Search in sources :

Example 16 with com.auth0.jwt.exceptions

use of com.auth0.jwt.exceptions in project Team_17TOP_Film_BE by prgrms-web-devcourse.

the class Jwt method sign.

public String sign(Claims claims) {
    Date now = new Date();
    JWTCreator.Builder builder = com.auth0.jwt.JWT.create();
    builder.withIssuer(issuer);
    builder.withIssuedAt(now);
    if (expirySeconds > 0) {
        builder.withExpiresAt(new Date(now.getTime() + expirySeconds * 1000L));
    }
    builder.withArrayClaim("roles", claims.roles);
    builder.withClaim("provider", claims.provider);
    builder.withClaim("provider_id", claims.providerId);
    return builder.sign(algorithm);
}
Also used : JWTCreator(com.auth0.jwt.JWTCreator) Date(java.util.Date)

Example 17 with com.auth0.jwt.exceptions

use of com.auth0.jwt.exceptions in project auth0-java-mvc-common by auth0.

the class AuthenticationControllerTest method shouldCheckSessionFallbackWhenHandleCalledWithRequest.

@Test
public void shouldCheckSessionFallbackWhenHandleCalledWithRequest() throws Exception {
    AuthenticationController controller = builderSpy.withResponseType("code").build();
    TokenRequest codeExchangeRequest = mock(TokenRequest.class);
    TokenHolder tokenHolder = mock(TokenHolder.class);
    when(codeExchangeRequest.execute()).thenReturn(tokenHolder);
    when(client.exchangeCode("abc123", "http://localhost")).thenReturn(codeExchangeRequest);
    AuthorizeUrlBuilder mockBuilder = mock(AuthorizeUrlBuilder.class);
    when(mockBuilder.withResponseType("code")).thenReturn(mockBuilder);
    when(mockBuilder.withScope("openid")).thenReturn(mockBuilder);
    when(client.authorizeUrl("https://redirect.uri/here")).thenReturn(mockBuilder);
    MockHttpServletRequest request = new MockHttpServletRequest();
    MockHttpServletResponse response = new MockHttpServletResponse();
    // build auth URL using request and response, which stores state and nonce in cookies and also session as a fallback
    String authUrl = controller.buildAuthorizeUrl(request, response, "https://redirect.uri/here").withState("state").withNonce("nonce").build();
    String state = (String) request.getSession().getAttribute("com.auth0.state");
    String nonce = (String) request.getSession().getAttribute("com.auth0.nonce");
    assertThat(state, is("state"));
    assertThat(nonce, is("nonce"));
    request.setParameter("state", "state");
    request.setParameter("nonce", "nonce");
    request.setParameter("code", "abc123");
    // handle called with request, which should use session
    controller.handle(request);
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) TokenRequest(com.auth0.net.TokenRequest) TokenHolder(com.auth0.json.auth.TokenHolder) AuthorizeUrlBuilder(com.auth0.client.auth.AuthorizeUrlBuilder) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 18 with com.auth0.jwt.exceptions

use of com.auth0.jwt.exceptions in project auth0-java-mvc-common by auth0.

the class AuthenticationControllerTest method shouldCheckSessionFallbackWhenHandleCalledWithRequestAndResponse.

@Test
public void shouldCheckSessionFallbackWhenHandleCalledWithRequestAndResponse() throws Exception {
    AuthenticationController controller = builderSpy.withResponseType("code").build();
    TokenRequest codeExchangeRequest = mock(TokenRequest.class);
    TokenHolder tokenHolder = mock(TokenHolder.class);
    when(codeExchangeRequest.execute()).thenReturn(tokenHolder);
    when(client.exchangeCode("abc123", "http://localhost")).thenReturn(codeExchangeRequest);
    AuthorizeUrlBuilder mockBuilder = mock(AuthorizeUrlBuilder.class);
    when(mockBuilder.withResponseType("code")).thenReturn(mockBuilder);
    when(mockBuilder.withScope("openid")).thenReturn(mockBuilder);
    when(client.authorizeUrl("https://redirect.uri/here")).thenReturn(mockBuilder);
    MockHttpServletRequest request = new MockHttpServletRequest();
    MockHttpServletResponse response = new MockHttpServletResponse();
    // build auth URL using deprecated method, which stores state and nonce in session
    String authUrl = controller.buildAuthorizeUrl(request, "https://redirect.uri/here").withState("state").withNonce("nonce").build();
    String state = (String) request.getSession().getAttribute("com.auth0.state");
    String nonce = (String) request.getSession().getAttribute("com.auth0.nonce");
    assertThat(state, is("state"));
    assertThat(nonce, is("nonce"));
    request.setParameter("state", "state");
    request.setParameter("nonce", "nonce");
    request.setParameter("code", "abc123");
    // handle called with request and response, which should use cookies but fallback to session
    controller.handle(request, response);
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) TokenRequest(com.auth0.net.TokenRequest) TokenHolder(com.auth0.json.auth.TokenHolder) AuthorizeUrlBuilder(com.auth0.client.auth.AuthorizeUrlBuilder) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 19 with com.auth0.jwt.exceptions

use of com.auth0.jwt.exceptions in project auth0-java-mvc-common by auth0.

the class RequestProcessorTest method shouldThrowOnProcessIfCodeRequestSucceedsButDoesNotPassIdTokenVerification.

@Test
public void shouldThrowOnProcessIfCodeRequestSucceedsButDoesNotPassIdTokenVerification() throws Exception {
    doThrow(TokenValidationException.class).when(tokenVerifier).verify(eq("backIdToken"), eq(verifyOptions));
    Map<String, Object> params = new HashMap<>();
    params.put("code", "abc123");
    params.put("state", "1234");
    MockHttpServletRequest request = getRequest(params);
    request.setCookies(new Cookie("com.auth0.state", "1234"));
    TokenRequest codeExchangeRequest = mock(TokenRequest.class);
    TokenHolder tokenHolder = mock(TokenHolder.class);
    when(tokenHolder.getIdToken()).thenReturn("backIdToken");
    when(codeExchangeRequest.execute()).thenReturn(tokenHolder);
    when(client.exchangeCode("abc123", "https://me.auth0.com:80/callback")).thenReturn(codeExchangeRequest);
    RequestProcessor handler = new RequestProcessor.Builder(client, "code", verifyOptions).withIdTokenVerifier(tokenVerifier).build();
    IdentityVerificationException e = assertThrows(IdentityVerificationException.class, () -> handler.process(request, response));
    assertThat(e, IdentityVerificationExceptionMatcher.hasCode("a0.invalid_jwt_error"));
    assertEquals("An error occurred while trying to verify the ID Token.", e.getMessage());
}
Also used : Cookie(javax.servlet.http.Cookie) HashMap(java.util.HashMap) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) TokenRequest(com.auth0.net.TokenRequest) TokenHolder(com.auth0.json.auth.TokenHolder) Test(org.junit.jupiter.api.Test)

Example 20 with com.auth0.jwt.exceptions

use of com.auth0.jwt.exceptions in project auth0-java-mvc-common by auth0.

the class RequestProcessorTest method shouldReturnTokensOnProcessIfTokenIdTokenCodeRequestPassesIdTokenVerification.

@Test
public void shouldReturnTokensOnProcessIfTokenIdTokenCodeRequestPassesIdTokenVerification() throws Exception {
    doNothing().when(tokenVerifier).verify(eq("frontIdToken"), eq(verifyOptions));
    Map<String, Object> params = new HashMap<>();
    params.put("code", "abc123");
    params.put("state", "1234");
    params.put("id_token", "frontIdToken");
    params.put("access_token", "frontAccessToken");
    params.put("expires_in", "8400");
    params.put("token_type", "frontTokenType");
    MockHttpServletRequest request = getRequest(params);
    request.setCookies(new Cookie("com.auth0.state", "1234"));
    TokenRequest codeExchangeRequest = mock(TokenRequest.class);
    TokenHolder tokenHolder = mock(TokenHolder.class);
    when(tokenHolder.getIdToken()).thenReturn("backIdToken");
    when(tokenHolder.getAccessToken()).thenReturn("backAccessToken");
    when(tokenHolder.getRefreshToken()).thenReturn("backRefreshToken");
    when(tokenHolder.getExpiresIn()).thenReturn(4800L);
    when(tokenHolder.getTokenType()).thenReturn("backTokenType");
    when(codeExchangeRequest.execute()).thenReturn(tokenHolder);
    when(client.exchangeCode("abc123", "https://me.auth0.com:80/callback")).thenReturn(codeExchangeRequest);
    RequestProcessor handler = new RequestProcessor.Builder(client, "id_token token code", verifyOptions).withIdTokenVerifier(tokenVerifier).build();
    Tokens tokens = handler.process(request, response);
    // Should not verify the ID Token twice
    verify(tokenVerifier).verify("frontIdToken", verifyOptions);
    verify(tokenVerifier, never()).verify("backIdToken", verifyOptions);
    verifyNoMoreInteractions(tokenVerifier);
    assertThat(tokens, is(notNullValue()));
    assertThat(tokens.getIdToken(), is("frontIdToken"));
    assertThat(tokens.getAccessToken(), is("backAccessToken"));
    assertThat(tokens.getRefreshToken(), is("backRefreshToken"));
    assertThat(tokens.getExpiresIn(), is(4800L));
    assertThat(tokens.getType(), is("backTokenType"));
}
Also used : Cookie(javax.servlet.http.Cookie) HashMap(java.util.HashMap) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) TokenRequest(com.auth0.net.TokenRequest) TokenHolder(com.auth0.json.auth.TokenHolder) Test(org.junit.jupiter.api.Test)

Aggregations

Algorithm (com.auth0.jwt.algorithms.Algorithm)8 TokenRequest (com.auth0.net.TokenRequest)8 Test (org.junit.jupiter.api.Test)8 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)8 TokenHolder (com.auth0.json.auth.TokenHolder)7 Date (java.util.Date)7 HashMap (java.util.HashMap)7 JWTCreator (com.auth0.jwt.JWTCreator)6 JWTVerifier (com.auth0.jwt.JWTVerifier)6 Cookie (javax.servlet.http.Cookie)6 ECKey (java.security.interfaces.ECKey)3 AuthorizeUrlBuilder (com.auth0.client.auth.AuthorizeUrlBuilder)2 DecodedJWT (com.auth0.jwt.interfaces.DecodedJWT)2 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)2 ViewModelProvider (androidx.lifecycle.ViewModelProvider)1 NavController (androidx.navigation.NavController)1 TipoUsuario (br.com.propague.api.model.TipoUsuario)1 Usuario (br.com.propague.api.model.Usuario)1 JWT (com.auth0.android.jwt.JWT)1 JWTVerificationException (com.auth0.jwt.exceptions.JWTVerificationException)1