AlinsRan opened a new pull request, #13608: URL: https://github.com/apache/apisix/pull/13608
### Description `t/plugin/openid-connect.t` TEST 36 and TEST 38 fetch the OIDC discovery document from the **live** `samples.auth0.com` / `accounts.google.com` endpoints. On CI runners that cannot validate the upstream TLS certificate this fails deterministically (it is environmental, reruns do not help): ``` accessing discovery url (https://samples.auth0.com/.well-known/openid-configuration) failed: 20: unable to get local issuer certificate ... openid-connect exits with http status code 503 ``` Example failure (linux_openresty `t/plugin/[l-z]*.t` bucket): https://github.com/apache/apisix/actions/runs/28147860875/job/83374909107 This PR removes the external dependency by pointing both tests at the in-tree mock discovery already served on `127.0.0.1:1980`, so the logout flow is exercised entirely locally: - **TEST 36** keeps using the existing discovery document (no `end_session_endpoint`) and covers the `redirect_after_logout_uri` path. - **TEST 38** uses a new mock endpoint that advertises an `end_session_endpoint`, covering the `end_session_endpoint` path which was previously not tested at all. It also fixes the assertions. The old checks used `string.find(location, ...) ~= -1`, which is **always true** (`string.find` returns `nil` or a number, never `-1`), so the redirect target was never actually validated — and `string.find` was treating the expected value as a Lua pattern. The assertions now unescape the `Location` header and match with a plain-text `find`, so they verify the real redirect (including the percent-encoded `post_logout_redirect_uri`). ### Checklist - [x] I have explained the need for this PR and the problem it solves - [x] I have explained the changes or the new features added to this PR - [x] I have added tests corresponding to this change (test-only change) - [x] I have updated the documentation to reflect this change (n/a) - [x] I have verified that this change is backward compatible (test-only change) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
