Search in sources :

Example 6 with OAuth2Request

use of io.gravitee.am.gateway.handler.oauth2.service.request.OAuth2Request in project gravitee-access-management by gravitee-io.

the class UMATokenGranter method createOAuth2Request.

private Single<OAuth2Request> createOAuth2Request(TokenRequest tokenRequest, Client client, User endUser) {
    // Remove Token Request scopes as they are now injected into each permission requests.
    tokenRequest.setScopes(null);
    // Create Request
    OAuth2Request oAuth2Request = tokenRequest.createOAuth2Request();
    // Set User
    oAuth2Request.setSubject(endUser != null ? endUser.getId() : oAuth2Request.getSubject());
    // Client may have refresh_token grant, but if request is not made for an end user, then we should not generate refresh.
    oAuth2Request.setSupportRefreshToken(endUser != null && isSupportRefreshToken(client));
    return Single.just(oAuth2Request);
}
Also used : OAuth2Request(io.gravitee.am.gateway.handler.oauth2.service.request.OAuth2Request)

Example 7 with OAuth2Request

use of io.gravitee.am.gateway.handler.oauth2.service.request.OAuth2Request in project gravitee-access-management by gravitee-io.

the class UmaTokenGranterTest method grant_user_additionalScopeCase.

@Test
public void grant_user_additionalScopeCase() {
    tokenRequest.setScopes(new HashSet<>(Arrays.asList("scopeB", "scopeC")));
    TestObserver<Token> testObserver = umaTokenGranter.grant(tokenRequest, client).test();
    testObserver.assertComplete().assertNoErrors().assertValue(token -> "success".equals(token.getValue()));
    OAuth2Request result = oauth2RequestCaptor.getValue();
    assertTrue(USER_ID.equals(result.getSubject()));
    assertTrue(assertAdditionalScopePermissions(result.getPermissions()));
    assertTrue(result.isSupportRefreshToken());
}
Also used : OAuth2Request(io.gravitee.am.gateway.handler.oauth2.service.request.OAuth2Request) Token(io.gravitee.am.gateway.handler.oauth2.service.token.Token) AccessToken(io.gravitee.am.gateway.handler.oauth2.service.token.impl.AccessToken) Test(org.junit.Test)

Example 8 with OAuth2Request

use of io.gravitee.am.gateway.handler.oauth2.service.request.OAuth2Request in project gravitee-access-management by gravitee-io.

the class UmaTokenGranterTest method grant_user_RptWithoutPermissionCase.

@Test
public void grant_user_RptWithoutPermissionCase() {
    parameters.add(RPT, RPT_OLD_TOKEN);
    when(rpt.get("permissions")).thenReturn(null);
    TestObserver<Token> testObserver = umaTokenGranter.grant(tokenRequest, client).test();
    testObserver.assertComplete().assertNoErrors().assertValue(token -> "success".equals(token.getValue()));
    OAuth2Request result = oauth2RequestCaptor.getValue();
    assertTrue(USER_ID.equals(result.getSubject()));
    assertTrue(assertNominalPermissions(result.getPermissions()));
    assertTrue(result.isSupportRefreshToken());
}
Also used : OAuth2Request(io.gravitee.am.gateway.handler.oauth2.service.request.OAuth2Request) Token(io.gravitee.am.gateway.handler.oauth2.service.token.Token) AccessToken(io.gravitee.am.gateway.handler.oauth2.service.token.impl.AccessToken) Test(org.junit.Test)

Example 9 with OAuth2Request

use of io.gravitee.am.gateway.handler.oauth2.service.request.OAuth2Request in project gravitee-access-management by gravitee-io.

the class UmaTokenGranterTest method grant_user_nominalCase.

@Test
public void grant_user_nominalCase() {
    TestObserver<Token> testObserver = umaTokenGranter.grant(tokenRequest, client).test();
    testObserver.assertComplete().assertNoErrors().assertValue(token -> "success".equals(token.getValue()));
    OAuth2Request result = oauth2RequestCaptor.getValue();
    assertTrue(USER_ID.equals(result.getSubject()));
    assertTrue(assertNominalPermissions(result.getPermissions()));
    assertTrue(result.isSupportRefreshToken());
}
Also used : OAuth2Request(io.gravitee.am.gateway.handler.oauth2.service.request.OAuth2Request) Token(io.gravitee.am.gateway.handler.oauth2.service.token.Token) AccessToken(io.gravitee.am.gateway.handler.oauth2.service.token.impl.AccessToken) Test(org.junit.Test)

Example 10 with OAuth2Request

use of io.gravitee.am.gateway.handler.oauth2.service.request.OAuth2Request in project gravitee-access-management by gravitee-io.

the class UmaTokenGranterTest method grant_user_extendRptCase.

@Test
public void grant_user_extendRptCase() {
    parameters.add(RPT, RPT_OLD_TOKEN);
    tokenRequest.setScopes(new HashSet<>(Arrays.asList("scopeD")));
    TestObserver<Token> testObserver = umaTokenGranter.grant(tokenRequest, client).test();
    testObserver.assertComplete().assertNoErrors().assertValue(token -> "success".equals(token.getValue()) && token.isUpgraded());
    OAuth2Request result = oauth2RequestCaptor.getValue();
    assertTrue(USER_ID.equals(result.getSubject()));
    assertTrue(assertExtendedRptPermissions(result.getPermissions()));
    assertTrue(result.isSupportRefreshToken());
}
Also used : OAuth2Request(io.gravitee.am.gateway.handler.oauth2.service.request.OAuth2Request) Token(io.gravitee.am.gateway.handler.oauth2.service.token.Token) AccessToken(io.gravitee.am.gateway.handler.oauth2.service.token.impl.AccessToken) Test(org.junit.Test)

Aggregations

OAuth2Request (io.gravitee.am.gateway.handler.oauth2.service.request.OAuth2Request)32 Test (org.junit.Test)27 Client (io.gravitee.am.model.oidc.Client)21 ExecutionContext (io.gravitee.gateway.api.ExecutionContext)17 AccessToken (io.gravitee.am.gateway.handler.oauth2.service.token.impl.AccessToken)15 CertificateProvider (io.gravitee.am.certificate.api.CertificateProvider)12 JWT (io.gravitee.am.common.jwt.JWT)12 Token (io.gravitee.am.gateway.handler.oauth2.service.token.Token)12 User (io.gravitee.am.model.User)10 LinkedMultiValueMap (io.gravitee.common.util.LinkedMultiValueMap)5 ReactableExecutionContext (io.gravitee.am.gateway.handler.context.ReactableExecutionContext)3 IDTokenServiceImpl (io.gravitee.am.gateway.handler.oidc.service.idtoken.impl.IDTokenServiceImpl)3 TokenClaim (io.gravitee.am.model.TokenClaim)3 PermissionRequest (io.gravitee.am.model.uma.PermissionRequest)3 RefreshToken (io.gravitee.am.repository.oauth2.model.RefreshToken)3 InvalidTokenException (io.gravitee.am.common.exception.oauth2.InvalidTokenException)2 JWTService (io.gravitee.am.gateway.handler.common.jwt.JWTService)2 ExecutionContextFactory (io.gravitee.am.gateway.handler.context.ExecutionContextFactory)2 InvalidGrantException (io.gravitee.am.gateway.handler.oauth2.exception.InvalidGrantException)2 TokenRequest (io.gravitee.am.gateway.handler.oauth2.service.request.TokenRequest)2