use of com.auth0.AuthenticationController in project app-auth0-idprovider by enonic.
the class Auth0CallbackService method handle.
public boolean handle(final HttpServletRequest request) {
try {
final IdProviderKey idProviderKey = getIdProviderKey(request);
final AuthenticationController authController = createAuthController(idProviderKey);
final Tokens tokens = authController.handle(request);
final UserInfo userInfo = retrieveUserInfo(idProviderKey, tokens);
loginService.login(request, new UserInfoAdapter(userInfo), idProviderKey);
return true;
} catch (Exception e) {
LOG.error("Error while handling auth0 callback", e);
}
return false;
}
use of com.auth0.AuthenticationController in project auth0-java-mvc-common by auth0.
the class AuthenticationControllerTest method shouldCheckSessionFallbackWhenHandleCalledWithRequest.
@Test
public void shouldCheckSessionFallbackWhenHandleCalledWithRequest() throws Exception {
AuthenticationController controller = builderSpy.withResponseType("code").build();
TokenRequest codeExchangeRequest = mock(TokenRequest.class);
TokenHolder tokenHolder = mock(TokenHolder.class);
when(codeExchangeRequest.execute()).thenReturn(tokenHolder);
when(client.exchangeCode("abc123", "http://localhost")).thenReturn(codeExchangeRequest);
AuthorizeUrlBuilder mockBuilder = mock(AuthorizeUrlBuilder.class);
when(mockBuilder.withResponseType("code")).thenReturn(mockBuilder);
when(mockBuilder.withScope("openid")).thenReturn(mockBuilder);
when(client.authorizeUrl("https://redirect.uri/here")).thenReturn(mockBuilder);
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
// build auth URL using request and response, which stores state and nonce in cookies and also session as a fallback
String authUrl = controller.buildAuthorizeUrl(request, response, "https://redirect.uri/here").withState("state").withNonce("nonce").build();
String state = (String) request.getSession().getAttribute("com.auth0.state");
String nonce = (String) request.getSession().getAttribute("com.auth0.nonce");
assertThat(state, is("state"));
assertThat(nonce, is("nonce"));
request.setParameter("state", "state");
request.setParameter("nonce", "nonce");
request.setParameter("code", "abc123");
// handle called with request, which should use session
controller.handle(request);
}
use of com.auth0.AuthenticationController in project auth0-java-mvc-common by auth0.
the class AuthenticationControllerTest method shouldCreateWithAsymmetricSignatureVerifierWhenJwkProviderIsExplicitlySet.
@Test
public void shouldCreateWithAsymmetricSignatureVerifierWhenJwkProviderIsExplicitlySet() {
JwkProvider jwkProvider = mock(JwkProvider.class);
AuthenticationController controller = builderSpy.withResponseType("code id_token").withJwkProvider(jwkProvider).build();
SignatureVerifier signatureVerifier = signatureVerifierCaptor.getValue();
assertThat(signatureVerifier, is(notNullValue()));
assertThat(signatureVerifier, instanceOf(AsymmetricSignatureVerifier.class));
assertThat(verificationOptions, is(controller.getRequestProcessor().verifyOptions));
controller = builderSpy.withResponseType("code token").withJwkProvider(jwkProvider).build();
signatureVerifier = signatureVerifierCaptor.getValue();
assertThat(signatureVerifier, is(notNullValue()));
assertThat(signatureVerifier, instanceOf(AsymmetricSignatureVerifier.class));
assertThat(verificationOptions, is(controller.getRequestProcessor().verifyOptions));
controller = builderSpy.withResponseType("code id_token token").withJwkProvider(jwkProvider).build();
signatureVerifier = signatureVerifierCaptor.getValue();
assertThat(signatureVerifier, is(notNullValue()));
assertThat(signatureVerifier, instanceOf(AsymmetricSignatureVerifier.class));
assertThat(verificationOptions, is(controller.getRequestProcessor().verifyOptions));
controller = builderSpy.withResponseType("code").withJwkProvider(jwkProvider).build();
signatureVerifier = signatureVerifierCaptor.getValue();
assertThat(signatureVerifier, is(notNullValue()));
assertThat(signatureVerifier, instanceOf(AsymmetricSignatureVerifier.class));
assertThat(verificationOptions, is(controller.getRequestProcessor().verifyOptions));
controller = builderSpy.withResponseType("id_token").withJwkProvider(jwkProvider).build();
signatureVerifier = signatureVerifierCaptor.getValue();
assertThat(signatureVerifier, is(notNullValue()));
assertThat(signatureVerifier, instanceOf(AsymmetricSignatureVerifier.class));
assertThat(verificationOptions, is(controller.getRequestProcessor().verifyOptions));
controller = builderSpy.withResponseType("token").withJwkProvider(jwkProvider).build();
signatureVerifier = signatureVerifierCaptor.getValue();
assertThat(signatureVerifier, is(notNullValue()));
assertThat(signatureVerifier, instanceOf(AsymmetricSignatureVerifier.class));
assertThat(verificationOptions, is(controller.getRequestProcessor().verifyOptions));
}
use of com.auth0.AuthenticationController in project auth0-java-mvc-common by auth0.
the class AuthenticationControllerTest method shouldSetupClientWithTelemetry.
@Test
public void shouldSetupClientWithTelemetry() {
AuthenticationController controller = builderSpy.build();
ArgumentCaptor<Telemetry> telemetryCaptor = ArgumentCaptor.forClass(Telemetry.class);
assertThat(controller, is(notNullValue()));
RequestProcessor requestProcessor = controller.getRequestProcessor();
assertThat(requestProcessor.getClient(), is(client));
verify(client).setTelemetry(telemetryCaptor.capture());
Telemetry capturedTelemetry = telemetryCaptor.getValue();
assertThat(capturedTelemetry, is(notNullValue()));
assertThat(capturedTelemetry.getName(), is("auth0-java-mvc-common"));
assertThat(capturedTelemetry.getVersion(), is("1.2.3"));
}
use of com.auth0.AuthenticationController in project auth0-java-mvc-common by auth0.
the class AuthenticationControllerTest method shouldCheckSessionFallbackWhenHandleCalledWithRequestAndResponse.
@Test
public void shouldCheckSessionFallbackWhenHandleCalledWithRequestAndResponse() throws Exception {
AuthenticationController controller = builderSpy.withResponseType("code").build();
TokenRequest codeExchangeRequest = mock(TokenRequest.class);
TokenHolder tokenHolder = mock(TokenHolder.class);
when(codeExchangeRequest.execute()).thenReturn(tokenHolder);
when(client.exchangeCode("abc123", "http://localhost")).thenReturn(codeExchangeRequest);
AuthorizeUrlBuilder mockBuilder = mock(AuthorizeUrlBuilder.class);
when(mockBuilder.withResponseType("code")).thenReturn(mockBuilder);
when(mockBuilder.withScope("openid")).thenReturn(mockBuilder);
when(client.authorizeUrl("https://redirect.uri/here")).thenReturn(mockBuilder);
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
// build auth URL using deprecated method, which stores state and nonce in session
String authUrl = controller.buildAuthorizeUrl(request, "https://redirect.uri/here").withState("state").withNonce("nonce").build();
String state = (String) request.getSession().getAttribute("com.auth0.state");
String nonce = (String) request.getSession().getAttribute("com.auth0.nonce");
assertThat(state, is("state"));
assertThat(nonce, is("nonce"));
request.setParameter("state", "state");
request.setParameter("nonce", "nonce");
request.setParameter("code", "abc123");
// handle called with request and response, which should use cookies but fallback to session
controller.handle(request, response);
}
Aggregations