Example 21 with Tokens
use of com.auth0.Tokens in project AuthGuard by AuthGuard.
the class JwtTokenVerifierTest method validateWithJti.
@Test
void validateWithJti() {
final StrategyConfig strategyConfig = strategyConfig(true);
final JwtConfig jwtConfig = jwtConfig();
final JwtTokenVerifier jwtTokenVerifier = newVerifierInstance(strategyConfig);
final String jti = UUID.randomUUID().toString();
Mockito.when(jtiProvider.next()).thenReturn(jti);
Mockito.when(jtiProvider.validate(jti)).thenReturn(true);
final AccountBO account = RANDOM.nextObject(AccountBO.class);
final AuthResponseBO tokens = generateToken(jwtConfig, account, jti);
final Either<Exception, DecodedJWT> validatedToken = jwtTokenVerifier.verify(tokens.getToken().toString());
assertThat(validatedToken.isRight()).isTrue();
verifyToken(validatedToken.get(), account.getId(), jti, null, null);
}
Also used :
AccountBO(com.nexblocks.authguard.service.model.AccountBO)
JwtConfig(com.nexblocks.authguard.service.config.JwtConfig)
StrategyConfig(com.nexblocks.authguard.service.config.StrategyConfig)
AuthResponseBO(com.nexblocks.authguard.service.model.AuthResponseBO)
DecodedJWT(com.auth0.jwt.interfaces.DecodedJWT)
ServiceAuthorizationException(com.nexblocks.authguard.service.exceptions.ServiceAuthorizationException)
Test(org.junit.jupiter.api.Test)
Example 22 with Tokens
use of com.auth0.Tokens in project goobi-workflow by intranda.
the class JwtHelper method verifyToken.
/**
* Verifies tokens with rotated keys. Also checks if the last rotated key is valid
*
* @param token
* @param secret
* @return
*/
private static DecodedJWT verifyToken(String token, String secret, LongSupplier currentMillisSupplier) {
long currentTime = currentMillisSupplier.getAsLong();
int maxRotations = 3;
for (int currentRotation = 0; currentRotation < maxRotations; currentRotation++) {
long rotationTime = ((currentTime - (rotationDuration * currentRotation)) / rotationDuration) * rotationDuration;
try {
DecodedJWT jwt = verifyTokenWithRotationTime(token, secret, rotationTime);
return jwt;
} catch (JWTVerificationException e) {
if (currentRotation == maxRotations - 1) {
throw e;
}
}
}
return null;
}
Also used :
JWTVerificationException(com.auth0.jwt.exceptions.JWTVerificationException)
DecodedJWT(com.auth0.jwt.interfaces.DecodedJWT)
Example 23 with Tokens
use of com.auth0.Tokens in project app-auth0-idprovider by enonic.
the class Auth0CallbackService method handle.
public boolean handle(final HttpServletRequest request) {
try {
final IdProviderKey idProviderKey = getIdProviderKey(request);
final AuthenticationController authController = createAuthController(idProviderKey);
final Tokens tokens = authController.handle(request);
final UserInfo userInfo = retrieveUserInfo(idProviderKey, tokens);
loginService.login(request, new UserInfoAdapter(userInfo), idProviderKey);
return true;
} catch (Exception e) {
LOG.error("Error while handling auth0 callback", e);
}
return false;
}
Also used :
AuthenticationController(com.auth0.AuthenticationController)
IdProviderKey(com.enonic.xp.security.IdProviderKey)
UserInfo(com.auth0.json.auth.UserInfo)
UserInfoAdapter(com.enonic.app.auth0.impl.user.UserInfoAdapter)
Auth0Exception(com.auth0.exception.Auth0Exception)
Tokens(com.auth0.Tokens)
Example 24 with Tokens
use of com.auth0.Tokens in project auth0-java-mvc-common by auth0.
the class RequestProcessorTest method shouldReturnTokensOnProcessIfTokenIdTokenCodeRequestPassesIdTokenVerification.
@Test
public void shouldReturnTokensOnProcessIfTokenIdTokenCodeRequestPassesIdTokenVerification() throws Exception {
doNothing().when(tokenVerifier).verify(eq("frontIdToken"), eq(verifyOptions));
Map<String, Object> params = new HashMap<>();
params.put("code", "abc123");
params.put("state", "1234");
params.put("id_token", "frontIdToken");
params.put("access_token", "frontAccessToken");
params.put("expires_in", "8400");
params.put("token_type", "frontTokenType");
MockHttpServletRequest request = getRequest(params);
request.setCookies(new Cookie("com.auth0.state", "1234"));
TokenRequest codeExchangeRequest = mock(TokenRequest.class);
TokenHolder tokenHolder = mock(TokenHolder.class);
when(tokenHolder.getIdToken()).thenReturn("backIdToken");
when(tokenHolder.getAccessToken()).thenReturn("backAccessToken");
when(tokenHolder.getRefreshToken()).thenReturn("backRefreshToken");
when(tokenHolder.getExpiresIn()).thenReturn(4800L);
when(tokenHolder.getTokenType()).thenReturn("backTokenType");
when(codeExchangeRequest.execute()).thenReturn(tokenHolder);
when(client.exchangeCode("abc123", "https://me.auth0.com:80/callback")).thenReturn(codeExchangeRequest);
RequestProcessor handler = new RequestProcessor.Builder(client, "id_token token code", verifyOptions).withIdTokenVerifier(tokenVerifier).build();
Tokens tokens = handler.process(request, response);
// Should not verify the ID Token twice
verify(tokenVerifier).verify("frontIdToken", verifyOptions);
verify(tokenVerifier, never()).verify("backIdToken", verifyOptions);
verifyNoMoreInteractions(tokenVerifier);
assertThat(tokens, is(notNullValue()));
assertThat(tokens.getIdToken(), is("frontIdToken"));
assertThat(tokens.getAccessToken(), is("backAccessToken"));
assertThat(tokens.getRefreshToken(), is("backRefreshToken"));
assertThat(tokens.getExpiresIn(), is(4800L));
assertThat(tokens.getType(), is("backTokenType"));
}
Also used :
Cookie(javax.servlet.http.Cookie)
HashMap(java.util.HashMap)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
TokenRequest(com.auth0.net.TokenRequest)
TokenHolder(com.auth0.json.auth.TokenHolder)
Test(org.junit.jupiter.api.Test)
Example 25 with Tokens
use of com.auth0.Tokens in project auth0-java-mvc-common by auth0.
the class RequestProcessorTest method shouldReturnEmptyTokensWhenCodeRequestReturnsNoTokens.
@Test
public void shouldReturnEmptyTokensWhenCodeRequestReturnsNoTokens() throws Exception {
Map<String, Object> params = new HashMap<>();
params.put("code", "abc123");
params.put("state", "1234");
MockHttpServletRequest request = getRequest(params);
request.setCookies(new Cookie("com.auth0.state", "1234"));
TokenRequest codeExchangeRequest = mock(TokenRequest.class);
TokenHolder tokenHolder = mock(TokenHolder.class);
when(codeExchangeRequest.execute()).thenReturn(tokenHolder);
when(client.exchangeCode("abc123", "https://me.auth0.com:80/callback")).thenReturn(codeExchangeRequest);
RequestProcessor handler = new RequestProcessor.Builder(client, "code", verifyOptions).withIdTokenVerifier(tokenVerifier).build();
Tokens tokens = handler.process(request, response);
verifyNoMoreInteractions(tokenVerifier);
assertThat(tokens, is(notNullValue()));
assertThat(tokens.getIdToken(), is(nullValue()));
assertThat(tokens.getAccessToken(), is(nullValue()));
assertThat(tokens.getRefreshToken(), is(nullValue()));
}
Also used :
Cookie(javax.servlet.http.Cookie)
HashMap(java.util.HashMap)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
TokenRequest(com.auth0.net.TokenRequest)
TokenHolder(com.auth0.json.auth.TokenHolder)
Test(org.junit.jupiter.api.Test)
Aggregations
DecodedJWT (com.auth0.jwt.interfaces.DecodedJWT)13
HashMap (java.util.HashMap)8
Test (org.junit.jupiter.api.Test)7
Algorithm (com.auth0.jwt.algorithms.Algorithm)6
TokenHolder (com.auth0.json.auth.TokenHolder)4
TokenRequest (com.auth0.net.TokenRequest)4
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)4
Date (java.util.Date)4
JWT (com.auth0.jwt.JWT)3
JWTVerifier (com.auth0.jwt.JWTVerifier)3
ServiceAuthorizationException (com.nexblocks.authguard.service.exceptions.ServiceAuthorizationException)3
AccountBO (com.nexblocks.authguard.service.model.AccountBO)3
User (org.springframework.security.core.userdetails.User)3
JWTVerificationException (com.auth0.jwt.exceptions.JWTVerificationException)2
Claim (com.auth0.jwt.interfaces.Claim)2
JsonPath (com.jayway.jsonpath.JsonPath)2
ReadContext (com.jayway.jsonpath.ReadContext)2
JwtConfig (com.nexblocks.authguard.service.config.JwtConfig)2
StrategyConfig (com.nexblocks.authguard.service.config.StrategyConfig)2
AuthResponseBO (com.nexblocks.authguard.service.model.AuthResponseBO)2
