From 2146ab3aa3ed3ee840fbbab24b67b8e9e96f5bf9 Mon Sep 17 00:00:00 2001
From: Caleb Doxsey <cdoxsey@pomerium.com>
Date: Mon, 17 Feb 2025 09:23:12 -0700
Subject: [PATCH] add verify test

---
 authenticate/handlers_verify_test.go | 49 ++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)
 create mode 100644 authenticate/handlers_verify_test.go

diff --git a/authenticate/handlers_verify_test.go b/authenticate/handlers_verify_test.go
new file mode 100644
index 000000000..f91822c07
--- /dev/null
+++ b/authenticate/handlers_verify_test.go
@@ -0,0 +1,49 @@
+package authenticate_test
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"github.com/pomerium/pomerium/authenticate"
+	"github.com/pomerium/pomerium/config"
+	"github.com/pomerium/pomerium/internal/testutil"
+	"github.com/pomerium/pomerium/pkg/cryptutil"
+)
+
+func TestVerifyAccessToken(t *testing.T) {
+	t.Parallel()
+
+	ctx := testutil.GetContext(t, time.Minute)
+	a, err := authenticate.New(ctx, &config.Config{
+		Options: &config.Options{
+			CookieSecret:             cryptutil.NewBase64Key(),
+			SharedKey:                cryptutil.NewBase64Key(),
+			AuthenticateCallbackPath: "/oauth2/callback",
+			AuthenticateURLString:    "https://authenticate.example.com",
+
+			Provider:    "oidc",
+			ProviderURL: "http://oidc.example.com",
+		},
+	})
+	require.NoError(t, err)
+
+	w := httptest.NewRecorder()
+	r, err := http.NewRequestWithContext(ctx, http.MethodPost, "https://authenticate.example.com/.pomerium/verify-access-token",
+		strings.NewReader(`{"accessToken":"ACCESS TOKEN"}`))
+	require.NoError(t, err)
+
+	a.Handler().ServeHTTP(w, r)
+
+	assert.Equal(t, 200, w.Code)
+	assert.JSONEq(t, `{"valid":false}`, w.Body.String())
+}
+
+func TestVerifyIdentityToken(t *testing.T) {
+	t.Parallel()
+}