Example 1 with AuthenticationController
use of com.auth0.AuthenticationController in project app-auth0-idprovider by enonic.
the class Auth0CallbackService method handle.
public boolean handle(final HttpServletRequest request) {
try {
final IdProviderKey idProviderKey = getIdProviderKey(request);
final AuthenticationController authController = createAuthController(idProviderKey);
final Tokens tokens = authController.handle(request);
final UserInfo userInfo = retrieveUserInfo(idProviderKey, tokens);
loginService.login(request, new UserInfoAdapter(userInfo), idProviderKey);
return true;
} catch (Exception e) {
LOG.error("Error while handling auth0 callback", e);
}
return false;
}
Also used :
AuthenticationController(com.auth0.AuthenticationController)
IdProviderKey(com.enonic.xp.security.IdProviderKey)
UserInfo(com.auth0.json.auth.UserInfo)
UserInfoAdapter(com.enonic.app.auth0.impl.user.UserInfoAdapter)
Auth0Exception(com.auth0.exception.Auth0Exception)
Tokens(com.auth0.Tokens)
Example 2 with AuthenticationController
use of com.auth0.AuthenticationController in project auth0-java-mvc-common by auth0.
the class AuthenticationControllerTest method shouldCheckSessionFallbackWhenHandleCalledWithRequest.
@Test
public void shouldCheckSessionFallbackWhenHandleCalledWithRequest() throws Exception {
AuthenticationController controller = builderSpy.withResponseType("code").build();
TokenRequest codeExchangeRequest = mock(TokenRequest.class);
TokenHolder tokenHolder = mock(TokenHolder.class);
when(codeExchangeRequest.execute()).thenReturn(tokenHolder);
when(client.exchangeCode("abc123", "http://localhost")).thenReturn(codeExchangeRequest);
AuthorizeUrlBuilder mockBuilder = mock(AuthorizeUrlBuilder.class);
when(mockBuilder.withResponseType("code")).thenReturn(mockBuilder);
when(mockBuilder.withScope("openid")).thenReturn(mockBuilder);
when(client.authorizeUrl("https://redirect.uri/here")).thenReturn(mockBuilder);
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
// build auth URL using request and response, which stores state and nonce in cookies and also session as a fallback
String authUrl = controller.buildAuthorizeUrl(request, response, "https://redirect.uri/here").withState("state").withNonce("nonce").build();
String state = (String) request.getSession().getAttribute("com.auth0.state");
String nonce = (String) request.getSession().getAttribute("com.auth0.nonce");
assertThat(state, is("state"));
assertThat(nonce, is("nonce"));
request.setParameter("state", "state");
request.setParameter("nonce", "nonce");
request.setParameter("code", "abc123");
// handle called with request, which should use session
controller.handle(request);
}
Also used :
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
TokenRequest(com.auth0.net.TokenRequest)
TokenHolder(com.auth0.json.auth.TokenHolder)
AuthorizeUrlBuilder(com.auth0.client.auth.AuthorizeUrlBuilder)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Test(org.junit.jupiter.api.Test)
Example 3 with AuthenticationController
use of com.auth0.AuthenticationController in project auth0-java-mvc-common by auth0.
the class AuthenticationControllerTest method shouldCreateWithAsymmetricSignatureVerifierWhenJwkProviderIsExplicitlySet.
@Test
public void shouldCreateWithAsymmetricSignatureVerifierWhenJwkProviderIsExplicitlySet() {
JwkProvider jwkProvider = mock(JwkProvider.class);
AuthenticationController controller = builderSpy.withResponseType("code id_token").withJwkProvider(jwkProvider).build();
SignatureVerifier signatureVerifier = signatureVerifierCaptor.getValue();
assertThat(signatureVerifier, is(notNullValue()));
assertThat(signatureVerifier, instanceOf(AsymmetricSignatureVerifier.class));
assertThat(verificationOptions, is(controller.getRequestProcessor().verifyOptions));
controller = builderSpy.withResponseType("code token").withJwkProvider(jwkProvider).build();
signatureVerifier = signatureVerifierCaptor.getValue();
assertThat(signatureVerifier, is(notNullValue()));
assertThat(signatureVerifier, instanceOf(AsymmetricSignatureVerifier.class));
assertThat(verificationOptions, is(controller.getRequestProcessor().verifyOptions));
controller = builderSpy.withResponseType("code id_token token").withJwkProvider(jwkProvider).build();
signatureVerifier = signatureVerifierCaptor.getValue();
assertThat(signatureVerifier, is(notNullValue()));
assertThat(signatureVerifier, instanceOf(AsymmetricSignatureVerifier.class));
assertThat(verificationOptions, is(controller.getRequestProcessor().verifyOptions));
controller = builderSpy.withResponseType("code").withJwkProvider(jwkProvider).build();
signatureVerifier = signatureVerifierCaptor.getValue();
assertThat(signatureVerifier, is(notNullValue()));
assertThat(signatureVerifier, instanceOf(AsymmetricSignatureVerifier.class));
assertThat(verificationOptions, is(controller.getRequestProcessor().verifyOptions));
controller = builderSpy.withResponseType("id_token").withJwkProvider(jwkProvider).build();
signatureVerifier = signatureVerifierCaptor.getValue();
assertThat(signatureVerifier, is(notNullValue()));
assertThat(signatureVerifier, instanceOf(AsymmetricSignatureVerifier.class));
assertThat(verificationOptions, is(controller.getRequestProcessor().verifyOptions));
controller = builderSpy.withResponseType("token").withJwkProvider(jwkProvider).build();
signatureVerifier = signatureVerifierCaptor.getValue();
assertThat(signatureVerifier, is(notNullValue()));
assertThat(signatureVerifier, instanceOf(AsymmetricSignatureVerifier.class));
assertThat(verificationOptions, is(controller.getRequestProcessor().verifyOptions));
}
Also used :
JwkProvider(com.auth0.jwk.JwkProvider)
Test(org.junit.jupiter.api.Test)
Example 4 with AuthenticationController
use of com.auth0.AuthenticationController in project auth0-java-mvc-common by auth0.
the class AuthenticationControllerTest method shouldSetupClientWithTelemetry.
@Test
public void shouldSetupClientWithTelemetry() {
AuthenticationController controller = builderSpy.build();
ArgumentCaptor<Telemetry> telemetryCaptor = ArgumentCaptor.forClass(Telemetry.class);
assertThat(controller, is(notNullValue()));
RequestProcessor requestProcessor = controller.getRequestProcessor();
assertThat(requestProcessor.getClient(), is(client));
verify(client).setTelemetry(telemetryCaptor.capture());
Telemetry capturedTelemetry = telemetryCaptor.getValue();
assertThat(capturedTelemetry, is(notNullValue()));
assertThat(capturedTelemetry.getName(), is("auth0-java-mvc-common"));
assertThat(capturedTelemetry.getVersion(), is("1.2.3"));
}Example 5 with AuthenticationController
use of com.auth0.AuthenticationController in project auth0-java-mvc-common by auth0.
the class AuthenticationControllerTest method shouldCheckSessionFallbackWhenHandleCalledWithRequestAndResponse.
@Test
public void shouldCheckSessionFallbackWhenHandleCalledWithRequestAndResponse() throws Exception {
AuthenticationController controller = builderSpy.withResponseType("code").build();
TokenRequest codeExchangeRequest = mock(TokenRequest.class);
TokenHolder tokenHolder = mock(TokenHolder.class);
when(codeExchangeRequest.execute()).thenReturn(tokenHolder);
when(client.exchangeCode("abc123", "http://localhost")).thenReturn(codeExchangeRequest);
AuthorizeUrlBuilder mockBuilder = mock(AuthorizeUrlBuilder.class);
when(mockBuilder.withResponseType("code")).thenReturn(mockBuilder);
when(mockBuilder.withScope("openid")).thenReturn(mockBuilder);
when(client.authorizeUrl("https://redirect.uri/here")).thenReturn(mockBuilder);
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
// build auth URL using deprecated method, which stores state and nonce in session
String authUrl = controller.buildAuthorizeUrl(request, "https://redirect.uri/here").withState("state").withNonce("nonce").build();
String state = (String) request.getSession().getAttribute("com.auth0.state");
String nonce = (String) request.getSession().getAttribute("com.auth0.nonce");
assertThat(state, is("state"));
assertThat(nonce, is("nonce"));
request.setParameter("state", "state");
request.setParameter("nonce", "nonce");
request.setParameter("code", "abc123");
// handle called with request and response, which should use cookies but fallback to session
controller.handle(request, response);
}
Also used :
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
TokenRequest(com.auth0.net.TokenRequest)
TokenHolder(com.auth0.json.auth.TokenHolder)
AuthorizeUrlBuilder(com.auth0.client.auth.AuthorizeUrlBuilder)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Test(org.junit.jupiter.api.Test)
Aggregations
Test (org.junit.jupiter.api.Test)4
AuthorizeUrlBuilder (com.auth0.client.auth.AuthorizeUrlBuilder)2
TokenHolder (com.auth0.json.auth.TokenHolder)2
TokenRequest (com.auth0.net.TokenRequest)2
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)2
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)2
AuthenticationController (com.auth0.AuthenticationController)1
Tokens (com.auth0.Tokens)1
Auth0Exception (com.auth0.exception.Auth0Exception)1
UserInfo (com.auth0.json.auth.UserInfo)1
JwkProvider (com.auth0.jwk.JwkProvider)1
Telemetry (com.auth0.net.Telemetry)1
UserInfoAdapter (com.enonic.app.auth0.impl.user.UserInfoAdapter)1
IdProviderKey (com.enonic.xp.security.IdProviderKey)1
