Search in sources :

Example 1 with UserInfoHandler

use of uk.gov.di.authentication.oidc.lambda.UserInfoHandler in project di-authentication-api by alphagov.

the class UserInfoIntegrationTest method shouldReturn200WhenIdentityIsEnabledAndIdentityClaimsArePresent.

@Test
void shouldReturn200WhenIdentityIsEnabledAndIdentityClaimsArePresent() throws Json.JsonException, ParseException {
    var configurationService = new UserInfoIntegrationTest.UserInfoConfigurationService();
    handler = new UserInfoHandler(configurationService);
    var claimsSetRequest = new ClaimsSetRequest().add(ValidClaims.CORE_IDENTITY_JWT.getValue()).add(ValidClaims.ADDRESS.getValue()).add(ValidClaims.PASSPORT.getValue());
    var oidcValidClaimsRequest = new OIDCClaimsRequest().withUserInfoClaimsRequest(claimsSetRequest);
    var claimsSet = new JWTClaimsSet.Builder().claim("scope", SCOPES).issuer("issuer-id").expirationTime(EXPIRY_DATE).issueTime(NowHelper.now()).claim("client_id", "client-id-one").subject(PUBLIC_SUBJECT.getValue()).jwtID(UUID.randomUUID().toString()).claim("claims", oidcValidClaimsRequest.getUserInfoClaimsRequest().getEntries().stream().map(ClaimsSetRequest.Entry::getClaimName).collect(Collectors.toList())).build();
    var signedJWT = tokenSigner.signJwt(claimsSet);
    var accessToken = new BearerAccessToken(signedJWT.serialize());
    var accessTokenStore = new AccessTokenStore(accessToken.getValue(), INTERNAL_SUBJECT.getValue());
    redis.addToRedis(ACCESS_TOKEN_PREFIX + CLIENT_ID + "." + PUBLIC_SUBJECT, objectMapper.writeValueAsString(accessTokenStore), 300L);
    var signedCredential = SignedCredentialHelper.generateCredential();
    setUpDynamo(signedCredential.serialize(), Map.of(ValidClaims.ADDRESS.getValue(), ADDRESS_CLAIM, ValidClaims.PASSPORT.getValue(), PASSPORT_CLAIM));
    var response = makeRequest(Optional.empty(), Map.of("Authorization", accessToken.toAuthorizationHeader()), Map.of());
    assertThat(response, hasStatus(200));
    var userInfoResponse = UserInfo.parse(response.getBody());
    assertThat(userInfoResponse.getEmailVerified(), equalTo(true));
    assertThat(userInfoResponse.getEmailAddress(), equalTo(TEST_EMAIL_ADDRESS));
    assertThat(userInfoResponse.getPhoneNumber(), equalTo(FORMATTED_PHONE_NUMBER));
    assertThat(userInfoResponse.getPhoneNumberVerified(), equalTo(true));
    assertThat(userInfoResponse.getSubject(), equalTo(PUBLIC_SUBJECT));
    assertThat(userInfoResponse.getClaim(ValidClaims.ADDRESS.getValue()), equalTo(ADDRESS_CLAIM));
    assertThat(userInfoResponse.getClaim(ValidClaims.PASSPORT.getValue()), equalTo(PASSPORT_CLAIM));
    assertThat(userInfoResponse.getClaim(ValidClaims.CORE_IDENTITY_JWT.getValue()), equalTo(signedCredential.serialize()));
    assertThat(userInfoResponse.toJWTClaimsSet().getClaims().size(), equalTo(8));
    assertNoAuditEventsReceived(auditTopic);
}
Also used : ClaimsSetRequest(com.nimbusds.openid.connect.sdk.claims.ClaimsSetRequest) OIDCClaimsRequest(com.nimbusds.openid.connect.sdk.OIDCClaimsRequest) AccessTokenStore(uk.gov.di.authentication.shared.entity.AccessTokenStore) JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) UserInfoHandler(uk.gov.di.authentication.oidc.lambda.UserInfoHandler) BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken) Test(org.junit.jupiter.api.Test) ApiGatewayHandlerIntegrationTest(uk.gov.di.authentication.sharedtest.basetest.ApiGatewayHandlerIntegrationTest)

Aggregations

JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)1 BearerAccessToken (com.nimbusds.oauth2.sdk.token.BearerAccessToken)1 OIDCClaimsRequest (com.nimbusds.openid.connect.sdk.OIDCClaimsRequest)1 ClaimsSetRequest (com.nimbusds.openid.connect.sdk.claims.ClaimsSetRequest)1 Test (org.junit.jupiter.api.Test)1 UserInfoHandler (uk.gov.di.authentication.oidc.lambda.UserInfoHandler)1 AccessTokenStore (uk.gov.di.authentication.shared.entity.AccessTokenStore)1 ApiGatewayHandlerIntegrationTest (uk.gov.di.authentication.sharedtest.basetest.ApiGatewayHandlerIntegrationTest)1