use of com.forgerock.openbanking.model.oidc.OIDCRegistrationResponse in project openbanking-aspsp by OpenBankingToolkit.
the class DynamicRegistrationApiControllerTest method shouldSucceed_register.
@Test
public void shouldSucceed_register() throws OAuth2InvalidClientException, DynamicClientRegistrationException, InvalidPsd2EidasCertificate, ApiClientException {
Collection<OBRIRole> authorities = new ArrayList<>(List.of(OBRIRole.ROLE_ANONYMOUS, OBRIRole.UNREGISTERED_TPP, OBRIRole.ROLE_EIDAS));
X509Authentication principal = testSpec.getPrincipal(authorities);
ApiClientIdentity apiClientIdentity = this.identityFactory.getApiClientIdentity(principal);
String directoryName = "ForgeRock";
given(this.tppRegistrationService.validateSsaAgainstIssuingDirectoryJwksUri(anyString(), eq("ForgeRock"))).willReturn(directoryName);
RegistrationRequest regRequest = registrationRequestFactory.getRegistrationRequestFromJwt(registrationRequestJwtSerialised);
Tpp tpp = new Tpp();
tpp.setRegistrationResponse(new OIDCRegistrationResponse());
given(this.tppRegistrationService.registerTpp(any(ApiClientIdentity.class), any(RegistrationRequest.class))).willReturn(tpp);
// when
ResponseEntity<OIDCRegistrationResponse> response = dynamicRegistrationApiController.register(registrationRequestJwtSerialised, principal);
assertThat(response.getStatusCode()).isEqualTo(HttpStatus.CREATED);
}
use of com.forgerock.openbanking.model.oidc.OIDCRegistrationResponse in project openbanking-aspsp by OpenBankingToolkit.
the class DynamicRegistrationApiControllerTest method successful_updateClient.
@Test
public void successful_updateClient() throws InvalidPsd2EidasCertificate, OAuth2InvalidClientException, DynamicClientRegistrationException, OAuth2BearerTokenUsageMissingAuthInfoException, OAuth2BearerTokenUsageInvalidTokenException {
// Given
String clientId = "3105f70b-b417-427e-922d-7ba04d16278a";
String authToken = "eyJ0eXAiOiJKV1QiLCJ6aXAiOiJOT05FIiwia2lkIjoiRm9sN0lwZEtlTFptekt0Q0VnaTFMRGhTSXpNPSIsImFsZyI6IkVTMjU2In0.eyJzdWIiOiIzMTA1ZjcwYi1iNDE3LTQyN2UtOTIyZC03YmEwNGQxNjI3OGEiLCJjdHMiOiJPQVVUSDJfU1RBVEVMRVNTX0dSQU5UIiwiYXVkaXRUcmFja2luZ0lkIjoiZTY2MDZiOGYtNDA2Ni00Y2U2LWIxZDAtYTQ1MzM0MDEzYjA5LTIwNTkiLCJpc3MiOiJodHRwczovL2FzLmFzcHNwLmRldi1vYi5mb3JnZXJvY2suZmluYW5jaWFsOjgwNzQvb2F1dGgyIiwidG9rZW5OYW1lIjoiYWNjZXNzX3Rva2VuIiwidG9rZW5fdHlwZSI6IkJlYXJlciIsImF1dGhHcmFudElkIjoiMW9zekR5NTJxNlByUU51anpGVDhOT1U4U1VZIiwiYXVkIjoiMzEwNWY3MGItYjQxNy00MjdlLTkyMmQtN2JhMDRkMTYyNzhhIiwibmJmIjoxNjI2MzUxNzMxLCJzY29wZSI6W10sImF1dGhfdGltZSI6MTYyNjM1MTczMSwicmVhbG0iOiIvb3BlbmJhbmtpbmciLCJleHAiOjE2MjY0MzgxMzEsImlhdCI6MTYyNjM1MTczMSwiZXhwaXJlc19pbiI6ODY0MDAsImp0aSI6IldmYm13OGtkUFk1bEhZSldMa3lDS3RmekZ1NCJ9.vhH9AGDKbxK1R_tnq8_nOkIpPH7se68MxOC8y-Wq4SW4_ffMBj1ChkckU-q2wJ_4hh_l1sgdlCdkom_VQFvN9Q";
String authTokenHeaderValue = "Bearer " + "eyJ0eXAiOiJKV1QiLCJ6aXAiOiJOT05FIiwia2lkIjoiRm9sN0lwZEtlTFptekt0Q0VnaTFMRGhTSXpNPSIsImFsZyI6IkVTMjU2In0.eyJzdWIiOiIzMTA1ZjcwYi1iNDE3LTQyN2UtOTIyZC03YmEwNGQxNjI3OGEiLCJjdHMiOiJPQVVUSDJfU1RBVEVMRVNTX0dSQU5UIiwiYXVkaXRUcmFja2luZ0lkIjoiZTY2MDZiOGYtNDA2Ni00Y2U2LWIxZDAtYTQ1MzM0MDEzYjA5LTIwNTkiLCJpc3MiOiJodHRwczovL2FzLmFzcHNwLmRldi1vYi5mb3JnZXJvY2suZmluYW5jaWFsOjgwNzQvb2F1dGgyIiwidG9rZW5OYW1lIjoiYWNjZXNzX3Rva2VuIiwidG9rZW5fdHlwZSI6IkJlYXJlciIsImF1dGhHcmFudElkIjoiMW9zekR5NTJxNlByUU51anpGVDhOT1U4U1VZIiwiYXVkIjoiMzEwNWY3MGItYjQxNy00MjdlLTkyMmQtN2JhMDRkMTYyNzhhIiwibmJmIjoxNjI2MzUxNzMxLCJzY29wZSI6W10sImF1dGhfdGltZSI6MTYyNjM1MTczMSwicmVhbG0iOiIvb3BlbmJhbmtpbmciLCJleHAiOjE2MjY0MzgxMzEsImlhdCI6MTYyNjM1MTczMSwiZXhwaXJlc19pbiI6ODY0MDAsImp0aSI6IldmYm13OGtkUFk1bEhZSldMa3lDS3RmekZ1NCJ9.vhH9AGDKbxK1R_tnq8_nOkIpPH7se68MxOC8y-Wq4SW4_ffMBj1ChkckU-q2wJ_4hh_l1sgdlCdkom_VQFvN9Q";
Collection<? extends GrantedAuthority> authorities = new ArrayList<>(List.of(OBRIRole.ROLE_DATA, OBRIRole.ROLE_AISP, OBRIRole.ROLE_CBPII, OBRIRole.ROLE_EIDAS, new PSD2GrantType(new RoleOfPsp(Psd2Role.PSP_IC))));
X509Authentication principal = testSpec.getPrincipal(authorities);
String directoryName = "ForgeRock";
given(this.tppRegistrationService.validateSsaAgainstIssuingDirectoryJwksUri(anyString(), eq("ForgeRock"))).willReturn(directoryName);
given(tokenExtractor.extract(authTokenHeaderValue)).willReturn(authToken);
Tpp tpp = this.getValidTpp();
tpp.setClientId("3105f70b-b417-427e-922d-7ba04d16278a");
OIDCRegistrationResponse registrationResponse = new OIDCRegistrationResponse();
registrationResponse.setRegistrationAccessToken(authToken);
tpp.setRegistrationResponse(registrationResponse);
given(tppRegistrationService.getTpp(clientId)).willReturn(tpp);
given(tppRegistrationService.validateAccessTokenIsValidForOidcRegistration(tpp, authTokenHeaderValue)).willReturn(authToken);
given(this.tppRegistrationService.updateTpp(any(ApiClientIdentity.class), eq(tpp), eq(authToken), any(RegistrationRequest.class))).willReturn(tpp);
given(tokenExtractor.extract(authTokenHeaderValue)).willReturn(authToken);
// when
ResponseEntity<OIDCRegistrationResponse> response = dynamicRegistrationApiController.updateRegistration(clientId, authTokenHeaderValue, registrationRequestJwtSerialised, principal);
assertThat(response.getStatusCode()).isEqualTo(HttpStatus.OK);
}
use of com.forgerock.openbanking.model.oidc.OIDCRegistrationResponse in project openbanking-aspsp by OpenBankingToolkit.
the class AuthorisationApiControllerTest method shouldReturnRedirectActionWhenJwtScopesDoNotMatchQueryParamScope.
@Test
public void shouldReturnRedirectActionWhenJwtScopesDoNotMatchQueryParamScope() throws OBErrorException, OBErrorResponseException {
// Given
List<String> responseTypes = List.of("code id_token");
given(discoveryConfig.getSupportedResponseTypes()).willReturn(responseTypes);
String jwt = toEncodedSignedTestJwt("jwt/authorisation.jwt");
OIDCRegistrationResponse registrationResponse = new OIDCRegistrationResponse();
registrationResponse.setJwks_uri("url");
Tpp tpp = new Tpp();
tpp.setRegistrationResponse(registrationResponse);
given(tppStoreService.findByClientId(this.clientId)).willReturn(Optional.of(tpp));
// When
ResponseEntity responseEntity = authorisationApiController.getAuthorisation(responseTypes.get(0), "98e119f6-196f-4296-98d4-f1a2f445bca2", "98e119f6-xxxx-yyyy-zzzz-f1a2f445bca2", null, "openid accounts", "https://www.google.com", jwt, true, null, null, null, null, null);
// Then
assertThat(responseEntity).isNotNull();
assertThat(responseEntity.getHeaders().getLocation()).isNotNull();
assertTrue(responseEntity.getHeaders().getLocation().toString().contains("error"));
}
use of com.forgerock.openbanking.model.oidc.OIDCRegistrationResponse in project openbanking-aspsp by OpenBankingToolkit.
the class AuthorisationApiControllerTest method shouldGetAuthorisationGivenAllScopes.
@Test
public void shouldGetAuthorisationGivenAllScopes() throws OBErrorException, OBErrorResponseException, InvalidTokenException, ParseException, IOException {
// Given
String clientId = "98e119f6-196f-4296-98d4-f1a2f445bca2";
List<String> responseTypes = List.of("code id_token");
given(discoveryConfig.getSupportedResponseTypes()).willReturn(responseTypes);
String jwt = toEncodedSignedTestJwt("jwt/authorisation.jwt");
Tpp tpp = new Tpp();
OIDCRegistrationResponse registrationResponse = new OIDCRegistrationResponse();
registrationResponse.setJwks_uri("url");
tpp.setRegistrationResponse(registrationResponse);
given(tppStoreService.findByClientId(clientId)).willReturn(Optional.of(tpp));
SignedJWT signedJwt = mock(SignedJWT.class);
given(cryptoApiClient.validateJws(anyString(), anyString(), anyString())).willReturn(signedJwt);
AMGateway amGateway = mock(AMGateway.class);
given(amGatewayService.getAmGateway(jwt)).willReturn(amGateway);
String state = "10d260bf-a7d9-444a-92d9-7b7a5f088208";
String scopes = "openid accounts payments";
given(headLessAuthorisationService.getAuthorisation(amGateway, responseTypes.get(0), clientId, state, null, scopes, null, jwt, null, null)).willReturn(new ResponseEntity(HttpStatus.FOUND));
// When
ResponseEntity responseEntity = authorisationApiController.getAuthorisation(responseTypes.get(0), clientId, null, null, scopes, null, jwt, true, null, null, null, null, null);
// Then no exception
assertThat(responseEntity).isNotNull();
assertThat(responseEntity.getStatusCode()).isEqualTo(HttpStatus.FOUND);
}
use of com.forgerock.openbanking.model.oidc.OIDCRegistrationResponse in project openbanking-aspsp by OpenBankingToolkit.
the class AuthorisationApiControllerTest method shouldNotThrowExceptionWhenNoUserInfo.
@Test
public void shouldNotThrowExceptionWhenNoUserInfo() throws OBErrorException, OBErrorResponseException, InvalidTokenException, ParseException, IOException {
// Given
String clientId = "98e119f6-196f-4296-98d4-f1a2f445bca2";
List<String> responseTypes = List.of("code id_token");
given(discoveryConfig.getSupportedResponseTypes()).willReturn(responseTypes);
String jwt = toEncodedSignedTestJwt("jwt/authorisation-no-user-info.jwt");
Tpp tpp = new Tpp();
OIDCRegistrationResponse registrationResponse = new OIDCRegistrationResponse();
registrationResponse.setJwks_uri("url");
tpp.setRegistrationResponse(registrationResponse);
given(tppStoreService.findByClientId(clientId)).willReturn(Optional.of(tpp));
SignedJWT signedJwt = mock(SignedJWT.class);
given(cryptoApiClient.validateJws(anyString(), anyString(), anyString())).willReturn(signedJwt);
// When
authorisationApiController.getAuthorisation(responseTypes.get(0), clientId, null, null, "payments openid accounts", null, jwt, true, null, null, null, null, null);
// Then no exception
}
Aggregations