Example 1 with UserInfoHandler
use of uk.gov.di.authentication.oidc.lambda.UserInfoHandler in project di-authentication-api by alphagov.
the class UserInfoIntegrationTest method shouldReturn200WhenIdentityIsEnabledAndIdentityClaimsArePresent.
@Test
void shouldReturn200WhenIdentityIsEnabledAndIdentityClaimsArePresent() throws Json.JsonException, ParseException {
var configurationService = new UserInfoIntegrationTest.UserInfoConfigurationService();
handler = new UserInfoHandler(configurationService);
var claimsSetRequest = new ClaimsSetRequest().add(ValidClaims.CORE_IDENTITY_JWT.getValue()).add(ValidClaims.ADDRESS.getValue()).add(ValidClaims.PASSPORT.getValue());
var oidcValidClaimsRequest = new OIDCClaimsRequest().withUserInfoClaimsRequest(claimsSetRequest);
var claimsSet = new JWTClaimsSet.Builder().claim("scope", SCOPES).issuer("issuer-id").expirationTime(EXPIRY_DATE).issueTime(NowHelper.now()).claim("client_id", "client-id-one").subject(PUBLIC_SUBJECT.getValue()).jwtID(UUID.randomUUID().toString()).claim("claims", oidcValidClaimsRequest.getUserInfoClaimsRequest().getEntries().stream().map(ClaimsSetRequest.Entry::getClaimName).collect(Collectors.toList())).build();
var signedJWT = tokenSigner.signJwt(claimsSet);
var accessToken = new BearerAccessToken(signedJWT.serialize());
var accessTokenStore = new AccessTokenStore(accessToken.getValue(), INTERNAL_SUBJECT.getValue());
redis.addToRedis(ACCESS_TOKEN_PREFIX + CLIENT_ID + "." + PUBLIC_SUBJECT, objectMapper.writeValueAsString(accessTokenStore), 300L);
var signedCredential = SignedCredentialHelper.generateCredential();
setUpDynamo(signedCredential.serialize(), Map.of(ValidClaims.ADDRESS.getValue(), ADDRESS_CLAIM, ValidClaims.PASSPORT.getValue(), PASSPORT_CLAIM));
var response = makeRequest(Optional.empty(), Map.of("Authorization", accessToken.toAuthorizationHeader()), Map.of());
assertThat(response, hasStatus(200));
var userInfoResponse = UserInfo.parse(response.getBody());
assertThat(userInfoResponse.getEmailVerified(), equalTo(true));
assertThat(userInfoResponse.getEmailAddress(), equalTo(TEST_EMAIL_ADDRESS));
assertThat(userInfoResponse.getPhoneNumber(), equalTo(FORMATTED_PHONE_NUMBER));
assertThat(userInfoResponse.getPhoneNumberVerified(), equalTo(true));
assertThat(userInfoResponse.getSubject(), equalTo(PUBLIC_SUBJECT));
assertThat(userInfoResponse.getClaim(ValidClaims.ADDRESS.getValue()), equalTo(ADDRESS_CLAIM));
assertThat(userInfoResponse.getClaim(ValidClaims.PASSPORT.getValue()), equalTo(PASSPORT_CLAIM));
assertThat(userInfoResponse.getClaim(ValidClaims.CORE_IDENTITY_JWT.getValue()), equalTo(signedCredential.serialize()));
assertThat(userInfoResponse.toJWTClaimsSet().getClaims().size(), equalTo(8));
assertNoAuditEventsReceived(auditTopic);
}
Also used :
ClaimsSetRequest(com.nimbusds.openid.connect.sdk.claims.ClaimsSetRequest)
OIDCClaimsRequest(com.nimbusds.openid.connect.sdk.OIDCClaimsRequest)
AccessTokenStore(uk.gov.di.authentication.shared.entity.AccessTokenStore)
JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet)
UserInfoHandler(uk.gov.di.authentication.oidc.lambda.UserInfoHandler)
BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken)
Test(org.junit.jupiter.api.Test)
ApiGatewayHandlerIntegrationTest(uk.gov.di.authentication.sharedtest.basetest.ApiGatewayHandlerIntegrationTest)
Aggregations
JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)1
BearerAccessToken (com.nimbusds.oauth2.sdk.token.BearerAccessToken)1
OIDCClaimsRequest (com.nimbusds.openid.connect.sdk.OIDCClaimsRequest)1
ClaimsSetRequest (com.nimbusds.openid.connect.sdk.claims.ClaimsSetRequest)1
Test (org.junit.jupiter.api.Test)1
UserInfoHandler (uk.gov.di.authentication.oidc.lambda.UserInfoHandler)1
AccessTokenStore (uk.gov.di.authentication.shared.entity.AccessTokenStore)1
ApiGatewayHandlerIntegrationTest (uk.gov.di.authentication.sharedtest.basetest.ApiGatewayHandlerIntegrationTest)1
