xref: /aosp_15_r20/external/grpc-grpc/test/core/security/json_token_test.cc (revision cc02d7e222339f7a4f6ba5f422e6413f4bd931f2)
1 //
2 //
3 // Copyright 2015 gRPC authors.
4 //
5 // Licensed under the Apache License, Version 2.0 (the "License");
6 // you may not use this file except in compliance with the License.
7 // You may obtain a copy of the License at
8 //
9 //     http://www.apache.org/licenses/LICENSE-2.0
10 //
11 // Unless required by applicable law or agreed to in writing, software
12 // distributed under the License is distributed on an "AS IS" BASIS,
13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 // See the License for the specific language governing permissions and
15 // limitations under the License.
16 //
17 //
18 
19 #include "src/core/lib/security/credentials/jwt/json_token.h"
20 
21 #include <string.h>
22 
23 #include <gtest/gtest.h>
24 #include <openssl/evp.h>
25 
26 #include "absl/strings/escaping.h"
27 
28 #include <grpc/grpc_security.h>
29 #include <grpc/slice.h>
30 #include <grpc/support/alloc.h>
31 #include <grpc/support/log.h>
32 
33 #include "src/core/lib/gprpp/crash.h"
34 #include "src/core/lib/json/json.h"
35 #include "src/core/lib/json/json_reader.h"
36 #include "src/core/lib/security/credentials/oauth2/oauth2_credentials.h"
37 #include "src/core/lib/slice/slice_internal.h"
38 #include "test/core/util/test_config.h"
39 
40 using grpc_core::Json;
41 
42 // This JSON key was generated with the GCE console and revoked immediately.
43 // The identifiers have been changed as well.
44 // Maximum size for a string literal is 509 chars in C89, yay!
45 static const char test_json_key_str_part1[] =
46     "{ \"private_key\": \"-----BEGIN PRIVATE KEY-----"
47     "\\nMIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAOEvJsnoHnyHkXcp\\n7mJE"
48     "qg"
49     "WGjiw71NfXByguekSKho65FxaGbsnSM9SMQAqVk7Q2rG+I0OpsT0LrWQtZ\\nyjSeg/"
50     "rWBQvS4hle4LfijkP3J5BG+"
51     "IXDMP8RfziNRQsenAXDNPkY4kJCvKux2xdD\\nOnVF6N7dL3nTYZg+"
52     "uQrNsMTz9UxVAgMBAAECgYEAzbLewe1xe9vy+2GoSsfib+28\\nDZgSE6Bu/"
53     "zuFoPrRc6qL9p2SsnV7txrunTyJkkOnPLND9ABAXybRTlcVKP/sGgza\\n/"
54     "8HpCqFYM9V8f34SBWfD4fRFT+n/"
55     "73cfRUtGXdXpseva2lh8RilIQfPhNZAncenU\\ngqXjDvpkypEusgXAykECQQD+";
56 static const char test_json_key_str_part2[] =
57     "53XxNVnxBHsYb+AYEfklR96yVi8HywjVHP34+OQZ\\nCslxoHQM8s+"
58     "dBnjfScLu22JqkPv04xyxmt0QAKm9+vTdAkEA4ib7YvEAn2jXzcCI\\nEkoy2L/"
59     "XydR1GCHoacdfdAwiL2npOdnbvi4ZmdYRPY1LSTO058tQHKVXV7NLeCa3\\nAARh2QJBAMKeDA"
60     "G"
61     "W303SQv2cZTdbeaLKJbB5drz3eo3j7dDKjrTD9JupixFbzcGw\\n8FZi5c8idxiwC36kbAL6Hz"
62     "A"
63     "ZoX+ofI0CQE6KCzPJTtYNqyShgKAZdJ8hwOcvCZtf\\n6z8RJm0+"
64     "6YBd38lfh5j8mZd7aHFf6I17j5AQY7oPEc47TjJj/"
65     "5nZ68ECQQDvYuI3\\nLyK5fS8g0SYbmPOL9TlcHDOqwG0mrX9qpg5DC2fniXNSrrZ64GTDKdzZ"
66     "Y"
67     "Ap6LI9W\\nIqv4vr6y38N79TTC\\n-----END PRIVATE KEY-----\\n\", ";
68 static const char test_json_key_str_part3[] =
69     "\"private_key_id\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\", "
70     "\"client_email\": "
71     "\"[email protected]."
72     "com\", \"client_id\": "
73     "\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent."
74     "com\", \"type\": \"service_account\" }";
75 
76 // Test refresh token.
77 static const char test_refresh_token_str[] =
78     "{ \"client_id\": \"32555999999.apps.googleusercontent.com\","
79     "  \"client_secret\": \"EmssLNjJy1332hD4KFsecret\","
80     "  \"refresh_token\": \"1/Blahblasj424jladJDSGNf-u4Sua3HDA2ngjd42\","
81     "  \"type\": \"authorized_user\"}";
82 
83 static const char test_scope[] = "myperm1 myperm2";
84 
85 static const char test_service_url[] = "https://foo.com/foo.v1";
86 
test_json_key_str(const char * bad_part3)87 static char* test_json_key_str(const char* bad_part3) {
88   const char* part3 =
89       bad_part3 != nullptr ? bad_part3 : test_json_key_str_part3;
90   size_t result_len = strlen(test_json_key_str_part1) +
91                       strlen(test_json_key_str_part2) + strlen(part3);
92   char* result = static_cast<char*>(gpr_malloc(result_len + 1));
93   char* current = result;
94   strcpy(result, test_json_key_str_part1);
95   current += strlen(test_json_key_str_part1);
96   strcpy(current, test_json_key_str_part2);
97   current += strlen(test_json_key_str_part2);
98   strcpy(current, part3);
99   return result;
100 }
101 
TEST(JsonTokenTest,ParseJsonKeySuccess)102 TEST(JsonTokenTest, ParseJsonKeySuccess) {
103   char* json_string = test_json_key_str(nullptr);
104   grpc_auth_json_key json_key =
105       grpc_auth_json_key_create_from_string(json_string);
106   ASSERT_TRUE(grpc_auth_json_key_is_valid(&json_key));
107   ASSERT_TRUE(json_key.type != nullptr &&
108               strcmp(json_key.type, "service_account") == 0);
109   ASSERT_TRUE(json_key.private_key_id != nullptr &&
110               strcmp(json_key.private_key_id,
111                      "e6b5137873db8d2ef81e06a47289e6434ec8a165") == 0);
112   ASSERT_TRUE(json_key.client_id != nullptr &&
113               strcmp(json_key.client_id,
114                      "777-abaslkan11hlb6nmim3bpspl31ud.apps."
115                      "googleusercontent.com") == 0);
116   ASSERT_TRUE(json_key.client_email != nullptr &&
117               strcmp(json_key.client_email,
118                      "777-abaslkan11hlb6nmim3bpspl31ud@developer."
119                      "gserviceaccount.com") == 0);
120   ASSERT_NE(json_key.private_key, nullptr);
121   gpr_free(json_string);
122   grpc_auth_json_key_destruct(&json_key);
123 }
124 
TEST(JsonTokenTest,ParseJsonKeyFailureBadJson)125 TEST(JsonTokenTest, ParseJsonKeyFailureBadJson) {
126   const char non_closing_part3[] =
127       "\"private_key_id\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\", "
128       "\"client_email\": "
129       "\"[email protected]."
130       "com\", \"client_id\": "
131       "\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent."
132       "com\", \"type\": \"service_account\" ";
133   char* json_string = test_json_key_str(non_closing_part3);
134   grpc_auth_json_key json_key =
135       grpc_auth_json_key_create_from_string(json_string);
136   ASSERT_FALSE(grpc_auth_json_key_is_valid(&json_key));
137   gpr_free(json_string);
138   grpc_auth_json_key_destruct(&json_key);
139 }
140 
TEST(JsonTokenTest,ParseJsonKeyFailureNoType)141 TEST(JsonTokenTest, ParseJsonKeyFailureNoType) {
142   const char no_type_part3[] =
143       "\"private_key_id\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\", "
144       "\"client_email\": "
145       "\"[email protected]."
146       "com\", \"client_id\": "
147       "\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent."
148       "com\" }";
149   char* json_string = test_json_key_str(no_type_part3);
150   grpc_auth_json_key json_key =
151       grpc_auth_json_key_create_from_string(json_string);
152   ASSERT_FALSE(grpc_auth_json_key_is_valid(&json_key));
153   gpr_free(json_string);
154   grpc_auth_json_key_destruct(&json_key);
155 }
156 
TEST(JsonTokenTest,ParseJsonKeyFailureNoClientId)157 TEST(JsonTokenTest, ParseJsonKeyFailureNoClientId) {
158   const char no_client_id_part3[] =
159       "\"private_key_id\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\", "
160       "\"client_email\": "
161       "\"[email protected]."
162       "com\", "
163       "\"type\": \"service_account\" }";
164   char* json_string = test_json_key_str(no_client_id_part3);
165   grpc_auth_json_key json_key =
166       grpc_auth_json_key_create_from_string(json_string);
167   ASSERT_FALSE(grpc_auth_json_key_is_valid(&json_key));
168   gpr_free(json_string);
169   grpc_auth_json_key_destruct(&json_key);
170 }
171 
TEST(JsonTokenTest,ParseJsonKeyFailureNoClientEmail)172 TEST(JsonTokenTest, ParseJsonKeyFailureNoClientEmail) {
173   const char no_client_email_part3[] =
174       "\"private_key_id\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\", "
175       "\"client_id\": "
176       "\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent."
177       "com\", \"type\": \"service_account\" }";
178   char* json_string = test_json_key_str(no_client_email_part3);
179   grpc_auth_json_key json_key =
180       grpc_auth_json_key_create_from_string(json_string);
181   ASSERT_FALSE(grpc_auth_json_key_is_valid(&json_key));
182   gpr_free(json_string);
183   grpc_auth_json_key_destruct(&json_key);
184 }
185 
TEST(JsonTokenTest,ParseJsonKeyFailureNoPrivateKeyId)186 TEST(JsonTokenTest, ParseJsonKeyFailureNoPrivateKeyId) {
187   const char no_private_key_id_part3[] =
188       "\"client_email\": "
189       "\"[email protected]."
190       "com\", \"client_id\": "
191       "\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent."
192       "com\", \"type\": \"service_account\" }";
193   char* json_string = test_json_key_str(no_private_key_id_part3);
194   grpc_auth_json_key json_key =
195       grpc_auth_json_key_create_from_string(json_string);
196   ASSERT_FALSE(grpc_auth_json_key_is_valid(&json_key));
197   gpr_free(json_string);
198   grpc_auth_json_key_destruct(&json_key);
199 }
200 
TEST(JsonTokenTest,ParseJsonKeyFailureNoPrivateKey)201 TEST(JsonTokenTest, ParseJsonKeyFailureNoPrivateKey) {
202   const char no_private_key_json_string[] =
203       "{ \"private_key_id\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\", "
204       "\"client_email\": "
205       "\"[email protected]."
206       "com\", \"client_id\": "
207       "\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent."
208       "com\", \"type\": \"service_account\" }";
209   grpc_auth_json_key json_key =
210       grpc_auth_json_key_create_from_string(no_private_key_json_string);
211   ASSERT_FALSE(grpc_auth_json_key_is_valid(&json_key));
212   grpc_auth_json_key_destruct(&json_key);
213 }
214 
parse_json_part_from_jwt(const char * str,size_t len)215 static Json parse_json_part_from_jwt(const char* str, size_t len) {
216   grpc_core::ExecCtx exec_ctx;
217   std::string decoded;
218   absl::WebSafeBase64Unescape(absl::string_view(str, len), &decoded);
219   EXPECT_FALSE(decoded.empty());
220   auto json = grpc_core::JsonParse(decoded);
221   if (!json.ok()) {
222     gpr_log(GPR_ERROR, "JSON parse error: %s",
223             json.status().ToString().c_str());
224     return Json();
225   }
226   return std::move(*json);
227 }
228 
check_jwt_header(const Json & header)229 static void check_jwt_header(const Json& header) {
230   Json::Object object = header.object();
231   Json value = object["alg"];
232   ASSERT_EQ(value.type(), Json::Type::kString);
233   ASSERT_STREQ(value.string().c_str(), "RS256");
234   value = object["typ"];
235   ASSERT_EQ(value.type(), Json::Type::kString);
236   ASSERT_STREQ(value.string().c_str(), "JWT");
237   value = object["kid"];
238   ASSERT_EQ(value.type(), Json::Type::kString);
239   ASSERT_STREQ(value.string().c_str(),
240                "e6b5137873db8d2ef81e06a47289e6434ec8a165");
241 }
242 
check_jwt_claim(const Json & claim,const char * expected_audience,const char * expected_scope)243 static void check_jwt_claim(const Json& claim, const char* expected_audience,
244                             const char* expected_scope) {
245   Json::Object object = claim.object();
246 
247   Json value = object["iss"];
248   ASSERT_EQ(value.type(), Json::Type::kString);
249   ASSERT_EQ(value.string(),
250             "[email protected]");
251 
252   if (expected_scope != nullptr) {
253     ASSERT_EQ(object.find("sub"), object.end());
254     value = object["scope"];
255     ASSERT_EQ(value.type(), Json::Type::kString);
256     ASSERT_EQ(value.string(), expected_scope);
257   } else {
258     // Claims without scope must have a sub.
259     ASSERT_EQ(object.find("scope"), object.end());
260     value = object["sub"];
261     ASSERT_EQ(value.type(), Json::Type::kString);
262     ASSERT_EQ(value.string(), object["iss"].string());
263   }
264 
265   value = object["aud"];
266   ASSERT_EQ(value.type(), Json::Type::kString);
267   ASSERT_EQ(value.string(), expected_audience);
268 
269   gpr_timespec expiration = gpr_time_0(GPR_CLOCK_REALTIME);
270   value = object["exp"];
271   ASSERT_EQ(value.type(), Json::Type::kNumber);
272   expiration.tv_sec = strtol(value.string().c_str(), nullptr, 10);
273 
274   gpr_timespec issue_time = gpr_time_0(GPR_CLOCK_REALTIME);
275   value = object["iat"];
276   ASSERT_EQ(value.type(), Json::Type::kNumber);
277   issue_time.tv_sec = strtol(value.string().c_str(), nullptr, 10);
278 
279   gpr_timespec parsed_lifetime = gpr_time_sub(expiration, issue_time);
280   ASSERT_EQ(parsed_lifetime.tv_sec, grpc_max_auth_token_lifetime().tv_sec);
281 }
282 
283 #if OPENSSL_VERSION_NUMBER < 0x30000000L
check_jwt_signature(const char * b64_signature,RSA * rsa_key,const char * signed_data,size_t signed_data_size)284 static void check_jwt_signature(const char* b64_signature, RSA* rsa_key,
285                                 const char* signed_data,
286                                 size_t signed_data_size) {
287   grpc_core::ExecCtx exec_ctx;
288 
289   EVP_MD_CTX* md_ctx = EVP_MD_CTX_create();
290   EVP_PKEY* key = EVP_PKEY_new();
291 
292   std::string decoded;
293   absl::WebSafeBase64Unescape(b64_signature, &decoded);
294   ASSERT_EQ(decoded.size(), 128);
295 
296   ASSERT_NE(md_ctx, nullptr);
297   ASSERT_NE(key, nullptr);
298   EVP_PKEY_set1_RSA(key, rsa_key);
299 
300   ASSERT_EQ(EVP_DigestVerifyInit(md_ctx, nullptr, EVP_sha256(), nullptr, key),
301             1);
302   ASSERT_EQ(EVP_DigestVerifyUpdate(md_ctx, signed_data, signed_data_size), 1);
303   ASSERT_EQ(EVP_DigestVerifyFinal(
304                 md_ctx, reinterpret_cast<const uint8_t*>(decoded.data()),
305                 decoded.size()),
306             1);
307 
308   if (key != nullptr) EVP_PKEY_free(key);
309   if (md_ctx != nullptr) EVP_MD_CTX_destroy(md_ctx);
310 }
311 #else
check_jwt_signature(const char * b64_signature,EVP_PKEY * key,const char * signed_data,size_t signed_data_size)312 static void check_jwt_signature(const char* b64_signature, EVP_PKEY* key,
313                                 const char* signed_data,
314                                 size_t signed_data_size) {
315   grpc_core::ExecCtx exec_ctx;
316   EVP_MD_CTX* md_ctx = EVP_MD_CTX_create();
317 
318   std::string decoded;
319   absl::WebSafeBase64Unescape(b64_signature, &decoded);
320   ASSERT_EQ(decoded.size(), 128);
321 
322   ASSERT_EQ(EVP_DigestVerifyInit(md_ctx, nullptr, EVP_sha256(), nullptr, key),
323             1);
324   ASSERT_EQ(EVP_DigestVerifyUpdate(md_ctx, signed_data, signed_data_size), 1);
325   ASSERT_EQ(EVP_DigestVerifyFinal(
326                 md_ctx, reinterpret_cast<const unsigned char*>(decoded.data()),
327                 decoded.size()),
328             1);
329 
330   if (md_ctx != nullptr) EVP_MD_CTX_destroy(md_ctx);
331 }
332 #endif
333 
service_account_creds_jwt_encode_and_sign(const grpc_auth_json_key * key)334 static char* service_account_creds_jwt_encode_and_sign(
335     const grpc_auth_json_key* key) {
336   return grpc_jwt_encode_and_sign(key, GRPC_JWT_OAUTH2_AUDIENCE,
337                                   grpc_max_auth_token_lifetime(), test_scope);
338 }
339 
jwt_creds_jwt_encode_and_sign(const grpc_auth_json_key * key)340 static char* jwt_creds_jwt_encode_and_sign(const grpc_auth_json_key* key) {
341   return grpc_jwt_encode_and_sign(key, test_service_url,
342                                   grpc_max_auth_token_lifetime(), nullptr);
343 }
344 
service_account_creds_check_jwt_claim(const Json & claim)345 static void service_account_creds_check_jwt_claim(const Json& claim) {
346   check_jwt_claim(claim, GRPC_JWT_OAUTH2_AUDIENCE, test_scope);
347 }
348 
jwt_creds_check_jwt_claim(const Json & claim)349 static void jwt_creds_check_jwt_claim(const Json& claim) {
350   check_jwt_claim(claim, test_service_url, nullptr);
351 }
352 
test_jwt_encode_and_sign(char * (* jwt_encode_and_sign_func)(const grpc_auth_json_key *),void (* check_jwt_claim_func)(const Json &))353 static void test_jwt_encode_and_sign(
354     char* (*jwt_encode_and_sign_func)(const grpc_auth_json_key*),
355     void (*check_jwt_claim_func)(const Json&)) {
356   char* json_string = test_json_key_str(nullptr);
357   grpc_auth_json_key json_key =
358       grpc_auth_json_key_create_from_string(json_string);
359   const char* b64_signature;
360   size_t offset = 0;
361   char* jwt = jwt_encode_and_sign_func(&json_key);
362   const char* dot = strchr(jwt, '.');
363   ASSERT_NE(dot, nullptr);
364   Json parsed_header =
365       parse_json_part_from_jwt(jwt, static_cast<size_t>(dot - jwt));
366   ASSERT_EQ(parsed_header.type(), Json::Type::kObject);
367   check_jwt_header(parsed_header);
368   offset = static_cast<size_t>(dot - jwt) + 1;
369 
370   dot = strchr(jwt + offset, '.');
371   ASSERT_NE(dot, nullptr);
372   Json parsed_claim = parse_json_part_from_jwt(
373       jwt + offset, static_cast<size_t>(dot - (jwt + offset)));
374   ASSERT_EQ(parsed_claim.type(), Json::Type::kObject);
375   check_jwt_claim_func(parsed_claim);
376   offset = static_cast<size_t>(dot - jwt) + 1;
377 
378   dot = strchr(jwt + offset, '.');
379   ASSERT_EQ(dot, nullptr);  // no more part.
380   b64_signature = jwt + offset;
381   check_jwt_signature(b64_signature, json_key.private_key, jwt, offset - 1);
382 
383   gpr_free(json_string);
384   grpc_auth_json_key_destruct(&json_key);
385   gpr_free(jwt);
386 }
387 
TEST(JsonTokenTest,ServiceAccountCredsJwtEncodeAndSign)388 TEST(JsonTokenTest, ServiceAccountCredsJwtEncodeAndSign) {
389   test_jwt_encode_and_sign(service_account_creds_jwt_encode_and_sign,
390                            service_account_creds_check_jwt_claim);
391 }
392 
TEST(JsonTokenTest,JwtCredsJwtEncodeAndSign)393 TEST(JsonTokenTest, JwtCredsJwtEncodeAndSign) {
394   test_jwt_encode_and_sign(jwt_creds_jwt_encode_and_sign,
395                            jwt_creds_check_jwt_claim);
396 }
397 
TEST(JsonTokenTest,ParseRefreshTokenSuccess)398 TEST(JsonTokenTest, ParseRefreshTokenSuccess) {
399   grpc_auth_refresh_token refresh_token =
400       grpc_auth_refresh_token_create_from_string(test_refresh_token_str);
401   ASSERT_TRUE(grpc_auth_refresh_token_is_valid(&refresh_token));
402   ASSERT_TRUE(refresh_token.type != nullptr &&
403               (strcmp(refresh_token.type, "authorized_user") == 0));
404   ASSERT_TRUE(refresh_token.client_id != nullptr &&
405               (strcmp(refresh_token.client_id,
406                       "32555999999.apps.googleusercontent.com") == 0));
407   ASSERT_TRUE(
408       refresh_token.client_secret != nullptr &&
409       (strcmp(refresh_token.client_secret, "EmssLNjJy1332hD4KFsecret") == 0));
410   ASSERT_TRUE(refresh_token.refresh_token != nullptr &&
411               (strcmp(refresh_token.refresh_token,
412                       "1/Blahblasj424jladJDSGNf-u4Sua3HDA2ngjd42") == 0));
413   grpc_auth_refresh_token_destruct(&refresh_token);
414 }
415 
TEST(JsonTokenTest,ParseRefreshTokenFailureNoType)416 TEST(JsonTokenTest, ParseRefreshTokenFailureNoType) {
417   const char refresh_token_str[] =
418       "{ \"client_id\": \"32555999999.apps.googleusercontent.com\","
419       "  \"client_secret\": \"EmssLNjJy1332hD4KFsecret\","
420       "  \"refresh_token\": \"1/Blahblasj424jladJDSGNf-u4Sua3HDA2ngjd42\"}";
421   grpc_auth_refresh_token refresh_token =
422       grpc_auth_refresh_token_create_from_string(refresh_token_str);
423   ASSERT_FALSE(grpc_auth_refresh_token_is_valid(&refresh_token));
424 }
425 
TEST(JsonTokenTest,ParseRefreshTokenFailureNoClientId)426 TEST(JsonTokenTest, ParseRefreshTokenFailureNoClientId) {
427   const char refresh_token_str[] =
428       "{ \"client_secret\": \"EmssLNjJy1332hD4KFsecret\","
429       "  \"refresh_token\": \"1/Blahblasj424jladJDSGNf-u4Sua3HDA2ngjd42\","
430       "  \"type\": \"authorized_user\"}";
431   grpc_auth_refresh_token refresh_token =
432       grpc_auth_refresh_token_create_from_string(refresh_token_str);
433   ASSERT_FALSE(grpc_auth_refresh_token_is_valid(&refresh_token));
434 }
435 
TEST(JsonTokenTest,ParseRefreshTokenFailureNoClientSecret)436 TEST(JsonTokenTest, ParseRefreshTokenFailureNoClientSecret) {
437   const char refresh_token_str[] =
438       "{ \"client_id\": \"32555999999.apps.googleusercontent.com\","
439       "  \"refresh_token\": \"1/Blahblasj424jladJDSGNf-u4Sua3HDA2ngjd42\","
440       "  \"type\": \"authorized_user\"}";
441   grpc_auth_refresh_token refresh_token =
442       grpc_auth_refresh_token_create_from_string(refresh_token_str);
443   ASSERT_FALSE(grpc_auth_refresh_token_is_valid(&refresh_token));
444 }
445 
TEST(JsonTokenTest,ParseRefreshTokenFailureNoRefreshToken)446 TEST(JsonTokenTest, ParseRefreshTokenFailureNoRefreshToken) {
447   const char refresh_token_str[] =
448       "{ \"client_id\": \"32555999999.apps.googleusercontent.com\","
449       "  \"client_secret\": \"EmssLNjJy1332hD4KFsecret\","
450       "  \"type\": \"authorized_user\"}";
451   grpc_auth_refresh_token refresh_token =
452       grpc_auth_refresh_token_create_from_string(refresh_token_str);
453   ASSERT_FALSE(grpc_auth_refresh_token_is_valid(&refresh_token));
454 }
455 
main(int argc,char ** argv)456 int main(int argc, char** argv) {
457   grpc::testing::TestEnvironment env(&argc, argv);
458   ::testing::InitGoogleTest(&argc, argv);
459   grpc::testing::TestGrpcScope grpc_scope;
460   return RUN_ALL_TESTS();
461 }
462