use of com.nimbusds.openid.connect.sdk.OIDCClaimsRequest in project di-authentication-api by alphagov.
the class TokenIntegrationTest method shouldCallTokenResourceAndReturnIdentityClaims.
@Test
void shouldCallTokenResourceAndReturnIdentityClaims() throws Exception {
KeyPair keyPair = KeyPairHelper.GENERATE_RSA_KEY_PAIR();
Scope scope = new Scope(OIDCScopeValue.OPENID.getValue());
var claimsSetRequest = new ClaimsSetRequest().add("nickname").add("birthdate");
var oidcClaimsRequest = new OIDCClaimsRequest().withUserInfoClaimsRequest(claimsSetRequest);
setUpDynamo(keyPair, scope, new Subject());
var response = generateTokenRequest(keyPair, scope, Optional.of("P2.Cl.Cm"), Optional.of(oidcClaimsRequest), Optional.of(CLIENT_ID));
assertThat(response, hasStatus(200));
JSONObject jsonResponse = JSONObjectUtils.parse(response.getBody());
assertNull(TokenResponse.parse(jsonResponse).toSuccessResponse().getTokens().getRefreshToken());
assertNotNull(TokenResponse.parse(jsonResponse).toSuccessResponse().getTokens().getBearerAccessToken());
BearerAccessToken bearerAccessToken = TokenResponse.parse(jsonResponse).toSuccessResponse().getTokens().getBearerAccessToken();
JSONArray jsonarray = JSONArrayUtils.parse(SignedJWT.parse(bearerAccessToken.getValue()).getJWTClaimsSet().getClaim("claims").toString());
assertTrue(jsonarray.contains("nickname"));
assertTrue(jsonarray.contains("birthdate"));
assertNoAuditEventsReceived(auditTopic);
}
use of com.nimbusds.openid.connect.sdk.OIDCClaimsRequest in project di-authentication-api by alphagov.
the class IPVAuthorisationHandlerTest method withAuthenticationRequest.
private AuthenticationRequest withAuthenticationRequest() {
Scope scope = new Scope();
scope.add(OIDCScopeValue.OPENID);
var oidcClaimsRequest = new OIDCClaimsRequest().withUserInfoClaimsRequest(claimsSetRequest);
return new AuthenticationRequest.Builder(new ResponseType(ResponseType.Value.CODE), scope, new ClientID(CLIENT_ID), REDIRECT_URI).state(new State()).nonce(new Nonce()).claims(oidcClaimsRequest).build();
}
use of com.nimbusds.openid.connect.sdk.OIDCClaimsRequest in project di-authentication-api by alphagov.
the class AccessTokenServiceTest method shouldThrowExceptionWhenIdentityClaimsAreInvalid.
@Test
void shouldThrowExceptionWhenIdentityClaimsAreInvalid() throws Json.JsonException {
var claimsSetRequest = new ClaimsSetRequest().add("email").add(ValidClaims.ADDRESS.getValue());
var invalidClaimsRequest = new OIDCClaimsRequest().withUserInfoClaimsRequest(claimsSetRequest);
accessToken = createSignedAccessToken(invalidClaimsRequest, false);
when(tokenValidationService.validateAccessTokenSignature(accessToken)).thenReturn(true);
when(clientService.getClient(CLIENT_ID)).thenReturn(Optional.of(generateClientRegistry(SCOPES)));
when(redisConnectionService.getValue(ACCESS_TOKEN_PREFIX + CLIENT_ID + "." + SUBJECT)).thenReturn(objectMapper.writeValueAsString(new AccessTokenStore(accessToken.getValue(), INTERNAL_SUBJECT.getValue())));
var accessTokenException = assertThrows(AccessTokenException.class, () -> validationService.parse(accessToken.toAuthorizationHeader(), true), "Expected to throw AccessTokenException");
assertThat(accessTokenException.getMessage(), equalTo("Invalid Identity claims"));
assertThat(accessTokenException.getError(), equalTo(OAuth2Error.INVALID_REQUEST));
}
Aggregations