use of com.nimbusds.openid.connect.sdk.claims.UserInfo in project di-authentication-api by alphagov.
the class IPVCallbackHandlerTest method shouldInvokeSPOTAndRedirectToFrontendCallbackForSuccessfulResponseAtP2.
@ParameterizedTest
@MethodSource("additionalClaims")
void shouldInvokeSPOTAndRedirectToFrontendCallbackForSuccessfulResponseAtP2(Map<String, String> additionalClaims) throws URISyntaxException, Json.JsonException {
usingValidSession();
usingValidClientSession();
var claims = new HashMap<>(Map.of("sub", "sub-val", "vot", "P2", "vtm", OIDC_BASE_URL + "/trustmark", "https://vocab.account.gov.uk/v1/coreIdentity", CORE_IDENTITY_CLAIM, "https://vocab.account.gov.uk/v1/credentialJWT", CREDENTIAL_JWT_CLAIM));
claims.putAll(additionalClaims);
var response = makeHandlerRequest(getApiGatewayProxyRequestEvent(new UserInfo(new JSONObject(claims))));
assertThat(response, hasStatus(302));
var expectedRedirectURI = new URIBuilder(LOGIN_URL).setPath("ipv-callback").build();
assertThat(response.getHeaders().get("Location"), equalTo(expectedRedirectURI.toString()));
var expectedPairwiseSub = ClientSubjectHelper.getSubject(userProfile, clientRegistry, dynamoService);
verify(awsSqsClient).send(objectMapper.writeValueAsString(new SPOTRequest(SPOTClaims.builder().withVot(LevelOfConfidence.MEDIUM_LEVEL.getValue()).withVtm(OIDC_BASE_URL + "/trustmark").withClaim(IdentityClaims.CORE_IDENTITY.getValue(), CORE_IDENTITY_CLAIM).withClaim(IdentityClaims.CREDENTIAL_JWT.getValue(), CREDENTIAL_JWT_CLAIM).build(), SUBJECT.getValue(), salt, "test.com", expectedPairwiseSub.getValue(), new LogIds(session.getSessionId(), PERSISTENT_SESSION_ID, REQUEST_ID, CLIENT_ID.getValue()))));
verify(dynamoIdentityService).addAdditionalClaims(expectedPairwiseSub.getValue(), additionalClaims);
verifyAuditEvent(IPVAuditableEvent.IPV_AUTHORISATION_RESPONSE_RECEIVED);
verifyAuditEvent(IPVAuditableEvent.IPV_SUCCESSFUL_TOKEN_RESPONSE_RECEIVED);
verifyAuditEvent(IPVAuditableEvent.IPV_SUCCESSFUL_IDENTITY_RESPONSE_RECEIVED);
verifyAuditEvent(IPVAuditableEvent.IPV_SPOT_REQUESTED);
verifyNoMoreInteractions(auditService);
}
use of com.nimbusds.openid.connect.sdk.claims.UserInfo in project di-authentication-api by alphagov.
the class UserInfoHandlerTest method shouldReturn200WithUserInfoBasedOnScopesForSuccessfulRequest.
@Test
void shouldReturn200WithUserInfoBasedOnScopesForSuccessfulRequest() throws ParseException, AccessTokenException {
AccessToken accessToken = new BearerAccessToken();
UserInfo userInfo = new UserInfo(SUBJECT);
userInfo.setEmailVerified(true);
userInfo.setPhoneNumberVerified(true);
userInfo.setPhoneNumber(PHONE_NUMBER);
userInfo.setEmailAddress(EMAIL_ADDRESS);
when(accessTokenService.parse(accessToken.toAuthorizationHeader(), false)).thenReturn(accessTokenInfo);
when(userInfoService.populateUserInfo(accessTokenInfo, false)).thenReturn(userInfo);
APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
event.setHeaders(Map.of("Authorization", accessToken.toAuthorizationHeader()));
APIGatewayProxyResponseEvent result = handler.handleRequest(event, context);
assertThat(result, hasStatus(200));
UserInfo parsedResultBody = UserInfo.parse(result.getBody());
assertThat(parsedResultBody.getSubject(), equalTo(SUBJECT));
assertThat(parsedResultBody.getEmailAddress(), equalTo(EMAIL_ADDRESS));
assertTrue(parsedResultBody.getEmailVerified());
assertThat(parsedResultBody.getPhoneNumber(), equalTo(PHONE_NUMBER));
assertTrue(parsedResultBody.getPhoneNumberVerified());
}
use of com.nimbusds.openid.connect.sdk.claims.UserInfo in project di-authentication-api by alphagov.
the class UserInfoHandler method userInfoRequestHandler.
public APIGatewayProxyResponseEvent userInfoRequestHandler(APIGatewayProxyRequestEvent input, Context context) {
return isWarming(input).orElseGet(() -> {
LOG.info("Request received to the UserInfoHandler");
if (!headersContainValidHeader(input.getHeaders(), AUTHORIZATION_HEADER, configurationService.getHeadersCaseInsensitive())) {
LOG.warn("AccessToken is missing from request");
return generateApiGatewayProxyResponse(401, "", new UserInfoErrorResponse(MISSING_TOKEN).toHTTPResponse().getHeaderMap());
}
UserInfo userInfo;
try {
AccessTokenInfo accessTokenInfo = accessTokenService.parse(getHeaderValueFromHeaders(input.getHeaders(), AUTHORIZATION_HEADER, configurationService.getHeadersCaseInsensitive()), configurationService.isIdentityEnabled());
userInfo = userInfoService.populateUserInfo(accessTokenInfo, configurationService.isIdentityEnabled());
} catch (AccessTokenException e) {
LOG.warn("AccessTokenException. Sending back UserInfoErrorResponse");
return generateApiGatewayProxyResponse(401, "", new UserInfoErrorResponse(e.getError()).toHTTPResponse().getHeaderMap());
}
LOG.info("Successfully processed UserInfo request. Sending back UserInfo response");
return generateApiGatewayProxyResponse(200, userInfo.toJSONString());
});
}
Aggregations