Examples with Subject com.nimbusds.oauth2.sdk.id.Subject used on opensource projects

Example 56 with Subject

use of com.nimbusds.oauth2.sdk.id.Subject in project di-authentication-api by alphagov.

the class IdentityIntegrationTest method shouldReturn204WhenCallingIdentityLambda.

@Test
void shouldReturn204WhenCallingIdentityLambda() throws JsonProcessingException {
    Subject internalSubject = new Subject();
    Subject publicSubject = new Subject();
    LocalDateTime localDateTime = LocalDateTime.now().plusMinutes(10);
    Date expiryDate = Date.from(localDateTime.atZone(ZoneId.of("UTC")).toInstant());
    List<String> scopes = new ArrayList<>();
    scopes.add("email");
    scopes.add("phone");
    scopes.add("openid");
    var claimsSetRequest = new ClaimsSetRequest().add("name").add("birthdate");
    var oidcValidClaimsRequest = new OIDCClaimsRequest().withUserInfoClaimsRequest(claimsSetRequest);
    JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().claim("scope", scopes).issuer("issuer-id").expirationTime(expiryDate).issueTime(Date.from(LocalDateTime.now().atZone(ZoneId.of("UTC")).toInstant())).claim("client_id", "client-id-one").subject(publicSubject.getValue()).jwtID(UUID.randomUUID().toString()).claim("claims", oidcValidClaimsRequest.getUserInfoClaimsRequest().getEntries().stream().map(ClaimsSetRequest.Entry::getClaimName).collect(Collectors.toList())).build();
    SignedJWT signedJWT = tokenSigner.signJwt(claimsSet);
    AccessToken accessToken = new BearerAccessToken(signedJWT.serialize());
    AccessTokenStore accessTokenStore = new AccessTokenStore(accessToken.getValue(), internalSubject.getValue());
    String accessTokenStoreString = new ObjectMapper().writeValueAsString(accessTokenStore);
    redis.addToRedis(ACCESS_TOKEN_PREFIX + CLIENT_ID + "." + publicSubject, accessTokenStoreString, 300L);
    SignedJWT signedCredential = SignedCredentialHelper.generateCredential();
    setUpDynamo(publicSubject.getValue(), signedCredential.serialize());
    var response = makeRequest(Optional.empty(), Map.of("Authorization", accessToken.toAuthorizationHeader()), Map.of());
    assertThat(response, hasStatus(200));
    IdentityResponse identityResponse = new ObjectMapper().readValue(response.getBody(), IdentityResponse.class);
    assertThat(identityResponse.getSub(), equalTo(publicSubject.getValue()));
    assertThat(identityResponse.getIdentityCredential(), equalTo(signedCredential.serialize()));
    assertThat(spotStore.getSpotCredential(publicSubject.getValue()), equalTo(Optional.empty()));
}

Example 57 with Subject

use of com.nimbusds.oauth2.sdk.id.Subject in project di-authentication-api by alphagov.

the class ResetPasswordIntegrationTest method shouldUpdatePasswordAndReturn204.

@Test
public void shouldUpdatePasswordAndReturn204() throws IOException {
    String subject = "new-subject";
    String sessionId = redis.createSession();
    userStore.signUp(EMAIL_ADDRESS, "password-1", new Subject(subject));
    redis.generateAndSavePasswordResetCode(subject, CODE, 900l);
    var response = makeRequest(Optional.of(new ResetPasswordWithCodeRequest(CODE, PASSWORD)), constructFrontendHeaders(sessionId), Map.of());
    assertThat(response, hasStatus(204));
    List<NotifyRequest> requests = notificationsQueue.getMessages(NotifyRequest.class);
    assertThat(requests, hasSize(1));
    assertThat(requests.get(0).getDestination(), equalTo(EMAIL_ADDRESS));
    assertThat(requests.get(0).getNotificationType(), equalTo(PASSWORD_RESET_CONFIRMATION));
    assertEventTypesReceived(auditTopic, List.of(PASSWORD_RESET_SUCCESSFUL));
}

Example 58 with Subject

use of com.nimbusds.oauth2.sdk.id.Subject in project di-authentication-api by alphagov.

the class UserInfoService method populateUserInfo.

public UserInfo populateUserInfo(AccessTokenInfo accessTokenInfo) {
    LOG.info("Populating UserInfo");
    UserProfile userProfile = authenticationService.getUserProfileFromSubject(accessTokenInfo.getAccessTokenStore().getInternalSubjectId());
    UserInfo userInfo = new UserInfo(new Subject(accessTokenInfo.getPublicSubject()));
    if (accessTokenInfo.getScopes().contains("email")) {
        userInfo.setEmailAddress(userProfile.getEmail());
        userInfo.setEmailVerified(userProfile.isEmailVerified());
    }
    if (accessTokenInfo.getScopes().contains("phone")) {
        userInfo.setPhoneNumber(userProfile.getPhoneNumber());
        userInfo.setPhoneNumberVerified(userProfile.isPhoneNumberVerified());
    }
    if (accessTokenInfo.getScopes().contains("govuk-account")) {
        userInfo.setClaim("legacy_subject_id", userProfile.getLegacySubjectID());
    }
    return userInfo;
}

Example 59 with Subject

use of com.nimbusds.oauth2.sdk.id.Subject in project di-authentication-api by alphagov.

the class AccessTokenServiceTest method createSignedExpiredAccessToken.

private AccessToken createSignedExpiredAccessToken() throws JOSEException {
    LocalDateTime localDateTime = LocalDateTime.now().minusMinutes(2);
    Date expiryDate = Date.from(localDateTime.atZone(ZoneId.of("UTC")).toInstant());
    ECKey ecSigningKey = new ECKeyGenerator(Curve.P_256).keyID(KEY_ID).algorithm(JWSAlgorithm.ES256).generate();
    ECDSASigner signer = new ECDSASigner(ecSigningKey);
    SignedJWT signedJWT = TokenGeneratorHelper.generateSignedToken(CLIENT_ID, BASE_URL, SCOPES, signer, SUBJECT, ecSigningKey.getKeyID(), expiryDate);
    return new BearerAccessToken(signedJWT.serialize());
}

Example 60 with Subject

use of com.nimbusds.oauth2.sdk.id.Subject in project di-authentication-api by alphagov.

the class IdentityServiceTest method setUp.

@BeforeEach
void setUp() throws JOSEException {
    identityService = new IdentityService(dynamoSpotService);
    accessToken = new BearerAccessToken(TokenGeneratorHelper.generateSignedTokenWithGeneratedKey(CLIENT_ID, BASE_URL, SCOPES, SUBJECT).serialize());
}