fix(oidc): assert openid configuration

TODO.md

@@ -1,9 +1,16 @@
 # TODO
 
 - [ ] better OIDC support
-- [ ] better support of `profile` `openid` `email` `roles` scopes
+    - [ ] better support of `profile` `openid` `email` `roles` scopes
+    - [ ] support of custom id_token claims mapping/binding
+        - example for Vikunja: `vikunja_teams` or `vikunja_groups` attribute
+        - being able to say :
+            - For this client, I want to add this claim
+            - with the key X
+            - and the value taken from an expression
+            - eg "json_array(user.groups)"
 
-- [ ] i18n strings in the http website.
+- [ ] i18n strings in the HTTP website.
 
 - [ ] Instance customization support
 

tests/hurl_integration/oidc_core/main.hurl

@@ -1,3 +1,21 @@
+# Assert working manifest endpoints
+GET {{ base_url }}/.well-known/openid-configuration
+HTTP 200
+Content-Type: application/json
+[Asserts]
+jsonpath "$.issuer" exists
+jsonpath "$.jwks_uri" exists
+jsonpath "$.id_token_signing_alg_values_supported[0]" == "RS256"
+
+GET {{ base_url }}/.well-known/jwks
+HTTP 200
+Content-Type: application/json
+[Asserts]
+jsonpath "$.keys" exists
+jsonpath "$.keys[0].n" exists # modulus
+jsonpath "$.keys[0].e" exists # exponent
+
+# Login to get user session
 POST {{ base_url }}/login
 [FormParams]
 login: john.doe
@@ -18,7 +36,7 @@ HTTP 302
 [Captures]
 authorization_code: header "Location" regex "\\?code=(.*)&"
 
-# OIDC Token exchange
+# OIDC Token exchange (from the standpoint of the OIDC client)
 POST {{ base_url }}/api/token
 [BasicAuth]
 00000001-0000-0000-0000-000000000001: dummy_client_secret
@@ -39,3 +57,4 @@ id_token: jsonpath "$.id_token"
 # TODO: assert id_token JWT claims fields
 # TODO: contribute to hurl to add JWT extraction and assertion
 # See. https://github.com/Orange-OpenSource/hurl/issues/2223
+