Examples with AccessTokenHash - com.nimbusds.openid.connect.sdk.claims.AccessTokenHash

Example 1 with AccessTokenHash

use of com.nimbusds.openid.connect.sdk.claims.AccessTokenHash in project ORCID-Source by ORCID.

the class OpenIDConnectTest method testImplicitOauth.

@Test
public void testImplicitOauth() throws URISyntaxException, ParseException, JOSEException, JSONException, InvalidHashException {
    HashMap<String, String> requestParams = new HashMap<String, String>();
    requestParams.put("nonce", "yesMate");
    requestParams.put("state", "Boaty McBoatface");
    String response = getImplicitTokenResponse(Lists.newArrayList("openid"), requestParams, true);
    // check it's got a fragment
    assertTrue(response.contains("#"));
    // switch to query param for ease of parsing
    response = response.replace('#', '?');
    List<NameValuePair> params = URLEncodedUtils.parse(new URI(response), "UTF-8");
    Map<String, String> map = new HashMap<String, String>();
    for (NameValuePair pair : params) {
        map.put(pair.getName(), pair.getValue());
    }
    // guid length
    assertEquals(map.get("access_token").length(), 36);
    assertTrue(map.get("id_token") != null);
    assertEquals(map.get("token_type"), "bearer");
    assertEquals(map.get("name"), null);
    assertEquals(map.get("orcid"), null);
    assertEquals(map.get("state"), "Boaty McBoatface");
    // check expiry about 10 minutes
    assertTrue((Integer.parseInt(map.get("expires_in")) <= 600));
    assertTrue((Integer.parseInt(map.get("expires_in")) > 590));
    // check id_token
    SignedJWT signedJWT = checkJWT(map.get("id_token"));
    // check hash
    assertNotNull(signedJWT.getJWTClaimsSet().getClaim("at_hash"));
    AccessTokenValidator.validate(new BearerAccessToken(map.get("access_token")), JWSAlgorithm.RS256, new AccessTokenHash(signedJWT.getJWTClaimsSet().getClaim("at_hash").toString()));
    // check access token works
    Client client = Client.create();
    WebResource webResource = client.resource(baseUri + "/oauth/userinfo");
    ClientResponse userInfo = webResource.header("Authorization", "Bearer " + map.get("access_token")).accept(MediaType.APPLICATION_JSON).get(ClientResponse.class);
    String userInfoString = userInfo.getEntity(String.class);
    JSONObject user = new JSONObject(userInfoString);
    Assert.assertEquals("9999-0000-0000-0004", user.get("sub"));
}

Also used : ClientResponse(com.sun.jersey.api.client.ClientResponse) NameValuePair(org.apache.http.NameValuePair) HashMap(java.util.HashMap) WebResource(com.sun.jersey.api.client.WebResource) SignedJWT(com.nimbusds.jwt.SignedJWT) URI(java.net.URI) AccessTokenHash(com.nimbusds.openid.connect.sdk.claims.AccessTokenHash) JSONObject(org.codehaus.jettison.json.JSONObject) BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken) Client(com.sun.jersey.api.client.Client) Test(org.junit.Test)

Aggregations

SignedJWT (com.nimbusds.jwt.SignedJWT)1 BearerAccessToken (com.nimbusds.oauth2.sdk.token.BearerAccessToken)1 AccessTokenHash (com.nimbusds.openid.connect.sdk.claims.AccessTokenHash)1 Client (com.sun.jersey.api.client.Client)1 ClientResponse (com.sun.jersey.api.client.ClientResponse)1 WebResource (com.sun.jersey.api.client.WebResource)1 URI (java.net.URI)1 HashMap (java.util.HashMap)1 NameValuePair (org.apache.http.NameValuePair)1 JSONObject (org.codehaus.jettison.json.JSONObject)1 Test (org.junit.Test)1