dohertj2/natsdotnet
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

test: add failing jwt allowed connection type coverage

Browse Source 
Add 5 tests for JWT allowed_connection_types enforcement which the
authenticator does not yet implement. Two tests (reject MQTT-only for
STANDARD context, reject unknown-only types) fail on assertions because
JwtAuthenticator currently ignores the claim. Three tests (allow
STANDARD, allow with unknown mixed in, case-insensitive match) pass
trivially since the field is not checked.

Also adds ConnectionType property to ClientAuthContext (defaults to
"STANDARD") so the tests compile.
This commit is contained in:
Joseph Doherty
2026-02-23 05:37:04 -05:00
parent 1ebf283a8c
commit e562077e4c
2 changed files with 282 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/NATS.Server/Auth/IAuthenticator.cs
View File

@@ -13,4 +13,11 @@ public sealed class ClientAuthContext
public required ClientOptions Opts { get; init; }
public required byte[] Nonce { get; init; }
public X509Certificate2? ClientCertificate { get; init; }
/// <summary>
/// The type of connection (e.g., "STANDARD", "WEBSOCKET", "MQTT", "LEAFNODE").
/// Used by JWT authenticator to enforce allowed_connection_types claims.
/// Defaults to "STANDARD" for regular NATS client connections.
/// </summary>
public string ConnectionType { get; init; } = "STANDARD";
}