use of org.apereo.cas.support.oauth.services.DefaultRegisteredServiceOAuthAccessTokenExpirationPolicy in project cas by apereo.
the class OAuth20AuthorizeEndpointControllerTests method verifyPerServiceExpiration.
@Test
public void verifyPerServiceExpiration() throws Exception {
clearAllServices();
val mockRequest = new MockHttpServletRequest(HttpMethod.GET.name(), CONTEXT + OAuth20Constants.AUTHORIZE_URL);
mockRequest.setParameter(OAuth20Constants.CLIENT_ID, CLIENT_ID);
mockRequest.setParameter(OAuth20Constants.REDIRECT_URI, REDIRECT_URI);
mockRequest.setParameter(OAuth20Constants.RESPONSE_TYPE, OAuth20ResponseTypes.TOKEN.name().toLowerCase());
mockRequest.setServerName(CAS_SERVER);
mockRequest.setServerPort(CAS_PORT);
mockRequest.setScheme(CAS_SCHEME);
val mockResponse = new MockHttpServletResponse();
val service = getRegisteredService(REDIRECT_URI, SERVICE_NAME);
service.setBypassApprovalPrompt(true);
val expirationPolicy = new DefaultRegisteredServiceOAuthAccessTokenExpirationPolicy();
expirationPolicy.setMaxTimeToLive("5005");
expirationPolicy.setTimeToKill("1001");
service.setAccessTokenExpirationPolicy(expirationPolicy);
service.setJwtAccessToken(true);
this.servicesManager.save(service);
val profile = new CasProfile();
profile.setId(ID);
val attributes = new HashMap<String, Object>();
attributes.put(FIRST_NAME_ATTRIBUTE, FIRST_NAME);
attributes.put(LAST_NAME_ATTRIBUTE, LAST_NAME);
profile.addAttributes(attributes);
val sessionStore = oAuth20AuthorizeEndpointController.getConfigurationContext().getSessionStore();
val context = new JEEContext(mockRequest, mockResponse);
val ticket = new MockTicketGrantingTicket("casuser");
oAuth20AuthorizeEndpointController.getConfigurationContext().getTicketRegistry().addTicket(ticket);
sessionStore.set(context, WebUtils.PARAMETER_TICKET_GRANTING_TICKET_ID, ticket.getId());
sessionStore.set(context, Pac4jConstants.USER_PROFILES, CollectionUtils.wrapLinkedHashMap(profile.getClientName(), profile));
val modelAndView = oAuth20AuthorizeEndpointController.handleRequest(mockRequest, mockResponse);
val view = modelAndView.getView();
assertTrue(view instanceof RedirectView);
val redirectView = (RedirectView) view;
val redirectUrl = redirectView.getUrl();
assertNotNull(redirectUrl);
assertTrue(redirectUrl.startsWith(REDIRECT_URI + "#access_token="));
val at = StringUtils.substringBetween(redirectUrl, "#access_token=", "&token_type=bearer");
val decoded = this.oauthAccessTokenJwtCipherExecutor.decode(at).toString();
assertNotNull(decoded);
val jwt = JwtClaims.parse(decoded);
assertNotNull(jwt);
assertNotNull(jwt.getExpirationTime());
assertNotNull(jwt.getIssuedAt());
assertEqualsWithDelta(Long.parseLong(expirationPolicy.getMaxTimeToLive()), jwt.getExpirationTime().getValue() - jwt.getIssuedAt().getValue(), DELTA);
val expiresIn = StringUtils.substringAfter(redirectUrl, "&expires_in=");
assertEquals(expirationPolicy.getMaxTimeToLive(), expiresIn);
}
use of org.apereo.cas.support.oauth.services.DefaultRegisteredServiceOAuthAccessTokenExpirationPolicy in project cas by apereo.
the class OAuth20DefaultAccessTokenFactoryTests method verifyOperationCreate.
@Test
public void verifyOperationCreate() {
val registeredService = getRegisteredService("https://app.oauth.org", "clientid-at", "secret-at");
registeredService.setAccessTokenExpirationPolicy(new DefaultRegisteredServiceOAuthAccessTokenExpirationPolicy("PT10S", "PT10S"));
servicesManager.save(registeredService);
val token = defaultAccessTokenFactory.create(RegisteredServiceTestUtils.getService("https://app.oauth.org"), RegisteredServiceTestUtils.getAuthentication(), Set.of("Scope1", "Scope2"), "clientid-at", OAuth20ResponseTypes.CODE, OAuth20GrantTypes.AUTHORIZATION_CODE);
assertNotNull(token);
assertNotNull(defaultAccessTokenFactory.get(OAuth20AccessToken.class));
}
Aggregations