Skip to content

add Shared Signals interop fixtures and consumer-flow tests#11

Merged
hstern merged 1 commit into
mainfrom
secevent-14-interop
Jun 21, 2026
Merged

add Shared Signals interop fixtures and consumer-flow tests#11
hstern merged 1 commit into
mainfrom
secevent-14-interop

Conversation

@hstern

@hstern hstern commented Jun 21, 2026

Copy link
Copy Markdown
Owner

What

Adds Shared Signals interop fixtures and consumer-flow tests that prove
the end-to-end scenario the library exists to serve: a receiver hands
decoded claims-set bytes to Parse, then decodes the CAEP/RISC event
types it recognizes through the registry while leaving the rest raw and
byte-stable.

Fixtures (testdata/)

Shared-Signals-shaped SETs keyed by the real public OpenID
event-type URIs under schemas.openid.net:

  • caep_session_revoked.json — a CAEP session-revoked event; carries a
    top-level RFC 9493 iss_sub sub_id (how a receiver keys revocation
    by subject).
  • risc_account_disabled.json — a RISC account-disabled event; names
    its subject inside the event payload (the RISC idiom), distinct from
    a top-level sub_id.
  • multi_event.json — both recognized types plus an unregistered CAEP
    credential-change event, to show the decode-known / leave-rest
    partition a receiver performs.

Tests (interop_test.go)

For each fixture: ParseValidate (nil) → Typed. Registered
CAEP/RISC URIs decode to typed values; the unregistered URI stays raw
and reachable via Raw(); every payload round-trips byte-stably
(Parse → Encode → Parse is a fixed point). The multi_event test
asserts the exact known/raw partition.

The library defines no CAEP/RISC payload types — those are downstream
event vocabularies — so the decoders here are test-local fakes
registered once in init to respect the process-wide, panic-on-duplicate
registry.

CI

These are ordinary go test cases and run under the existing test
job. No separate interop job is added, since it would only re-run the
same go test.

Notes

The fixtures are hand-authored rather than imported from a transport
library: feeding a transport's own bytes in would invert the dependency
direction (the SET-envelope layer must not depend on the transport that
produces the bytes it parses). Subjects use the RFC 2606 reserved
example domains; no real subject data appears. No new dependency —
stdlib plus the existing go-subjectid only.

🤖 Generated with Claude Code

The RFC 8417 golden fixtures prove the library round-trips the spec's
own example shapes, but they do not exercise the scenario the library
actually exists to serve: a Shared Signals receiver handing decoded
claims-set bytes to Parse, then decoding the CAEP/RISC event types it
recognizes through the registry while leaving the rest raw. This adds
fixtures and tests that pin that end-to-end consumer flow.

The fixtures (testdata/caep_session_revoked.json,
risc_account_disabled.json, multi_event.json) are Shared-Signals-shaped
SETs whose events are keyed by the real public OpenID event-type URIs —
schemas.openid.net/secevent/caep/event-type/session-revoked,
.../risc/event-type/account-disabled, and a credential-change URI left
deliberately unregistered. caep_session_revoked carries a top-level
RFC 9493 iss_sub sub_id (how a receiver keys revocation by subject);
risc_account_disabled names its subject inside the event payload, the
RISC idiom, distinct from a top-level sub_id; multi_event mixes both
recognized types with the unregistered one.

interop_test.go drives Parse -> Validate -> Typed for each: the
registered CAEP/RISC URIs decode to typed values through the registry,
the unregistered URI stays raw and reachable via Raw(), and every
payload round-trips byte-stably (Parse -> Encode -> Parse is a fixed
point). The multi_event test asserts the exact decode-known/leave-rest
partition a receiver performs. The library defines no CAEP/RISC payload
types itself — those are downstream event vocabularies — so the
decoders here are test-local fakes standing in for them, registered
once in init to respect the process-wide, panic-on-duplicate registry.

These run under the existing test job as ordinary go test cases; no
separate CI job is added, since one would only re-run the same go test.

The fixtures are hand-authored rather than imported from a transport
library: feeding a transport's own bytes in would invert the dependency
direction (the SET-envelope layer must not depend on the transport that
sits above it and produces the bytes it parses), so the interop
boundary is proven with representative shapes instead. Subjects use the
RFC 2606 reserved example domains; no real subject data appears.

Co-Authored-By: Claude <noreply@anthropic.com>
@hstern hstern enabled auto-merge (squash) June 21, 2026 02:16
@hstern hstern merged commit e71aab8 into main Jun 21, 2026
4 checks passed
@hstern hstern deleted the secevent-14-interop branch June 21, 2026 02:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant