Example 6 with TokenRequest
use of com.auth0.net.TokenRequest in project auth0-java-mvc-common by auth0.
the class AuthenticationControllerTest method shouldCheckSessionFallbackWhenHandleCalledWithRequestAndResponse.
@Test
public void shouldCheckSessionFallbackWhenHandleCalledWithRequestAndResponse() throws Exception {
AuthenticationController controller = builderSpy.withResponseType("code").build();
TokenRequest codeExchangeRequest = mock(TokenRequest.class);
TokenHolder tokenHolder = mock(TokenHolder.class);
when(codeExchangeRequest.execute()).thenReturn(tokenHolder);
when(client.exchangeCode("abc123", "http://localhost")).thenReturn(codeExchangeRequest);
AuthorizeUrlBuilder mockBuilder = mock(AuthorizeUrlBuilder.class);
when(mockBuilder.withResponseType("code")).thenReturn(mockBuilder);
when(mockBuilder.withScope("openid")).thenReturn(mockBuilder);
when(client.authorizeUrl("https://redirect.uri/here")).thenReturn(mockBuilder);
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
// build auth URL using deprecated method, which stores state and nonce in session
String authUrl = controller.buildAuthorizeUrl(request, "https://redirect.uri/here").withState("state").withNonce("nonce").build();
String state = (String) request.getSession().getAttribute("com.auth0.state");
String nonce = (String) request.getSession().getAttribute("com.auth0.nonce");
assertThat(state, is("state"));
assertThat(nonce, is("nonce"));
request.setParameter("state", "state");
request.setParameter("nonce", "nonce");
request.setParameter("code", "abc123");
// handle called with request and response, which should use cookies but fallback to session
controller.handle(request, response);
}
Also used :
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
TokenRequest(com.auth0.net.TokenRequest)
TokenHolder(com.auth0.json.auth.TokenHolder)
AuthorizeUrlBuilder(com.auth0.client.auth.AuthorizeUrlBuilder)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Test(org.junit.jupiter.api.Test)
Example 7 with TokenRequest
use of com.auth0.net.TokenRequest in project auth0-java-mvc-common by auth0.
the class RequestProcessorTest method shouldThrowOnProcessIfCodeRequestSucceedsButDoesNotPassIdTokenVerification.
@Test
public void shouldThrowOnProcessIfCodeRequestSucceedsButDoesNotPassIdTokenVerification() throws Exception {
doThrow(TokenValidationException.class).when(tokenVerifier).verify(eq("backIdToken"), eq(verifyOptions));
Map<String, Object> params = new HashMap<>();
params.put("code", "abc123");
params.put("state", "1234");
MockHttpServletRequest request = getRequest(params);
request.setCookies(new Cookie("com.auth0.state", "1234"));
TokenRequest codeExchangeRequest = mock(TokenRequest.class);
TokenHolder tokenHolder = mock(TokenHolder.class);
when(tokenHolder.getIdToken()).thenReturn("backIdToken");
when(codeExchangeRequest.execute()).thenReturn(tokenHolder);
when(client.exchangeCode("abc123", "https://me.auth0.com:80/callback")).thenReturn(codeExchangeRequest);
RequestProcessor handler = new RequestProcessor.Builder(client, "code", verifyOptions).withIdTokenVerifier(tokenVerifier).build();
IdentityVerificationException e = assertThrows(IdentityVerificationException.class, () -> handler.process(request, response));
assertThat(e, IdentityVerificationExceptionMatcher.hasCode("a0.invalid_jwt_error"));
assertEquals("An error occurred while trying to verify the ID Token.", e.getMessage());
}
Also used :
Cookie(javax.servlet.http.Cookie)
HashMap(java.util.HashMap)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
TokenRequest(com.auth0.net.TokenRequest)
TokenHolder(com.auth0.json.auth.TokenHolder)
Test(org.junit.jupiter.api.Test)
Example 8 with TokenRequest
use of com.auth0.net.TokenRequest in project auth0-java-mvc-common by auth0.
the class RequestProcessorTest method shouldReturnTokensOnProcessIfTokenIdTokenCodeRequestPassesIdTokenVerification.
@Test
public void shouldReturnTokensOnProcessIfTokenIdTokenCodeRequestPassesIdTokenVerification() throws Exception {
doNothing().when(tokenVerifier).verify(eq("frontIdToken"), eq(verifyOptions));
Map<String, Object> params = new HashMap<>();
params.put("code", "abc123");
params.put("state", "1234");
params.put("id_token", "frontIdToken");
params.put("access_token", "frontAccessToken");
params.put("expires_in", "8400");
params.put("token_type", "frontTokenType");
MockHttpServletRequest request = getRequest(params);
request.setCookies(new Cookie("com.auth0.state", "1234"));
TokenRequest codeExchangeRequest = mock(TokenRequest.class);
TokenHolder tokenHolder = mock(TokenHolder.class);
when(tokenHolder.getIdToken()).thenReturn("backIdToken");
when(tokenHolder.getAccessToken()).thenReturn("backAccessToken");
when(tokenHolder.getRefreshToken()).thenReturn("backRefreshToken");
when(tokenHolder.getExpiresIn()).thenReturn(4800L);
when(tokenHolder.getTokenType()).thenReturn("backTokenType");
when(codeExchangeRequest.execute()).thenReturn(tokenHolder);
when(client.exchangeCode("abc123", "https://me.auth0.com:80/callback")).thenReturn(codeExchangeRequest);
RequestProcessor handler = new RequestProcessor.Builder(client, "id_token token code", verifyOptions).withIdTokenVerifier(tokenVerifier).build();
Tokens tokens = handler.process(request, response);
// Should not verify the ID Token twice
verify(tokenVerifier).verify("frontIdToken", verifyOptions);
verify(tokenVerifier, never()).verify("backIdToken", verifyOptions);
verifyNoMoreInteractions(tokenVerifier);
assertThat(tokens, is(notNullValue()));
assertThat(tokens.getIdToken(), is("frontIdToken"));
assertThat(tokens.getAccessToken(), is("backAccessToken"));
assertThat(tokens.getRefreshToken(), is("backRefreshToken"));
assertThat(tokens.getExpiresIn(), is(4800L));
assertThat(tokens.getType(), is("backTokenType"));
}
Also used :
Cookie(javax.servlet.http.Cookie)
HashMap(java.util.HashMap)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
TokenRequest(com.auth0.net.TokenRequest)
TokenHolder(com.auth0.json.auth.TokenHolder)
Test(org.junit.jupiter.api.Test)
Example 9 with TokenRequest
use of com.auth0.net.TokenRequest in project auth0-java-mvc-common by auth0.
the class RequestProcessorTest method shouldReturnEmptyTokensWhenCodeRequestReturnsNoTokens.
@Test
public void shouldReturnEmptyTokensWhenCodeRequestReturnsNoTokens() throws Exception {
Map<String, Object> params = new HashMap<>();
params.put("code", "abc123");
params.put("state", "1234");
MockHttpServletRequest request = getRequest(params);
request.setCookies(new Cookie("com.auth0.state", "1234"));
TokenRequest codeExchangeRequest = mock(TokenRequest.class);
TokenHolder tokenHolder = mock(TokenHolder.class);
when(codeExchangeRequest.execute()).thenReturn(tokenHolder);
when(client.exchangeCode("abc123", "https://me.auth0.com:80/callback")).thenReturn(codeExchangeRequest);
RequestProcessor handler = new RequestProcessor.Builder(client, "code", verifyOptions).withIdTokenVerifier(tokenVerifier).build();
Tokens tokens = handler.process(request, response);
verifyNoMoreInteractions(tokenVerifier);
assertThat(tokens, is(notNullValue()));
assertThat(tokens.getIdToken(), is(nullValue()));
assertThat(tokens.getAccessToken(), is(nullValue()));
assertThat(tokens.getRefreshToken(), is(nullValue()));
}
Also used :
Cookie(javax.servlet.http.Cookie)
HashMap(java.util.HashMap)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
TokenRequest(com.auth0.net.TokenRequest)
TokenHolder(com.auth0.json.auth.TokenHolder)
Test(org.junit.jupiter.api.Test)
Aggregations
TokenHolder (com.auth0.json.auth.TokenHolder)8
TokenRequest (com.auth0.net.TokenRequest)8
Test (org.junit.jupiter.api.Test)8
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)8
HashMap (java.util.HashMap)6
Cookie (javax.servlet.http.Cookie)6
AuthorizeUrlBuilder (com.auth0.client.auth.AuthorizeUrlBuilder)2
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)2
RecordedRequest (okhttp3.mockwebserver.RecordedRequest)1
Test (org.junit.Test)1
