Search in sources :

Example 1 with IdentityResponse

use of uk.gov.di.authentication.oidc.entity.IdentityResponse in project di-authentication-api by alphagov.

the class IdentityHandlerTest method shouldReturnIdentityResponseForSuccessfulRequest.

@Test
void shouldReturnIdentityResponseForSuccessfulRequest() throws AccessTokenException, JsonProcessingException {
    String serializedCredential = SignedCredentialHelper.generateCredential().serialize();
    IdentityResponse identityResponse = new IdentityResponse(SUBJECT.getValue(), serializedCredential);
    AccessToken accessToken = new BearerAccessToken();
    when(accessTokenService.parse(accessToken.toAuthorizationHeader(), true)).thenReturn(accessTokenInfo);
    when(identityService.populateIdentityResponse(accessTokenInfo)).thenReturn(identityResponse);
    APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
    event.setHeaders(Map.of("Authorization", accessToken.toAuthorizationHeader()));
    APIGatewayProxyResponseEvent result = handler.handleRequest(event, context);
    assertThat(result, hasStatus(200));
    IdentityResponse receivedIdentityResponse = new ObjectMapper().readValue(result.getBody(), IdentityResponse.class);
    assertThat(receivedIdentityResponse.getIdentityCredential(), equalTo(serializedCredential));
    assertThat(receivedIdentityResponse.getSub(), equalTo(SUBJECT.getValue()));
}
Also used : APIGatewayProxyRequestEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent) AccessToken(com.nimbusds.oauth2.sdk.token.AccessToken) BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken) IdentityResponse(uk.gov.di.authentication.oidc.entity.IdentityResponse) BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken) APIGatewayProxyResponseEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) Test(org.junit.jupiter.api.Test)

Example 2 with IdentityResponse

use of uk.gov.di.authentication.oidc.entity.IdentityResponse in project di-authentication-api by alphagov.

the class IdentityIntegrationTest method shouldReturn204WhenCallingIdentityLambda.

@Test
void shouldReturn204WhenCallingIdentityLambda() throws JsonProcessingException {
    Subject internalSubject = new Subject();
    Subject publicSubject = new Subject();
    LocalDateTime localDateTime = LocalDateTime.now().plusMinutes(10);
    Date expiryDate = Date.from(localDateTime.atZone(ZoneId.of("UTC")).toInstant());
    List<String> scopes = new ArrayList<>();
    scopes.add("email");
    scopes.add("phone");
    scopes.add("openid");
    var claimsSetRequest = new ClaimsSetRequest().add("name").add("birthdate");
    var oidcValidClaimsRequest = new OIDCClaimsRequest().withUserInfoClaimsRequest(claimsSetRequest);
    JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().claim("scope", scopes).issuer("issuer-id").expirationTime(expiryDate).issueTime(Date.from(LocalDateTime.now().atZone(ZoneId.of("UTC")).toInstant())).claim("client_id", "client-id-one").subject(publicSubject.getValue()).jwtID(UUID.randomUUID().toString()).claim("claims", oidcValidClaimsRequest.getUserInfoClaimsRequest().getEntries().stream().map(ClaimsSetRequest.Entry::getClaimName).collect(Collectors.toList())).build();
    SignedJWT signedJWT = tokenSigner.signJwt(claimsSet);
    AccessToken accessToken = new BearerAccessToken(signedJWT.serialize());
    AccessTokenStore accessTokenStore = new AccessTokenStore(accessToken.getValue(), internalSubject.getValue());
    String accessTokenStoreString = new ObjectMapper().writeValueAsString(accessTokenStore);
    redis.addToRedis(ACCESS_TOKEN_PREFIX + CLIENT_ID + "." + publicSubject, accessTokenStoreString, 300L);
    SignedJWT signedCredential = SignedCredentialHelper.generateCredential();
    setUpDynamo(publicSubject.getValue(), signedCredential.serialize());
    var response = makeRequest(Optional.empty(), Map.of("Authorization", accessToken.toAuthorizationHeader()), Map.of());
    assertThat(response, hasStatus(200));
    IdentityResponse identityResponse = new ObjectMapper().readValue(response.getBody(), IdentityResponse.class);
    assertThat(identityResponse.getSub(), equalTo(publicSubject.getValue()));
    assertThat(identityResponse.getIdentityCredential(), equalTo(signedCredential.serialize()));
    assertThat(spotStore.getSpotCredential(publicSubject.getValue()), equalTo(Optional.empty()));
}
Also used : LocalDateTime(java.time.LocalDateTime) ClaimsSetRequest(com.nimbusds.openid.connect.sdk.claims.ClaimsSetRequest) IdentityResponse(uk.gov.di.authentication.oidc.entity.IdentityResponse) ArrayList(java.util.ArrayList) SignedJWT(com.nimbusds.jwt.SignedJWT) Subject(com.nimbusds.oauth2.sdk.id.Subject) Date(java.util.Date) OIDCClaimsRequest(com.nimbusds.openid.connect.sdk.OIDCClaimsRequest) AccessTokenStore(uk.gov.di.authentication.shared.entity.AccessTokenStore) JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) AccessToken(com.nimbusds.oauth2.sdk.token.AccessToken) BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken) BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) Test(org.junit.jupiter.api.Test) ApiGatewayHandlerIntegrationTest(uk.gov.di.authentication.sharedtest.basetest.ApiGatewayHandlerIntegrationTest)

Example 3 with IdentityResponse

use of uk.gov.di.authentication.oidc.entity.IdentityResponse in project di-authentication-api by alphagov.

the class IdentityHandler method handleRequest.

@Override
public APIGatewayProxyResponseEvent handleRequest(APIGatewayProxyRequestEvent input, Context context) {
    return isWarming(input).orElseGet(() -> {
        LOG.info("Request received to the IdentityHandler");
        if (!headersContainValidHeader(input.getHeaders(), AUTHORIZATION_HEADER, configurationService.getHeadersCaseInsensitive())) {
            LOG.warn("AccessToken is missing from request");
            return generateApiGatewayProxyResponse(401, "", new IdentityErrorResponse(MISSING_TOKEN).toHTTPResponse().getHeaderMap());
        }
        IdentityResponse identityResponse;
        try {
            var accessTokenInfo = accessTokenService.parse(getHeaderValueFromHeaders(input.getHeaders(), AUTHORIZATION_HEADER, configurationService.getHeadersCaseInsensitive()), true);
            identityResponse = identityService.populateIdentityResponse(accessTokenInfo);
        } catch (AccessTokenException e) {
            LOG.warn("AccessTokenException. Sending back IdentityErrorResponse");
            return generateApiGatewayProxyResponse(401, "", new IdentityErrorResponse(e.getError()).toHTTPResponse().getHeaderMap());
        }
        LOG.info("Successfully processed Identity request. Sending back Identity response");
        try {
            return generateApiGatewayProxyResponse(200, identityResponse);
        } catch (JsonProcessingException e) {
            LOG.warn("Unable to serialize the IdentityResponse");
            throw new RuntimeException(e);
        }
    });
}
Also used : IdentityResponse(uk.gov.di.authentication.oidc.entity.IdentityResponse) AccessTokenException(uk.gov.di.authentication.shared.exceptions.AccessTokenException) IdentityErrorResponse(uk.gov.di.authentication.oidc.entity.IdentityErrorResponse) JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException)

Example 4 with IdentityResponse

use of uk.gov.di.authentication.oidc.entity.IdentityResponse in project di-authentication-api by alphagov.

the class IdentityServiceTest method shouldReturnIdentityResponseAndDeleteSpotCredential.

@Test
void shouldReturnIdentityResponseAndDeleteSpotCredential() throws AccessTokenException {
    AccessTokenStore accessTokenStore = new AccessTokenStore(accessToken.getValue(), INTERNAL_SUBJECT.getValue());
    AccessTokenInfo accessTokenInfo = new AccessTokenInfo(accessTokenStore, SUBJECT.getValue(), SCOPES);
    when(dynamoSpotService.getSpotCredential(accessTokenInfo.getPublicSubject())).thenReturn(Optional.of(spotCredential));
    IdentityResponse identityResponse = identityService.populateIdentityResponse(accessTokenInfo);
    verify(dynamoSpotService).removeSpotCredential(accessTokenInfo.getPublicSubject());
    assertThat(identityResponse.getSub(), equalTo(accessTokenInfo.getPublicSubject()));
    assertThat(identityResponse.getIdentityCredential(), equalTo(serializedCredential));
}
Also used : AccessTokenInfo(uk.gov.di.authentication.oidc.entity.AccessTokenInfo) AccessTokenStore(uk.gov.di.authentication.shared.entity.AccessTokenStore) IdentityResponse(uk.gov.di.authentication.oidc.entity.IdentityResponse) Test(org.junit.jupiter.api.Test)

Aggregations

IdentityResponse (uk.gov.di.authentication.oidc.entity.IdentityResponse)4 Test (org.junit.jupiter.api.Test)3 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)2 AccessToken (com.nimbusds.oauth2.sdk.token.AccessToken)2 BearerAccessToken (com.nimbusds.oauth2.sdk.token.BearerAccessToken)2 AccessTokenStore (uk.gov.di.authentication.shared.entity.AccessTokenStore)2 APIGatewayProxyRequestEvent (com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent)1 APIGatewayProxyResponseEvent (com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent)1 JsonProcessingException (com.fasterxml.jackson.core.JsonProcessingException)1 JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)1 SignedJWT (com.nimbusds.jwt.SignedJWT)1 Subject (com.nimbusds.oauth2.sdk.id.Subject)1 OIDCClaimsRequest (com.nimbusds.openid.connect.sdk.OIDCClaimsRequest)1 ClaimsSetRequest (com.nimbusds.openid.connect.sdk.claims.ClaimsSetRequest)1 LocalDateTime (java.time.LocalDateTime)1 ArrayList (java.util.ArrayList)1 Date (java.util.Date)1 AccessTokenInfo (uk.gov.di.authentication.oidc.entity.AccessTokenInfo)1 IdentityErrorResponse (uk.gov.di.authentication.oidc.entity.IdentityErrorResponse)1 AccessTokenException (uk.gov.di.authentication.shared.exceptions.AccessTokenException)1