Search in sources :

Example 1 with IntrospectionResponse

use of io.gravitee.am.gateway.handler.oauth2.service.introspection.IntrospectionResponse in project gravitee-access-management by gravitee-io.

the class IntrospectionServiceImpl method convert.

private IntrospectionResponse convert(AccessToken accessToken, User user) {
    IntrospectionResponse introspectionResponse = new IntrospectionResponse();
    introspectionResponse.setActive(true);
    introspectionResponse.setClientId(accessToken.getClientId());
    introspectionResponse.setExp(accessToken.getExpireAt().getTime() / 1000);
    introspectionResponse.setIat(accessToken.getCreatedAt().getTime() / 1000);
    introspectionResponse.setTokenType(accessToken.getTokenType());
    introspectionResponse.setSub(accessToken.getSubject());
    if (user != null) {
        introspectionResponse.setUsername(user.getUsername());
    }
    if (accessToken.getScope() != null && !accessToken.getScope().isEmpty()) {
        introspectionResponse.setScope(accessToken.getScope());
    }
    if (accessToken.getAdditionalInformation() != null && !accessToken.getAdditionalInformation().isEmpty()) {
        accessToken.getAdditionalInformation().forEach((k, v) -> introspectionResponse.putIfAbsent(k, v));
    }
    final Map<String, Object> cnf = accessToken.getConfirmationMethod();
    if (cnf != null) {
        introspectionResponse.setConfirmationMethod(cnf);
    }
    // remove "aud" claim due to some backend APIs unable to verify the "aud" value
    // see <a href="https://github.com/gravitee-io/issues/issues/3111"></a>
    introspectionResponse.remove(Claims.aud);
    return introspectionResponse;
}
Also used : IntrospectionResponse(io.gravitee.am.gateway.handler.oauth2.service.introspection.IntrospectionResponse)

Example 2 with IntrospectionResponse

use of io.gravitee.am.gateway.handler.oauth2.service.introspection.IntrospectionResponse in project gravitee-access-management by gravitee-io.

the class IntrospectionServiceTest method shouldNotReturnAudClaim.

@Test
public void shouldNotReturnAudClaim() {
    final String token = "token";
    AccessToken accessToken = new AccessToken(token);
    accessToken.setSubject("client-id");
    accessToken.setClientId("client-id");
    accessToken.setCreatedAt(new Date());
    accessToken.setExpireAt(new Date());
    accessToken.setAdditionalInformation(Collections.singletonMap(Claims.aud, "test-aud"));
    when(tokenService.introspect(token)).thenReturn(Single.just(accessToken));
    IntrospectionRequest introspectionRequest = new IntrospectionRequest(token);
    TestObserver<IntrospectionResponse> testObserver = introspectionService.introspect(introspectionRequest).test();
    testObserver.awaitTerminalEvent();
    testObserver.assertComplete();
    testObserver.assertNoErrors();
    testObserver.assertValue(introspectionResponse -> !introspectionResponse.containsKey(Claims.aud));
}
Also used : AccessToken(io.gravitee.am.gateway.handler.oauth2.service.token.impl.AccessToken) Date(java.util.Date) Test(org.junit.Test)

Example 3 with IntrospectionResponse

use of io.gravitee.am.gateway.handler.oauth2.service.introspection.IntrospectionResponse in project gravitee-access-management by gravitee-io.

the class IntrospectionServiceTest method shouldReturnCustomClaims.

@Test
public void shouldReturnCustomClaims() {
    final String token = "token";
    AccessToken accessToken = new AccessToken(token);
    accessToken.setSubject("client-id");
    accessToken.setClientId("client-id");
    accessToken.setCreatedAt(new Date());
    accessToken.setExpireAt(new Date());
    accessToken.setAdditionalInformation(Collections.singletonMap("custom-claim", "test"));
    when(tokenService.introspect(token)).thenReturn(Single.just(accessToken));
    IntrospectionRequest introspectionRequest = new IntrospectionRequest(token);
    TestObserver<IntrospectionResponse> testObserver = introspectionService.introspect(introspectionRequest).test();
    testObserver.awaitTerminalEvent();
    testObserver.assertComplete();
    testObserver.assertNoErrors();
    testObserver.assertValue(introspectionResponse -> introspectionResponse.get("custom-claim").equals("test"));
}
Also used : AccessToken(io.gravitee.am.gateway.handler.oauth2.service.token.impl.AccessToken) Date(java.util.Date) Test(org.junit.Test)

Example 4 with IntrospectionResponse

use of io.gravitee.am.gateway.handler.oauth2.service.introspection.IntrospectionResponse in project gravitee-access-management by gravitee-io.

the class IntrospectionServiceTest method shouldNotSearchForAUser_clientCredentials.

@Test
public void shouldNotSearchForAUser_clientCredentials() {
    final String token = "token";
    AccessToken accessToken = new AccessToken(token);
    accessToken.setSubject("client-id");
    accessToken.setClientId("client-id");
    when(tokenService.introspect("token")).thenReturn(Single.just(accessToken));
    IntrospectionRequest introspectionRequest = new IntrospectionRequest(token);
    TestObserver<IntrospectionResponse> testObserver = introspectionService.introspect(introspectionRequest).test();
    testObserver.awaitTerminalEvent();
    testObserver.assertComplete();
    testObserver.assertNoErrors();
    verify(userService, never()).findById(anyString());
}
Also used : AccessToken(io.gravitee.am.gateway.handler.oauth2.service.token.impl.AccessToken) Test(org.junit.Test)

Example 5 with IntrospectionResponse

use of io.gravitee.am.gateway.handler.oauth2.service.introspection.IntrospectionResponse in project gravitee-access-management by gravitee-io.

the class IntrospectionServiceTest method shouldSearchForAUser.

@Test
public void shouldSearchForAUser() {
    final String token = "token";
    AccessToken accessToken = new AccessToken(token);
    accessToken.setSubject("user");
    accessToken.setClientId("client-id");
    when(tokenService.introspect("token")).thenReturn(Single.just(accessToken));
    when(userService.findById("user")).thenReturn(Maybe.just(new User()));
    IntrospectionRequest introspectionRequest = new IntrospectionRequest(token);
    TestObserver<IntrospectionResponse> testObserver = introspectionService.introspect(introspectionRequest).test();
    testObserver.awaitTerminalEvent();
    testObserver.assertComplete();
    testObserver.assertNoErrors();
    verify(userService, times(1)).findById("user");
}
Also used : User(io.gravitee.am.model.User) AccessToken(io.gravitee.am.gateway.handler.oauth2.service.token.impl.AccessToken) Test(org.junit.Test)

Aggregations

AccessToken (io.gravitee.am.gateway.handler.oauth2.service.token.impl.AccessToken)4 Test (org.junit.Test)4 Date (java.util.Date)2 InvalidRequestException (io.gravitee.am.common.exception.oauth2.InvalidRequestException)1 TokenTypeHint (io.gravitee.am.common.oauth2.TokenTypeHint)1 ConstantKeys (io.gravitee.am.common.utils.ConstantKeys)1 InvalidClientException (io.gravitee.am.gateway.handler.oauth2.exception.InvalidClientException)1 UnsupportedTokenType (io.gravitee.am.gateway.handler.oauth2.exception.UnsupportedTokenType)1 IntrospectionRequest (io.gravitee.am.gateway.handler.oauth2.service.introspection.IntrospectionRequest)1 IntrospectionResponse (io.gravitee.am.gateway.handler.oauth2.service.introspection.IntrospectionResponse)1 IntrospectionService (io.gravitee.am.gateway.handler.oauth2.service.introspection.IntrospectionService)1 User (io.gravitee.am.model.User)1 Client (io.gravitee.am.model.oidc.Client)1 HttpHeaders (io.gravitee.common.http.HttpHeaders)1 MediaType (io.gravitee.common.http.MediaType)1 Handler (io.vertx.core.Handler)1 Json (io.vertx.core.json.Json)1 RoutingContext (io.vertx.reactivex.ext.web.RoutingContext)1