MystenLabs · joyqvq · Sep 13, 2024 · Sep 13, 2024 · Sep 13, 2024 · Sep 13, 2024
diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml
@@ -57,7 +57,7 @@ jobs:
         run: cargo build --benches --features experimental,copy_key,unsecure_schemes
       - name: cargo test
       # TODO: `cargo nextest run` doesn't work on windows, so we use `cargo test` instead
-        run: cargo test --features experimental,copy_key,unsecure_schemes
+        run: cargo test --all-features
       - name: Doctests
         run: |
           cargo test --doc --features experimental,copy_key,unsecure_schemes

diff --git a/fastcrypto-zkp/src/bn254/unit_tests/zk_login_e2e_tests.rs b/fastcrypto-zkp/src/bn254/unit_tests/zk_login_e2e_tests.rs
@@ -199,8 +199,17 @@ async fn test_end_to_end_all_providers() {
         std::fs::File::open("src/bn254/zklogin_test_vectors.json").expect("Unable to open file");
     let test_datum: Vec<TestData> = serde_json::from_reader(file).unwrap();
     for test_data in test_datum {
-        println!("Testing provider: {:?}", test_data.provider);
         // Make a map of jwk ids to jwks just for Apple.
+        let (_, _, iss) = parse_and_validate_jwt(&test_data.jwt).unwrap();
+        let provider = OIDCProvider::from_iss(&iss).unwrap();
+        assert_eq!(
+            provider,
+            OIDCProvider::from_iss(&provider.get_config().iss).unwrap()
+        );
+        println!(
+            "Testing provider: {:?} test case: {:?}",
+            provider, test_data.provider
+        );
         let (max_epoch, eph_pubkey, zk_login_inputs) = get_test_inputs(&test_data.jwt).await;
         let mut map = ImHashMap::new();
         map.insert(
@@ -260,7 +269,7 @@ async fn get_test_inputs(parsed_token: &str) -> (u64, Vec<u8>, ZkLoginInputs) {
     )
     .await
     .unwrap();
-    let (sub, aud) = parse_and_validate_jwt(parsed_token).unwrap();
+    let (sub, aud, _) = parse_and_validate_jwt(parsed_token).unwrap();
     // Get the address seed.
     let address_seed = gen_address_seed(user_salt, "sub", &sub, &aud).unwrap();
     let zk_login_inputs = ZkLoginInputs::from_reader(reader, &address_seed).unwrap();
@@ -331,7 +340,7 @@ async fn test_end_to_end_test_issuer(test_input: TestInputStruct) {
         )
         .await
         .unwrap();
-        let (sub, aud) = parse_and_validate_jwt(&parsed_token).unwrap();
+        let (sub, aud, _) = parse_and_validate_jwt(&parsed_token).unwrap();
         // Get the address seed.
         let address_seed = gen_address_seed(&user_salt, "sub", &sub, &aud).unwrap();
         let zk_login_inputs =

diff --git a/fastcrypto-zkp/src/bn254/unit_tests/zk_login_tests.rs b/fastcrypto-zkp/src/bn254/unit_tests/zk_login_tests.rs
@@ -468,15 +468,21 @@ fn test_get_nonce() {
 #[test]
 fn test_get_provider_to_from_iss_to_from_str() {
     for p in [
+        OIDCProvider::Facebook,
         OIDCProvider::Google,
         OIDCProvider::Twitch,
-        OIDCProvider::Facebook,
         OIDCProvider::Slack,
         OIDCProvider::Kakao,
         OIDCProvider::Apple,
         OIDCProvider::Microsoft,
         OIDCProvider::AwsTenant(("us-east-1".to_string(), "us-east-1_LPSLCkC3A".to_string())),
-        OIDCProvider::TestIssuer,
+        OIDCProvider::AwsTenant(("us-east-1".to_string(), "us-east-1_qPsZxYqd8".to_string())),
+        OIDCProvider::KarrierOne,
+        OIDCProvider::Credenza3,
+        OIDCProvider::Playtron,
+        OIDCProvider::Threedos,
+        OIDCProvider::Onefc,
+        OIDCProvider::FanTV,
     ] {
         // to/from iss
         assert_eq!(p, OIDCProvider::from_iss(&p.get_config().iss).unwrap());

diff --git a/fastcrypto-zkp/src/bn254/utils.rs b/fastcrypto-zkp/src/bn254/utils.rs
@@ -85,13 +85,9 @@ pub fn get_oidc_url(
             OIDCProvider::Credenza3 => format!("https://accounts.credenza3.com/oauth2/authorize?client_id={}&response_type=token&scope=openid+profile+email+phone&redirect_uri={}&nonce={}&state=state", client_id, redirect_url, nonce),
             OIDCProvider::Onefc => format!("https://login.onepassport.onefc.com/de3ee5c1-5644-4113-922d-e8336569a462/b2c_1a_prod_signupsignin_onesuizklogin/oauth2/v2.0/authorize?client_id={}&scope=openid&response_type=id_token&redirect_uri={}&nonce={}", client_id, redirect_url, nonce),
             OIDCProvider::AwsTenant((region, tenant_id)) => format!("https://{}.auth.{}.amazoncognito.com/login?response_type=token&client_id={}&redirect_uri={}&nonce={}", tenant_id, region, client_id, redirect_url, nonce),
-            OIDCProvider::TestIssuer => return Err(FastCryptoError::InvalidInput), // Test issuer does not issue JWTs interactively, this is not valid to call. 
-            OIDCProvider::Playtron => return Err(FastCryptoError::InvalidInput), // Playtron does not issue JWTs interactively, this is not valid to call.
-            OIDCProvider::Threedos => return Err(FastCryptoError::InvalidInput), // Threedos does not issue JWTs interactively yet, this is not valid to call.
-            // FanTV case can call the following url to get the Token:
-            // https://fantv-apis.fantiger.com/v1/oauth2/auth?clientId={}&redirectUri={}&responseType=authorization_code&scope=openid&userId={}&nonce={}
-            OIDCProvider::FanTV => return Err(FastCryptoError::InvalidInput), // FanTV does not issue JWTs interactively yet, this is not valid to call.
-})
+            // this URL is only useful if CLI testing from Sui is needed, can ignore if a frontend test plan is in place
+            _ => return Err(FastCryptoError::InvalidInput)
+    })
 }
 
 /// Return the token exchange URL for the given auth code.

diff --git a/fastcrypto-zkp/src/bn254/zk_login.rs b/fastcrypto-zkp/src/bn254/zk_login.rs
@@ -267,7 +267,7 @@ impl OIDCProvider {
             "https://login.onepassport.onefc.com/de3ee5c1-5644-4113-922d-e8336569a462/v2.0/" => {
                 Ok(Self::Onefc)
             }
-            "https://accounts.fantv.world/" => Ok(Self::FanTV),
+            "https://accounts.fantv.world" => Ok(Self::FanTV),
             iss if match_micrsoft_iss_substring(iss) => Ok(Self::Microsoft),
             _ => match parse_aws_iss_substring(iss) {
                 Ok((region, tenant_id)) => {

diff --git a/fastcrypto/src/jwt_utils.rs b/fastcrypto/src/jwt_utils.rs
@@ -37,7 +37,7 @@ impl Claims {
 }
 
 // Parse and validate a JWT token, returns sub and aud.
-pub fn parse_and_validate_jwt(token: &str) -> Result<(String, String), FastCryptoError> {
+pub fn parse_and_validate_jwt(token: &str) -> Result<(String, String, String), FastCryptoError> {
     // Check if the token contains 3 parts.
     let parts: Vec<&str> = token.split('.').collect();
     if parts.len() != 3 {
@@ -48,7 +48,7 @@ pub fn parse_and_validate_jwt(token: &str) -> Result<(String, String), FastCrypt
 
     // Check if payload is well formed.
     let payload = Claims::from_encoded(parts[1])?;
-    Ok((payload.sub, payload.aud))
+    Ok((payload.sub, payload.aud, payload.iss))
 }
 
 /// Struct that represents a standard JWT header according to