Example 1 with IdentityResponse
use of uk.gov.di.authentication.oidc.entity.IdentityResponse in project di-authentication-api by alphagov.
the class IdentityHandlerTest method shouldReturnIdentityResponseForSuccessfulRequest.
@Test
void shouldReturnIdentityResponseForSuccessfulRequest() throws AccessTokenException, JsonProcessingException {
String serializedCredential = SignedCredentialHelper.generateCredential().serialize();
IdentityResponse identityResponse = new IdentityResponse(SUBJECT.getValue(), serializedCredential);
AccessToken accessToken = new BearerAccessToken();
when(accessTokenService.parse(accessToken.toAuthorizationHeader(), true)).thenReturn(accessTokenInfo);
when(identityService.populateIdentityResponse(accessTokenInfo)).thenReturn(identityResponse);
APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
event.setHeaders(Map.of("Authorization", accessToken.toAuthorizationHeader()));
APIGatewayProxyResponseEvent result = handler.handleRequest(event, context);
assertThat(result, hasStatus(200));
IdentityResponse receivedIdentityResponse = new ObjectMapper().readValue(result.getBody(), IdentityResponse.class);
assertThat(receivedIdentityResponse.getIdentityCredential(), equalTo(serializedCredential));
assertThat(receivedIdentityResponse.getSub(), equalTo(SUBJECT.getValue()));
}
Also used :
APIGatewayProxyRequestEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent)
AccessToken(com.nimbusds.oauth2.sdk.token.AccessToken)
BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken)
IdentityResponse(uk.gov.di.authentication.oidc.entity.IdentityResponse)
BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken)
APIGatewayProxyResponseEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent)
ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)
Test(org.junit.jupiter.api.Test)
Example 2 with IdentityResponse
use of uk.gov.di.authentication.oidc.entity.IdentityResponse in project di-authentication-api by alphagov.
the class IdentityIntegrationTest method shouldReturn204WhenCallingIdentityLambda.
@Test
void shouldReturn204WhenCallingIdentityLambda() throws JsonProcessingException {
Subject internalSubject = new Subject();
Subject publicSubject = new Subject();
LocalDateTime localDateTime = LocalDateTime.now().plusMinutes(10);
Date expiryDate = Date.from(localDateTime.atZone(ZoneId.of("UTC")).toInstant());
List<String> scopes = new ArrayList<>();
scopes.add("email");
scopes.add("phone");
scopes.add("openid");
var claimsSetRequest = new ClaimsSetRequest().add("name").add("birthdate");
var oidcValidClaimsRequest = new OIDCClaimsRequest().withUserInfoClaimsRequest(claimsSetRequest);
JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().claim("scope", scopes).issuer("issuer-id").expirationTime(expiryDate).issueTime(Date.from(LocalDateTime.now().atZone(ZoneId.of("UTC")).toInstant())).claim("client_id", "client-id-one").subject(publicSubject.getValue()).jwtID(UUID.randomUUID().toString()).claim("claims", oidcValidClaimsRequest.getUserInfoClaimsRequest().getEntries().stream().map(ClaimsSetRequest.Entry::getClaimName).collect(Collectors.toList())).build();
SignedJWT signedJWT = tokenSigner.signJwt(claimsSet);
AccessToken accessToken = new BearerAccessToken(signedJWT.serialize());
AccessTokenStore accessTokenStore = new AccessTokenStore(accessToken.getValue(), internalSubject.getValue());
String accessTokenStoreString = new ObjectMapper().writeValueAsString(accessTokenStore);
redis.addToRedis(ACCESS_TOKEN_PREFIX + CLIENT_ID + "." + publicSubject, accessTokenStoreString, 300L);
SignedJWT signedCredential = SignedCredentialHelper.generateCredential();
setUpDynamo(publicSubject.getValue(), signedCredential.serialize());
var response = makeRequest(Optional.empty(), Map.of("Authorization", accessToken.toAuthorizationHeader()), Map.of());
assertThat(response, hasStatus(200));
IdentityResponse identityResponse = new ObjectMapper().readValue(response.getBody(), IdentityResponse.class);
assertThat(identityResponse.getSub(), equalTo(publicSubject.getValue()));
assertThat(identityResponse.getIdentityCredential(), equalTo(signedCredential.serialize()));
assertThat(spotStore.getSpotCredential(publicSubject.getValue()), equalTo(Optional.empty()));
}
Also used :
LocalDateTime(java.time.LocalDateTime)
ClaimsSetRequest(com.nimbusds.openid.connect.sdk.claims.ClaimsSetRequest)
IdentityResponse(uk.gov.di.authentication.oidc.entity.IdentityResponse)
ArrayList(java.util.ArrayList)
SignedJWT(com.nimbusds.jwt.SignedJWT)
Subject(com.nimbusds.oauth2.sdk.id.Subject)
Date(java.util.Date)
OIDCClaimsRequest(com.nimbusds.openid.connect.sdk.OIDCClaimsRequest)
AccessTokenStore(uk.gov.di.authentication.shared.entity.AccessTokenStore)
JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet)
AccessToken(com.nimbusds.oauth2.sdk.token.AccessToken)
BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken)
BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken)
ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)
Test(org.junit.jupiter.api.Test)
ApiGatewayHandlerIntegrationTest(uk.gov.di.authentication.sharedtest.basetest.ApiGatewayHandlerIntegrationTest)
Example 3 with IdentityResponse
use of uk.gov.di.authentication.oidc.entity.IdentityResponse in project di-authentication-api by alphagov.
the class IdentityHandler method handleRequest.
@Override
public APIGatewayProxyResponseEvent handleRequest(APIGatewayProxyRequestEvent input, Context context) {
return isWarming(input).orElseGet(() -> {
LOG.info("Request received to the IdentityHandler");
if (!headersContainValidHeader(input.getHeaders(), AUTHORIZATION_HEADER, configurationService.getHeadersCaseInsensitive())) {
LOG.warn("AccessToken is missing from request");
return generateApiGatewayProxyResponse(401, "", new IdentityErrorResponse(MISSING_TOKEN).toHTTPResponse().getHeaderMap());
}
IdentityResponse identityResponse;
try {
var accessTokenInfo = accessTokenService.parse(getHeaderValueFromHeaders(input.getHeaders(), AUTHORIZATION_HEADER, configurationService.getHeadersCaseInsensitive()), true);
identityResponse = identityService.populateIdentityResponse(accessTokenInfo);
} catch (AccessTokenException e) {
LOG.warn("AccessTokenException. Sending back IdentityErrorResponse");
return generateApiGatewayProxyResponse(401, "", new IdentityErrorResponse(e.getError()).toHTTPResponse().getHeaderMap());
}
LOG.info("Successfully processed Identity request. Sending back Identity response");
try {
return generateApiGatewayProxyResponse(200, identityResponse);
} catch (JsonProcessingException e) {
LOG.warn("Unable to serialize the IdentityResponse");
throw new RuntimeException(e);
}
});
}
Also used :
IdentityResponse(uk.gov.di.authentication.oidc.entity.IdentityResponse)
AccessTokenException(uk.gov.di.authentication.shared.exceptions.AccessTokenException)
IdentityErrorResponse(uk.gov.di.authentication.oidc.entity.IdentityErrorResponse)
JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException)
Example 4 with IdentityResponse
use of uk.gov.di.authentication.oidc.entity.IdentityResponse in project di-authentication-api by alphagov.
the class IdentityServiceTest method shouldReturnIdentityResponseAndDeleteSpotCredential.
@Test
void shouldReturnIdentityResponseAndDeleteSpotCredential() throws AccessTokenException {
AccessTokenStore accessTokenStore = new AccessTokenStore(accessToken.getValue(), INTERNAL_SUBJECT.getValue());
AccessTokenInfo accessTokenInfo = new AccessTokenInfo(accessTokenStore, SUBJECT.getValue(), SCOPES);
when(dynamoSpotService.getSpotCredential(accessTokenInfo.getPublicSubject())).thenReturn(Optional.of(spotCredential));
IdentityResponse identityResponse = identityService.populateIdentityResponse(accessTokenInfo);
verify(dynamoSpotService).removeSpotCredential(accessTokenInfo.getPublicSubject());
assertThat(identityResponse.getSub(), equalTo(accessTokenInfo.getPublicSubject()));
assertThat(identityResponse.getIdentityCredential(), equalTo(serializedCredential));
}
Also used :
AccessTokenInfo(uk.gov.di.authentication.oidc.entity.AccessTokenInfo)
AccessTokenStore(uk.gov.di.authentication.shared.entity.AccessTokenStore)
IdentityResponse(uk.gov.di.authentication.oidc.entity.IdentityResponse)
Test(org.junit.jupiter.api.Test)
Aggregations
IdentityResponse (uk.gov.di.authentication.oidc.entity.IdentityResponse)4
Test (org.junit.jupiter.api.Test)3
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)2
AccessToken (com.nimbusds.oauth2.sdk.token.AccessToken)2
BearerAccessToken (com.nimbusds.oauth2.sdk.token.BearerAccessToken)2
AccessTokenStore (uk.gov.di.authentication.shared.entity.AccessTokenStore)2
APIGatewayProxyRequestEvent (com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent)1
APIGatewayProxyResponseEvent (com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent)1
JsonProcessingException (com.fasterxml.jackson.core.JsonProcessingException)1
JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)1
SignedJWT (com.nimbusds.jwt.SignedJWT)1
Subject (com.nimbusds.oauth2.sdk.id.Subject)1
OIDCClaimsRequest (com.nimbusds.openid.connect.sdk.OIDCClaimsRequest)1
ClaimsSetRequest (com.nimbusds.openid.connect.sdk.claims.ClaimsSetRequest)1
LocalDateTime (java.time.LocalDateTime)1
ArrayList (java.util.ArrayList)1
Date (java.util.Date)1
AccessTokenInfo (uk.gov.di.authentication.oidc.entity.AccessTokenInfo)1
IdentityErrorResponse (uk.gov.di.authentication.oidc.entity.IdentityErrorResponse)1
AccessTokenException (uk.gov.di.authentication.shared.exceptions.AccessTokenException)1
