use of uk.gov.di.authentication.oidc.entity.IdentityResponse in project di-authentication-api by alphagov.
the class IdentityHandlerTest method shouldReturnIdentityResponseForSuccessfulRequest.
@Test
void shouldReturnIdentityResponseForSuccessfulRequest() throws AccessTokenException, JsonProcessingException {
String serializedCredential = SignedCredentialHelper.generateCredential().serialize();
IdentityResponse identityResponse = new IdentityResponse(SUBJECT.getValue(), serializedCredential);
AccessToken accessToken = new BearerAccessToken();
when(accessTokenService.parse(accessToken.toAuthorizationHeader(), true)).thenReturn(accessTokenInfo);
when(identityService.populateIdentityResponse(accessTokenInfo)).thenReturn(identityResponse);
APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
event.setHeaders(Map.of("Authorization", accessToken.toAuthorizationHeader()));
APIGatewayProxyResponseEvent result = handler.handleRequest(event, context);
assertThat(result, hasStatus(200));
IdentityResponse receivedIdentityResponse = new ObjectMapper().readValue(result.getBody(), IdentityResponse.class);
assertThat(receivedIdentityResponse.getIdentityCredential(), equalTo(serializedCredential));
assertThat(receivedIdentityResponse.getSub(), equalTo(SUBJECT.getValue()));
}
use of uk.gov.di.authentication.oidc.entity.IdentityResponse in project di-authentication-api by alphagov.
the class IdentityIntegrationTest method shouldReturn204WhenCallingIdentityLambda.
@Test
void shouldReturn204WhenCallingIdentityLambda() throws JsonProcessingException {
Subject internalSubject = new Subject();
Subject publicSubject = new Subject();
LocalDateTime localDateTime = LocalDateTime.now().plusMinutes(10);
Date expiryDate = Date.from(localDateTime.atZone(ZoneId.of("UTC")).toInstant());
List<String> scopes = new ArrayList<>();
scopes.add("email");
scopes.add("phone");
scopes.add("openid");
var claimsSetRequest = new ClaimsSetRequest().add("name").add("birthdate");
var oidcValidClaimsRequest = new OIDCClaimsRequest().withUserInfoClaimsRequest(claimsSetRequest);
JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().claim("scope", scopes).issuer("issuer-id").expirationTime(expiryDate).issueTime(Date.from(LocalDateTime.now().atZone(ZoneId.of("UTC")).toInstant())).claim("client_id", "client-id-one").subject(publicSubject.getValue()).jwtID(UUID.randomUUID().toString()).claim("claims", oidcValidClaimsRequest.getUserInfoClaimsRequest().getEntries().stream().map(ClaimsSetRequest.Entry::getClaimName).collect(Collectors.toList())).build();
SignedJWT signedJWT = tokenSigner.signJwt(claimsSet);
AccessToken accessToken = new BearerAccessToken(signedJWT.serialize());
AccessTokenStore accessTokenStore = new AccessTokenStore(accessToken.getValue(), internalSubject.getValue());
String accessTokenStoreString = new ObjectMapper().writeValueAsString(accessTokenStore);
redis.addToRedis(ACCESS_TOKEN_PREFIX + CLIENT_ID + "." + publicSubject, accessTokenStoreString, 300L);
SignedJWT signedCredential = SignedCredentialHelper.generateCredential();
setUpDynamo(publicSubject.getValue(), signedCredential.serialize());
var response = makeRequest(Optional.empty(), Map.of("Authorization", accessToken.toAuthorizationHeader()), Map.of());
assertThat(response, hasStatus(200));
IdentityResponse identityResponse = new ObjectMapper().readValue(response.getBody(), IdentityResponse.class);
assertThat(identityResponse.getSub(), equalTo(publicSubject.getValue()));
assertThat(identityResponse.getIdentityCredential(), equalTo(signedCredential.serialize()));
assertThat(spotStore.getSpotCredential(publicSubject.getValue()), equalTo(Optional.empty()));
}
use of uk.gov.di.authentication.oidc.entity.IdentityResponse in project di-authentication-api by alphagov.
the class IdentityHandler method handleRequest.
@Override
public APIGatewayProxyResponseEvent handleRequest(APIGatewayProxyRequestEvent input, Context context) {
return isWarming(input).orElseGet(() -> {
LOG.info("Request received to the IdentityHandler");
if (!headersContainValidHeader(input.getHeaders(), AUTHORIZATION_HEADER, configurationService.getHeadersCaseInsensitive())) {
LOG.warn("AccessToken is missing from request");
return generateApiGatewayProxyResponse(401, "", new IdentityErrorResponse(MISSING_TOKEN).toHTTPResponse().getHeaderMap());
}
IdentityResponse identityResponse;
try {
var accessTokenInfo = accessTokenService.parse(getHeaderValueFromHeaders(input.getHeaders(), AUTHORIZATION_HEADER, configurationService.getHeadersCaseInsensitive()), true);
identityResponse = identityService.populateIdentityResponse(accessTokenInfo);
} catch (AccessTokenException e) {
LOG.warn("AccessTokenException. Sending back IdentityErrorResponse");
return generateApiGatewayProxyResponse(401, "", new IdentityErrorResponse(e.getError()).toHTTPResponse().getHeaderMap());
}
LOG.info("Successfully processed Identity request. Sending back Identity response");
try {
return generateApiGatewayProxyResponse(200, identityResponse);
} catch (JsonProcessingException e) {
LOG.warn("Unable to serialize the IdentityResponse");
throw new RuntimeException(e);
}
});
}
use of uk.gov.di.authentication.oidc.entity.IdentityResponse in project di-authentication-api by alphagov.
the class IdentityServiceTest method shouldReturnIdentityResponseAndDeleteSpotCredential.
@Test
void shouldReturnIdentityResponseAndDeleteSpotCredential() throws AccessTokenException {
AccessTokenStore accessTokenStore = new AccessTokenStore(accessToken.getValue(), INTERNAL_SUBJECT.getValue());
AccessTokenInfo accessTokenInfo = new AccessTokenInfo(accessTokenStore, SUBJECT.getValue(), SCOPES);
when(dynamoSpotService.getSpotCredential(accessTokenInfo.getPublicSubject())).thenReturn(Optional.of(spotCredential));
IdentityResponse identityResponse = identityService.populateIdentityResponse(accessTokenInfo);
verify(dynamoSpotService).removeSpotCredential(accessTokenInfo.getPublicSubject());
assertThat(identityResponse.getSub(), equalTo(accessTokenInfo.getPublicSubject()));
assertThat(identityResponse.getIdentityCredential(), equalTo(serializedCredential));
}
Aggregations