 'https://sunet.se/openid/fedapi',
+      homepage_uri: 'https://www.sunet.se',
+      organization_name: 'SUNET',
+    },
+    openid_provider: {
+      issuer: 'https://openid.sunet.se',
+      signed_jwks_uri: 'https://openid.sunet.se/jwks.jose',
+      authorization_endpoint: 'https://openid.sunet.se/authorization',
+      client_registration_types_supported: ['automatic', 'explicit'],
+      grant_types_supported: ['authorization_code'],
+      id_token_signing_alg_values_supported: ['ES256', 'RS256'],
+      logo_uri: 'https://www.umu.se/img/umu-logo-left-neg-SE.svg',
+      op_policy_uri: 'https://www.umu.se/en/website/legal-information/',
+      response_types_supported: ['code'],
+      subject_types_supported: ['pairwise', 'public'],
+      token_endpoint: 'https://openid.sunet.se/token',
+      federation_registration_endpoint: 'https://op.umu.se/openid/fedreg',
+      token_endpoint_auth_methods_supported: ['private_key_jwt'],
+    },
+  },
+  jwks: {
+    keys: [
+      {
+        alg: 'RS256',
+        e: 'AQAB',
+        kid: 'key1',
+        kty: 'RSA',
+        n: 'pnXBOusEANuug6ewezb9J_...',
+        use: 'sig',
+      },
+    ],
+  },
+  authority_hints: ['https://edugain.org/federation'],
+}

packages/core/__tests__/fixtures/entityConfigurationFigure50.ts

@@ -0,0 +1,40 @@
+export const entityConfigurationFigure50 = {
+  authority_hints: ['https://umu.se'],
+  exp: 1568397247,
+  iat: 1568310847,
+  iss: 'https://op.umu.se',
+  sub: 'https://op.umu.se',
+  jwks: {
+    keys: [
+      {
+        e: 'AQAB',
+        kid: 'dEEtRjlzY3djcENuT01wOGxrZlkxb3RIQVJlMTY0...',
+        kty: 'RSA',
+        n: 'x97YKqc9Cs-DNtFrQ7_vhXoH9bwkDWW6En2jJ044yH...',
+      },
+    ],
+  },
+  metadata: {
+    openid_provider: {
+      issuer: 'https://op.umu.se/openid',
+      signed_jwks_uri: 'https://op.umu.se/openid/jwks.jose',
+      authorization_endpoint: 'https://op.umu.se/openid/authorization',
+      client_registration_types_supported: ['automatic', 'explicit'],
+      request_parameter_supported: true,
+      grant_types_supported: ['authorization_code', 'implicit', 'urn:ietf:params:oauth:grant-type:jwt-bearer'],
+      id_token_signing_alg_values_supported: ['ES256', 'RS256'],
+      logo_uri: 'https://www.umu.se/img/umu-logo-left-neg-SE.svg',
+      op_policy_uri: 'https://www.umu.se/en/website/legal-information/',
+      response_types_supported: ['code', 'code id_token', 'token'],
+      subject_types_supported: ['pairwise', 'public'],
+      token_endpoint: 'https://op.umu.se/openid/token',
+      federation_registration_endpoint: 'https://op.umu.se/openid/fedreg',
+      token_endpoint_auth_methods_supported: [
+        'client_secret_post',
+        'client_secret_basic',
+        'client_secret_jwt',
+        'private_key_jwt',
+      ],
+    },
+  },
+}

packages/core/__tests__/fixtures/entityConfigurationFigure52.ts

@@ -0,0 +1,25 @@
+export const entityConfigurationFigure52 = {
+  authority_hints: ['https://swamid.se'],
+  exp: 1568397247,
+  iat: 1568310847,
+  iss: 'https://umu.se',
+  sub: 'https://umu.se',
+  jwks: {
+    keys: [
+      {
+        e: 'AQAB',
+        kid: 'endwNUZrNTJsX2NyQlp4bjhVcTFTTVltR2gxV2RV...',
+        kty: 'RSA',
+        n: 'vXdXzZwQo0hxRSmZEcDIsnpg-CMEkor50SOG-1XUlM...',
+      },
+    ],
+  },
+  metadata: {
+    federation_entity: {
+      contacts: ['[email protected]'],
+      federation_fetch_endpoint: 'https://umu.se/oidc/fedapi',
+      homepage_uri: 'https://www.umu.se',
+      organization_name: 'UmU',
+    },
+  },
+}

packages/core/__tests__/fixtures/entityConfigurationFigure56.ts

@@ -0,0 +1,25 @@
+export const entityConfigurationFigure56 = {
+  authority_hints: ['https://edugain.geant.org'],
+  exp: 1568397247,
+  iat: 1568310847,
+  iss: 'https://swamid.se',
+  sub: 'https://swamid.se',
+  jwks: {
+    keys: [
+      {
+        e: 'AQAB',
+        kid: 'N1pQTzFxUXZ1RXVsUkVuMG5uMnVDSURGRVdhUzdO...',
+        kty: 'RSA',
+        n: '3EQc6cR_GSBq9km9-WCHY_lWJZWkcn0M05TGtH6D9S...',
+      },
+    ],
+  },
+  metadata: {
+    federation_entity: {
+      contacts: ['[email protected]'],
+      federation_fetch_endpoint: 'https://swamid.se/fedapi',
+      homepage_uri: 'https://www.sunet.se/swamid/',
+      organization_name: 'SWAMID',
+    },
+  },
+}

packages/core/__tests__/fixtures/entityConfigurationFigure60.ts

@@ -0,0 +1,21 @@
+export const entityConfigurationFigure60 = {
+  exp: 1568397247,
+  iat: 1568310847,
+  iss: 'https://edugain.geant.org',
+  sub: 'https://edugain.geant.org',
+  jwks: {
+    keys: [
+      {
+        e: 'AQAB',
+        kid: 'Sl9DcjFxR3hrRGdabUNIR21KT3dvdWMyc2VUM2Fr...',
+        kty: 'RSA',
+        n: 'xKlwocDXUw-mrvDSO4oRrTRrVuTwotoBFpozvlq-1q...',
+      },
+    ],
+  },
+  metadata: {
+    federation_entity: {
+      federation_fetch_endpoint: 'https://geant.org/edugain/api',
+    },
+  },
+}

packages/core/__tests__/fixtures/entityConfigurationFigure69.ts

@@ -0,0 +1,35 @@
+export const entityConfigurationFigure69 = {
+  iss: 'https://wiki.ligo.org',
+  sub: 'https://wiki.ligo.org',
+  iat: 1676045527,
+  exp: 1676063610,
+  aud: 'https://op.umu.se',
+  metadata: {
+    openid_relying_party: {
+      application_type: 'web',
+      client_name: 'LIGO Wiki',
+      contacts: ['[email protected]'],
+      grant_types: ['authorization_code'],
+      id_token_signed_response_alg: 'RS256',
+      signed_jwks_uri: 'https://wiki.ligo.org/jwks.jose',
+      redirect_uris: ['https://wiki.ligo.org/openid/callback'],
+      response_types: ['code'],
+      subject_type: 'public',
+
+      // Added manually as the spec is invalid
+      client_registration_types: ['automatic'],
+    },
+  },
+  jwks: {
+    keys: [
+      {
+        kty: 'RSA',
+        use: 'sig',
+        kid: 'U2JTWHY0VFg0a2FEVVdTaHptVDJsNDNiSDk5MXRBVEtNSFVkeXZwb',
+        e: 'AQAB',
+        n: '4AZjgqFwMhTVSLrpzzNcwaCyVD88C_Hb3Bmor97vH-2AzldhuVb8K...',
+      },
+    ],
+  },
+  authority_hints: ['https://incommon.org'],
+}

packages/core/__tests__/fixtures/entityConfigurationFigure8.ts

@@ -0,0 +1,31 @@
+export const entityConfigurationFigure8 = {
+  iss: 'https://openid.sunet.se',
+  sub: 'https://openid.sunet.se',
+  iat: 1516239022,
+  exp: 1516298022,
+  metadata: {
+    openid_relying_party: {
+      application_type: 'web',
+      redirect_uris: ['https://openid.sunet.se/rp/callback'],
+      organization_name: 'SUNET',
+      logo_uri: 'https://www.sunet.se/sunet/images/32x32.png',
+      grant_types: ['authorization_code', 'implicit'],
+      signed_jwks_uri: 'https://openid.sunet.se/rp/signed_jwks.jose',
+      jwks_uri: 'https://openid.sunet.se/rp/jwks.json',
+      client_registration_types: ['automatic'],
+    },
+  },
+  jwks: {
+    keys: [
+      {
+        alg: 'RS256',
+        e: 'AQAB',
+        kid: 'key1',
+        kty: 'RSA',
+        n: 'pnXBOusEANuug6ewezb9J_...',
+        use: 'sig',
+      },
+    ],
+  },
+  authority_hints: ['https://edugain.org/federation'],
+}

packages/core/__tests__/fixtures/entityConfigurationFigure9.ts

@@ -0,0 +1,49 @@
+export const entityConfigurationFigure9 = {
+  iss: 'https://op.umu.se',
+  sub: 'https://op.umu.se',
+  exp: 1568397247,
+  iat: 1568310847,
+  metadata: {
+    openid_provider: {
+      issuer: 'https://op.umu.se/openid',
+      signed_jwks_uri: 'https://op.umu.se/openid/signed_jwks.jose',
+      authorization_endpoint: 'https://op.umu.se/openid/authorization',
+      client_registration_types_supported: ['automatic', 'explicit'],
+      grant_types_supported: ['authorization_code', 'implicit', 'urn:ietf:params:oauth:grant-type:jwt-bearer'],
+      id_token_signing_alg_values_supported: ['ES256', 'RS256'],
+      logo_uri: 'https://www.umu.se/img/umu-logo-left-neg-SE.svg',
+      op_policy_uri: 'https://www.umu.se/en/legal-information/',
+      response_types_supported: ['code', 'code id_token', 'token'],
+      subject_types_supported: ['pairwise', 'public'],
+      token_endpoint: 'https://op.umu.se/openid/token',
+      federation_registration_endpoint: 'https://op.umu.se/openid/fedreg',
+      token_endpoint_auth_methods_supported: [
+        'client_secret_post',
+        'client_secret_basic',
+        'client_secret_jwt',
+        'private_key_jwt',
+      ],
+      pushed_authorization_request_endpoint: 'https://op.umu.se/openid/par',
+      request_authentication_methods_supported: {
+        authorization_endpoint: ['request_object'],
+        pushed_authorization_request_endpoint: [
+          'request_object',
+          'private_key_jwt',
+          'tls_client_auth',
+          'self_signed_tls_client_auth',
+        ],
+      },
+    },
+  },
+  authority_hints: ['https://umu.se'],
+  jwks: {
+    keys: [
+      {
+        e: 'AQAB',
+        kid: 'dEEtRjlzY3djcENuT01wOGxrZlkxb3RIQVJlMTY0...',
+        kty: 'RSA',
+        n: 'x97YKqc9Cs-DNtFrQ7_vhXoH9bwkDWW6En2jJ044yH...',
+      },
+    ],
+  },
+}