CLI app for developers prototyping atproto functionality
test(oauth-client): update snapshots for JWKS stage integration
Updates snapshots for discovery and metadata tests to include the new JWKS
validation stage results. The JWKS stage is now wired into the pipeline and
properly called after metadata validation.
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
+180
-20
+10
-1
tests/snapshots/oauth_client_discovery__https_404_produces_network_error.snap
+10
-1
tests/snapshots/oauth_client_discovery__https_404_produces_network_error.snap
···
1
1
---
2
2
source: tests/oauth_client_discovery.rs
3
+
assertion_line: 68
3
4
expression: rendered
4
5
---
5
6
Target: https://client.example.com/missing.json
···
28
29
[SKIP] `scope` field is present — blocked by oauth_client::discovery::metadata_document_fetchable
29
30
[SKIP] `scope` includes the `atproto` token — blocked by oauth_client::discovery::metadata_document_fetchable
30
31
[SKIP] `scope` parses against the atproto permission grammar — blocked by oauth_client::discovery::metadata_document_fetchable
32
+
== JWKS ==
33
+
[SKIP] JWKS is present — blocked by oauth_client::metadata::raw_document_deserializes
34
+
[SKIP] JWKS URI is fetchable — blocked by oauth_client::metadata::raw_document_deserializes
35
+
[SKIP] JWKS is valid JSON — blocked by oauth_client::metadata::raw_document_deserializes
36
+
[SKIP] Keys have unique kid values — blocked by oauth_client::metadata::raw_document_deserializes
37
+
[SKIP] Keys declare alg field — blocked by oauth_client::metadata::raw_document_deserializes
38
+
[SKIP] Keys use signing use — blocked by oauth_client::metadata::raw_document_deserializes
39
+
[SKIP] Algorithms are modern EC — blocked by oauth_client::metadata::raw_document_deserializes
31
40
32
-
Summary: 1 passed, 0 failed (spec), 1 network errors, 0 advisories, 16 skipped. Exit code: 2
41
+
Summary: 1 passed, 0 failed (spec), 1 network errors, 0 advisories, 23 skipped. Exit code: 2
+10
-2
tests/snapshots/oauth_client_discovery__https_confidential_happy_discovery.snap
+10
-2
tests/snapshots/oauth_client_discovery__https_confidential_happy_discovery.snap
···
1
1
---
2
2
source: tests/oauth_client_discovery.rs
3
-
assertion_line: 42
3
+
assertion_line: 44
4
4
expression: rendered
5
5
---
6
6
Target: https://client.example.com/metadata.json
···
25
25
[OK] `scope` field is present
26
26
[OK] `scope` includes the `atproto` token
27
27
[OK] `scope` parses against the atproto permission grammar
28
+
== JWKS ==
29
+
[OK] JWKS is present
30
+
[SKIP] JWKS URI is fetchable — jwks is inline
31
+
[OK] JWKS is valid JSON
32
+
[OK] Keys declare alg field
33
+
[OK] Keys use signing use
34
+
[OK] Algorithms are modern EC
35
+
[OK] Keys have unique kid values
28
36
29
-
Summary: 17 passed, 0 failed (spec), 0 network errors, 0 advisories, 0 skipped. Exit code: 0
37
+
Summary: 23 passed, 0 failed (spec), 0 network errors, 0 advisories, 1 skipped. Exit code: 0
+10
-1
tests/snapshots/oauth_client_discovery__https_not_json_produces_spec_violation.snap
+10
-1
tests/snapshots/oauth_client_discovery__https_not_json_produces_spec_violation.snap
···
1
1
---
2
2
source: tests/oauth_client_discovery.rs
3
+
assertion_line: 114
3
4
expression: rendered
4
5
---
5
6
Target: https://client.example.com/metadata.json
···
32
33
[SKIP] `scope` field is present — blocked by oauth_client::discovery::metadata_document_fetchable
33
34
[SKIP] `scope` includes the `atproto` token — blocked by oauth_client::discovery::metadata_document_fetchable
34
35
[SKIP] `scope` parses against the atproto permission grammar — blocked by oauth_client::discovery::metadata_document_fetchable
36
+
== JWKS ==
37
+
[SKIP] JWKS is present — blocked by oauth_client::metadata::raw_document_deserializes
38
+
[SKIP] JWKS URI is fetchable — blocked by oauth_client::metadata::raw_document_deserializes
39
+
[SKIP] JWKS is valid JSON — blocked by oauth_client::metadata::raw_document_deserializes
40
+
[SKIP] Keys have unique kid values — blocked by oauth_client::metadata::raw_document_deserializes
41
+
[SKIP] Keys declare alg field — blocked by oauth_client::metadata::raw_document_deserializes
42
+
[SKIP] Keys use signing use — blocked by oauth_client::metadata::raw_document_deserializes
43
+
[SKIP] Algorithms are modern EC — blocked by oauth_client::metadata::raw_document_deserializes
35
44
36
-
Summary: 2 passed, 1 failed (spec), 0 network errors, 0 advisories, 15 skipped. Exit code: 1
45
+
Summary: 2 passed, 1 failed (spec), 0 network errors, 0 advisories, 22 skipped. Exit code: 1
+10
-1
tests/snapshots/oauth_client_discovery__https_not_json_with_content_type_produces_spec_violation_with_ct.snap
+10
-1
tests/snapshots/oauth_client_discovery__https_not_json_with_content_type_produces_spec_violation_with_ct.snap
···
1
1
---
2
2
source: tests/oauth_client_discovery.rs
3
+
assertion_line: 141
3
4
expression: rendered
4
5
---
5
6
Target: https://client.example.com/metadata.json
···
32
33
[SKIP] `scope` field is present — blocked by oauth_client::discovery::metadata_document_fetchable
33
34
[SKIP] `scope` includes the `atproto` token — blocked by oauth_client::discovery::metadata_document_fetchable
34
35
[SKIP] `scope` parses against the atproto permission grammar — blocked by oauth_client::discovery::metadata_document_fetchable
36
+
== JWKS ==
37
+
[SKIP] JWKS is present — blocked by oauth_client::metadata::raw_document_deserializes
38
+
[SKIP] JWKS URI is fetchable — blocked by oauth_client::metadata::raw_document_deserializes
39
+
[SKIP] JWKS is valid JSON — blocked by oauth_client::metadata::raw_document_deserializes
40
+
[SKIP] Keys have unique kid values — blocked by oauth_client::metadata::raw_document_deserializes
41
+
[SKIP] Keys declare alg field — blocked by oauth_client::metadata::raw_document_deserializes
42
+
[SKIP] Keys use signing use — blocked by oauth_client::metadata::raw_document_deserializes
43
+
[SKIP] Algorithms are modern EC — blocked by oauth_client::metadata::raw_document_deserializes
35
44
36
-
Summary: 2 passed, 1 failed (spec), 0 network errors, 0 advisories, 15 skipped. Exit code: 1
45
+
Summary: 2 passed, 1 failed (spec), 0 network errors, 0 advisories, 22 skipped. Exit code: 1
+10
-1
tests/snapshots/oauth_client_discovery__https_unreachable_produces_network_error.snap
+10
-1
tests/snapshots/oauth_client_discovery__https_unreachable_produces_network_error.snap
···
1
1
---
2
2
source: tests/oauth_client_discovery.rs
3
+
assertion_line: 89
3
4
expression: rendered
4
5
---
5
6
Target: https://client.example.com/metadata.json
···
28
29
[SKIP] `scope` field is present — blocked by oauth_client::discovery::metadata_document_fetchable
29
30
[SKIP] `scope` includes the `atproto` token — blocked by oauth_client::discovery::metadata_document_fetchable
30
31
[SKIP] `scope` parses against the atproto permission grammar — blocked by oauth_client::discovery::metadata_document_fetchable
32
+
== JWKS ==
33
+
[SKIP] JWKS is present — blocked by oauth_client::metadata::raw_document_deserializes
34
+
[SKIP] JWKS URI is fetchable — blocked by oauth_client::metadata::raw_document_deserializes
35
+
[SKIP] JWKS is valid JSON — blocked by oauth_client::metadata::raw_document_deserializes
36
+
[SKIP] Keys have unique kid values — blocked by oauth_client::metadata::raw_document_deserializes
37
+
[SKIP] Keys declare alg field — blocked by oauth_client::metadata::raw_document_deserializes
38
+
[SKIP] Keys use signing use — blocked by oauth_client::metadata::raw_document_deserializes
39
+
[SKIP] Algorithms are modern EC — blocked by oauth_client::metadata::raw_document_deserializes
31
40
32
-
Summary: 1 passed, 0 failed (spec), 1 network errors, 0 advisories, 16 skipped. Exit code: 2
41
+
Summary: 1 passed, 0 failed (spec), 1 network errors, 0 advisories, 23 skipped. Exit code: 2
+10
-1
tests/snapshots/oauth_client_discovery__loopback_127_0_0_1.snap
+10
-1
tests/snapshots/oauth_client_discovery__loopback_127_0_0_1.snap
···
1
1
---
2
2
source: tests/oauth_client_discovery.rs
3
+
assertion_line: 198
3
4
expression: rendered
4
5
---
5
6
Target: http://127.0.0.1:3000/
···
25
26
[SKIP] `scope` field is present — metadata is implicit for loopback clients
26
27
[SKIP] `scope` includes the `atproto` token — metadata is implicit for loopback clients
27
28
[SKIP] `scope` parses against the atproto permission grammar — metadata is implicit for loopback clients
29
+
== JWKS ==
30
+
[SKIP] JWKS is present — jwks not applicable to loopback clients
31
+
[SKIP] JWKS URI is fetchable — jwks not applicable to loopback clients
32
+
[SKIP] JWKS is valid JSON — jwks not applicable to loopback clients
33
+
[SKIP] Keys have unique kid values — jwks not applicable to loopback clients
34
+
[SKIP] Keys declare alg field — jwks not applicable to loopback clients
35
+
[SKIP] Keys use signing use — jwks not applicable to loopback clients
36
+
[SKIP] Algorithms are modern EC — jwks not applicable to loopback clients
28
37
29
-
Summary: 1 passed, 0 failed (spec), 0 network errors, 0 advisories, 17 skipped. Exit code: 0
38
+
Summary: 1 passed, 0 failed (spec), 0 network errors, 0 advisories, 24 skipped. Exit code: 0
+10
-1
tests/snapshots/oauth_client_discovery__loopback_root_produces_skip_rows.snap
+10
-1
tests/snapshots/oauth_client_discovery__loopback_root_produces_skip_rows.snap
···
1
1
---
2
2
source: tests/oauth_client_discovery.rs
3
+
assertion_line: 160
3
4
expression: rendered
4
5
---
5
6
Target: http://localhost/
···
25
26
[SKIP] `scope` field is present — metadata is implicit for loopback clients
26
27
[SKIP] `scope` includes the `atproto` token — metadata is implicit for loopback clients
27
28
[SKIP] `scope` parses against the atproto permission grammar — metadata is implicit for loopback clients
29
+
== JWKS ==
30
+
[SKIP] JWKS is present — jwks not applicable to loopback clients
31
+
[SKIP] JWKS URI is fetchable — jwks not applicable to loopback clients
32
+
[SKIP] JWKS is valid JSON — jwks not applicable to loopback clients
33
+
[SKIP] Keys have unique kid values — jwks not applicable to loopback clients
34
+
[SKIP] Keys declare alg field — jwks not applicable to loopback clients
35
+
[SKIP] Keys use signing use — jwks not applicable to loopback clients
36
+
[SKIP] Algorithms are modern EC — jwks not applicable to loopback clients
28
37
29
-
Summary: 1 passed, 0 failed (spec), 0 network errors, 0 advisories, 17 skipped. Exit code: 0
38
+
Summary: 1 passed, 0 failed (spec), 0 network errors, 0 advisories, 24 skipped. Exit code: 0
+10
-1
tests/snapshots/oauth_client_discovery__loopback_with_port_produces_same_skip_rows.snap
+10
-1
tests/snapshots/oauth_client_discovery__loopback_with_port_produces_same_skip_rows.snap
···
1
1
---
2
2
source: tests/oauth_client_discovery.rs
3
+
assertion_line: 179
3
4
expression: rendered
4
5
---
5
6
Target: http://localhost:8080/client.json
···
25
26
[SKIP] `scope` field is present — metadata is implicit for loopback clients
26
27
[SKIP] `scope` includes the `atproto` token — metadata is implicit for loopback clients
27
28
[SKIP] `scope` parses against the atproto permission grammar — metadata is implicit for loopback clients
29
+
== JWKS ==
30
+
[SKIP] JWKS is present — jwks not applicable to loopback clients
31
+
[SKIP] JWKS URI is fetchable — jwks not applicable to loopback clients
32
+
[SKIP] JWKS is valid JSON — jwks not applicable to loopback clients
33
+
[SKIP] Keys have unique kid values — jwks not applicable to loopback clients
34
+
[SKIP] Keys declare alg field — jwks not applicable to loopback clients
35
+
[SKIP] Keys use signing use — jwks not applicable to loopback clients
36
+
[SKIP] Algorithms are modern EC — jwks not applicable to loopback clients
28
37
29
-
Summary: 1 passed, 0 failed (spec), 0 network errors, 0 advisories, 17 skipped. Exit code: 0
38
+
Summary: 1 passed, 0 failed (spec), 0 network errors, 0 advisories, 24 skipped. Exit code: 0
+10
-1
tests/snapshots/oauth_client_metadata__confidential_happy.snap
+10
-1
tests/snapshots/oauth_client_metadata__confidential_happy.snap
···
1
1
---
2
2
source: tests/oauth_client_metadata.rs
3
+
assertion_line: 47
3
4
expression: rendered
4
5
---
5
6
Target: https://client.example.com/metadata.json
···
24
25
[OK] `scope` field is present
25
26
[OK] `scope` includes the `atproto` token
26
27
[OK] `scope` parses against the atproto permission grammar
28
+
== JWKS ==
29
+
[OK] JWKS is present
30
+
[SKIP] JWKS URI is fetchable — jwks is inline
31
+
[OK] JWKS is valid JSON
32
+
[OK] Keys declare alg field
33
+
[OK] Keys use signing use
34
+
[OK] Algorithms are modern EC
35
+
[OK] Keys have unique kid values
27
36
28
-
Summary: 17 passed, 0 failed (spec), 0 network errors, 0 advisories, 0 skipped. Exit code: 0
37
+
Summary: 23 passed, 0 failed (spec), 0 network errors, 0 advisories, 1 skipped. Exit code: 0
+10
-1
tests/snapshots/oauth_client_metadata__confidential_missing_jwks.snap
+10
-1
tests/snapshots/oauth_client_metadata__confidential_missing_jwks.snap
···
1
1
---
2
2
source: tests/oauth_client_metadata.rs
3
+
assertion_line: 165
3
4
expression: rendered
4
5
---
5
6
Target: https://client.example.com/metadata.json
···
27
28
[OK] `scope` field is present
28
29
[OK] `scope` includes the `atproto` token
29
30
[OK] `scope` parses against the atproto permission grammar
31
+
== JWKS ==
32
+
[SKIP] JWKS is present — blocked by oauth_client::metadata::confidential_requires_jwks
33
+
[SKIP] JWKS URI is fetchable — blocked by oauth_client::metadata::confidential_requires_jwks
34
+
[SKIP] JWKS is valid JSON — blocked by oauth_client::metadata::confidential_requires_jwks
35
+
[SKIP] Keys have unique kid values — blocked by oauth_client::metadata::confidential_requires_jwks
36
+
[SKIP] Keys declare alg field — blocked by oauth_client::metadata::confidential_requires_jwks
37
+
[SKIP] Keys use signing use — blocked by oauth_client::metadata::confidential_requires_jwks
38
+
[SKIP] Algorithms are modern EC — blocked by oauth_client::metadata::confidential_requires_jwks
30
39
31
-
Summary: 16 passed, 1 failed (spec), 0 network errors, 0 advisories, 0 skipped. Exit code: 1
40
+
Summary: 16 passed, 1 failed (spec), 0 network errors, 0 advisories, 7 skipped. Exit code: 1
+10
-1
tests/snapshots/oauth_client_metadata__discovery_failure_blocks_metadata.snap
+10
-1
tests/snapshots/oauth_client_metadata__discovery_failure_blocks_metadata.snap
···
1
1
---
2
2
source: tests/oauth_client_metadata.rs
3
+
assertion_line: 312
3
4
expression: rendered
4
5
---
5
6
Target: https://client.example.com/metadata.json
···
28
29
[SKIP] `scope` field is present — blocked by oauth_client::discovery::metadata_document_fetchable
29
30
[SKIP] `scope` includes the `atproto` token — blocked by oauth_client::discovery::metadata_document_fetchable
30
31
[SKIP] `scope` parses against the atproto permission grammar — blocked by oauth_client::discovery::metadata_document_fetchable
32
+
== JWKS ==
33
+
[SKIP] JWKS is present — blocked by oauth_client::metadata::raw_document_deserializes
34
+
[SKIP] JWKS URI is fetchable — blocked by oauth_client::metadata::raw_document_deserializes
35
+
[SKIP] JWKS is valid JSON — blocked by oauth_client::metadata::raw_document_deserializes
36
+
[SKIP] Keys have unique kid values — blocked by oauth_client::metadata::raw_document_deserializes
37
+
[SKIP] Keys declare alg field — blocked by oauth_client::metadata::raw_document_deserializes
38
+
[SKIP] Keys use signing use — blocked by oauth_client::metadata::raw_document_deserializes
39
+
[SKIP] Algorithms are modern EC — blocked by oauth_client::metadata::raw_document_deserializes
31
40
32
-
Summary: 1 passed, 0 failed (spec), 1 network errors, 0 advisories, 16 skipped. Exit code: 2
41
+
Summary: 1 passed, 0 failed (spec), 1 network errors, 0 advisories, 23 skipped. Exit code: 2
+10
-1
tests/snapshots/oauth_client_metadata__dpop_bound_false.snap
+10
-1
tests/snapshots/oauth_client_metadata__dpop_bound_false.snap
···
1
1
---
2
2
source: tests/oauth_client_metadata.rs
3
+
assertion_line: 135
3
4
expression: rendered
4
5
---
5
6
Target: https://client.example.com/metadata.json
···
27
28
[OK] `scope` field is present
28
29
[OK] `scope` includes the `atproto` token
29
30
[OK] `scope` parses against the atproto permission grammar
31
+
== JWKS ==
32
+
[OK] JWKS is present
33
+
[SKIP] JWKS URI is fetchable — jwks is inline
34
+
[OK] JWKS is valid JSON
35
+
[OK] Keys declare alg field
36
+
[OK] Keys use signing use
37
+
[OK] Algorithms are modern EC
38
+
[OK] Keys have unique kid values
30
39
31
-
Summary: 16 passed, 1 failed (spec), 0 network errors, 0 advisories, 0 skipped. Exit code: 1
40
+
Summary: 22 passed, 1 failed (spec), 0 network errors, 0 advisories, 1 skipped. Exit code: 1
+10
-1
tests/snapshots/oauth_client_metadata__loopback_skips_all_metadata_checks.snap
+10
-1
tests/snapshots/oauth_client_metadata__loopback_skips_all_metadata_checks.snap
···
1
1
---
2
2
source: tests/oauth_client_metadata.rs
3
+
assertion_line: 282
3
4
expression: rendered
4
5
---
5
6
Target: http://localhost/
···
25
26
[SKIP] `scope` field is present — metadata is implicit for loopback clients
26
27
[SKIP] `scope` includes the `atproto` token — metadata is implicit for loopback clients
27
28
[SKIP] `scope` parses against the atproto permission grammar — metadata is implicit for loopback clients
29
+
== JWKS ==
30
+
[SKIP] JWKS is present — jwks not applicable to loopback clients
31
+
[SKIP] JWKS URI is fetchable — jwks not applicable to loopback clients
32
+
[SKIP] JWKS is valid JSON — jwks not applicable to loopback clients
33
+
[SKIP] Keys have unique kid values — jwks not applicable to loopback clients
34
+
[SKIP] Keys declare alg field — jwks not applicable to loopback clients
35
+
[SKIP] Keys use signing use — jwks not applicable to loopback clients
36
+
[SKIP] Algorithms are modern EC — jwks not applicable to loopback clients
28
37
29
-
Summary: 1 passed, 0 failed (spec), 0 network errors, 0 advisories, 17 skipped. Exit code: 0
38
+
Summary: 1 passed, 0 failed (spec), 0 network errors, 0 advisories, 24 skipped. Exit code: 0
+10
-1
tests/snapshots/oauth_client_metadata__native_happy.snap
+10
-1
tests/snapshots/oauth_client_metadata__native_happy.snap
···
1
1
---
2
2
source: tests/oauth_client_metadata.rs
3
+
assertion_line: 106
3
4
expression: rendered
4
5
---
5
6
Target: https://app.example.com/oauth-client-metadata.json
···
24
25
[OK] `scope` field is present
25
26
[OK] `scope` includes the `atproto` token
26
27
[OK] `scope` parses against the atproto permission grammar
28
+
== JWKS ==
29
+
[SKIP] JWKS is present — jwks not required for native clients
30
+
[SKIP] JWKS URI is fetchable — jwks not required for native clients
31
+
[SKIP] JWKS is valid JSON — jwks not required for native clients
32
+
[SKIP] Keys have unique kid values — jwks not required for native clients
33
+
[SKIP] Keys declare alg field — jwks not required for native clients
34
+
[SKIP] Keys use signing use — jwks not required for native clients
35
+
[SKIP] Algorithms are modern EC — jwks not required for native clients
27
36
28
-
Summary: 17 passed, 0 failed (spec), 0 network errors, 0 advisories, 0 skipped. Exit code: 0
37
+
Summary: 17 passed, 0 failed (spec), 0 network errors, 0 advisories, 7 skipped. Exit code: 0
+10
-2
tests/snapshots/oauth_client_metadata__native_redirect_scheme_mismatch.snap
+10
-2
tests/snapshots/oauth_client_metadata__native_redirect_scheme_mismatch.snap
···
1
1
---
2
2
source: tests/oauth_client_metadata.rs
3
-
assertion_line: 214
3
+
assertion_line: 228
4
4
expression: rendered
5
5
---
6
6
Target: https://app.example.com/oauth-client-metadata.json
···
28
28
[OK] `scope` field is present
29
29
[OK] `scope` includes the `atproto` token
30
30
[OK] `scope` parses against the atproto permission grammar
31
+
== JWKS ==
32
+
[SKIP] JWKS is present — jwks not required for native clients
33
+
[SKIP] JWKS URI is fetchable — jwks not required for native clients
34
+
[SKIP] JWKS is valid JSON — jwks not required for native clients
35
+
[SKIP] Keys have unique kid values — jwks not required for native clients
36
+
[SKIP] Keys declare alg field — jwks not required for native clients
37
+
[SKIP] Keys use signing use — jwks not required for native clients
38
+
[SKIP] Algorithms are modern EC — jwks not required for native clients
31
39
32
-
Summary: 16 passed, 1 failed (spec), 0 network errors, 0 advisories, 0 skipped. Exit code: 1
40
+
Summary: 16 passed, 1 failed (spec), 0 network errors, 0 advisories, 7 skipped. Exit code: 1
+10
-1
tests/snapshots/oauth_client_metadata__public_happy.snap
+10
-1
tests/snapshots/oauth_client_metadata__public_happy.snap
···
1
1
---
2
2
source: tests/oauth_client_metadata.rs
3
+
assertion_line: 76
3
4
expression: rendered
4
5
---
5
6
Target: https://client.example.com/metadata.json
···
24
25
[OK] `scope` field is present
25
26
[OK] `scope` includes the `atproto` token
26
27
[OK] `scope` parses against the atproto permission grammar
28
+
== JWKS ==
29
+
[SKIP] JWKS is present — jwks not required for public clients
30
+
[SKIP] JWKS URI is fetchable — jwks not required for public clients
31
+
[SKIP] JWKS is valid JSON — jwks not required for public clients
32
+
[SKIP] Keys have unique kid values — jwks not required for public clients
33
+
[SKIP] Keys declare alg field — jwks not required for public clients
34
+
[SKIP] Keys use signing use — jwks not required for public clients
35
+
[SKIP] Algorithms are modern EC — jwks not required for public clients
27
36
28
-
Summary: 17 passed, 0 failed (spec), 0 network errors, 0 advisories, 0 skipped. Exit code: 0
37
+
Summary: 17 passed, 0 failed (spec), 0 network errors, 0 advisories, 7 skipped. Exit code: 0
+10
-1
tests/snapshots/oauth_client_metadata__public_with_token_endpoint_auth.snap
+10
-1
tests/snapshots/oauth_client_metadata__public_with_token_endpoint_auth.snap
···
1
1
---
2
2
source: tests/oauth_client_metadata.rs
3
+
assertion_line: 196
3
4
expression: rendered
4
5
---
5
6
Target: https://client.example.com/metadata.json
···
27
28
[OK] `scope` field is present
28
29
[OK] `scope` includes the `atproto` token
29
30
[OK] `scope` parses against the atproto permission grammar
31
+
== JWKS ==
32
+
[SKIP] JWKS is present — jwks not required for public clients
33
+
[SKIP] JWKS URI is fetchable — jwks not required for public clients
34
+
[SKIP] JWKS is valid JSON — jwks not required for public clients
35
+
[SKIP] Keys have unique kid values — jwks not required for public clients
36
+
[SKIP] Keys declare alg field — jwks not required for public clients
37
+
[SKIP] Keys use signing use — jwks not required for public clients
38
+
[SKIP] Algorithms are modern EC — jwks not required for public clients
30
39
31
-
Summary: 16 passed, 1 failed (spec), 0 network errors, 0 advisories, 0 skipped. Exit code: 1
40
+
Summary: 16 passed, 1 failed (spec), 0 network errors, 0 advisories, 7 skipped. Exit code: 1
+10
-1
tests/snapshots/oauth_client_metadata__scope_grammar_invalid.snap
+10
-1
tests/snapshots/oauth_client_metadata__scope_grammar_invalid.snap
···
1
1
---
2
2
source: tests/oauth_client_metadata.rs
3
+
assertion_line: 258
3
4
expression: rendered
4
5
---
5
6
Target: https://client.example.com/metadata.json
···
34
35
· ╰── invalid token
35
36
28 │ "token_endpoint_auth_method": "private_key_jwt"
36
37
╰────
38
+
== JWKS ==
39
+
[OK] JWKS is present
40
+
[SKIP] JWKS URI is fetchable — jwks is inline
41
+
[OK] JWKS is valid JSON
42
+
[OK] Keys declare alg field
43
+
[OK] Keys use signing use
44
+
[OK] Algorithms are modern EC
45
+
[OK] Keys have unique kid values
37
46
38
-
Summary: 15 passed, 1 failed (spec), 0 network errors, 0 advisories, 1 skipped. Exit code: 1
47
+
Summary: 21 passed, 1 failed (spec), 0 network errors, 0 advisories, 2 skipped. Exit code: 1