add Shared Signals interop fixtures and consumer-flow tests#11
Merged
Conversation
The RFC 8417 golden fixtures prove the library round-trips the spec's own example shapes, but they do not exercise the scenario the library actually exists to serve: a Shared Signals receiver handing decoded claims-set bytes to Parse, then decoding the CAEP/RISC event types it recognizes through the registry while leaving the rest raw. This adds fixtures and tests that pin that end-to-end consumer flow. The fixtures (testdata/caep_session_revoked.json, risc_account_disabled.json, multi_event.json) are Shared-Signals-shaped SETs whose events are keyed by the real public OpenID event-type URIs — schemas.openid.net/secevent/caep/event-type/session-revoked, .../risc/event-type/account-disabled, and a credential-change URI left deliberately unregistered. caep_session_revoked carries a top-level RFC 9493 iss_sub sub_id (how a receiver keys revocation by subject); risc_account_disabled names its subject inside the event payload, the RISC idiom, distinct from a top-level sub_id; multi_event mixes both recognized types with the unregistered one. interop_test.go drives Parse -> Validate -> Typed for each: the registered CAEP/RISC URIs decode to typed values through the registry, the unregistered URI stays raw and reachable via Raw(), and every payload round-trips byte-stably (Parse -> Encode -> Parse is a fixed point). The multi_event test asserts the exact decode-known/leave-rest partition a receiver performs. The library defines no CAEP/RISC payload types itself — those are downstream event vocabularies — so the decoders here are test-local fakes standing in for them, registered once in init to respect the process-wide, panic-on-duplicate registry. These run under the existing test job as ordinary go test cases; no separate CI job is added, since one would only re-run the same go test. The fixtures are hand-authored rather than imported from a transport library: feeding a transport's own bytes in would invert the dependency direction (the SET-envelope layer must not depend on the transport that sits above it and produces the bytes it parses), so the interop boundary is proven with representative shapes instead. Subjects use the RFC 2606 reserved example domains; no real subject data appears. Co-Authored-By: Claude <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Adds Shared Signals interop fixtures and consumer-flow tests that prove
the end-to-end scenario the library exists to serve: a receiver hands
decoded claims-set bytes to
Parse, then decodes the CAEP/RISC eventtypes it recognizes through the registry while leaving the rest raw and
byte-stable.
Fixtures (
testdata/)Shared-Signals-shaped SETs keyed by the real public OpenID
event-type URIs under
schemas.openid.net:caep_session_revoked.json— a CAEPsession-revokedevent; carries atop-level RFC 9493
iss_subsub_id(how a receiver keys revocationby subject).
risc_account_disabled.json— a RISCaccount-disabledevent; namesits subject inside the event payload (the RISC idiom), distinct from
a top-level
sub_id.multi_event.json— both recognized types plus an unregistered CAEPcredential-changeevent, to show the decode-known / leave-restpartition a receiver performs.
Tests (
interop_test.go)For each fixture:
Parse→Validate(nil) →Typed. RegisteredCAEP/RISC URIs decode to typed values; the unregistered URI stays raw
and reachable via
Raw(); every payload round-trips byte-stably(
Parse → Encode → Parseis a fixed point). Themulti_eventtestasserts the exact known/raw partition.
The library defines no CAEP/RISC payload types — those are downstream
event vocabularies — so the decoders here are test-local fakes
registered once in
initto respect the process-wide, panic-on-duplicateregistry.
CI
These are ordinary
go testcases and run under the existingtestjob. No separate
interopjob is added, since it would only re-run thesame
go test.Notes
The fixtures are hand-authored rather than imported from a transport
library: feeding a transport's own bytes in would invert the dependency
direction (the SET-envelope layer must not depend on the transport that
produces the bytes it parses). Subjects use the RFC 2606 reserved
example domains; no real subject data appears. No new dependency —
stdlib plus the existing
go-subjectidonly.🤖 Generated with Claude Code