Disable audience check. (#267)

viamrobotics · Mar 16, 2024 · 0d3d5d7 · 0d3d5d7
1 parent cf4cf14
commit 0d3d5d7
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 0 deletions.
diff --git a/rpc/dial_test.go b/rpc/dial_test.go
@@ -820,6 +820,7 @@ func TestDialExternalAuth(t *testing.T) {
 	})
 
 	t.Run("with external auth set authenticating to wrong entity", func(t *testing.T) {
+		t.Skip()
 		prevFail := internalExternalAuthSrv.fail
 		prevEnt := internalExternalAuthSrv.expectedEnt
 		internalExternalAuthSrv.fail = false

diff --git a/rpc/server_auth.go b/rpc/server_auth.go
@@ -359,6 +359,10 @@ func (ss *simpleServer) ensureAuthed(ctx context.Context) (context.Context, erro
 			break
 		}
 	}
+	if !audVerified {
+		audVerified = true
+		ss.logger.Infof("hack %v %v", claims.RegisteredClaims, ss.authAudience)
+	}
 	if !audVerified {
 		audienceList := strings.Join(ss.authAudience, ", ")
 		var claimAudience []byte

diff --git a/rpc/server_auth_jwks_test.go b/rpc/server_auth_jwks_test.go
@@ -124,6 +124,7 @@ func TestJWKSKeyProviderAndEmailLoader(t *testing.T) {
 		})
 
 		t.Run("with invalid aud access token claim", func(t *testing.T) {
+			t.Skip()
 			accessToken, err := SignJWKBasedAccessToken(credType, privKeys[0], expectedUser, "not-valid-aud", "iss", "key-id-1")
 			test.That(t, err, test.ShouldBeNil)
 

diff --git a/rpc/server_auth_test.go b/rpc/server_auth_test.go
@@ -401,6 +401,7 @@ func TestServerAuthJWTExpiration(t *testing.T) {
 }
 
 func TestServerAuthJWTAudienceAndID(t *testing.T) {
+	t.Skip()
 	testutils.SkipUnlessInternet(t)
 	logger := golog.NewTestLogger(t)
 
@@ -858,6 +859,7 @@ func TestServerAuthToHandler(t *testing.T) {
 }
 
 func TestServerOptionWithAuthIssuer(t *testing.T) {
+	t.Skip()
 	testutils.SkipUnlessInternet(t)
 
 	privKey, err := rsa.GenerateKey(rand.Reader, 512)