Example 16 with User
use of oidc.model.User in project OpenConext-oidcng by OpenConext.
the class AuthorizationEndpointTest method hybridFlowFragment.
@Test
public void hybridFlowFragment() throws IOException, BadJOSEException, ParseException, JOSEException {
Response response = doAuthorize("mock-sp", "code id_token token", null, "nonce", null);
String url = response.getHeader("Location");
String fragment = url.substring(url.indexOf("#") + 1);
Map<String, String> fragmentParameters = fragmentToMap(fragment);
String code = fragmentParameters.get("code");
AuthorizationCode authorizationCode = mongoTemplate.findOne(Query.query(Criteria.where("code").is(code)), AuthorizationCode.class);
User user = mongoTemplate.findOne(Query.query(Criteria.where("sub").is(authorizationCode.getSub())), User.class);
assertNotNull(user);
String accessToken = fragmentParameters.get("access_token");
JWTClaimsSet claimsSet = assertImplicitFlowResponse(fragmentParameters);
Map<String, Object> tokenResponse = doToken(code);
List<User> users = mongoTemplate.find(Query.query(Criteria.where("sub").is(authorizationCode.getSub())), User.class);
assertEquals(0, users.size());
String newAccessToken = (String) tokenResponse.get("access_token");
/*
* If an Access Token is returned from both the Authorization Endpoint and from the Token Endpoint, which is
* the case for the response_type values code token and code id_token token, their values MAY be the same or
* they MAY be different. Note that different Access Tokens might be returned be due to the different
* security characteristics of the two endpoints and the lifetimes and the access to resources granted
* by them might also be different.
*/
assertNotEquals(accessToken, newAccessToken);
String idToken = (String) tokenResponse.get("id_token");
JWTClaimsSet newClaimsSet = processToken(idToken, port);
assertEquals(claimsSet.getAudience(), newClaimsSet.getAudience());
assertEquals(claimsSet.getSubject(), newClaimsSet.getSubject());
assertEquals(claimsSet.getIssuer(), newClaimsSet.getIssuer());
}
Also used :
Response(io.restassured.response.Response)
AuthorizationCode(oidc.model.AuthorizationCode)
User(oidc.model.User)
JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet)
StringContains.containsString(org.hamcrest.core.StringContains.containsString)
AbstractIntegrationTest(oidc.AbstractIntegrationTest)
Test(org.junit.Test)
SignedJWTTest(oidc.secure.SignedJWTTest)
Example 17 with User
use of oidc.model.User in project OpenConext-oidcng by OpenConext.
the class ResponseAuthenticationConverter method convert.
@Override
public OidcSamlAuthentication convert(OpenSaml4AuthenticationProvider.ResponseToken responseToken) {
Saml2Authentication authentication = defaultResponseAuthenticationConverter.convert(responseToken);
Assertion assertion = responseToken.getResponse().getAssertions().get(0);
Matcher matcher = inResponseToPattern.matcher(authentication.getSaml2Response());
boolean match = matcher.find();
if (!match) {
throw new SessionAuthenticationException("Invalid Authn Statement. Missing InResponseTo");
}
String authenticationRequestID = matcher.group(1);
User user = buildUser(assertion, authenticationRequestID);
Optional<User> existingUserOptional = userRepository.findOptionalUserBySub(user.getSub());
if (existingUserOptional.isPresent()) {
User existingUser = existingUserOptional.get();
LOG.debug("Authenticate with existing user: " + existingUser);
user.setId(existingUser.getId());
if (!user.equals(existingUser)) {
LOG.debug("Saving existing user with changed attributes: " + existingUser);
userRepository.save(existingUser);
}
} else {
LOG.debug("Provisioning new user : " + user);
userRepository.insert(user);
}
OidcSamlAuthentication oidcSamlAuthentication = new OidcSamlAuthentication(assertion, user, authenticationRequestID);
return oidcSamlAuthentication;
}
Also used :
SessionAuthenticationException(org.springframework.security.web.authentication.session.SessionAuthenticationException)
User(oidc.model.User)
Matcher(java.util.regex.Matcher)
Saml2Authentication(org.springframework.security.saml2.provider.service.authentication.Saml2Authentication)
OidcSamlAuthentication(oidc.user.OidcSamlAuthentication)
Aggregations
User (oidc.model.User)17
SignedJWT (com.nimbusds.jwt.SignedJWT)7
OpenIDClient (oidc.model.OpenIDClient)7
AuthorizationCode (oidc.model.AuthorizationCode)5
Test (org.junit.Test)5
AbstractIntegrationTest (oidc.AbstractIntegrationTest)4
UnauthorizedException (oidc.exceptions.UnauthorizedException)4
AccessToken (oidc.model.AccessToken)4
EncryptedTokenValue (oidc.model.EncryptedTokenValue)4
OidcSamlAuthentication (oidc.user.OidcSamlAuthentication)4
HTTPRequest (com.nimbusds.oauth2.sdk.http.HTTPRequest)3
Date (java.util.Date)3
UnknownClientException (oidc.exceptions.UnknownClientException)3
AuthenticationRequest (oidc.model.AuthenticationRequest)3
TokenValue (oidc.model.TokenValue)3
JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)2
ClientAuthentication (com.nimbusds.oauth2.sdk.auth.ClientAuthentication)2
PlainClientSecret (com.nimbusds.oauth2.sdk.auth.PlainClientSecret)2
LinkedHashMap (java.util.LinkedHashMap)2
Map (java.util.Map)2
