Example 16 with UserInfo
use of com.nimbusds.openid.connect.sdk.claims.UserInfo in project di-authentication-api by alphagov.
the class IPVCallbackHandlerTest method shouldInvokeSPOTAndRedirectToFrontendCallbackForSuccessfulResponseAtP2.
@ParameterizedTest
@MethodSource("additionalClaims")
void shouldInvokeSPOTAndRedirectToFrontendCallbackForSuccessfulResponseAtP2(Map<String, String> additionalClaims) throws URISyntaxException, Json.JsonException {
usingValidSession();
usingValidClientSession();
var claims = new HashMap<>(Map.of("sub", "sub-val", "vot", "P2", "vtm", OIDC_BASE_URL + "/trustmark", "https://vocab.account.gov.uk/v1/coreIdentity", CORE_IDENTITY_CLAIM, "https://vocab.account.gov.uk/v1/credentialJWT", CREDENTIAL_JWT_CLAIM));
claims.putAll(additionalClaims);
var response = makeHandlerRequest(getApiGatewayProxyRequestEvent(new UserInfo(new JSONObject(claims))));
assertThat(response, hasStatus(302));
var expectedRedirectURI = new URIBuilder(LOGIN_URL).setPath("ipv-callback").build();
assertThat(response.getHeaders().get("Location"), equalTo(expectedRedirectURI.toString()));
var expectedPairwiseSub = ClientSubjectHelper.getSubject(userProfile, clientRegistry, dynamoService);
verify(awsSqsClient).send(objectMapper.writeValueAsString(new SPOTRequest(SPOTClaims.builder().withVot(LevelOfConfidence.MEDIUM_LEVEL.getValue()).withVtm(OIDC_BASE_URL + "/trustmark").withClaim(IdentityClaims.CORE_IDENTITY.getValue(), CORE_IDENTITY_CLAIM).withClaim(IdentityClaims.CREDENTIAL_JWT.getValue(), CREDENTIAL_JWT_CLAIM).build(), SUBJECT.getValue(), salt, "test.com", expectedPairwiseSub.getValue(), new LogIds(session.getSessionId(), PERSISTENT_SESSION_ID, REQUEST_ID, CLIENT_ID.getValue()))));
verify(dynamoIdentityService).addAdditionalClaims(expectedPairwiseSub.getValue(), additionalClaims);
verifyAuditEvent(IPVAuditableEvent.IPV_AUTHORISATION_RESPONSE_RECEIVED);
verifyAuditEvent(IPVAuditableEvent.IPV_SUCCESSFUL_TOKEN_RESPONSE_RECEIVED);
verifyAuditEvent(IPVAuditableEvent.IPV_SUCCESSFUL_IDENTITY_RESPONSE_RECEIVED);
verifyAuditEvent(IPVAuditableEvent.IPV_SPOT_REQUESTED);
verifyNoMoreInteractions(auditService);
}
Also used :
JSONObject(net.minidev.json.JSONObject)
HashMap(java.util.HashMap)
LogIds(uk.gov.di.authentication.ipv.entity.LogIds)
UserInfo(com.nimbusds.openid.connect.sdk.claims.UserInfo)
SPOTRequest(uk.gov.di.authentication.ipv.entity.SPOTRequest)
URIBuilder(org.apache.http.client.utils.URIBuilder)
ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)
MethodSource(org.junit.jupiter.params.provider.MethodSource)
Example 17 with UserInfo
use of com.nimbusds.openid.connect.sdk.claims.UserInfo in project di-authentication-api by alphagov.
the class UserInfoHandlerTest method shouldReturn200WithUserInfoBasedOnScopesForSuccessfulRequest.
@Test
void shouldReturn200WithUserInfoBasedOnScopesForSuccessfulRequest() throws ParseException, AccessTokenException {
AccessToken accessToken = new BearerAccessToken();
UserInfo userInfo = new UserInfo(SUBJECT);
userInfo.setEmailVerified(true);
userInfo.setPhoneNumberVerified(true);
userInfo.setPhoneNumber(PHONE_NUMBER);
userInfo.setEmailAddress(EMAIL_ADDRESS);
when(accessTokenService.parse(accessToken.toAuthorizationHeader(), false)).thenReturn(accessTokenInfo);
when(userInfoService.populateUserInfo(accessTokenInfo, false)).thenReturn(userInfo);
APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
event.setHeaders(Map.of("Authorization", accessToken.toAuthorizationHeader()));
APIGatewayProxyResponseEvent result = handler.handleRequest(event, context);
assertThat(result, hasStatus(200));
UserInfo parsedResultBody = UserInfo.parse(result.getBody());
assertThat(parsedResultBody.getSubject(), equalTo(SUBJECT));
assertThat(parsedResultBody.getEmailAddress(), equalTo(EMAIL_ADDRESS));
assertTrue(parsedResultBody.getEmailVerified());
assertThat(parsedResultBody.getPhoneNumber(), equalTo(PHONE_NUMBER));
assertTrue(parsedResultBody.getPhoneNumberVerified());
}
Also used :
APIGatewayProxyRequestEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent)
AccessToken(com.nimbusds.oauth2.sdk.token.AccessToken)
BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken)
UserInfo(com.nimbusds.openid.connect.sdk.claims.UserInfo)
BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken)
APIGatewayProxyResponseEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent)
Test(org.junit.jupiter.api.Test)
Example 18 with UserInfo
use of com.nimbusds.openid.connect.sdk.claims.UserInfo in project di-authentication-api by alphagov.
the class UserInfoHandler method userInfoRequestHandler.
public APIGatewayProxyResponseEvent userInfoRequestHandler(APIGatewayProxyRequestEvent input, Context context) {
return isWarming(input).orElseGet(() -> {
LOG.info("Request received to the UserInfoHandler");
if (!headersContainValidHeader(input.getHeaders(), AUTHORIZATION_HEADER, configurationService.getHeadersCaseInsensitive())) {
LOG.warn("AccessToken is missing from request");
return generateApiGatewayProxyResponse(401, "", new UserInfoErrorResponse(MISSING_TOKEN).toHTTPResponse().getHeaderMap());
}
UserInfo userInfo;
try {
AccessTokenInfo accessTokenInfo = accessTokenService.parse(getHeaderValueFromHeaders(input.getHeaders(), AUTHORIZATION_HEADER, configurationService.getHeadersCaseInsensitive()), configurationService.isIdentityEnabled());
userInfo = userInfoService.populateUserInfo(accessTokenInfo, configurationService.isIdentityEnabled());
} catch (AccessTokenException e) {
LOG.warn("AccessTokenException. Sending back UserInfoErrorResponse");
return generateApiGatewayProxyResponse(401, "", new UserInfoErrorResponse(e.getError()).toHTTPResponse().getHeaderMap());
}
LOG.info("Successfully processed UserInfo request. Sending back UserInfo response");
return generateApiGatewayProxyResponse(200, userInfo.toJSONString());
});
}
Also used :
AccessTokenInfo(uk.gov.di.authentication.oidc.entity.AccessTokenInfo)
UserInfoErrorResponse(com.nimbusds.openid.connect.sdk.UserInfoErrorResponse)
AccessTokenException(uk.gov.di.authentication.shared.exceptions.AccessTokenException)
UserInfo(com.nimbusds.openid.connect.sdk.claims.UserInfo)
Aggregations
UserInfo (com.nimbusds.openid.connect.sdk.claims.UserInfo)18
Test (org.junit.jupiter.api.Test)5
Subject (com.nimbusds.oauth2.sdk.id.Subject)3
AccessToken (com.nimbusds.oauth2.sdk.token.AccessToken)3
BearerAccessToken (com.nimbusds.oauth2.sdk.token.BearerAccessToken)3
UserInfoResponse (com.nimbusds.openid.connect.sdk.UserInfoResponse)3
JSONObject (net.minidev.json.JSONObject)3
ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)3
Test (org.testng.annotations.Test)3
OAuth2ServiceAbstractIntegrationTest (org.wso2.identity.integration.test.oauth2.OAuth2ServiceAbstractIntegrationTest)3
AccessTokenInfo (uk.gov.di.authentication.oidc.entity.AccessTokenInfo)3
AuthorizationCode (com.nimbusds.oauth2.sdk.AuthorizationCode)2
UserInfoErrorResponse (com.nimbusds.openid.connect.sdk.UserInfoErrorResponse)2
AccessTokenStore (uk.gov.di.authentication.shared.entity.AccessTokenStore)2
APIGatewayProxyRequestEvent (com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent)1
APIGatewayProxyResponseEvent (com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent)1
User (com.authlete.common.types.User)1
Federation (com.authlete.jaxrs.server.federation.Federation)1
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)1
JWT (com.nimbusds.jwt.JWT)1
