use of io.gravitee.am.gateway.handler.oauth2.service.request.OAuth2Request in project gravitee-access-management by gravitee-io.
the class IDTokenServiceTest method shouldCreateIDToken_withUser_scopesRequest_fullProfile.
@Test
public void shouldCreateIDToken_withUser_scopesRequest_fullProfile() {
OAuth2Request oAuth2Request = new OAuth2Request();
oAuth2Request.setClientId("client-id");
oAuth2Request.setScopes(new HashSet<>(Arrays.asList("openid", "full_profile")));
oAuth2Request.setSubject("subject");
Client client = new Client();
User user = createUser();
JWT expectedJwt = new JWT();
expectedJwt.setSub(user.getId());
expectedJwt.put(StandardClaims.WEBSITE, user.getAdditionalInformation().get(StandardClaims.WEBSITE));
expectedJwt.put(StandardClaims.ZONEINFO, user.getAdditionalInformation().get(StandardClaims.ZONEINFO));
expectedJwt.put(StandardClaims.BIRTHDATE, user.getAdditionalInformation().get(StandardClaims.BIRTHDATE));
expectedJwt.put(StandardClaims.GENDER, user.getAdditionalInformation().get(StandardClaims.GENDER));
expectedJwt.put(StandardClaims.PROFILE, user.getAdditionalInformation().get(StandardClaims.PROFILE));
expectedJwt.put(StandardClaims.EMAIL_VERIFIED, user.getAdditionalInformation().get(StandardClaims.EMAIL_VERIFIED));
expectedJwt.put(StandardClaims.EMAIL, user.getAdditionalInformation().get(StandardClaims.EMAIL));
expectedJwt.setIss(null);
expectedJwt.put(StandardClaims.PREFERRED_USERNAME, user.getAdditionalInformation().get(StandardClaims.PREFERRED_USERNAME));
expectedJwt.put(StandardClaims.GIVEN_NAME, user.getAdditionalInformation().get(StandardClaims.GIVEN_NAME));
expectedJwt.put(StandardClaims.MIDDLE_NAME, user.getAdditionalInformation().get(StandardClaims.MIDDLE_NAME));
expectedJwt.put(StandardClaims.LOCALE, user.getAdditionalInformation().get(StandardClaims.LOCALE));
expectedJwt.put(StandardClaims.PICTURE, user.getAdditionalInformation().get(StandardClaims.PICTURE));
expectedJwt.setAud("client-id");
expectedJwt.put(StandardClaims.UPDATED_AT, user.getAdditionalInformation().get(StandardClaims.UPDATED_AT));
expectedJwt.put(StandardClaims.NAME, user.getAdditionalInformation().get(StandardClaims.NAME));
expectedJwt.put(StandardClaims.NICKNAME, user.getAdditionalInformation().get(StandardClaims.NICKNAME));
expectedJwt.setExp((System.currentTimeMillis() / 1000l) + 14400);
expectedJwt.setIat(System.currentTimeMillis() / 1000l);
expectedJwt.put(StandardClaims.FAMILY_NAME, user.getAdditionalInformation().get(StandardClaims.FAMILY_NAME));
expectedJwt.put(StandardClaims.ADDRESS, user.getAdditionalInformation().get(StandardClaims.ADDRESS));
expectedJwt.put(StandardClaims.PHONE_NUMBER, user.getAdditionalInformation().get(StandardClaims.PHONE_NUMBER));
expectedJwt.put(StandardClaims.PHONE_NUMBER_VERIFIED, user.getAdditionalInformation().get(StandardClaims.PHONE_NUMBER_VERIFIED));
ExecutionContext executionContext = mock(ExecutionContext.class);
when(executionContextFactory.create(any())).thenReturn(executionContext);
ArgumentCaptor<JWT> jwtCaptor = ArgumentCaptor.forClass(JWT.class);
when(certificateManager.findByAlgorithm(any())).thenReturn(Maybe.empty());
when(certificateManager.defaultCertificateProvider()).thenReturn(new io.gravitee.am.gateway.certificate.CertificateProvider(defaultCertificateProvider));
when(certificateManager.get(any())).thenReturn(Maybe.just(new io.gravitee.am.gateway.certificate.CertificateProvider(certificateProvider)));
when(jwtService.encode(jwtCaptor.capture(), any(io.gravitee.am.gateway.certificate.CertificateProvider.class))).thenReturn(Single.just("test"));
TestObserver<String> testObserver = idTokenService.create(oAuth2Request, client, user).test();
testObserver.awaitTerminalEvent();
testObserver.assertComplete();
testObserver.assertNoErrors();
verify(certificateManager, times(1)).get(any());
verify(jwtService, times(1)).encode(any(), any(io.gravitee.am.gateway.certificate.CertificateProvider.class));
final JWT capturedValue = jwtCaptor.getValue();
assertEquals(capturedValue.getSub(), expectedJwt.getSub());
assertEquals(capturedValue.getAud(), expectedJwt.getAud());
assertEquals(capturedValue.get(StandardClaims.ADDRESS), expectedJwt.get(StandardClaims.ADDRESS));
assertEquals(capturedValue.get(StandardClaims.EMAIL), expectedJwt.get(StandardClaims.EMAIL));
}
use of io.gravitee.am.gateway.handler.oauth2.service.request.OAuth2Request in project gravitee-access-management by gravitee-io.
the class IDTokenServiceTest method shouldCreateIDToken_withUser_scopesRequest_email.
@Test
public void shouldCreateIDToken_withUser_scopesRequest_email() {
OAuth2Request oAuth2Request = new OAuth2Request();
oAuth2Request.setClientId("client-id");
oAuth2Request.setScopes(new HashSet<>(Arrays.asList("openid", "email")));
oAuth2Request.setSubject("subject");
Client client = new Client();
User user = createUser();
JWT expectedJwt = new JWT();
expectedJwt.setSub(user.getId());
expectedJwt.setAud("client-id");
expectedJwt.put(StandardClaims.EMAIL_VERIFIED, user.getAdditionalInformation().get(StandardClaims.EMAIL_VERIFIED));
expectedJwt.setIss(null);
expectedJwt.setExp((System.currentTimeMillis() / 1000l) + 14400);
expectedJwt.setIat(System.currentTimeMillis() / 1000l);
expectedJwt.put(StandardClaims.EMAIL, user.getAdditionalInformation().get(StandardClaims.EMAIL));
ExecutionContext executionContext = mock(ExecutionContext.class);
when(executionContextFactory.create(any())).thenReturn(executionContext);
ArgumentCaptor<JWT> jwtCaptor = ArgumentCaptor.forClass(JWT.class);
when(certificateManager.findByAlgorithm(any())).thenReturn(Maybe.empty());
when(certificateManager.defaultCertificateProvider()).thenReturn(new io.gravitee.am.gateway.certificate.CertificateProvider(defaultCertificateProvider));
when(certificateManager.get(any())).thenReturn(Maybe.just(new io.gravitee.am.gateway.certificate.CertificateProvider(certificateProvider)));
when(jwtService.encode(jwtCaptor.capture(), any(io.gravitee.am.gateway.certificate.CertificateProvider.class))).thenReturn(Single.just("test"));
TestObserver<String> testObserver = idTokenService.create(oAuth2Request, client, user).test();
testObserver.awaitTerminalEvent();
testObserver.assertComplete();
testObserver.assertNoErrors();
verify(certificateManager, times(1)).get(any());
verify(jwtService, times(1)).encode(any(), any(io.gravitee.am.gateway.certificate.CertificateProvider.class));
JWT jwt = jwtCaptor.getValue();
assertNotNull(jwt);
assertTrue(jwt.get("sub") != null && expectedJwt.getSub().equals(jwt.get("sub")));
assertTrue(jwt.get("aud") != null && expectedJwt.getAud().equals(jwt.get("aud")));
assertTrue(jwt.get("email") != null && expectedJwt.get(StandardClaims.EMAIL).equals(jwt.get("email")));
assertTrue(jwt.get("address") == null);
}
use of io.gravitee.am.gateway.handler.oauth2.service.request.OAuth2Request in project gravitee-access-management by gravitee-io.
the class IDTokenServiceTest method shouldCreateIDToken_customClaims.
@Test
public void shouldCreateIDToken_customClaims() {
OAuth2Request oAuth2Request = new OAuth2Request();
oAuth2Request.setClientId("client-id");
oAuth2Request.setScopes(Collections.singleton("openid"));
TokenClaim customClaim = new TokenClaim();
customClaim.setTokenType(TokenTypeHint.ID_TOKEN);
customClaim.setClaimName("iss");
customClaim.setClaimValue("https://custom-iss");
Client client = new Client();
client.setCertificate("certificate-client");
client.setClientId("my-client-id");
client.setTokenCustomClaims(Arrays.asList(customClaim));
ExecutionContext executionContext = mock(ExecutionContext.class);
TemplateEngine templateEngine = mock(TemplateEngine.class);
when(templateEngine.getValue("https://custom-iss", Object.class)).thenReturn("https://custom-iss");
when(executionContext.getTemplateEngine()).thenReturn(templateEngine);
String idTokenPayload = "payload";
io.gravitee.am.gateway.certificate.CertificateProvider defaultCert = new io.gravitee.am.gateway.certificate.CertificateProvider(defaultCertificateProvider);
ArgumentCaptor<JWT> jwtCaptor = ArgumentCaptor.forClass(JWT.class);
when(jwtService.encode(jwtCaptor.capture(), any(io.gravitee.am.gateway.certificate.CertificateProvider.class))).thenReturn(Single.just(idTokenPayload));
when(certificateManager.findByAlgorithm(any())).thenReturn(Maybe.empty());
when(certificateManager.get(any())).thenReturn(Maybe.empty());
when(certificateManager.defaultCertificateProvider()).thenReturn(defaultCert);
TestObserver<String> testObserver = idTokenService.create(oAuth2Request, client, null, executionContext).test();
testObserver.assertComplete();
testObserver.assertNoErrors();
JWT jwt = jwtCaptor.getValue();
assertNotNull(jwt);
assertTrue(jwt.get("iss") != null && "https://custom-iss".equals(jwt.get("iss")));
verify(certificateManager, times(1)).findByAlgorithm(any());
verify(certificateManager, times(1)).get(anyString());
verify(certificateManager, times(1)).defaultCertificateProvider();
verify(jwtService, times(1)).encode(any(), eq(defaultCert));
}
use of io.gravitee.am.gateway.handler.oauth2.service.request.OAuth2Request in project gravitee-access-management by gravitee-io.
the class IDTokenServiceTest method shouldCreateIDToken_withUser_scopesRequest.
@Test
public void shouldCreateIDToken_withUser_scopesRequest() {
OAuth2Request oAuth2Request = new OAuth2Request();
oAuth2Request.setClientId("client-id");
oAuth2Request.setScopes(new HashSet<>(Arrays.asList("openid", "profile")));
oAuth2Request.setSubject("subject");
Client client = new Client();
User user = createUser();
JWT expectedJwt = new JWT();
expectedJwt.setSub(user.getId());
expectedJwt.put(StandardClaims.WEBSITE, user.getAdditionalInformation().get(StandardClaims.WEBSITE));
expectedJwt.put(StandardClaims.ZONEINFO, user.getAdditionalInformation().get(StandardClaims.ZONEINFO));
expectedJwt.put(StandardClaims.BIRTHDATE, user.getAdditionalInformation().get(StandardClaims.BIRTHDATE));
expectedJwt.put(StandardClaims.GENDER, user.getAdditionalInformation().get(StandardClaims.GENDER));
expectedJwt.put(StandardClaims.PROFILE, user.getAdditionalInformation().get(StandardClaims.PROFILE));
expectedJwt.setIss(null);
expectedJwt.put(StandardClaims.PREFERRED_USERNAME, user.getAdditionalInformation().get(StandardClaims.PREFERRED_USERNAME));
expectedJwt.put(StandardClaims.GIVEN_NAME, user.getAdditionalInformation().get(StandardClaims.GIVEN_NAME));
expectedJwt.put(StandardClaims.MIDDLE_NAME, user.getAdditionalInformation().get(StandardClaims.MIDDLE_NAME));
expectedJwt.put(StandardClaims.LOCALE, user.getAdditionalInformation().get(StandardClaims.LOCALE));
expectedJwt.put(StandardClaims.PICTURE, user.getAdditionalInformation().get(StandardClaims.PICTURE));
expectedJwt.setAud("client-id");
expectedJwt.put(StandardClaims.UPDATED_AT, user.getAdditionalInformation().get(StandardClaims.UPDATED_AT));
expectedJwt.put(StandardClaims.NAME, user.getAdditionalInformation().get(StandardClaims.NAME));
expectedJwt.put(StandardClaims.NICKNAME, user.getAdditionalInformation().get(StandardClaims.NICKNAME));
expectedJwt.setExp((System.currentTimeMillis() / 1000l) + 14400);
expectedJwt.setIat(System.currentTimeMillis() / 1000l);
expectedJwt.put(StandardClaims.FAMILY_NAME, user.getAdditionalInformation().get(StandardClaims.FAMILY_NAME));
ExecutionContext executionContext = mock(ExecutionContext.class);
when(executionContextFactory.create(any())).thenReturn(executionContext);
when(certificateManager.findByAlgorithm(any())).thenReturn(Maybe.empty());
when(certificateManager.defaultCertificateProvider()).thenReturn(new io.gravitee.am.gateway.certificate.CertificateProvider(defaultCertificateProvider));
when(certificateManager.get(any())).thenReturn(Maybe.just(new io.gravitee.am.gateway.certificate.CertificateProvider(certificateProvider)));
when(jwtService.encode(any(), any(io.gravitee.am.gateway.certificate.CertificateProvider.class))).thenReturn(Single.just("test"));
TestObserver<String> testObserver = idTokenService.create(oAuth2Request, client, user).test();
testObserver.awaitTerminalEvent();
testObserver.assertComplete();
testObserver.assertNoErrors();
verify(certificateManager, times(1)).get(any());
verify(jwtService, times(1)).encode(eq(expectedJwt), any(io.gravitee.am.gateway.certificate.CertificateProvider.class));
}
use of io.gravitee.am.gateway.handler.oauth2.service.request.OAuth2Request in project gravitee-access-management by gravitee-io.
the class IDTokenServiceTest method shouldCreateIDToken_withUser_scopesRequest_and_claimsRequest.
@Test
public void shouldCreateIDToken_withUser_scopesRequest_and_claimsRequest() {
OAuth2Request oAuth2Request = new OAuth2Request();
oAuth2Request.setClientId("client-id");
oAuth2Request.setScopes(new HashSet<>(Arrays.asList("openid", "email", "address")));
oAuth2Request.setSubject("subject");
MultiValueMap<String, String> requestParameters = new LinkedMultiValueMap<>();
requestParameters.put("claims", Collections.singletonList("{\"id_token\":{\"name\":{\"essential\":true}}}"));
oAuth2Request.setParameters(requestParameters);
Client client = new Client();
User user = createUser();
JWT expectedJwt = new JWT();
expectedJwt.setSub(user.getId());
expectedJwt.setAud("client-id");
expectedJwt.put(StandardClaims.ADDRESS, user.getAdditionalInformation().get(StandardClaims.ADDRESS));
expectedJwt.put(StandardClaims.EMAIL_VERIFIED, user.getAdditionalInformation().get(StandardClaims.EMAIL_VERIFIED));
expectedJwt.setIss(null);
expectedJwt.put(StandardClaims.NAME, user.getAdditionalInformation().get(StandardClaims.NAME));
expectedJwt.setExp((System.currentTimeMillis() / 1000l) + 14400);
expectedJwt.setIat(System.currentTimeMillis() / 1000l);
expectedJwt.put(StandardClaims.EMAIL, user.getAdditionalInformation().get(StandardClaims.EMAIL));
ExecutionContext executionContext = mock(ExecutionContext.class);
when(executionContextFactory.create(any())).thenReturn(executionContext);
when(certificateManager.findByAlgorithm(any())).thenReturn(Maybe.empty());
when(certificateManager.defaultCertificateProvider()).thenReturn(new io.gravitee.am.gateway.certificate.CertificateProvider(defaultCertificateProvider));
when(certificateManager.get(any())).thenReturn(Maybe.just(new io.gravitee.am.gateway.certificate.CertificateProvider(certificateProvider)));
when(jwtService.encode(any(), any(io.gravitee.am.gateway.certificate.CertificateProvider.class))).thenReturn(Single.just("test"));
((IDTokenServiceImpl) idTokenService).setObjectMapper(objectMapper);
TestObserver<String> testObserver = idTokenService.create(oAuth2Request, client, user).test();
testObserver.awaitTerminalEvent();
testObserver.assertComplete();
testObserver.assertNoErrors();
verify(certificateManager, times(1)).get(any());
verify(jwtService, times(1)).encode(eq(expectedJwt), any(io.gravitee.am.gateway.certificate.CertificateProvider.class));
}
Aggregations