Skip to content

add support for ES algorithms #118

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Mar 18, 2024
Merged

add support for ES algorithms #118

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
e203dda
add support for ES algorithms
swaeberle Dec 1, 2023
ed3e408
handle ES algorithms like RS algorithms
swaeberle Dec 5, 2023
867a1c7
add tests for ES algorithms
swaeberle Dec 6, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions src/ngx_http_auth_jwt_module.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -337,7 +337,7 @@ static ngx_int_t handle_request(ngx_http_request_t *r)
return redirect(r, jwtcf);
}
}
else if (algorithm.len == 5 && ngx_strncmp(algorithm.data, "RS", 2) == 0)
else if (algorithm.len == 5 && (ngx_strncmp(algorithm.data, "RS", 2) == 0 || ngx_strncmp(algorithm.data, "ES", 2) == 0))
{
if (jwtcf->use_keyfile == 1)
{
Expand Down Expand Up @@ -394,7 +394,7 @@ static int validate_alg(auth_jwt_conf_t *jwtcf, jwt_t *jwt)
{
const jwt_alg_t alg = jwt_get_alg(jwt);

if (alg != JWT_ALG_HS256 && alg != JWT_ALG_HS384 && alg != JWT_ALG_HS512 && alg != JWT_ALG_RS256 && alg != JWT_ALG_RS384 && alg != JWT_ALG_RS512)
if (alg != JWT_ALG_HS256 && alg != JWT_ALG_HS384 && alg != JWT_ALG_HS512 && alg != JWT_ALG_RS256 && alg != JWT_ALG_RS384 && alg != JWT_ALG_RS512 && alg != JWT_ALG_ES256 && alg != JWT_ALG_ES384 && alg != JWT_ALG_ES512)
{
return 1;
}
Expand Down Expand Up @@ -633,7 +633,7 @@ static char *get_jwt(ngx_http_request_t *r, ngx_str_t jwt_location)
if (ngx_strncmp(jwtHeaderVal->value.data, BEARER_PREFIX, strlen(BEARER_PREFIX)) == 0)
{
ngx_str_t jwtHeaderValWithoutBearer = jwtHeaderVal->value;

jwtHeaderValWithoutBearer.data += strlen(BEARER_PREFIX);
jwtHeaderValWithoutBearer.len -= strlen(BEARER_PREFIX);

Expand Down
3 changes: 3 additions & 0 deletions test/Dockerfile-test-nginx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,4 +9,7 @@ RUN echo "Config Hash: ${CONFIG_HASH}"
COPY /docker-entrypoint.d/* /docker-entrypoint.d/
COPY /etc/nginx/conf.d/test.conf /etc/nginx/conf.d/test.conf
COPY /etc/nginx/rsa_key_2048-pub.pem /etc/nginx/rsa-key.conf
COPY /etc/nginx/ec_key_256-pub.pem /etc/nginx/ec-256-key.conf
COPY /etc/nginx/ec_key_384-pub.pem /etc/nginx/ec-384-key.conf
COPY /etc/nginx/ec_key_521-pub.pem /etc/nginx/ec-521-key.conf
RUN sed -i "s|%{PORT}|${PORT}|" /etc/nginx/conf.d/test.conf
5 changes: 5 additions & 0 deletions test/ec_key_256.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgOlEBGcZxxhv8FkN0
YIvax6fnhJbMeotzIEBxIglkNu6hRANCAATP1NpDzvZmKd2Mw6hIrv4nzUfNu7OK
mT5VuL5LhvUgzTqVGuxwevA7DlFsNVSfCljIBG3geio3fcd4k0Z9SygL
-----END PRIVATE KEY-----
6 changes: 6 additions & 0 deletions test/ec_key_384.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
-----BEGIN PRIVATE KEY-----
MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDADyrL6llSQoQOZ/PF/
l761kAbrTwn4vu30Kr34ScW6bRKVXLq3cT3QssJ1nF9B63qhZANiAAQ48dOfIEd3
0TCVE0JT4ZU0Db7Ftz+ex7lojP7uqTY9OI59yoMB01zUN4JK30BRXS9Yv0A9Bu1z
fgLu93FSn0kd0zIPMvuu5LUt60M/miSt2lA0OrqFhKjx6FFdN/lNh64=
-----END PRIVATE KEY-----
8 changes: 8 additions & 0 deletions test/ec_key_521.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
-----BEGIN PRIVATE KEY-----
MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIAKkag6aVn4XAbaALo
0b3pypdP5RBX7uKxHmKlkNCcpA0oVTdgjnM5NpJP8ZOM6NjVhEzsn6c/Tdn8hL8w
SI55hFWhgYkDgYYABABpTipSvbs8fq44u4fA+v7DTNYViA58sqbrxjxdzwWZ8eEj
CXsH7yzSGx3Y19NSyrX8HbjWmrj5uxiKeFCB8mGzTwDcFIKCMeMkHjZs/fmVOumR
a2XSpj7BP6wqcN6Pf+UqECivGAZGRHoabo/dm5zF9M3gO+G9eOrf3G1wgFFM7Vzb
Ow==
-----END PRIVATE KEY-----
123 changes: 123 additions & 0 deletions test/etc/nginx/conf.d/test.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,51 @@ server {
try_files index.html =404;
}

location /secure/cookie/es256 {
auth_jwt_enabled on;
auth_jwt_redirect on;
auth_jwt_location COOKIE=jwt;
auth_jwt_algorithm ES256;
auth_jwt_key "-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEz9TaQ872ZindjMOoSK7+J81Hzbuz
ipk+Vbi+S4b1IM06lRrscHrwOw5RbDVUnwpYyARt4HoqN33HeJNGfUsoCw==
-----END PUBLIC KEY-----";

alias /usr/share/nginx/html/;
try_files index.html =404;
}

location /secure/cookie/es384 {
auth_jwt_enabled on;
auth_jwt_redirect on;
auth_jwt_location COOKIE=jwt;
auth_jwt_algorithm ES384;
auth_jwt_key "-----BEGIN PUBLIC KEY-----
MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEOPHTnyBHd9EwlRNCU+GVNA2+xbc/nse5
aIz+7qk2PTiOfcqDAdNc1DeCSt9AUV0vWL9APQbtc34C7vdxUp9JHdMyDzL7ruS1
LetDP5okrdpQNDq6hYSo8ehRXTf5TYeu
-----END PUBLIC KEY-----";

alias /usr/share/nginx/html/;
try_files index.html =404;
}

location /secure/cookie/es512 {
auth_jwt_enabled on;
auth_jwt_redirect on;
auth_jwt_location COOKIE=jwt;
auth_jwt_algorithm ES512;
auth_jwt_key "-----BEGIN PUBLIC KEY-----
MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAaU4qUr27PH6uOLuHwPr+w0zWFYgO
fLKm68Y8Xc8FmfHhIwl7B+8s0hsd2NfTUsq1/B241pq4+bsYinhQgfJhs08A3BSC
gjHjJB42bP35lTrpkWtl0qY+wT+sKnDej3/lKhAorxgGRkR6Gm6P3ZucxfTN4Dvh
vXjq39xtcIBRTO1c2zs=
-----END PUBLIC KEY-----";

alias /usr/share/nginx/html/;
try_files index.html =404;
}

location /secure/auth-header/default {
auth_jwt_enabled on;
auth_jwt_redirect on;
Expand Down Expand Up @@ -119,6 +164,48 @@ BwIDAQAB
try_files index.html =404;
}

location /secure/auth-header/es256 {
auth_jwt_enabled on;
auth_jwt_redirect on;
auth_jwt_location HEADER=Authorization;
auth_jwt_key "-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEz9TaQ872ZindjMOoSK7+J81Hzbuz
ipk+Vbi+S4b1IM06lRrscHrwOw5RbDVUnwpYyARt4HoqN33HeJNGfUsoCw==
-----END PUBLIC KEY-----";

alias /usr/share/nginx/html/;
try_files index.html =404;
}

location /secure/auth-header/es384 {
auth_jwt_enabled on;
auth_jwt_redirect on;
auth_jwt_location HEADER=Authorization;
auth_jwt_key "-----BEGIN PUBLIC KEY-----
MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEOPHTnyBHd9EwlRNCU+GVNA2+xbc/nse5
aIz+7qk2PTiOfcqDAdNc1DeCSt9AUV0vWL9APQbtc34C7vdxUp9JHdMyDzL7ruS1
LetDP5okrdpQNDq6hYSo8ehRXTf5TYeu
-----END PUBLIC KEY-----";

alias /usr/share/nginx/html/;
try_files index.html =404;
}

location /secure/auth-header/es512 {
auth_jwt_enabled on;
auth_jwt_redirect on;
auth_jwt_location HEADER=Authorization;
auth_jwt_key "-----BEGIN PUBLIC KEY-----
MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAaU4qUr27PH6uOLuHwPr+w0zWFYgO
fLKm68Y8Xc8FmfHhIwl7B+8s0hsd2NfTUsq1/B241pq4+bsYinhQgfJhs08A3BSC
gjHjJB42bP35lTrpkWtl0qY+wT+sKnDej3/lKhAorxgGRkR6Gm6P3ZucxfTN4Dvh
vXjq39xtcIBRTO1c2zs=
-----END PUBLIC KEY-----";

alias /usr/share/nginx/html/;
try_files index.html =404;
}

location /secure/auth-header/rs256/file {
auth_jwt_enabled on;
auth_jwt_redirect on;
Expand Down Expand Up @@ -155,6 +242,42 @@ BwIDAQAB
try_files index.html =404;
}

location /secure/auth-header/es256/file {
auth_jwt_enabled on;
auth_jwt_redirect on;
auth_jwt_location HEADER=Authorization;
auth_jwt_algorithm ES256;
auth_jwt_use_keyfile on;
auth_jwt_keyfile_path "/etc/nginx/ec-256-key.conf";

alias /usr/share/nginx/html/;
try_files index.html =404;
}

location /secure/auth-header/es384/file {
auth_jwt_enabled on;
auth_jwt_redirect on;
auth_jwt_location HEADER=Authorization;
auth_jwt_algorithm ES384;
auth_jwt_use_keyfile on;
auth_jwt_keyfile_path "/etc/nginx/ec-384-key.conf";

alias /usr/share/nginx/html/;
try_files index.html =404;
}

location /secure/auth-header/es512/file {
auth_jwt_enabled on;
auth_jwt_redirect on;
auth_jwt_location HEADER=Authorization;
auth_jwt_algorithm ES512;
auth_jwt_use_keyfile on;
auth_jwt_keyfile_path "/etc/nginx/ec-521-key.conf";

alias /usr/share/nginx/html/;
try_files index.html =404;
}

location /secure/custom-header/hs256 {
auth_jwt_enabled on;
auth_jwt_redirect on;
Expand Down
4 changes: 4 additions & 0 deletions test/etc/nginx/ec_key_256-pub.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEz9TaQ872ZindjMOoSK7+J81Hzbuz
ipk+Vbi+S4b1IM06lRrscHrwOw5RbDVUnwpYyARt4HoqN33HeJNGfUsoCw==
-----END PUBLIC KEY-----
5 changes: 5 additions & 0 deletions test/etc/nginx/ec_key_384-pub.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
-----BEGIN PUBLIC KEY-----
MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEOPHTnyBHd9EwlRNCU+GVNA2+xbc/nse5
aIz+7qk2PTiOfcqDAdNc1DeCSt9AUV0vWL9APQbtc34C7vdxUp9JHdMyDzL7ruS1
LetDP5okrdpQNDq6hYSo8ehRXTf5TYeu
-----END PUBLIC KEY-----
6 changes: 6 additions & 0 deletions test/etc/nginx/ec_key_521-pub.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
-----BEGIN PUBLIC KEY-----
MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAaU4qUr27PH6uOLuHwPr+w0zWFYgO
fLKm68Y8Xc8FmfHhIwl7B+8s0hsd2NfTUsq1/B241pq4+bsYinhQgfJhs08A3BSC
gjHjJB42bP35lTrpkWtl0qY+wT+sKnDej3/lKhAorxgGRkR6Gm6P3ZucxfTN4Dvh
vXjq39xtcIBRTO1c2zs=
-----END PUBLIC KEY-----
39 changes: 39 additions & 0 deletions test/test.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,10 @@ main() {
local JWT_RS256_INVALID=eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJzb21lLWxvbmctdXVpZCIsImZpcnN0TmFtZSI6ImhlbGxvIiwibGFzdE5hbWUiOiJ3b3JsZCIsImVtYWlsQWRkcmVzcyI6ImhlbGxvd29ybGRAZXhhbXBsZS5jb20iLCJyb2xlcyI6WyJ0aGlzIiwidGhhdCIsInRoZW90aGVyIl0sImlzcyI6Imlzc3VlciIsInBlcnNvbklkIjoiNzViYjNjYzctYjkzMy00NGYwLTkzYzYtMTQ3YjA4MmZhZGI1IiwiZXhwIjoxOTA4ODM1MjAwLCJpYXQiOjE0ODg4MTk2MDAsInVzZXJuYW1lIjoiaGVsbG8ud29ybGQifQ._aQmIBL4CVBxU1fNMOHp0kkagFaaX2TvAEenizytwd0
local JWT_RS384_VALID=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzM4NCJ9.eyJzdWIiOiJzb21lLWxvbmctdXVpZCIsImZpcnN0TmFtZSI6ImhlbGxvIiwibGFzdE5hbWUiOiJ3b3JsZCIsImVtYWlsQWRkcmVzcyI6ImhlbGxvd29ybGRAZXhhbXBsZS5jb20iLCJyb2xlcyI6WyJ0aGlzIiwidGhhdCIsInRoZW90aGVyIl0sImlzcyI6Imlzc3VlciIsInBlcnNvbklkIjoiNzViYjNjYzctYjkzMy00NGYwLTkzYzYtMTQ3YjA4MmZhZGI1IiwiZXhwIjoxOTA4ODM1MjAwLCJpYXQiOjE0ODg4MTk2MDAsInVzZXJuYW1lIjoiaGVsbG8ud29ybGQifQ.H35bTcZRhepWIoa8pKCbUMRuAOkVX9K5hJjc6tPmQwWmTw8lrktsvmMzJg_rgqnJLnAkciSIQw5EDj7fngS5zX2ThyRxrkPuE2Uiyw2Ect-mo9Kg1lrWgnyZCuCgq-Up9HQRAv0160mePlm8Gs4TOY6CPr38zwTcDZsy_Keq93igDQV8WuuWAGICaGd5ZyUOPjjzGShRjTU8Szz7fnpZpTtYRCYVo0pc5yfRWYm0fdn-4AseyGvd8JJ2xfnAEe4kZOkz7X1MLKtL0slKg3m2PH1lD7HwxIawXRTPWxArhJ9dcTNiDUrqtde2juGwOuMD_zTsb2Jj0_rmRb0Q6aljNw
local JWT_RS512_VALID=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJzb21lLWxvbmctdXVpZCIsImZpcnN0TmFtZSI6ImhlbGxvIiwibGFzdE5hbWUiOiJ3b3JsZCIsImVtYWlsQWRkcmVzcyI6ImhlbGxvd29ybGRAZXhhbXBsZS5jb20iLCJyb2xlcyI6WyJ0aGlzIiwidGhhdCIsInRoZW90aGVyIl0sImlzcyI6Imlzc3VlciIsInBlcnNvbklkIjoiNzViYjNjYzctYjkzMy00NGYwLTkzYzYtMTQ3YjA4MmZhZGI1IiwiZXhwIjoxOTA4ODM1MjAwLCJpYXQiOjE0ODg4MTk2MDAsInVzZXJuYW1lIjoiaGVsbG8ud29ybGQifQ.iUupyKypfXJ5aZWfItSW-mOmx9a4C4X7Yr5p5Fk8W75ZhkOq0EeNfstTxx870brhkdPovBhO2LYI44_HoH9XicQNL6JnFprE0r61eJFngbuzlhRQiWpq0xYrazJWc9zB7_GgL2ZCwtw-Ts3G23Q0632wVm6-d7MKvG7RS8aEjN-MuVGdtLglH3forpItmFxw-if40EQsBL7hncN_XNcQTO4KPHkqmlpac_oKXRrLFDIIt2tB6OOpvY4QcpERoxexp4pi2f-JoINnWX_dU5JnIs3ypVJLQPfoJvxg8fsg3zYrOvMYnfsqOCYoHtZGK0O7jyfFmcGo5v2hLT-CpoF3Zw
local JWT_ES256_VALID=eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiJzb21lLWxvbmctdXVpZCIsImZpcnN0TmFtZSI6ImhlbGxvIiwibGFzdE5hbWUiOiJ3b3JsZCIsImVtYWlsQWRkcmVzcyI6ImhlbGxvd29ybGRAZXhhbXBsZS5jb20iLCJyb2xlcyI6WyJ0aGlzIiwidGhhdCIsInRoZW90aGVyIl0sImlzcyI6Imlzc3VlciIsInBlcnNvbklkIjoiNzViYjNjYzctYjkzMy00NGYwLTkzYzYtMTQ3YjA4MmZhZGI1IiwiZXhwIjoxOTA4ODM1MjAwLCJpYXQiOjE0ODg4MTk2MDAsInVzZXJuYW1lIjoiaGVsbG8ud29ybGQifQ.WFfJXGr5whKHB7arjsTXPTJ6TAsS1LoRxu7Vj2_HrLaIQphWJM6BICf-M3cv52tFzt-XTZb6GxlDgAbHo8z9Zg
local JWT_ES256_INVALID=eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJzb21lLWxvbmctdXVpZCIsImZpcnN0TmFtZSI6ImhlbGxvIiwibGFzdE5hbWUiOiJ3b3JsZCIsImVtYWlsQWRkcmVzcyI6ImhlbGxvd29ybGRAZXhhbXBsZS5jb20iLCJyb2xlcyI6WyJ0aGlzIiwidGhhdCIsInRoZW90aGVyIl0sImlzcyI6Imlzc3VlciIsInBlcnNvbklkIjoiNzViYjNjYzctYjkzMy00NGYwLTkzYzYtMTQ3YjA4MmZhZGI1IiwiZXhwIjoxOTA4ODM1MjAwLCJpYXQiOjE0ODg4MTk2MDAsInVzZXJuYW1lIjoiaGVsbG8ud29ybGQifQ._aQmIBL4CVBxU1fNMOHp0kkagFaaX2TvAEenizytwd0
local JWT_ES384_VALID=eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzM4NCJ9.eyJzdWIiOiJzb21lLWxvbmctdXVpZCIsImZpcnN0TmFtZSI6ImhlbGxvIiwibGFzdE5hbWUiOiJ3b3JsZCIsImVtYWlsQWRkcmVzcyI6ImhlbGxvd29ybGRAZXhhbXBsZS5jb20iLCJyb2xlcyI6WyJ0aGlzIiwidGhhdCIsInRoZW90aGVyIl0sImlzcyI6Imlzc3VlciIsInBlcnNvbklkIjoiNzViYjNjYzctYjkzMy00NGYwLTkzYzYtMTQ3YjA4MmZhZGI1IiwiZXhwIjoxOTA4ODM1MjAwLCJpYXQiOjE0ODg4MTk2MDAsInVzZXJuYW1lIjoiaGVsbG8ud29ybGQifQ._EFxXYOTAfT3gB3xUfgGR2UyXHeRTlDWqA94oZbB0DDa7YPZTEX9T4C_0ylnOFKZ6irGHZA8vxjgXDH3DZKWwBWcZ-XaQ_Q4Ws2J-AEeLqcl7_CS6q9mFo0Y7vUNEn-W
local JWT_ES512_VALID=eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzUxMiJ9.eyJzdWIiOiJzb21lLWxvbmctdXVpZCIsImZpcnN0TmFtZSI6ImhlbGxvIiwibGFzdE5hbWUiOiJ3b3JsZCIsImVtYWlsQWRkcmVzcyI6ImhlbGxvd29ybGRAZXhhbXBsZS5jb20iLCJyb2xlcyI6WyJ0aGlzIiwidGhhdCIsInRoZW90aGVyIl0sImlzcyI6Imlzc3VlciIsInBlcnNvbklkIjoiNzViYjNjYzctYjkzMy00NGYwLTkzYzYtMTQ3YjA4MmZhZGI1IiwiZXhwIjoxOTA4ODM1MjAwLCJpYXQiOjE0ODg4MTk2MDAsInVzZXJuYW1lIjoiaGVsbG8ud29ybGQifQ.AFY4gNCtZNYkrTiijDkV4eKIt2UPMIuJBfZIk69jgI8FSGCQyUIMmIVg0fTvbaSiaryXzcjbG5TCm8a9Vu3KFJutAHGrgvZqcdklxx6Fbk3an3r_CH68n_ncwS3SUV58mDjf0OX8jRuNdudU1L5xYNQdodo-fxPIb1oHXfMJ0CmULDR9

run_test -n 'when auth disabled, should return 200' \
-p '/' \
Expand Down Expand Up @@ -173,6 +177,21 @@ main() {
-c '200' \
-x ' --cookie "jwt=${JWT_RS256_VALID}"'

run_test -n 'when auth enabled with ES256 algorithm and valid JWT cookie, returns 200' \
-p '/secure/cookie/es256' \
-c '200' \
-x ' --cookie "jwt=${JWT_ES256_VALID}"'

run_test -n 'when auth enabled with ES384 algorithm and valid JWT cookie, returns 200' \
-p '/secure/cookie/es384' \
-c '200' \
-x ' --cookie "jwt=${JWT_ES384_VALID}"'

run_test -n 'when auth enabled with ES512 algorithm and valid JWT cookie, returns 200' \
-p '/secure/cookie/es512' \
-c '200' \
-x ' --cookie "jwt=${JWT_ES512_VALID}"'

run_test -n 'when auth enabled with RS256 algorithm via file and valid JWT in Authorization header, returns 200' \
-p '/secure/auth-header/rs256/file' \
-c '200' \
Expand All @@ -193,6 +212,26 @@ main() {
-c '200' \
-x '--header "Authorization: Bearer ${JWT_RS256_VALID}"'

run_test -n 'when auth enabled with ES256 algorithm via file and valid JWT in Authorization header, returns 200' \
-p '/secure/auth-header/es256/file' \
-c '200' \
-x '--header "Authorization: Bearer ${JWT_ES256_VALID}"'

run_test -n 'when auth enabled with ES256 algorithm via file and invalid JWT in Authorization header, returns 401' \
-p '/secure/auth-header/es256/file' \
-c '302' \
-x '--header "Authorization: Bearer ${JWT_ES256_INVALID}"'

run_test -n 'when auth enabled with ES384 algorithm via file and valid JWT in Authorization header, returns 200' \
-p '/secure/auth-header/es384/file' \
-c '200' \
-x '--header "Authorization: Bearer ${JWT_ES384_VALID}"'

run_test -n 'when auth enabled with ES512 algorithm via file and valid JWT in Authorization header, returns 200' \
-p '/secure/auth-header/es512/file' \
-c '200' \
-x '--header "Authorization: Bearer ${JWT_ES512_VALID}"'

run_test -n 'when auth enabled with HS256 algorithm and valid JWT in custom header without bearer, returns 200' \
-p '/secure/custom-header/hs256/' \
-c '200' \
Expand Down