Search in sources :

Example 1 with AuthorizeRequest

use of com.okta.oidc.net.request.web.AuthorizeRequest in project okta-oidc-android by okta.

the class SyncWebAuthClientTest method tokenExchangeSuccess.

@Test
public void tokenExchangeSuccess() throws InterruptedException, JSONException, AuthorizationException, OktaRepository.EncryptionException {
    String codeVerifier = CodeVerifierUtil.generateRandomCodeVerifier();
    String nonce = CodeVerifierUtil.generateRandomState();
    AuthorizeRequest request = new AuthorizeRequest.Builder().codeVerifier(codeVerifier).authorizeEndpoint(mProviderConfig.authorization_endpoint).redirectUri(mConfig.getRedirectUri().toString()).scope("openid", "email", "profile").nonce(nonce).create();
    mOktaState.save(request);
    AuthorizeResponse response = AuthorizeResponse.fromUri(Uri.parse("com.okta.test:/callback?code=CODE&state=CUSTOM_STATE"));
    String jws = TestValues.getJwt(mEndPoint.getUrl(), nonce, mConfig.getClientId());
    mEndPoint.enqueueTokenSuccess(jws);
    TokenRequest tokenRequest = mSyncWebAuth.tokenExchange(response, mOktaState.getProviderConfiguration(), (AuthorizeRequest) mOktaState.getAuthorizeRequest());
    TokenResponse tokenResponse = tokenRequest.executeRequest(mHttpClient);
    RecordedRequest recordedRequest = mEndPoint.takeRequest();
    assertThat(recordedRequest.getPath(), equalTo("/token"));
    assertNotNull(tokenResponse);
    assertEquals(tokenResponse.getIdToken(), jws);
}
Also used : RecordedRequest(okhttp3.mockwebserver.RecordedRequest) AuthorizeResponse(com.okta.oidc.net.response.web.AuthorizeResponse) TokenResponse(com.okta.oidc.net.response.TokenResponse) AuthorizeRequest(com.okta.oidc.net.request.web.AuthorizeRequest) TokenRequest(com.okta.oidc.net.request.TokenRequest) RevokeTokenRequest(com.okta.oidc.net.request.RevokeTokenRequest) Test(org.junit.Test)

Example 2 with AuthorizeRequest

use of com.okta.oidc.net.request.web.AuthorizeRequest in project okta-oidc-android by okta.

the class SyncWebAuthClientTest method tokenExchangeFailure.

@Test
public void tokenExchangeFailure() throws InterruptedException, JSONException, AuthorizationException, OktaRepository.EncryptionException {
    mExpectedEx.expect(AuthorizationException.class);
    String codeVerifier = CodeVerifierUtil.generateRandomCodeVerifier();
    String nonce = CodeVerifierUtil.generateRandomState();
    AuthorizeRequest request = new AuthorizeRequest.Builder().codeVerifier(codeVerifier).authorizeEndpoint(mProviderConfig.authorization_endpoint).redirectUri(mConfig.getRedirectUri().toString()).scope(SCOPES).nonce(nonce).create();
    mOktaState.save(request);
    AuthorizeResponse response = AuthorizeResponse.fromUri(Uri.parse("com.okta.test:/callback?code=CODE&state=CUSTOM_STATE"));
    mEndPoint.enqueueReturnInvalidClient();
    TokenRequest tokenRequest = mSyncWebAuth.tokenExchange(response, mOktaState.getProviderConfiguration(), (AuthorizeRequest) mOktaState.getAuthorizeRequest());
    TokenResponse tokenResponse = tokenRequest.executeRequest(mHttpClient);
    RecordedRequest recordedRequest = mEndPoint.takeRequest();
    assertThat(recordedRequest.getPath(), equalTo("/token"));
    assertNull(tokenResponse);
}
Also used : RecordedRequest(okhttp3.mockwebserver.RecordedRequest) AuthorizeResponse(com.okta.oidc.net.response.web.AuthorizeResponse) TokenResponse(com.okta.oidc.net.response.TokenResponse) AuthorizeRequest(com.okta.oidc.net.request.web.AuthorizeRequest) TokenRequest(com.okta.oidc.net.request.TokenRequest) RevokeTokenRequest(com.okta.oidc.net.request.RevokeTokenRequest) Test(org.junit.Test)

Example 3 with AuthorizeRequest

use of com.okta.oidc.net.request.web.AuthorizeRequest in project okta-oidc-android by okta.

the class OktaStateTest method getAuthorizeRequest.

@Test
public void getAuthorizeRequest() throws OktaRepository.EncryptionException, AuthorizationException {
    WebRequest authorizedRequest = TestValues.getAuthorizeRequest(TestValues.getConfigWithUrl(CUSTOM_URL), null);
    mOktaState.save(authorizedRequest);
    AuthorizeRequest expected = (AuthorizeRequest) mOktaState.getAuthorizeRequest();
    assertNotNull(expected);
    assertEquals(authorizedRequest.persist(), expected.persist());
}
Also used : WebRequest(com.okta.oidc.net.request.web.WebRequest) AuthorizeRequest(com.okta.oidc.net.request.web.AuthorizeRequest) Test(org.junit.Test)

Example 4 with AuthorizeRequest

use of com.okta.oidc.net.request.web.AuthorizeRequest in project okta-oidc-android by okta.

the class SyncAuthClientImpl method signIn.

@WorkerThread
@Override
public Result signIn(String sessionToken, @Nullable AuthenticationPayload payload) {
    try {
        mCancel.set(false);
        ProviderConfiguration providerConfiguration = obtainNewConfiguration();
        checkIfCanceled();
        mOktaState.setCurrentState(State.SIGN_IN_REQUEST);
        NativeAuthorizeRequest request = nativeAuthorizeRequest(sessionToken, providerConfiguration, payload);
        mCurrentRequest.set(new WeakReference<>(request));
        // Save the nativeAuth request in a AuthRequest because it is needed to verify results.
        AuthorizeRequest authRequest = new AuthorizeRequest(request.getParameters());
        mOktaState.save(authRequest);
        AuthorizeResponse authResponse = request.executeRequest(mHttpClient);
        checkIfCanceled();
        // This flow should never happen but if it does throw a exception.
        if (isVerificationFlow(authResponse)) {
            return Result.error(new AuthorizationException("Email verification required. Session: " + authResponse.getSessionHint(), null));
        }
        validateResult(authResponse, authRequest);
        mOktaState.setCurrentState(State.TOKEN_EXCHANGE);
        TokenRequest requestToken = tokenExchange(authResponse, providerConfiguration, authRequest);
        mCurrentRequest.set(new WeakReference<>(requestToken));
        TokenResponse tokenResponse = requestToken.executeRequest(mHttpClient);
        mOktaState.save(tokenResponse);
        return Result.success();
    } catch (AuthorizationException e) {
        return Result.error(e);
    } catch (IOException e) {
        return Result.cancel();
    } catch (Exception e) {
        return Result.error(new AuthorizationException(OTHER.code, e.getMessage(), e));
    } finally {
        resetCurrentState();
    }
}
Also used : AuthorizeResponse(com.okta.oidc.net.response.web.AuthorizeResponse) TokenResponse(com.okta.oidc.net.response.TokenResponse) AuthorizeRequest(com.okta.oidc.net.request.web.AuthorizeRequest) NativeAuthorizeRequest(com.okta.oidc.net.request.NativeAuthorizeRequest) AuthorizationException(com.okta.oidc.util.AuthorizationException) TokenRequest(com.okta.oidc.net.request.TokenRequest) IOException(java.io.IOException) NativeAuthorizeRequest(com.okta.oidc.net.request.NativeAuthorizeRequest) IOException(java.io.IOException) AuthorizationException(com.okta.oidc.util.AuthorizationException) ProviderConfiguration(com.okta.oidc.net.request.ProviderConfiguration) WorkerThread(androidx.annotation.WorkerThread)

Aggregations

AuthorizeRequest (com.okta.oidc.net.request.web.AuthorizeRequest)4 TokenRequest (com.okta.oidc.net.request.TokenRequest)3 TokenResponse (com.okta.oidc.net.response.TokenResponse)3 AuthorizeResponse (com.okta.oidc.net.response.web.AuthorizeResponse)3 Test (org.junit.Test)3 RevokeTokenRequest (com.okta.oidc.net.request.RevokeTokenRequest)2 RecordedRequest (okhttp3.mockwebserver.RecordedRequest)2 WorkerThread (androidx.annotation.WorkerThread)1 NativeAuthorizeRequest (com.okta.oidc.net.request.NativeAuthorizeRequest)1 ProviderConfiguration (com.okta.oidc.net.request.ProviderConfiguration)1 WebRequest (com.okta.oidc.net.request.web.WebRequest)1 AuthorizationException (com.okta.oidc.util.AuthorizationException)1 IOException (java.io.IOException)1