JWKSMock.stop() incorrectly resolves jwks URL
jwillebrands opened this issue · 2 comments
Hiya. First of all thank you for writing this module, makes our life a lot easier.
We're currently running into an issue testing against our Keycloak setup. Keycloak will create a JWT with issuer https://keycloak.ourdomain.com/auth/realms/ourapplication. The JWKS can be fetched from https://keycloak.ourdomain.com/auth/realms/ourapplication/protocol/openid-connect/certs.
We construct the jwksMock as follows:
createJWKSMock("https://keycloak.ourdomain.com/auth/realms/ourapplication", "/protocol/openid-connect/certs")
This works perfect for creating tokens. However, when trying to stop the mock, it tries to stop the nock by making a request after setting persist to false. The url for this request is crafted using url.resolve(issuerUrl, jwksPath). However, because the jwksPath starts with a /, the result is that all path elements are stripped from issuerUrl. As a result for our case, the request will be made to https://keycloak.ourdomain.com/protocol/openid-connect/certs, resulting in nock throwing an error:
Error: Nock: No match for request {
"method": "GET",
"url": "https://keycloak.ourdomain.com/protocol/openid-connect/certs",
"headers": {
"accept-encoding": "gzip, deflate",
"user-agent": "node-superagent/3.8.3"
}
}
The easy fix here would be to craft the request URL as mentioned in the README by simply concatenating the issuer and jwks paths. But I'm guessing the resolve is there for a reason, e.g. dealing with trailing / in issuer. Regardless, it needs to, at least, follow nock's behavior.
I'll try to find some time to create a PR with test case and fix later today.
If I remember correctly the "additional request" after unpersisting the nock needs to be done to actually remove the nock from the stack. Like shooting it off. I was quite surprised that there is no way to properly "unset" a nock, once established, but that was the only way I was able to achieve this.
I actually did not want to use any specific functionality of url.resolve. However I want something a bit more robust than just string concatenation. We could use url-join for example...