feat: dart auth provider tests

.gitignore

@@ -40,4 +40,11 @@ testem.log
 Thumbs.db
 
 .nx
-.vscode
+.vscode
+
+# Created by `dart pub`
+.dart_tool/
+
+# env files
+.env*
+!.env.example

packages/dart/auth_provider/lib/src/auth_provider.dart

@@ -1,5 +1,6 @@
 import 'dart:convert';
 
+import 'package:affinidi_tdk_auth_provider/src/iam_client.dart';
 import 'package:dart_jsonwebtoken/dart_jsonwebtoken.dart';
 import 'package:affinidi_tdk_auth_provider/src/jwt_helper.dart';
 import 'package:affinidi_tdk_common/affinidi_tdk_common.dart';
@@ -40,7 +41,9 @@ class AuthProvider {
     if (projectScopedToken == null) {
       return true;
     }
-    publicKey ??= await JWTHelper.fetchPublicKey(apiGatewayUrl);
+
+    IamClient iamClient = IamClient(apiGatewayUrl: apiGatewayUrl);
+    publicKey ??= await JWTHelper.fetchPublicKey(iamClient);
     try {
       JWT.verify(projectScopedToken!, publicKey!);
       return false;
@@ -126,7 +129,7 @@ class AuthProvider {
         additionalPayload: {
           'project_id': projectId,
           'iota_configuration_id': iotaConfigId,
-          'iota_session_id': iotaSessionId,
+          'iota_session_id': sessionId,
           'scope': 'iota_channel',
         },
       ),

packages/dart/auth_provider/lib/src/iam_client.dart

@@ -0,0 +1,24 @@
+import 'dart:convert';
+import 'package:http/http.dart' as http;
+
+class IamClient {
+  IamClient({required String apiGatewayUrl, http.Client? httpClient})
+      : _httpClient = httpClient ?? http.Client(),
+        _apiGatewayUrl = apiGatewayUrl;
+
+  final http.Client _httpClient;
+  final String _apiGatewayUrl;
+
+  Future<dynamic> getPublicKeyJWKS() async {
+    final response = await _httpClient.get(
+      Uri.parse('$_apiGatewayUrl/iam/.well-known/jwks.json'),
+      headers: {'Content-Type': 'application/json'},
+    );
+
+    if (response.statusCode != 200) {
+      throw Exception('Failed to fetch public key');
+    }
+
+    return jsonDecode(response.body);
+  }
+}

packages/dart/auth_provider/lib/src/jwt_helper.dart

@@ -1,6 +1,6 @@
+import 'package:affinidi_tdk_auth_provider/src/iam_client.dart';
 import 'package:dart_jsonwebtoken/dart_jsonwebtoken.dart';
 import 'package:uuid/uuid.dart';
-import 'package:http/http.dart' as http;
 import 'dart:convert';
 import 'package:pointycastle/export.dart' as pce;
 import 'dart:typed_data';
@@ -41,17 +41,8 @@ class JWTHelper {
     return token;
   }
 
-  static Future<ECPublicKey> fetchPublicKey(String apiGatewayUrl) async {
-    final response = await http.get(
-      Uri.parse('$apiGatewayUrl/iam/.well-known/jwks.json'),
-      headers: {'Content-Type': 'application/json'},
-    );
-
-    if (response.statusCode != 200) {
-      throw Exception('Failed to fetch public key');
-    }
-
-    final data = jsonDecode(response.body);
+  static Future<ECPublicKey> fetchPublicKey(IamClient iamClient) async {
+    final data = await iamClient.getPublicKeyJWKS();
 
     if (data['keys'] == null || data['keys'].isEmpty) {
       throw Exception('No keys found in JWKS');

packages/dart/auth_provider/pubspec.yaml

@@ -19,3 +19,5 @@ dev_dependencies:
   lints: ^5.0.0
   test: ^1.24.0
   dotenv: ^4.2.0
+  mocktail: ^1.0.4
+  path: ^1.9.1

packages/dart/auth_provider/test/auth_provider_test.dart

@@ -1,15 +1,73 @@
+import 'dart:io';
+import 'package:path/path.dart' as path;
 import 'package:test/test.dart';
+import 'package:dart_jsonwebtoken/dart_jsonwebtoken.dart';
+import 'package:affinidi_tdk_auth_provider/affinidi_tdk_auth_provider.dart';
 
 void main() {
-  group('A group of tests', () {
-    // final awesome = Awesome();
+  group('Auth Provider Tests', () {
+    final mockProjectId = 'test-project-id';
+    final mockTokenId = 'test-token-id';
+    late AuthProvider authProvider;
 
     setUp(() {
-      // Additional setup goes here.
+      final testDir = Directory.current.path;
+      final keyOpensslRSA2048 =
+          File(path.join(testDir, 'test', 'pem', 'openssl-rsa2048.pem'))
+              .readAsStringSync();
+      authProvider = AuthProvider(
+          projectId: mockProjectId,
+          tokenId: mockTokenId,
+          privateKey: keyOpensslRSA2048);
     });
 
-    test('First Test', () {
-      // expect(awesome.isAwesome, isTrue);
+    test('createIotaToken returns valid token and session', () {
+      final iotaConfigId = 'test-iota-config';
+      final did = 'did:test:123';
+      final sessionId = 'test-session';
+
+      final result = authProvider.createIotaToken(
+          iotaConfigId: iotaConfigId, did: did, iotaSessionId: sessionId);
+
+      expect(result.iotaSessionId, equals(sessionId));
+      expect(result.iotaJwt, isNotEmpty);
+
+      final jwt = JWT.decode(result.iotaJwt);
+      expect(jwt.payload['aud'], equals(did));
+      expect(jwt.payload['iss'], equals('token/$mockTokenId'));
+      expect(jwt.payload['sub'], equals('token/$mockTokenId'));
+      expect(jwt.payload['jti'], isNotEmpty);
+      expect(jwt.payload['iat'], isA<int>());
+      expect(jwt.payload['exp'], isA<int>());
+      expect(jwt.payload['exp'] - jwt.payload['iat'], equals(5 * 60));
+      expect(jwt.payload['project_id'], equals(mockProjectId));
+      expect(jwt.payload['iota_configuration_id'], equals(iotaConfigId));
+      expect(jwt.payload['iota_session_id'], equals(sessionId));
+      expect(jwt.payload['scope'], equals('iota_channel'));
+    });
+
+    test('createIotaToken generates session ID if not provided', () {
+      final iotaConfigId = 'test-iota-config';
+      final did = 'did:test:123';
+
+      final result =
+          authProvider.createIotaToken(iotaConfigId: iotaConfigId, did: did);
+
+      expect(result.iotaSessionId, isNotEmpty);
+      expect(result.iotaJwt, isNotEmpty);
+
+      final jwt = JWT.decode(result.iotaJwt);
+      expect(jwt.payload['aud'], equals(did));
+      expect(jwt.payload['iss'], equals('token/$mockTokenId'));
+      expect(jwt.payload['sub'], equals('token/$mockTokenId'));
+      expect(jwt.payload['jti'], isNotEmpty);
+      expect(jwt.payload['iat'], isA<int>());
+      expect(jwt.payload['exp'], isA<int>());
+      expect(jwt.payload['exp'] - jwt.payload['iat'], equals(5 * 60));
+      expect(jwt.payload['project_id'], equals(mockProjectId));
+      expect(jwt.payload['iota_configuration_id'], equals(iotaConfigId));
+      expect(jwt.payload['iota_session_id'], equals(result.iotaSessionId));
+      expect(jwt.payload['scope'], equals('iota_channel'));
     });
   });
 }