Search in sources :

Example 86 with Request

use of com.auth0.net.Request in project auth0-java by auth0.

the class StatsEntityTest method shouldReturnEmptyDailyStats.

@Test
public void shouldReturnEmptyDailyStats() throws Exception {
    Request<List<DailyStats>> request = api.stats().getDailyStats(new Date(), new Date());
    assertThat(request, is(notNullValue()));
    server.jsonResponse(MGMT_EMPTY_LIST, 200);
    List<DailyStats> response = request.execute();
    assertThat(response, is(notNullValue()));
    assertThat(response, is(emptyCollectionOf(DailyStats.class)));
}
Also used : DailyStats(com.auth0.json.mgmt.DailyStats) List(java.util.List) Date(java.util.Date) Test(org.junit.Test)

Example 87 with Request

use of com.auth0.net.Request in project auth0-java by auth0.

the class TenantsEntityTest method shouldGetTenantSettingsWithFields.

@Test
public void shouldGetTenantSettingsWithFields() throws Exception {
    FieldsFilter filter = new FieldsFilter().withFields("some,random,fields", true);
    Request<Tenant> request = api.tenants().get(filter);
    assertThat(request, is(notNullValue()));
    server.jsonResponse(MGMT_TENANT, 200);
    Tenant response = request.execute();
    RecordedRequest recordedRequest = server.takeRequest();
    assertThat(recordedRequest, hasMethodAndPath("GET", "/api/v2/tenants/settings"));
    assertThat(recordedRequest, hasHeader("Content-Type", "application/json"));
    assertThat(recordedRequest, hasHeader("Authorization", "Bearer apiToken"));
    assertThat(recordedRequest, hasQueryParameter("fields", "some,random,fields"));
    assertThat(recordedRequest, hasQueryParameter("include_fields", "true"));
    assertThat(response, is(notNullValue()));
}
Also used : RecordedRequest(okhttp3.mockwebserver.RecordedRequest) Tenant(com.auth0.json.mgmt.tenants.Tenant) FieldsFilter(com.auth0.client.mgmt.filter.FieldsFilter) Test(org.junit.Test)

Example 88 with Request

use of com.auth0.net.Request in project auth0-java by auth0.

the class IdTokenVerifier method verify.

/**
 * Verifies a provided ID Token follows the <a href="https://openid.net/specs/openid-connect-core-1_0-final.html#IDTokenValidation">OIDC specification.</a>
 *
 * @param token                the ID Token to verify. Must not be null or empty.
 * @param nonce                the nonce expected on the ID token, which must match the nonce specified on the authorization request.
 *                             If null, no validation of the nonce will occur.
 * @param maxAuthenticationAge The maximum authentication age allowed, which specifies the allowable elapsed time in seconds
 *                             since the last time the end-user was actively authenticated. This must match the specified
 *                             {@code max_age} parameter specified on the authorization request. If null, no validation
 *                             of the {@code auth_time} claim will occur.
 * @throws IdTokenValidationException if:
 *                                    <ul>
 *                                        <li>The ID token is null</li>
 *                                        <li>The ID token's signing algorithm is not supported</li>
 *                                        <li>The ID token's signature is invalid</li>
 *                                        <li>Any of the ID token's claims are invalid</li>
 *                                    </ul>
 * @see IdTokenVerifier#verify(String)
 * @see IdTokenVerifier#verify(String, String)
 */
public void verify(String token, String nonce, Integer maxAuthenticationAge) throws IdTokenValidationException {
    if (isEmpty(token)) {
        throw new IdTokenValidationException("ID token is required but missing");
    }
    DecodedJWT decoded = this.signatureVerifier.verifySignature(token);
    if (isEmpty(decoded.getIssuer())) {
        throw new IdTokenValidationException("Issuer (iss) claim must be a string present in the ID token");
    }
    if (!decoded.getIssuer().equals(this.issuer)) {
        throw new IdTokenValidationException(String.format("Issuer (iss) claim mismatch in the ID token, expected \"%s\", found \"%s\"", this.issuer, decoded.getIssuer()));
    }
    if (isEmpty(decoded.getSubject())) {
        throw new IdTokenValidationException("Subject (sub) claim must be a string present in the ID token");
    }
    final List<String> audience = decoded.getAudience();
    if (audience == null) {
        throw new IdTokenValidationException("Audience (aud) claim must be a string or array of strings present in the ID token");
    }
    if (!audience.contains(this.audience)) {
        throw new IdTokenValidationException(String.format("Audience (aud) claim mismatch in the ID token; expected \"%s\" but found \"%s\"", this.audience, decoded.getAudience()));
    }
    // Org verification
    if (this.organization != null) {
        String orgClaim = decoded.getClaim("org_id").asString();
        if (isEmpty(orgClaim)) {
            throw new IdTokenValidationException("Organization Id (org_id) claim must be a string present in the ID token");
        }
        if (!this.organization.equals(orgClaim)) {
            throw new IdTokenValidationException(String.format("Organization (org_id) claim mismatch in the ID token; expected \"%s\" but found \"%s\"", this.organization, orgClaim));
        }
    }
    final Calendar cal = Calendar.getInstance();
    final Date now = this.clock != null ? this.clock : cal.getTime();
    final int clockSkew = this.leeway != null ? this.leeway : DEFAULT_LEEWAY;
    if (decoded.getExpiresAt() == null) {
        throw new IdTokenValidationException("Expiration Time (exp) claim must be a number present in the ID token");
    }
    cal.setTime(decoded.getExpiresAt());
    cal.add(Calendar.SECOND, clockSkew);
    Date expDate = cal.getTime();
    if (now.after(expDate)) {
        throw new IdTokenValidationException(String.format("Expiration Time (exp) claim error in the ID token; current time (%d) is after expiration time (%d)", now.getTime() / 1000, expDate.getTime() / 1000));
    }
    if (decoded.getIssuedAt() == null) {
        throw new IdTokenValidationException("Issued At (iat) claim must be a number present in the ID token");
    }
    cal.setTime(decoded.getIssuedAt());
    cal.add(Calendar.SECOND, -1 * clockSkew);
    if (nonce != null) {
        String nonceClaim = decoded.getClaim(NONCE_CLAIM).asString();
        if (isEmpty(nonceClaim)) {
            throw new IdTokenValidationException("Nonce (nonce) claim must be a string present in the ID token");
        }
        if (!nonce.equals(nonceClaim)) {
            throw new IdTokenValidationException(String.format("Nonce (nonce) claim mismatch in the ID token; expected \"%s\", found \"%s\"", nonce, nonceClaim));
        }
    }
    if (audience.size() > 1) {
        String azpClaim = decoded.getClaim(AZP_CLAIM).asString();
        if (isEmpty(azpClaim)) {
            throw new IdTokenValidationException("Authorized Party (azp) claim must be a string present in the ID token when Audience (aud) claim has multiple values");
        }
        if (!this.audience.equals(azpClaim)) {
            throw new IdTokenValidationException(String.format("Authorized Party (azp) claim mismatch in the ID token; expected \"%s\", found \"%s\"", this.audience, azpClaim));
        }
    }
    if (maxAuthenticationAge != null) {
        Date authTime = decoded.getClaim(AUTH_TIME_CLAIM).asDate();
        if (authTime == null) {
            throw new IdTokenValidationException("Authentication Time (auth_time) claim must be a number present in the ID token when Max Age (max_age) is specified");
        }
        cal.setTime(authTime);
        cal.add(Calendar.SECOND, maxAuthenticationAge);
        cal.add(Calendar.SECOND, clockSkew);
        Date authTimeDate = cal.getTime();
        if (now.after(authTimeDate)) {
            throw new IdTokenValidationException(String.format("Authentication Time (auth_time) claim in the ID token indicates that too much time has passed since the last end-user authentication. Current time (%d) is after last auth at (%d)", now.getTime() / 1000, authTimeDate.getTime() / 1000));
        }
    }
}
Also used : IdTokenValidationException(com.auth0.exception.IdTokenValidationException) Calendar(java.util.Calendar) DecodedJWT(com.auth0.jwt.interfaces.DecodedJWT) Date(java.util.Date)

Example 89 with Request

use of com.auth0.net.Request in project auth0-java by auth0.

the class ExtendedBaseRequest method createRequest.

@Override
protected Request createRequest() throws Auth0Exception {
    RequestBody body;
    try {
        body = this.createRequestBody();
    } catch (IOException e) {
        throw new Auth0Exception("Couldn't create the request body.", e);
    }
    Request.Builder builder = new Request.Builder().url(url).method(method, body);
    for (Map.Entry<String, String> e : headers.entrySet()) {
        builder.addHeader(e.getKey(), e.getValue());
    }
    builder.addHeader("Content-Type", getContentType());
    return builder.build();
}
Also used : Auth0Exception(com.auth0.exception.Auth0Exception) Request(okhttp3.Request) IOException(java.io.IOException) Map(java.util.Map) HashMap(java.util.HashMap)

Example 90 with Request

use of com.auth0.net.Request in project auth0-java by auth0.

the class UsersEntity method removeRoles.

/**
 * Remove roles from a user.
 * A token with update:users is needed.
 * See https://auth0.com/docs/api/management/v2#!/Users/delete_user_roles
 *
 * @param userId  the user id
 * @param roleIds a list of role ids to remove from the user
 * @return a Request to execute
 */
public Request<Void> removeRoles(String userId, List<String> roleIds) {
    Asserts.assertNotNull(userId, "user id");
    Asserts.assertNotEmpty(roleIds, "role ids");
    Map<String, List<String>> body = new HashMap<>();
    body.put("roles", roleIds);
    final String url = baseUrl.newBuilder().addPathSegments("api/v2/users").addPathSegments(userId).addPathSegments("roles").build().toString();
    VoidRequest request = new VoidRequest(this.client, url, "DELETE");
    request.setBody(body);
    request.addHeader("Authorization", "Bearer " + apiToken);
    return request;
}
Also used : VoidRequest(com.auth0.net.VoidRequest) HashMap(java.util.HashMap) List(java.util.List)

Aggregations

Test (org.junit.Test)193 RecordedRequest (okhttp3.mockwebserver.RecordedRequest)185 DecodedJWT (com.auth0.jwt.interfaces.DecodedJWT)77 IOException (java.io.IOException)76 List (java.util.List)63 Algorithm (com.auth0.jwt.algorithms.Algorithm)35 VoidRequest (com.auth0.net.VoidRequest)33 Auth0Exception (com.auth0.exception.Auth0Exception)30 APIException (com.auth0.exception.APIException)27 RateLimitException (com.auth0.exception.RateLimitException)25 HashMap (java.util.HashMap)24 PageFilter (com.auth0.client.mgmt.filter.PageFilter)23 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)23 ServletException (javax.servlet.ServletException)23 TokenHolder (com.auth0.json.auth.TokenHolder)22 JWTVerifier (com.auth0.jwt.JWTVerifier)22 ArrayList (java.util.ArrayList)22 Test (org.junit.jupiter.api.Test)22 JWTVerificationException (com.auth0.jwt.exceptions.JWTVerificationException)20 Date (java.util.Date)20