Example 11 with OIDCClaimsRequest
use of com.nimbusds.openid.connect.sdk.OIDCClaimsRequest in project di-authentication-api by alphagov.
the class TokenIntegrationTest method shouldCallTokenResourceAndReturnIdentityClaims.
@Test
void shouldCallTokenResourceAndReturnIdentityClaims() throws Exception {
KeyPair keyPair = KeyPairHelper.GENERATE_RSA_KEY_PAIR();
Scope scope = new Scope(OIDCScopeValue.OPENID.getValue());
var claimsSetRequest = new ClaimsSetRequest().add("nickname").add("birthdate");
var oidcClaimsRequest = new OIDCClaimsRequest().withUserInfoClaimsRequest(claimsSetRequest);
setUpDynamo(keyPair, scope, new Subject());
var response = generateTokenRequest(keyPair, scope, Optional.of("P2.Cl.Cm"), Optional.of(oidcClaimsRequest), Optional.of(CLIENT_ID));
assertThat(response, hasStatus(200));
JSONObject jsonResponse = JSONObjectUtils.parse(response.getBody());
assertNull(TokenResponse.parse(jsonResponse).toSuccessResponse().getTokens().getRefreshToken());
assertNotNull(TokenResponse.parse(jsonResponse).toSuccessResponse().getTokens().getBearerAccessToken());
BearerAccessToken bearerAccessToken = TokenResponse.parse(jsonResponse).toSuccessResponse().getTokens().getBearerAccessToken();
JSONArray jsonarray = JSONArrayUtils.parse(SignedJWT.parse(bearerAccessToken.getValue()).getJWTClaimsSet().getClaim("claims").toString());
assertTrue(jsonarray.contains("nickname"));
assertTrue(jsonarray.contains("birthdate"));
assertNoAuditEventsReceived(auditTopic);
}
Also used :
ClaimsSetRequest(com.nimbusds.openid.connect.sdk.claims.ClaimsSetRequest)
KeyPair(java.security.KeyPair)
OIDCClaimsRequest(com.nimbusds.openid.connect.sdk.OIDCClaimsRequest)
Scope(com.nimbusds.oauth2.sdk.Scope)
JSONObject(net.minidev.json.JSONObject)
JSONArray(net.minidev.json.JSONArray)
BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken)
Subject(com.nimbusds.oauth2.sdk.id.Subject)
Test(org.junit.jupiter.api.Test)
ApiGatewayHandlerIntegrationTest(uk.gov.di.authentication.sharedtest.basetest.ApiGatewayHandlerIntegrationTest)
ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)
Example 12 with OIDCClaimsRequest
use of com.nimbusds.openid.connect.sdk.OIDCClaimsRequest in project di-authentication-api by alphagov.
the class IPVAuthorisationHandlerTest method withAuthenticationRequest.
private AuthenticationRequest withAuthenticationRequest() {
Scope scope = new Scope();
scope.add(OIDCScopeValue.OPENID);
var oidcClaimsRequest = new OIDCClaimsRequest().withUserInfoClaimsRequest(claimsSetRequest);
return new AuthenticationRequest.Builder(new ResponseType(ResponseType.Value.CODE), scope, new ClientID(CLIENT_ID), REDIRECT_URI).state(new State()).nonce(new Nonce()).claims(oidcClaimsRequest).build();
}
Also used :
Nonce(com.nimbusds.openid.connect.sdk.Nonce)
OIDCClaimsRequest(com.nimbusds.openid.connect.sdk.OIDCClaimsRequest)
Scope(com.nimbusds.oauth2.sdk.Scope)
State(com.nimbusds.oauth2.sdk.id.State)
ClientID(com.nimbusds.oauth2.sdk.id.ClientID)
ResponseType(com.nimbusds.oauth2.sdk.ResponseType)
Example 13 with OIDCClaimsRequest
use of com.nimbusds.openid.connect.sdk.OIDCClaimsRequest in project di-authentication-api by alphagov.
the class AccessTokenServiceTest method shouldThrowExceptionWhenIdentityClaimsAreInvalid.
@Test
void shouldThrowExceptionWhenIdentityClaimsAreInvalid() throws Json.JsonException {
var claimsSetRequest = new ClaimsSetRequest().add("email").add(ValidClaims.ADDRESS.getValue());
var invalidClaimsRequest = new OIDCClaimsRequest().withUserInfoClaimsRequest(claimsSetRequest);
accessToken = createSignedAccessToken(invalidClaimsRequest, false);
when(tokenValidationService.validateAccessTokenSignature(accessToken)).thenReturn(true);
when(clientService.getClient(CLIENT_ID)).thenReturn(Optional.of(generateClientRegistry(SCOPES)));
when(redisConnectionService.getValue(ACCESS_TOKEN_PREFIX + CLIENT_ID + "." + SUBJECT)).thenReturn(objectMapper.writeValueAsString(new AccessTokenStore(accessToken.getValue(), INTERNAL_SUBJECT.getValue())));
var accessTokenException = assertThrows(AccessTokenException.class, () -> validationService.parse(accessToken.toAuthorizationHeader(), true), "Expected to throw AccessTokenException");
assertThat(accessTokenException.getMessage(), equalTo("Invalid Identity claims"));
assertThat(accessTokenException.getError(), equalTo(OAuth2Error.INVALID_REQUEST));
}
Also used :
ClaimsSetRequest(com.nimbusds.openid.connect.sdk.claims.ClaimsSetRequest)
OIDCClaimsRequest(com.nimbusds.openid.connect.sdk.OIDCClaimsRequest)
AccessTokenStore(uk.gov.di.authentication.shared.entity.AccessTokenStore)
Test(org.junit.jupiter.api.Test)
ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)
Aggregations
OIDCClaimsRequest (com.nimbusds.openid.connect.sdk.OIDCClaimsRequest)13
ClaimsSetRequest (com.nimbusds.openid.connect.sdk.claims.ClaimsSetRequest)9
Test (org.junit.jupiter.api.Test)9
Scope (com.nimbusds.oauth2.sdk.Scope)8
ErrorObject (com.nimbusds.oauth2.sdk.ErrorObject)6
ResponseType (com.nimbusds.oauth2.sdk.ResponseType)6
AuthenticationRequest (com.nimbusds.openid.connect.sdk.AuthenticationRequest)5
Subject (com.nimbusds.oauth2.sdk.id.Subject)4
BearerAccessToken (com.nimbusds.oauth2.sdk.token.BearerAccessToken)3
HashMap (java.util.HashMap)3
AccessTokenStore (uk.gov.di.authentication.shared.entity.AccessTokenStore)3
ClientRegistry (uk.gov.di.authentication.shared.entity.ClientRegistry)3
ApiGatewayHandlerIntegrationTest (uk.gov.di.authentication.sharedtest.basetest.ApiGatewayHandlerIntegrationTest)3
JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)2
ParseException (com.nimbusds.oauth2.sdk.ParseException)2
ClientID (com.nimbusds.oauth2.sdk.id.ClientID)2
State (com.nimbusds.oauth2.sdk.id.State)2
RefreshToken (com.nimbusds.oauth2.sdk.token.RefreshToken)2
Nonce (com.nimbusds.openid.connect.sdk.Nonce)2
OIDCTokenResponse (com.nimbusds.openid.connect.sdk.OIDCTokenResponse)2
