Example 96 with Client
use of io.gravitee.am.model.oidc.Client in project gravitee-access-management by gravitee-io.
the class DynamicClientRegistrationServiceTest method createFromTemplate_isNotTemplate.
@Test
public void createFromTemplate_isNotTemplate() {
Client template = new Client();
template.setId("123");
template.setClientName("shouldBeRemoved");
template.setClientId("shouldBeReplaced");
template.setClientSecret("shouldBeRemoved");
template.setRedirectUris(Arrays.asList("shouldBeRemoved"));
template.setSectorIdentifierUri("shouldBeRemoved");
template.setJwks(new JWKSet());
DynamicClientRegistrationRequest request = new DynamicClientRegistrationRequest();
request.setSoftwareId(Optional.of("123"));
request.setApplicationType(Optional.of("app"));
when(domain.isDynamicClientRegistrationTemplateEnabled()).thenReturn(true);
when(clientService.findById("123")).thenReturn(Maybe.just(template));
TestObserver<Client> testObserver = dcrService.create(request, BASE_PATH).test();
testObserver.assertNotComplete();
testObserver.assertError(InvalidClientMetadataException.class);
testObserver.assertErrorMessage("Client behind software_id is not a template");
verify(clientService, times(0)).create(any());
}Example 97 with Client
use of io.gravitee.am.model.oidc.Client in project gravitee-access-management by gravitee-io.
the class DynamicClientRegistrationServiceTest method create_applyDefaultIdentiyProvider.
@Test
public void create_applyDefaultIdentiyProvider() {
IdentityProvider identityProvider = Mockito.mock(IdentityProvider.class);
when(identityProvider.getId()).thenReturn("identity-provider-id-123");
when(identityProviderService.findByDomain(DOMAIN_ID)).thenReturn(Flowable.just(identityProvider));
DynamicClientRegistrationRequest request = new DynamicClientRegistrationRequest();
request.setRedirectUris(Optional.empty());
TestObserver<Client> testObserver = dcrService.create(request, BASE_PATH).test();
testObserver.assertNoErrors();
testObserver.assertComplete();
testObserver.assertValue(client -> defaultAssertion(client) && client.getIdentityProviders().stream().anyMatch(appIdp -> appIdp.getIdentity().equals("identity-provider-id-123")));
}
Also used :
IdentityProvider(io.gravitee.am.model.IdentityProvider)
WebClient(io.vertx.reactivex.ext.web.client.WebClient)
Client(io.gravitee.am.model.oidc.Client)
Test(org.junit.Test)
Example 98 with Client
use of io.gravitee.am.model.oidc.Client in project gravitee-access-management by gravitee-io.
the class DynamicClientRegistrationServiceTest method create_sectorIdentifierUri_invalidRedirectUri.
@Test
public void create_sectorIdentifierUri_invalidRedirectUri() {
final String sectorUri = "https://sector/uri";
DynamicClientRegistrationRequest request = new DynamicClientRegistrationRequest();
request.setRedirectUris(Optional.of(Arrays.asList("https://graviee.io/callback")));
// fail due to invalid url
request.setSectorIdentifierUri(Optional.of(sectorUri));
HttpRequest<Buffer> httpRequest = Mockito.mock(HttpRequest.class);
HttpResponse httpResponse = Mockito.mock(HttpResponse.class);
when(webClient.getAbs(sectorUri)).thenReturn(httpRequest);
when(httpRequest.rxSend()).thenReturn(Single.just(httpResponse));
when(httpResponse.bodyAsString()).thenReturn("[\"https://not/same/redirect/uri\"]");
TestObserver<Client> testObserver = dcrService.create(request, BASE_PATH).test();
testObserver.assertError(InvalidRedirectUriException.class);
testObserver.assertNotComplete();
}
Also used :
Buffer(io.vertx.reactivex.core.buffer.Buffer)
HttpResponse(io.vertx.reactivex.ext.web.client.HttpResponse)
ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString)
WebClient(io.vertx.reactivex.ext.web.client.WebClient)
Client(io.gravitee.am.model.oidc.Client)
Test(org.junit.Test)
Example 99 with Client
use of io.gravitee.am.model.oidc.Client in project gravitee-access-management by gravitee-io.
the class IDTokenServiceTest method shouldCreateIDToken_clientOnly_clientIdTokenCertificate.
@Test
public void shouldCreateIDToken_clientOnly_clientIdTokenCertificate() {
OAuth2Request oAuth2Request = new OAuth2Request();
oAuth2Request.setClientId("client-id");
oAuth2Request.setScopes(Collections.singleton("openid"));
Client client = new Client();
client.setCertificate("client-certificate");
String idTokenPayload = "payload";
io.gravitee.am.gateway.certificate.CertificateProvider idTokenCert = new io.gravitee.am.gateway.certificate.CertificateProvider(certificateProvider);
io.gravitee.am.gateway.certificate.CertificateProvider clientCert = new io.gravitee.am.gateway.certificate.CertificateProvider(certificateProvider);
io.gravitee.am.gateway.certificate.CertificateProvider defaultCert = new io.gravitee.am.gateway.certificate.CertificateProvider(defaultCertificateProvider);
ExecutionContext executionContext = mock(ExecutionContext.class);
when(certificateManager.findByAlgorithm(any())).thenReturn(Maybe.just(idTokenCert));
when(certificateManager.get(anyString())).thenReturn(Maybe.just(clientCert));
when(certificateManager.defaultCertificateProvider()).thenReturn(defaultCert);
when(jwtService.encode(any(), any(io.gravitee.am.gateway.certificate.CertificateProvider.class))).thenReturn(Single.just(idTokenPayload));
when(executionContextFactory.create(any())).thenReturn(executionContext);
TestObserver<String> testObserver = idTokenService.create(oAuth2Request, client, null).test();
testObserver.assertComplete();
testObserver.assertNoErrors();
verify(certificateManager, times(1)).findByAlgorithm(any());
verify(certificateManager, times(1)).get(anyString());
verify(certificateManager, times(1)).defaultCertificateProvider();
verify(jwtService, times(1)).encode(any(), eq(idTokenCert));
}
Also used :
OAuth2Request(io.gravitee.am.gateway.handler.oauth2.service.request.OAuth2Request)
ExecutionContext(io.gravitee.gateway.api.ExecutionContext)
CertificateProvider(io.gravitee.am.certificate.api.CertificateProvider)
Client(io.gravitee.am.model.oidc.Client)
Test(org.junit.Test)
Example 100 with Client
use of io.gravitee.am.model.oidc.Client in project gravitee-access-management by gravitee-io.
the class IDTokenServiceTest method shouldCreateIDToken_withUser_claimsRequest_acrValues.
@Test
public void shouldCreateIDToken_withUser_claimsRequest_acrValues() {
Client client = new Client();
User user = createUser();
OAuth2Request oAuth2Request = new OAuth2Request();
oAuth2Request.setClientId("client-id");
oAuth2Request.setScopes(Collections.singleton("openid"));
oAuth2Request.setSubject("subject");
MultiValueMap<String, String> requestParameters = new LinkedMultiValueMap<>();
requestParameters.put("claims", Collections.singletonList("{\"id_token\":{\"acr\":{\"value\":\"urn:mace:incommon:iap:silver\",\"essential\":true}}}"));
oAuth2Request.setParameters(requestParameters);
io.gravitee.am.gateway.certificate.CertificateProvider defaultCert = new io.gravitee.am.gateway.certificate.CertificateProvider(defaultCertificateProvider);
ExecutionContext executionContext = mock(ExecutionContext.class);
when(certificateManager.findByAlgorithm(any())).thenReturn(Maybe.empty());
when(certificateManager.get(any())).thenReturn(Maybe.empty());
when(certificateManager.defaultCertificateProvider()).thenReturn(defaultCert);
when(jwtService.encode(any(), any(io.gravitee.am.gateway.certificate.CertificateProvider.class))).thenReturn(Single.just("test"));
when(executionContextFactory.create(any())).thenReturn(executionContext);
((IDTokenServiceImpl) idTokenService).setObjectMapper(objectMapper);
TestObserver<String> testObserver = idTokenService.create(oAuth2Request, client, user).test();
testObserver.assertComplete();
testObserver.assertNoErrors();
ArgumentCaptor<JWT> tokenArgumentCaptor = ArgumentCaptor.forClass(JWT.class);
verify(jwtService).encode(tokenArgumentCaptor.capture(), any(io.gravitee.am.gateway.certificate.CertificateProvider.class));
JWT idToken = tokenArgumentCaptor.getValue();
assertTrue(idToken.containsKey(Claims.acr) && idToken.get(Claims.acr).equals("urn:mace:incommon:iap:silver"));
}
Also used :
User(io.gravitee.am.model.User)
LinkedMultiValueMap(io.gravitee.common.util.LinkedMultiValueMap)
JWT(io.gravitee.am.common.jwt.JWT)
IDTokenServiceImpl(io.gravitee.am.gateway.handler.oidc.service.idtoken.impl.IDTokenServiceImpl)
OAuth2Request(io.gravitee.am.gateway.handler.oauth2.service.request.OAuth2Request)
ExecutionContext(io.gravitee.gateway.api.ExecutionContext)
CertificateProvider(io.gravitee.am.certificate.api.CertificateProvider)
Client(io.gravitee.am.model.oidc.Client)
Test(org.junit.Test)
Aggregations
Client (io.gravitee.am.model.oidc.Client)482
Test (org.junit.Test)351
User (io.gravitee.am.model.User)120
JWT (io.gravitee.am.common.jwt.JWT)81
TestObserver (io.reactivex.observers.TestObserver)71
RoutingContext (io.vertx.reactivex.ext.web.RoutingContext)46
DefaultUser (io.gravitee.am.identityprovider.api.DefaultUser)45
JWKSet (io.gravitee.am.model.oidc.JWKSet)43
ApplicationScopeSettings (io.gravitee.am.model.application.ApplicationScopeSettings)42
AuthorizationRequest (io.gravitee.am.gateway.handler.oauth2.service.request.AuthorizationRequest)41
Domain (io.gravitee.am.model.Domain)41
HttpServerRequest (io.vertx.reactivex.core.http.HttpServerRequest)40
WebClient (io.vertx.reactivex.ext.web.client.WebClient)40
Maybe (io.reactivex.Maybe)39
Single (io.reactivex.Single)38
OpenIDProviderMetadata (io.gravitee.am.gateway.handler.oidc.service.discovery.OpenIDProviderMetadata)34
Handler (io.vertx.core.Handler)31
ConstantKeys (io.gravitee.am.common.utils.ConstantKeys)29
JWTService (io.gravitee.am.gateway.handler.common.jwt.JWTService)28
ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)28
