Example 96 with JWT
use of io.gravitee.am.common.jwt.JWT in project gravitee-access-management by gravitee-io.
the class TokenServiceTest method shouldCreateWithCustomClaims.
@Test
public void shouldCreateWithCustomClaims() {
OAuth2Request oAuth2Request = new OAuth2Request();
oAuth2Request.getContext().put(ConstantKeys.AUTH_FLOW_CONTEXT_ATTRIBUTES_KEY, new HashMap<>());
TokenClaim customClaim = new TokenClaim();
customClaim.setTokenType(TokenTypeHint.ACCESS_TOKEN);
customClaim.setClaimName("iss");
customClaim.setClaimValue("https://custom-iss");
TokenClaim customClaim2 = new TokenClaim();
customClaim2.setTokenType(TokenTypeHint.ACCESS_TOKEN);
customClaim2.setClaimName("aud");
customClaim2.setClaimValue("my-api");
Client client = new Client();
client.setClientId("my-client-id");
client.setTokenCustomClaims(Arrays.asList(customClaim, customClaim2));
ReactableExecutionContext executionContext = mock(ReactableExecutionContext.class);
TemplateEngine templateEngine = mock(TemplateEngine.class);
when(templateEngine.getValue("https://custom-iss", Object.class)).thenReturn("https://custom-iss");
when(templateEngine.getValue("my-api", Object.class)).thenReturn("my-api");
when(executionContext.getTemplateEngine()).thenReturn(templateEngine);
ArgumentCaptor<JWT> jwtCaptor = ArgumentCaptor.forClass(JWT.class);
when(jwtService.encode(jwtCaptor.capture(), any(Client.class))).thenReturn(Single.just(""));
when(tokenEnhancer.enhance(any(), any(), any(), any(), any())).thenReturn(Single.just(new AccessToken("token-id")));
when(executionContextFactory.create(any())).thenReturn(executionContext);
doNothing().when(tokenManager).storeAccessToken(any());
TestObserver<Token> testObserver = tokenService.create(oAuth2Request, client, null).test();
testObserver.assertComplete();
testObserver.assertNoErrors();
JWT jwt = jwtCaptor.getValue();
assertNotNull(jwt);
assertTrue(jwt.get("iss") != null && "https://custom-iss".equals(jwt.get("iss")));
assertTrue(jwt.get("aud") != null && "my-api".equals(jwt.get("aud")));
verify(tokenManager, times(1)).storeAccessToken(any());
verify(accessTokenRepository, never()).delete(anyString());
verify(refreshTokenRepository, never()).delete(anyString());
verify(executionContext).setAttribute(eq(ConstantKeys.AUTH_FLOW_CONTEXT_ATTRIBUTES_KEY), any());
}
Also used :
TemplateEngine(io.gravitee.el.TemplateEngine)
OAuth2Request(io.gravitee.am.gateway.handler.oauth2.service.request.OAuth2Request)
TokenClaim(io.gravitee.am.model.TokenClaim)
JWT(io.gravitee.am.common.jwt.JWT)
AccessToken(io.gravitee.am.gateway.handler.oauth2.service.token.impl.AccessToken)
ReactableExecutionContext(io.gravitee.am.gateway.handler.context.ReactableExecutionContext)
RefreshToken(io.gravitee.am.repository.oauth2.model.RefreshToken)
AccessToken(io.gravitee.am.gateway.handler.oauth2.service.token.impl.AccessToken)
Client(io.gravitee.am.model.oidc.Client)
Test(org.junit.Test)
Example 97 with JWT
use of io.gravitee.am.common.jwt.JWT in project gravitee-access-management by gravitee-io.
the class UserInfoEndpointHandlerTest method shouldNotInvokeUserEndpoint_clientOnlyToken.
@Test
public void shouldNotInvokeUserEndpoint_clientOnlyToken() throws Exception {
Client client = new Client();
client.setId("client-id");
client.setClientId("client-id");
JWT token = new JWT();
token.setSub("client-id");
token.setAud("client-id");
router.route().order(-1).handler(createOAuth2AuthHandler(oAuth2AuthProvider(token, client)));
testRequest(HttpMethod.GET, "/userinfo", req -> req.putHeader(HttpHeaders.AUTHORIZATION, "Bearer test-token"), HttpStatusCode.UNAUTHORIZED_401, "Unauthorized", null);
}Example 98 with JWT
use of io.gravitee.am.common.jwt.JWT in project gravitee-access-management by gravitee-io.
the class UserInfoEndpointHandlerTest method shouldNotInvokeUserEndpoint_invalidToken_noClient.
@Test
public void shouldNotInvokeUserEndpoint_invalidToken_noClient() throws Exception {
JWT jwt = new JWT();
jwt.setAud("client-id");
router.route().order(-1).handler(createOAuth2AuthHandler(oAuth2AuthProvider(new InvalidClientException())));
testRequest(HttpMethod.GET, "/userinfo", req -> req.putHeader(HttpHeaders.AUTHORIZATION, "Bearer test-token"), HttpStatusCode.UNAUTHORIZED_401, "Unauthorized", null);
}
Also used :
JWT(io.gravitee.am.common.jwt.JWT)
InvalidClientException(io.gravitee.am.gateway.handler.oauth2.exception.InvalidClientException)
Test(org.junit.Test)
Example 99 with JWT
use of io.gravitee.am.common.jwt.JWT in project gravitee-access-management by gravitee-io.
the class UserInfoEndpointHandlerTest method shouldInvokeUserEndpoint_scopesRequest_and_claimsRequest_signedResponse.
@Test
public void shouldInvokeUserEndpoint_scopesRequest_and_claimsRequest_signedResponse() throws Exception {
JWT jwt = new JWT();
jwt.setJti("id-token");
jwt.setAud("client-id");
jwt.setSub("id-subject");
jwt.setScope("openid email address");
jwt.setClaimsRequestParameter("{\"userinfo\":{\"name\":{\"essential\":true}}}");
Client client = new Client();
client.setId("client-id");
client.setClientId("client-id");
client.setUserinfoSignedResponseAlg("algorithm");
router.route().order(-1).handler(createOAuth2AuthHandler(oAuth2AuthProvider(jwt, client)));
User user = createUser();
when(userService.findById(anyString())).thenReturn(Maybe.just(user));
when(jwtService.encodeUserinfo(any(), any())).thenReturn(Single.just("signedJwtBearer"));
when(jweService.encryptUserinfo("signedJwtBearer", client)).thenReturn(Single.just("signedJwtBearer"));
testRequest(HttpMethod.GET, "/userinfo", req -> req.putHeader(HttpHeaders.AUTHORIZATION, "Bearer test-token"), resp -> {
assertEquals(MediaType.APPLICATION_JWT, resp.getHeader(HttpHeaders.CONTENT_TYPE));
resp.bodyHandler(body -> assertEquals("signedJwtBearer", body.toString()));
}, HttpStatusCode.OK_200, "OK", null);
}Example 100 with JWT
use of io.gravitee.am.common.jwt.JWT in project gravitee-access-management by gravitee-io.
the class UserInfoEndpointHandlerTest method shouldInvokeUserEndpoint_noOpenIDScope.
@Test
public void shouldInvokeUserEndpoint_noOpenIDScope() throws Exception {
JWT jwt = new JWT();
jwt.setJti("id-token");
jwt.setAud("client-id");
jwt.setSub("id-subject");
jwt.setScope("read");
Client client = new Client();
client.setId("client-id");
client.setClientId("client-id");
router.route().order(-1).handler(createOAuth2AuthHandler(oAuth2AuthProvider(jwt, client)));
testRequest(HttpMethod.GET, "/userinfo", req -> req.putHeader(HttpHeaders.AUTHORIZATION, "Bearer test-token"), HttpStatusCode.FORBIDDEN_403, "Forbidden", null);
}Aggregations
JWT (io.gravitee.am.common.jwt.JWT)130
Test (org.junit.Test)76
Client (io.gravitee.am.model.oidc.Client)72
User (io.gravitee.am.model.User)35
Maybe (io.reactivex.Maybe)27
Json (io.vertx.core.json.Json)26
HttpHeaders (io.gravitee.common.http.HttpHeaders)23
MediaType (io.gravitee.common.http.MediaType)23
Single (io.reactivex.Single)22
ConstantKeys (io.gravitee.am.common.utils.ConstantKeys)19
InvalidTokenException (io.gravitee.am.common.exception.oauth2.InvalidTokenException)17
JWTService (io.gravitee.am.gateway.handler.common.jwt.JWTService)17
Handler (io.vertx.core.Handler)16
RxWebTestBase (io.gravitee.am.gateway.handler.common.vertx.RxWebTestBase)14
HttpMethod (io.vertx.core.http.HttpMethod)14
BodyHandler (io.vertx.reactivex.ext.web.handler.BodyHandler)14
RunWith (org.junit.runner.RunWith)14
InjectMocks (org.mockito.InjectMocks)14
Mock (org.mockito.Mock)14
OAuth2Request (io.gravitee.am.gateway.handler.oauth2.service.request.OAuth2Request)11
