generated from coulomb/repo-seed
39 lines
1.0 KiB
Markdown
39 lines
1.0 KiB
Markdown
# IAM Profile Conformance
|
|
|
|
Executable checks for `canon/standards/iam-profile_v0.2.md`.
|
|
|
|
Runtime dependency: Python 3.11+ with `cryptography`. Fixture tests also
|
|
require `pytest`.
|
|
|
|
Run a full check against a real issuer with a freshly minted access token:
|
|
|
|
```bash
|
|
python3 tools/iam-profile-conformance/iam_profile_conformance.py \
|
|
--issuer https://id.example.net/realms/platform \
|
|
--audience my-service \
|
|
--access-token "$(cat token.jwt)" \
|
|
--client-id iam-profile-conformance \
|
|
--redirect-uri http://localhost/callback \
|
|
--environment production
|
|
```
|
|
|
|
The PKCE probe sends an authorization request without a
|
|
`code_challenge`; a conforming issuer rejects it. Use a dedicated public
|
|
test client for this check.
|
|
|
|
For discovery-only smoke checks:
|
|
|
|
```bash
|
|
python3 tools/iam-profile-conformance/iam_profile_conformance.py \
|
|
--issuer https://id.example.net/realms/platform \
|
|
--audience my-service \
|
|
--discovery-only \
|
|
--skip-pkce-probe
|
|
```
|
|
|
|
Run fixture tests:
|
|
|
|
```bash
|
|
python3 -m pytest tools/iam-profile-conformance/tests
|
|
```
|