Search in sources :

Example 16 with UserInfo

use of com.nimbusds.openid.connect.sdk.claims.UserInfo in project di-authentication-api by alphagov.

the class IPVCallbackHandlerTest method shouldInvokeSPOTAndRedirectToFrontendCallbackForSuccessfulResponseAtP2.

@ParameterizedTest
@MethodSource("additionalClaims")
void shouldInvokeSPOTAndRedirectToFrontendCallbackForSuccessfulResponseAtP2(Map<String, String> additionalClaims) throws URISyntaxException, Json.JsonException {
    usingValidSession();
    usingValidClientSession();
    var claims = new HashMap<>(Map.of("sub", "sub-val", "vot", "P2", "vtm", OIDC_BASE_URL + "/trustmark", "https://vocab.account.gov.uk/v1/coreIdentity", CORE_IDENTITY_CLAIM, "https://vocab.account.gov.uk/v1/credentialJWT", CREDENTIAL_JWT_CLAIM));
    claims.putAll(additionalClaims);
    var response = makeHandlerRequest(getApiGatewayProxyRequestEvent(new UserInfo(new JSONObject(claims))));
    assertThat(response, hasStatus(302));
    var expectedRedirectURI = new URIBuilder(LOGIN_URL).setPath("ipv-callback").build();
    assertThat(response.getHeaders().get("Location"), equalTo(expectedRedirectURI.toString()));
    var expectedPairwiseSub = ClientSubjectHelper.getSubject(userProfile, clientRegistry, dynamoService);
    verify(awsSqsClient).send(objectMapper.writeValueAsString(new SPOTRequest(SPOTClaims.builder().withVot(LevelOfConfidence.MEDIUM_LEVEL.getValue()).withVtm(OIDC_BASE_URL + "/trustmark").withClaim(IdentityClaims.CORE_IDENTITY.getValue(), CORE_IDENTITY_CLAIM).withClaim(IdentityClaims.CREDENTIAL_JWT.getValue(), CREDENTIAL_JWT_CLAIM).build(), SUBJECT.getValue(), salt, "test.com", expectedPairwiseSub.getValue(), new LogIds(session.getSessionId(), PERSISTENT_SESSION_ID, REQUEST_ID, CLIENT_ID.getValue()))));
    verify(dynamoIdentityService).addAdditionalClaims(expectedPairwiseSub.getValue(), additionalClaims);
    verifyAuditEvent(IPVAuditableEvent.IPV_AUTHORISATION_RESPONSE_RECEIVED);
    verifyAuditEvent(IPVAuditableEvent.IPV_SUCCESSFUL_TOKEN_RESPONSE_RECEIVED);
    verifyAuditEvent(IPVAuditableEvent.IPV_SUCCESSFUL_IDENTITY_RESPONSE_RECEIVED);
    verifyAuditEvent(IPVAuditableEvent.IPV_SPOT_REQUESTED);
    verifyNoMoreInteractions(auditService);
}
Also used : JSONObject(net.minidev.json.JSONObject) HashMap(java.util.HashMap) LogIds(uk.gov.di.authentication.ipv.entity.LogIds) UserInfo(com.nimbusds.openid.connect.sdk.claims.UserInfo) SPOTRequest(uk.gov.di.authentication.ipv.entity.SPOTRequest) URIBuilder(org.apache.http.client.utils.URIBuilder) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest) MethodSource(org.junit.jupiter.params.provider.MethodSource)

Example 17 with UserInfo

use of com.nimbusds.openid.connect.sdk.claims.UserInfo in project di-authentication-api by alphagov.

the class UserInfoHandlerTest method shouldReturn200WithUserInfoBasedOnScopesForSuccessfulRequest.

@Test
void shouldReturn200WithUserInfoBasedOnScopesForSuccessfulRequest() throws ParseException, AccessTokenException {
    AccessToken accessToken = new BearerAccessToken();
    UserInfo userInfo = new UserInfo(SUBJECT);
    userInfo.setEmailVerified(true);
    userInfo.setPhoneNumberVerified(true);
    userInfo.setPhoneNumber(PHONE_NUMBER);
    userInfo.setEmailAddress(EMAIL_ADDRESS);
    when(accessTokenService.parse(accessToken.toAuthorizationHeader(), false)).thenReturn(accessTokenInfo);
    when(userInfoService.populateUserInfo(accessTokenInfo, false)).thenReturn(userInfo);
    APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
    event.setHeaders(Map.of("Authorization", accessToken.toAuthorizationHeader()));
    APIGatewayProxyResponseEvent result = handler.handleRequest(event, context);
    assertThat(result, hasStatus(200));
    UserInfo parsedResultBody = UserInfo.parse(result.getBody());
    assertThat(parsedResultBody.getSubject(), equalTo(SUBJECT));
    assertThat(parsedResultBody.getEmailAddress(), equalTo(EMAIL_ADDRESS));
    assertTrue(parsedResultBody.getEmailVerified());
    assertThat(parsedResultBody.getPhoneNumber(), equalTo(PHONE_NUMBER));
    assertTrue(parsedResultBody.getPhoneNumberVerified());
}
Also used : APIGatewayProxyRequestEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent) AccessToken(com.nimbusds.oauth2.sdk.token.AccessToken) BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken) UserInfo(com.nimbusds.openid.connect.sdk.claims.UserInfo) BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken) APIGatewayProxyResponseEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent) Test(org.junit.jupiter.api.Test)

Example 18 with UserInfo

use of com.nimbusds.openid.connect.sdk.claims.UserInfo in project di-authentication-api by alphagov.

the class UserInfoHandler method userInfoRequestHandler.

public APIGatewayProxyResponseEvent userInfoRequestHandler(APIGatewayProxyRequestEvent input, Context context) {
    return isWarming(input).orElseGet(() -> {
        LOG.info("Request received to the UserInfoHandler");
        if (!headersContainValidHeader(input.getHeaders(), AUTHORIZATION_HEADER, configurationService.getHeadersCaseInsensitive())) {
            LOG.warn("AccessToken is missing from request");
            return generateApiGatewayProxyResponse(401, "", new UserInfoErrorResponse(MISSING_TOKEN).toHTTPResponse().getHeaderMap());
        }
        UserInfo userInfo;
        try {
            AccessTokenInfo accessTokenInfo = accessTokenService.parse(getHeaderValueFromHeaders(input.getHeaders(), AUTHORIZATION_HEADER, configurationService.getHeadersCaseInsensitive()), configurationService.isIdentityEnabled());
            userInfo = userInfoService.populateUserInfo(accessTokenInfo, configurationService.isIdentityEnabled());
        } catch (AccessTokenException e) {
            LOG.warn("AccessTokenException. Sending back UserInfoErrorResponse");
            return generateApiGatewayProxyResponse(401, "", new UserInfoErrorResponse(e.getError()).toHTTPResponse().getHeaderMap());
        }
        LOG.info("Successfully processed UserInfo request. Sending back UserInfo response");
        return generateApiGatewayProxyResponse(200, userInfo.toJSONString());
    });
}
Also used : AccessTokenInfo(uk.gov.di.authentication.oidc.entity.AccessTokenInfo) UserInfoErrorResponse(com.nimbusds.openid.connect.sdk.UserInfoErrorResponse) AccessTokenException(uk.gov.di.authentication.shared.exceptions.AccessTokenException) UserInfo(com.nimbusds.openid.connect.sdk.claims.UserInfo)

Aggregations

UserInfo (com.nimbusds.openid.connect.sdk.claims.UserInfo)18 Test (org.junit.jupiter.api.Test)5 Subject (com.nimbusds.oauth2.sdk.id.Subject)3 AccessToken (com.nimbusds.oauth2.sdk.token.AccessToken)3 BearerAccessToken (com.nimbusds.oauth2.sdk.token.BearerAccessToken)3 UserInfoResponse (com.nimbusds.openid.connect.sdk.UserInfoResponse)3 JSONObject (net.minidev.json.JSONObject)3 ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)3 Test (org.testng.annotations.Test)3 OAuth2ServiceAbstractIntegrationTest (org.wso2.identity.integration.test.oauth2.OAuth2ServiceAbstractIntegrationTest)3 AccessTokenInfo (uk.gov.di.authentication.oidc.entity.AccessTokenInfo)3 AuthorizationCode (com.nimbusds.oauth2.sdk.AuthorizationCode)2 UserInfoErrorResponse (com.nimbusds.openid.connect.sdk.UserInfoErrorResponse)2 AccessTokenStore (uk.gov.di.authentication.shared.entity.AccessTokenStore)2 APIGatewayProxyRequestEvent (com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent)1 APIGatewayProxyResponseEvent (com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent)1 User (com.authlete.common.types.User)1 Federation (com.authlete.jaxrs.server.federation.Federation)1 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)1 JWT (com.nimbusds.jwt.JWT)1