Example 6 with AccessToken
use of org.forgerock.oauth2.core.AccessToken in project OpenAM by OpenRock.
the class AccessTokenProtectionFilterTest method testBeforeHandleWithoutNeedingScope.
@Test
public void testBeforeHandleWithoutNeedingScope() throws Exception {
//Given
filter = new AccessTokenProtectionFilter(null, tokenStore, requestFactory, null);
Request req = mock(Request.class);
Response resp = mock(Response.class);
OAuth2Request oAuth2Request = mock(OAuth2Request.class);
when(requestFactory.create(req)).thenReturn(oAuth2Request);
ChallengeResponse challengeResponse = new ChallengeResponse(ChallengeScheme.HTTP_BASIC);
challengeResponse.setRawValue("tokenId");
when(req.getChallengeResponse()).thenReturn(challengeResponse);
AccessToken accessToken = new AccessToken(json(object(field("id", "tokenId"), field("tokenName", "access_token"), field("scope", asSet("a")), field("expireTime", System.currentTimeMillis() + 5000))));
when(tokenStore.readAccessToken(oAuth2Request, "tokenId")).thenReturn(accessToken);
//When
int result = filter.beforeHandle(req, resp);
//Then
assertThat(result).isEqualTo(Filter.CONTINUE);
}
Also used :
ChallengeResponse(org.restlet.data.ChallengeResponse)
Response(org.restlet.Response)
OAuth2Request(org.forgerock.oauth2.core.OAuth2Request)
AccessToken(org.forgerock.oauth2.core.AccessToken)
Request(org.restlet.Request)
OAuth2Request(org.forgerock.oauth2.core.OAuth2Request)
ChallengeResponse(org.restlet.data.ChallengeResponse)
Test(org.testng.annotations.Test)
Example 7 with AccessToken
use of org.forgerock.oauth2.core.AccessToken in project OpenAM by OpenRock.
the class RestletFormBodyAccessTokenVerifierTest method shouldCheckValid.
@Test
public void shouldCheckValid() throws Exception {
// Given
Form form = new Form();
form.add("access_token", "freddy");
Request request = new Request();
request.setEntity(form.getWebRepresentation());
OAuth2Request req = new RestletOAuth2Request(null, request);
AccessToken token = new AccessToken(json(object()), "access_token", "freddy") {
@Override
public boolean isExpired() {
return false;
}
};
when(tokenStore.readAccessToken(req, "freddy")).thenReturn(token);
// When
AccessTokenVerifier.TokenState result = verifier.verify(req);
// Then
assertThat(result.isValid()).isTrue();
assertThat(result.getTokenId()).isEqualTo("freddy");
verify(tokenStore).readAccessToken(req, "freddy");
}
Also used :
OAuth2Request(org.forgerock.oauth2.core.OAuth2Request)
Form(org.restlet.data.Form)
AccessToken(org.forgerock.oauth2.core.AccessToken)
Request(org.restlet.Request)
OAuth2Request(org.forgerock.oauth2.core.OAuth2Request)
AccessTokenVerifier(org.forgerock.oauth2.core.AccessTokenVerifier)
Test(org.testng.annotations.Test)
Example 8 with AccessToken
use of org.forgerock.oauth2.core.AccessToken in project OpenAM by OpenRock.
the class RestletFormBodyAccessTokenVerifierTest method shouldCheckExpired.
@Test
public void shouldCheckExpired() throws Exception {
// Given
Form form = new Form();
form.add("access_token", "freddy");
Request request = new Request();
request.setEntity(form.getWebRepresentation());
OAuth2Request req = new RestletOAuth2Request(null, request);
AccessToken token = new AccessToken(json(object()), "access_token", "freddy") {
@Override
public boolean isExpired() {
return true;
}
};
when(tokenStore.readAccessToken(req, "freddy")).thenReturn(token);
// When
AccessTokenVerifier.TokenState result = verifier.verify(req);
// Then
assertThat(result.isValid()).isFalse();
verify(tokenStore).readAccessToken(req, "freddy");
}
Also used :
OAuth2Request(org.forgerock.oauth2.core.OAuth2Request)
Form(org.restlet.data.Form)
AccessToken(org.forgerock.oauth2.core.AccessToken)
Request(org.restlet.Request)
OAuth2Request(org.forgerock.oauth2.core.OAuth2Request)
AccessTokenVerifier(org.forgerock.oauth2.core.AccessTokenVerifier)
Test(org.testng.annotations.Test)
Example 9 with AccessToken
use of org.forgerock.oauth2.core.AccessToken in project OpenAM by OpenRock.
the class OidcClaimsExtensionTest method setup.
@BeforeMethod
public void setup() throws Exception {
this.logger = mock(Debug.class);
this.ssoToken = mock(SSOToken.class);
this.identity = mock(AMIdentity.class);
this.accessToken = new AccessToken(json(object()), OAuth2Constants.Token.OAUTH_ACCESS_TOKEN, "id");
}
Also used :
SSOToken(com.iplanet.sso.SSOToken)
AccessToken(org.forgerock.oauth2.core.AccessToken)
AMIdentity(com.sun.identity.idm.AMIdentity)
Debug(com.sun.identity.shared.debug.Debug)
BeforeMethod(org.testng.annotations.BeforeMethod)
Example 10 with AccessToken
use of org.forgerock.oauth2.core.AccessToken in project OpenAM by OpenRock.
the class OpenAMScopeValidator method getUserInfo.
/**
* {@inheritDoc}
*/
public UserInfoClaims getUserInfo(AccessToken token, OAuth2Request request) throws UnauthorizedClientException, NotFoundException {
Map<String, Object> response = new HashMap<>();
Bindings scriptVariables = new SimpleBindings();
SSOToken ssoToken = getUsersSession(request);
String realm;
Set<String> scopes;
AMIdentity id;
OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(request);
Map<String, Set<String>> requestedClaimsValues = gatherRequestedClaims(providerSettings, request, token);
try {
if (token != null) {
OpenIdConnectClientRegistration clientRegistration;
try {
clientRegistration = clientRegistrationStore.get(token.getClientId(), request);
} catch (InvalidClientException e) {
logger.message("Unable to retrieve client from store.");
throw new NotFoundException("No valid client registration found.");
}
final String subId = clientRegistration.getSubValue(token.getResourceOwnerId(), providerSettings);
//data comes from token when we have one
realm = token.getRealm();
scopes = token.getScope();
id = identityManager.getResourceOwnerIdentity(token.getResourceOwnerId(), realm);
response.put(OAuth2Constants.JWTTokenParams.SUB, subId);
response.put(OAuth2Constants.JWTTokenParams.UPDATED_AT, getUpdatedAt(token.getResourceOwnerId(), token.getRealm(), request));
} else {
//otherwise we're simply reading claims into the id_token, so grab it from the request/ssoToken
realm = DNMapper.orgNameToRealmName(ssoToken.getProperty(ISAuthConstants.ORGANIZATION));
id = identityManager.getResourceOwnerIdentity(ssoToken.getProperty(ISAuthConstants.USER_ID), realm);
String scopeStr = request.getParameter(OAuth2Constants.Params.SCOPE);
scopes = splitScope(scopeStr);
}
scriptVariables.put(OAuth2Constants.ScriptParams.SCOPES, getScriptFriendlyScopes(scopes));
scriptVariables.put(OAuth2Constants.ScriptParams.IDENTITY, id);
scriptVariables.put(OAuth2Constants.ScriptParams.LOGGER, logger);
scriptVariables.put(OAuth2Constants.ScriptParams.CLAIMS, response);
scriptVariables.put(OAuth2Constants.ScriptParams.SESSION, ssoToken);
scriptVariables.put(OAuth2Constants.ScriptParams.REQUESTED_CLAIMS, requestedClaimsValues);
ScriptObject script = getOIDCClaimsExtensionScript(realm);
try {
return scriptEvaluator.evaluateScript(script, scriptVariables);
} catch (ScriptException e) {
logger.message("Error running OIDC claims script", e);
throw new ServerException("Error running OIDC claims script: " + e.getMessage());
}
} catch (ServerException e) {
//API does not allow ServerExceptions to be thrown!
throw new NotFoundException(e.getMessage());
} catch (SSOException e) {
throw new NotFoundException(e.getMessage());
}
}
Also used :
ScriptObject(org.forgerock.openam.scripting.ScriptObject)
OpenIdConnectClientRegistration(org.forgerock.openidconnect.OpenIdConnectClientRegistration)
SSOToken(com.iplanet.sso.SSOToken)
Set(java.util.Set)
HashSet(java.util.HashSet)
ServerException(org.forgerock.oauth2.core.exceptions.ServerException)
AMHashMap(com.iplanet.am.sdk.AMHashMap)
HashMap(java.util.HashMap)
NotFoundException(org.forgerock.oauth2.core.exceptions.NotFoundException)
SSOException(com.iplanet.sso.SSOException)
SimpleBindings(javax.script.SimpleBindings)
Bindings(javax.script.Bindings)
ScriptException(javax.script.ScriptException)
SimpleBindings(javax.script.SimpleBindings)
AMIdentity(com.sun.identity.idm.AMIdentity)
InvalidClientException(org.forgerock.oauth2.core.exceptions.InvalidClientException)
JSONObject(org.json.JSONObject)
ScriptObject(org.forgerock.openam.scripting.ScriptObject)
OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings)
Aggregations
AccessToken (org.forgerock.oauth2.core.AccessToken)37
OAuth2Request (org.forgerock.oauth2.core.OAuth2Request)22
Test (org.testng.annotations.Test)17
ServerException (org.forgerock.oauth2.core.exceptions.ServerException)14
JsonValue (org.forgerock.json.JsonValue)13
Request (org.restlet.Request)12
ChallengeResponse (org.restlet.data.ChallengeResponse)10
OAuth2ProviderSettings (org.forgerock.oauth2.core.OAuth2ProviderSettings)9
NotFoundException (org.forgerock.oauth2.core.exceptions.NotFoundException)7
AccessTokenVerifier (org.forgerock.oauth2.core.AccessTokenVerifier)6
Response (org.restlet.Response)6
Map (java.util.Map)5
InvalidClientException (org.forgerock.oauth2.core.exceptions.InvalidClientException)5
InvalidGrantException (org.forgerock.oauth2.core.exceptions.InvalidGrantException)5
UnauthorizedClientException (org.forgerock.oauth2.core.exceptions.UnauthorizedClientException)5
BeforeMethod (org.testng.annotations.BeforeMethod)5
HashMap (java.util.HashMap)4
ResourceOwner (org.forgerock.oauth2.core.ResourceOwner)4
InvalidTokenException (org.forgerock.oauth2.core.exceptions.InvalidTokenException)4
JSONObject (org.json.JSONObject)4
