Search in sources :

Example 11 with OIDCClaimsRequest

use of com.nimbusds.openid.connect.sdk.OIDCClaimsRequest in project di-authentication-api by alphagov.

the class TokenIntegrationTest method shouldCallTokenResourceAndReturnIdentityClaims.

@Test
void shouldCallTokenResourceAndReturnIdentityClaims() throws Exception {
    KeyPair keyPair = KeyPairHelper.GENERATE_RSA_KEY_PAIR();
    Scope scope = new Scope(OIDCScopeValue.OPENID.getValue());
    var claimsSetRequest = new ClaimsSetRequest().add("nickname").add("birthdate");
    var oidcClaimsRequest = new OIDCClaimsRequest().withUserInfoClaimsRequest(claimsSetRequest);
    setUpDynamo(keyPair, scope, new Subject());
    var response = generateTokenRequest(keyPair, scope, Optional.of("P2.Cl.Cm"), Optional.of(oidcClaimsRequest), Optional.of(CLIENT_ID));
    assertThat(response, hasStatus(200));
    JSONObject jsonResponse = JSONObjectUtils.parse(response.getBody());
    assertNull(TokenResponse.parse(jsonResponse).toSuccessResponse().getTokens().getRefreshToken());
    assertNotNull(TokenResponse.parse(jsonResponse).toSuccessResponse().getTokens().getBearerAccessToken());
    BearerAccessToken bearerAccessToken = TokenResponse.parse(jsonResponse).toSuccessResponse().getTokens().getBearerAccessToken();
    JSONArray jsonarray = JSONArrayUtils.parse(SignedJWT.parse(bearerAccessToken.getValue()).getJWTClaimsSet().getClaim("claims").toString());
    assertTrue(jsonarray.contains("nickname"));
    assertTrue(jsonarray.contains("birthdate"));
    assertNoAuditEventsReceived(auditTopic);
}
Also used : ClaimsSetRequest(com.nimbusds.openid.connect.sdk.claims.ClaimsSetRequest) KeyPair(java.security.KeyPair) OIDCClaimsRequest(com.nimbusds.openid.connect.sdk.OIDCClaimsRequest) Scope(com.nimbusds.oauth2.sdk.Scope) JSONObject(net.minidev.json.JSONObject) JSONArray(net.minidev.json.JSONArray) BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken) Subject(com.nimbusds.oauth2.sdk.id.Subject) Test(org.junit.jupiter.api.Test) ApiGatewayHandlerIntegrationTest(uk.gov.di.authentication.sharedtest.basetest.ApiGatewayHandlerIntegrationTest) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)

Example 12 with OIDCClaimsRequest

use of com.nimbusds.openid.connect.sdk.OIDCClaimsRequest in project di-authentication-api by alphagov.

the class IPVAuthorisationHandlerTest method withAuthenticationRequest.

private AuthenticationRequest withAuthenticationRequest() {
    Scope scope = new Scope();
    scope.add(OIDCScopeValue.OPENID);
    var oidcClaimsRequest = new OIDCClaimsRequest().withUserInfoClaimsRequest(claimsSetRequest);
    return new AuthenticationRequest.Builder(new ResponseType(ResponseType.Value.CODE), scope, new ClientID(CLIENT_ID), REDIRECT_URI).state(new State()).nonce(new Nonce()).claims(oidcClaimsRequest).build();
}
Also used : Nonce(com.nimbusds.openid.connect.sdk.Nonce) OIDCClaimsRequest(com.nimbusds.openid.connect.sdk.OIDCClaimsRequest) Scope(com.nimbusds.oauth2.sdk.Scope) State(com.nimbusds.oauth2.sdk.id.State) ClientID(com.nimbusds.oauth2.sdk.id.ClientID) ResponseType(com.nimbusds.oauth2.sdk.ResponseType)

Example 13 with OIDCClaimsRequest

use of com.nimbusds.openid.connect.sdk.OIDCClaimsRequest in project di-authentication-api by alphagov.

the class AccessTokenServiceTest method shouldThrowExceptionWhenIdentityClaimsAreInvalid.

@Test
void shouldThrowExceptionWhenIdentityClaimsAreInvalid() throws Json.JsonException {
    var claimsSetRequest = new ClaimsSetRequest().add("email").add(ValidClaims.ADDRESS.getValue());
    var invalidClaimsRequest = new OIDCClaimsRequest().withUserInfoClaimsRequest(claimsSetRequest);
    accessToken = createSignedAccessToken(invalidClaimsRequest, false);
    when(tokenValidationService.validateAccessTokenSignature(accessToken)).thenReturn(true);
    when(clientService.getClient(CLIENT_ID)).thenReturn(Optional.of(generateClientRegistry(SCOPES)));
    when(redisConnectionService.getValue(ACCESS_TOKEN_PREFIX + CLIENT_ID + "." + SUBJECT)).thenReturn(objectMapper.writeValueAsString(new AccessTokenStore(accessToken.getValue(), INTERNAL_SUBJECT.getValue())));
    var accessTokenException = assertThrows(AccessTokenException.class, () -> validationService.parse(accessToken.toAuthorizationHeader(), true), "Expected to throw AccessTokenException");
    assertThat(accessTokenException.getMessage(), equalTo("Invalid Identity claims"));
    assertThat(accessTokenException.getError(), equalTo(OAuth2Error.INVALID_REQUEST));
}
Also used : ClaimsSetRequest(com.nimbusds.openid.connect.sdk.claims.ClaimsSetRequest) OIDCClaimsRequest(com.nimbusds.openid.connect.sdk.OIDCClaimsRequest) AccessTokenStore(uk.gov.di.authentication.shared.entity.AccessTokenStore) Test(org.junit.jupiter.api.Test) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)

Aggregations

OIDCClaimsRequest (com.nimbusds.openid.connect.sdk.OIDCClaimsRequest)13 ClaimsSetRequest (com.nimbusds.openid.connect.sdk.claims.ClaimsSetRequest)9 Test (org.junit.jupiter.api.Test)9 Scope (com.nimbusds.oauth2.sdk.Scope)8 ErrorObject (com.nimbusds.oauth2.sdk.ErrorObject)6 ResponseType (com.nimbusds.oauth2.sdk.ResponseType)6 AuthenticationRequest (com.nimbusds.openid.connect.sdk.AuthenticationRequest)5 Subject (com.nimbusds.oauth2.sdk.id.Subject)4 BearerAccessToken (com.nimbusds.oauth2.sdk.token.BearerAccessToken)3 HashMap (java.util.HashMap)3 AccessTokenStore (uk.gov.di.authentication.shared.entity.AccessTokenStore)3 ClientRegistry (uk.gov.di.authentication.shared.entity.ClientRegistry)3 ApiGatewayHandlerIntegrationTest (uk.gov.di.authentication.sharedtest.basetest.ApiGatewayHandlerIntegrationTest)3 JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)2 ParseException (com.nimbusds.oauth2.sdk.ParseException)2 ClientID (com.nimbusds.oauth2.sdk.id.ClientID)2 State (com.nimbusds.oauth2.sdk.id.State)2 RefreshToken (com.nimbusds.oauth2.sdk.token.RefreshToken)2 Nonce (com.nimbusds.openid.connect.sdk.Nonce)2 OIDCTokenResponse (com.nimbusds.openid.connect.sdk.OIDCTokenResponse)2