This is an automated email from the ASF dual-hosted git repository.
reta pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/main by this push:
new 93165c253fa CXF-9161: Some of the OIDCFlowTest fail with timeout (JPA
only) when HttpClient instance is shared (#3109)
93165c253fa is described below
commit 93165c253fa6aadab0bdf951b2166710ff2006f5
Author: Andriy Redko <[email protected]>
AuthorDate: Sun Jul 5 15:43:29 2026 -0400
CXF-9161: Some of the OIDCFlowTest fail with timeout (JPA only) when
HttpClient instance is shared (#3109)
Signed-off-by: Andriy Redko <[email protected]>
---
.../security/oauth2/client/OAuthClientUtils.java | 43 +-
.../cxf/rs/security/oidc/utils/OidcUtils.java | 15 +-
.../security/oauth2/common/OAuth2TestUtils.java | 19 +-
.../systest/jaxrs/security/oidc/OIDCFlowTest.java | 1431 ++++++++++----------
4 files changed, 790 insertions(+), 718 deletions(-)
diff --git
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
index f7701e597f0..620dcbcf6c9 100644
---
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
+++
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
@@ -295,29 +295,30 @@ public final class OAuthClientUtils {
// in this case the AccessToken service is expected to find a
mapping between
// the authenticated credentials and the client registration id
}
- Response response = accessTokenService.form(form);
- final Map<String, String> map;
- try {
- map = response.getMediaType() == null
- ||
response.getMediaType().isCompatible(MediaType.APPLICATION_JSON_TYPE)
- ? new
OAuthJSONProvider().readJSONResponse((InputStream) response.getEntity())
- : Collections.emptyMap();
- } catch (Exception ex) {
- throw new ResponseProcessingException(response, ex);
- }
- if (200 == response.getStatus()) {
- ClientAccessToken token = fromMapToClientToken(map,
defaultTokenType);
- if (token == null) {
- throw new OAuthServiceException(OAuthConstants.SERVER_ERROR);
+ try (Response response = accessTokenService.form(form)) {
+ final Map<String, String> map;
+ try {
+ map = response.getMediaType() == null
+ ||
response.getMediaType().isCompatible(MediaType.APPLICATION_JSON_TYPE)
+ ? new
OAuthJSONProvider().readJSONResponse((InputStream) response.getEntity())
+ : Collections.emptyMap();
+ } catch (Exception ex) {
+ throw new ResponseProcessingException(response, ex);
}
- return token;
- } else if (response.getStatus() >= 400 &&
map.containsKey(OAuthConstants.ERROR_KEY)) {
- OAuthError error = new
OAuthError(map.get(OAuthConstants.ERROR_KEY),
-
map.get(OAuthConstants.ERROR_DESCRIPTION_KEY));
- error.setErrorUri(map.get(OAuthConstants.ERROR_URI_KEY));
- throw new OAuthServiceException(error);
+ if (200 == response.getStatus()) {
+ ClientAccessToken token = fromMapToClientToken(map,
defaultTokenType);
+ if (token == null) {
+ throw new
OAuthServiceException(OAuthConstants.SERVER_ERROR);
+ }
+ return token;
+ } else if (response.getStatus() >= 400 &&
map.containsKey(OAuthConstants.ERROR_KEY)) {
+ OAuthError error = new
OAuthError(map.get(OAuthConstants.ERROR_KEY),
+
map.get(OAuthConstants.ERROR_DESCRIPTION_KEY));
+ error.setErrorUri(map.get(OAuthConstants.ERROR_URI_KEY));
+ throw new OAuthServiceException(error);
+ }
+ throw new OAuthServiceException(OAuthConstants.SERVER_ERROR);
}
- throw new OAuthServiceException(OAuthConstants.SERVER_ERROR);
}
public static ClientAccessToken fromMapToClientToken(Map<String, String>
map) {
diff --git
a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
index 8dbc18c4403..70a9d600002 100644
---
a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
+++
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
@@ -218,12 +218,17 @@ public final class OidcUtils {
}
public static OidcProviderMetadata getOidcProviderMetadata(String
issuerURL) {
- Response response =
WebClient.create(issuerURL).path("/.well-known/openid-configuration")
- .accept(MediaType.APPLICATION_JSON).get();
- if (Status.OK.getStatusCode() != response.getStatus()) {
- throw ExceptionUtils.toWebApplicationException(response);
+ try (WebClient webClient = WebClient.create(issuerURL)) {
+ try (Response response =
webClient.path("/.well-known/openid-configuration")
+ .accept(MediaType.APPLICATION_JSON).get()) {
+ if (Status.OK.getStatusCode() != response.getStatus()) {
+ throw ExceptionUtils.toWebApplicationException(response);
+ }
+
+ return new OidcProviderMetadata(new JsonMapObjectReaderWriter()
+ .fromJson(response.readEntity(String.class)));
+ }
}
- return new OidcProviderMetadata(new
JsonMapObjectReaderWriter().fromJson(response.readEntity(String.class)));
}
}
diff --git
a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
index 4f15cc0fafc..f2e27d2f288 100644
---
a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
+++
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
@@ -162,18 +162,15 @@ public final class OAuth2TestUtils {
form.param("response_type", authzData.getResponseType());
form.param("oauthDecision", "allow");
- Response response = client.post(form);
- String location;
- try {
- location = response.getHeaderString("Location");
- } finally {
- response.close();
- }
- if (state != null) {
- Assert.assertTrue(location.contains("state=" + state));
- }
+ try (Response response = client.post(form)) {
+ String location = response.getHeaderString("Location");
+
+ if (state != null) {
+ Assert.assertTrue(location.contains("state=" + state));
+ }
- return location;
+ return location;
+ }
}
public static ClientAccessToken
getAccessTokenWithAuthorizationCode(WebClient client, String code) {
diff --git
a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java
index 489e2eea5be..5753e9cba03 100644
---
a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java
+++
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java
@@ -126,7 +126,7 @@ public class OIDCFlowTest extends
AbstractBusClientServerTestBase {
return new Object[][]{
new Object[] {JCACHE_SERVER.getPort(), Map.of()},
new Object[] {JWT_JCACHE_SERVER.getPort(), Map.of()},
- new Object[] {JPA_SERVER.getPort(),
Map.of("share.httpclient.http.conduit", false)},
+ new Object[] {JPA_SERVER.getPort(), Map.of()},
new Object[] {JWT_NON_PERSIST_JCACHE_SERVER.getPort(), Map.of()}
};
}
@@ -134,31 +134,34 @@ public class OIDCFlowTest extends
AbstractBusClientServerTestBase {
@org.junit.Test
public void testAuthorizationCodeFlow() throws Exception {
String address = "https://localhost:" + port + "/services/";
- WebClient client = WebClient.create(address,
OAuth2TestUtils.setupProviders(),
- "alice", "security", null);
-
- // Save the Cookie for the second request...
- WebClient.getConfig(client).getRequestContext().put(
- org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
-
- // Get Authorization Code
- String code = OAuth2TestUtils.getAuthorizationCode(client, "openid");
- assertNotNull(code);
+ String code = null;
+
+ try (WebClient client = WebClient.create(address,
OAuth2TestUtils.setupProviders(),
+ "alice", "security", null)) {
+
+ // Save the Cookie for the second request...
+ WebClient.getConfig(client).getRequestContext().put(
+ org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+
+ // Get Authorization Code
+ code = OAuth2TestUtils.getAuthorizationCode(client, "openid");
+ assertNotNull(code);
+ }
// Now get the access token
- client = WebClient.create(address, "consumer-id", "this-is-a-secret",
null);
-
- ClientAccessToken accessToken =
- OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code);
- assertNotNull(accessToken.getTokenKey());
- assertTrue(accessToken.getApprovedScope().contains("openid"));
-
- String idToken = accessToken.getParameters().get("id_token");
- assertNotNull(idToken);
- validateIdToken(idToken, null);
-
- if (isAccessTokenInJWTFormat()) {
- validateAccessToken(accessToken.getTokenKey());
+ try (WebClient client = WebClient.create(address, "consumer-id",
"this-is-a-secret", null)) {
+ ClientAccessToken accessToken =
+ OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client,
code);
+ assertNotNull(accessToken.getTokenKey());
+ assertTrue(accessToken.getApprovedScope().contains("openid"));
+
+ String idToken = accessToken.getParameters().get("id_token");
+ assertNotNull(idToken);
+ validateIdToken(idToken, null);
+
+ if (isAccessTokenInJWTFormat()) {
+ validateAccessToken(accessToken.getTokenKey());
+ }
}
}
@@ -167,44 +170,46 @@ public class OIDCFlowTest extends
AbstractBusClientServerTestBase {
@org.junit.Test
public void testAuthorizationCodeFlowPOST() throws Exception {
String address = "https://localhost:" + port + "/services/";
- WebClient client = WebClient.create(address,
OAuth2TestUtils.setupProviders(),
- "alice", "security", null);
-
- // Save the Cookie for the second request...
- WebClient.getConfig(client).getRequestContext().put(
- org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
-
- // Make initial authorization request
- client.type("application/x-www-form-urlencoded");
-
- client.path("authorize/");
+ String code = null;
- Form form = new Form();
- form.param("client_id", "consumer-id");
- form.param("scope", "openid");
- form.param("redirect_uri", "http://www.blah.apache.org");
- form.param("response_type", "code");
- Response response = client.post(form);
-
- OAuthAuthorizationData authzData =
response.readEntity(OAuthAuthorizationData.class);
- String location = OAuth2TestUtils.getLocation(client, authzData, null);
- String code = OAuth2TestUtils.getSubstring(location, "code");
- assertNotNull(code);
+ try (WebClient client = WebClient.create(address,
OAuth2TestUtils.setupProviders(),
+ "alice", "security", null)) {
+ // Save the Cookie for the second request...
+ WebClient.getConfig(client).getRequestContext().put(
+ org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+
+ // Make initial authorization request
+ client.type("application/x-www-form-urlencoded");
+
+ client.path("authorize/");
+
+ Form form = new Form();
+ form.param("client_id", "consumer-id");
+ form.param("scope", "openid");
+ form.param("redirect_uri", "http://www.blah.apache.org");
+ form.param("response_type", "code");
+ try (Response response = client.post(form)) {
+ OAuthAuthorizationData authzData =
response.readEntity(OAuthAuthorizationData.class);
+ String location = OAuth2TestUtils.getLocation(client,
authzData, null);
+ code = OAuth2TestUtils.getSubstring(location, "code");
+ assertNotNull(code);
+ }
+ }
// Now get the access token
- client = WebClient.create(address, "consumer-id", "this-is-a-secret",
null);
-
- ClientAccessToken accessToken =
- OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code);
- assertNotNull(accessToken.getTokenKey());
- assertTrue(accessToken.getApprovedScope().contains("openid"));
-
- String idToken = accessToken.getParameters().get("id_token");
- assertNotNull(idToken);
- validateIdToken(idToken, null);
-
- if (isAccessTokenInJWTFormat()) {
- validateAccessToken(accessToken.getTokenKey());
+ try (WebClient client = WebClient.create(address, "consumer-id",
"this-is-a-secret", null)) {
+ ClientAccessToken accessToken =
+ OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client,
code);
+ assertNotNull(accessToken.getTokenKey());
+ assertTrue(accessToken.getApprovedScope().contains("openid"));
+
+ String idToken = accessToken.getParameters().get("id_token");
+ assertNotNull(idToken);
+ validateIdToken(idToken, null);
+
+ if (isAccessTokenInJWTFormat()) {
+ validateAccessToken(accessToken.getTokenKey());
+ }
}
}
@@ -212,298 +217,326 @@ public class OIDCFlowTest extends
AbstractBusClientServerTestBase {
@org.junit.Test
public void testAuthorizationCodeOAuth() throws Exception {
String address = "https://localhost:" + port + "/services/";
- WebClient client = WebClient.create(address,
OAuth2TestUtils.setupProviders(),
- "alice", "security", null);
- // Save the Cookie for the second request...
- WebClient.getConfig(client).getRequestContext().put(
- org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+ String code = null;
- // Get Authorization Code
- String code = OAuth2TestUtils.getAuthorizationCode(client,
"read_balance");
- assertNotNull(code);
+ try (WebClient client = WebClient.create(address,
OAuth2TestUtils.setupProviders(),
+ "alice", "security", null)) {
+ // Save the Cookie for the second request...
+ WebClient.getConfig(client).getRequestContext().put(
+ org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+
+ // Get Authorization Code
+ code = OAuth2TestUtils.getAuthorizationCode(client,
"read_balance");
+ assertNotNull(code);
+ }
// Now get the access token
- client = WebClient.create(address, "consumer-id", "this-is-a-secret",
null);
-
- ClientAccessToken accessToken =
- OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code);
- assertNotNull(accessToken.getTokenKey());
- // We should not have an IdToken here
- String idToken = accessToken.getParameters().get("id_token");
- assertNull(idToken);
- assertFalse(accessToken.getApprovedScope().contains("openid"));
-
- if (isAccessTokenInJWTFormat()) {
- validateAccessToken(accessToken.getTokenKey());
+ try (WebClient client = WebClient.create(address, "consumer-id",
"this-is-a-secret", null)) {
+ ClientAccessToken accessToken =
+ OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client,
code);
+ assertNotNull(accessToken.getTokenKey());
+ // We should not have an IdToken here
+ String idToken = accessToken.getParameters().get("id_token");
+ assertNull(idToken);
+ assertFalse(accessToken.getApprovedScope().contains("openid"));
+
+ if (isAccessTokenInJWTFormat()) {
+ validateAccessToken(accessToken.getTokenKey());
+ }
}
}
@org.junit.Test
public void testAuthorizationCodeFlowWithNonce() throws Exception {
String address = "https://localhost:" + port + "/services/";
- WebClient client = WebClient.create(address,
OAuth2TestUtils.setupProviders(),
- "alice", "security", null);
- // Save the Cookie for the second request...
- WebClient.getConfig(client).getRequestContext().put(
- org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
-
- // Get Authorization Code
- String code = OAuth2TestUtils.getAuthorizationCode(client, "openid",
"consumer-id",
- "123456789", null);
- assertNotNull(code);
+ String code = null;
+
+ try (WebClient client = WebClient.create(address,
OAuth2TestUtils.setupProviders(),
+ "alice", "security", null)) {
+ // Save the Cookie for the second request...
+ WebClient.getConfig(client).getRequestContext().put(
+ org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+
+ // Get Authorization Code
+ code = OAuth2TestUtils.getAuthorizationCode(client, "openid",
"consumer-id",
+ "123456789",
null);
+ assertNotNull(code);
+ }
// Now get the access token
- client = WebClient.create(address, "consumer-id", "this-is-a-secret",
null);
-
- ClientAccessToken accessToken =
- OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code);
- assertNotNull(accessToken.getTokenKey());
- assertTrue(accessToken.getApprovedScope().contains("openid"));
-
- String idToken = accessToken.getParameters().get("id_token");
- assertNotNull(idToken);
- validateIdToken(idToken, "123456789");
-
- if (isAccessTokenInJWTFormat()) {
- validateAccessToken(accessToken.getTokenKey());
+ try (WebClient client = WebClient.create(address, "consumer-id",
"this-is-a-secret", null)) {
+ ClientAccessToken accessToken =
+ OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client,
code);
+ assertNotNull(accessToken.getTokenKey());
+ assertTrue(accessToken.getApprovedScope().contains("openid"));
+
+ String idToken = accessToken.getParameters().get("id_token");
+ assertNotNull(idToken);
+ validateIdToken(idToken, "123456789");
+
+ if (isAccessTokenInJWTFormat()) {
+ validateAccessToken(accessToken.getTokenKey());
+ }
}
}
@org.junit.Test
public void testAuthorizationCodeFlowWithScope() throws Exception {
String address = "https://localhost:" + port + "/services/";
- WebClient client = WebClient.create(address,
OAuth2TestUtils.setupProviders(),
- "alice", "security", null);
- // Save the Cookie for the second request...
- WebClient.getConfig(client).getRequestContext().put(
- org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+ String code = null;
- // Get Authorization Code
- String code = OAuth2TestUtils.getAuthorizationCode(client, "openid
read_balance");
- assertNotNull(code);
+ try (WebClient client = WebClient.create(address,
OAuth2TestUtils.setupProviders(),
+ "alice", "security", null)) {
+ // Save the Cookie for the second request...
+ WebClient.getConfig(client).getRequestContext().put(
+ org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+
+ // Get Authorization Code
+ code = OAuth2TestUtils.getAuthorizationCode(client, "openid
read_balance");
+ assertNotNull(code);
+ }
// Now get the access token
- client = WebClient.create(address, "consumer-id", "this-is-a-secret",
null);
-
- ClientAccessToken accessToken =
- OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code);
- assertNotNull(accessToken.getTokenKey());
- assertTrue(accessToken.getApprovedScope().contains("openid"));
- assertTrue(accessToken.getApprovedScope().contains("read_balance"));
-
- String idToken = accessToken.getParameters().get("id_token");
- assertNotNull(idToken);
- validateIdToken(idToken, null);
-
- if (isAccessTokenInJWTFormat()) {
- validateAccessToken(accessToken.getTokenKey());
+ try (WebClient client = WebClient.create(address, "consumer-id",
"this-is-a-secret", null)) {
+ ClientAccessToken accessToken =
+ OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client,
code);
+ assertNotNull(accessToken.getTokenKey());
+ assertTrue(accessToken.getApprovedScope().contains("openid"));
+
assertTrue(accessToken.getApprovedScope().contains("read_balance"));
+
+ String idToken = accessToken.getParameters().get("id_token");
+ assertNotNull(idToken);
+ validateIdToken(idToken, null);
+
+ if (isAccessTokenInJWTFormat()) {
+ validateAccessToken(accessToken.getTokenKey());
+ }
}
}
@org.junit.Test
public void testAuthorizationCodeFlowWithRefresh() throws Exception {
String address = "https://localhost:" + port + "/services/";
- WebClient client = WebClient.create(address,
OAuth2TestUtils.setupProviders(),
- "alice", "security", null);
- // Save the Cookie for the second request...
- WebClient.getConfig(client).getRequestContext().put(
- org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
-
- // Get Authorization Code
- String code = OAuth2TestUtils.getAuthorizationCode(client, "openid");
- assertNotNull(code);
+ String code = null;
+ String idToken = null;
+ ClientAccessToken accessToken = null;
+
+ try (WebClient client = WebClient.create(address,
OAuth2TestUtils.setupProviders(),
+ "alice", "security", null)) {
+ // Save the Cookie for the second request...
+ WebClient.getConfig(client).getRequestContext().put(
+ org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+
+ // Get Authorization Code
+ code = OAuth2TestUtils.getAuthorizationCode(client, "openid");
+ assertNotNull(code);
+ }
+
// Now get the access token
- client = WebClient.create(address, "consumer-id", "this-is-a-secret",
null);
-
- ClientAccessToken accessToken =
- OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code);
- assertNotNull(accessToken.getTokenKey());
- assertTrue(accessToken.getApprovedScope().contains("openid"));
- assertNotNull(accessToken.getRefreshToken());
-
- String idToken = accessToken.getParameters().get("id_token");
- assertNotNull(idToken);
- validateIdToken(idToken, null);
-
- // Refresh the access token
- client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
- "consumer-id", "this-is-a-secret", null);
- client.path("token");
-
client.type("application/x-www-form-urlencoded").accept("application/json");
-
- Form form = new Form();
- form.param("grant_type", "refresh_token");
- form.param("refresh_token", accessToken.getRefreshToken());
- form.param("client_id", "consumer-id");
- form.param("scope", "openid");
- Response response = client.post(form);
-
- accessToken = response.readEntity(ClientAccessToken.class);
- assertNotNull(accessToken.getTokenKey());
- assertNotNull(accessToken.getRefreshToken());
- assertNotNull(accessToken.getParameters().get("id_token"));
- assertNotNull(idToken);
-
- if (isAccessTokenInJWTFormat()) {
- validateAccessToken(accessToken.getTokenKey());
+ try (WebClient client = WebClient.create(address, "consumer-id",
"this-is-a-secret", null)) {
+ accessToken =
OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code);
+ assertNotNull(accessToken.getTokenKey());
+ assertTrue(accessToken.getApprovedScope().contains("openid"));
+ assertNotNull(accessToken.getRefreshToken());
+
+ idToken = accessToken.getParameters().get("id_token");
+ assertNotNull(idToken);
+ validateIdToken(idToken, null);
+ }
+
+ // Refresh the access token
+ try (WebClient client = WebClient.create(address,
OAuth2TestUtils.setupProviders(),
+ "consumer-id", "this-is-a-secret", null)) {
+ client.path("token");
+
client.type("application/x-www-form-urlencoded").accept("application/json");
+
+ Form form = new Form();
+ form.param("grant_type", "refresh_token");
+ form.param("refresh_token", accessToken.getRefreshToken());
+ form.param("client_id", "consumer-id");
+ form.param("scope", "openid");
+ try (Response response = client.post(form)) {
+ accessToken = response.readEntity(ClientAccessToken.class);
+
+ assertNotNull(accessToken.getTokenKey());
+ assertNotNull(accessToken.getRefreshToken());
+ assertNotNull(accessToken.getParameters().get("id_token"));
+ assertNotNull(idToken);
+
+ if (isAccessTokenInJWTFormat()) {
+ validateAccessToken(accessToken.getTokenKey());
+ }
+ }
}
}
@org.junit.Test
public void testAuthorizationCodeFlowWithState() throws Exception {
String address = "https://localhost:" + port + "/services/";
- WebClient client = WebClient.create(address,
OAuth2TestUtils.setupProviders(),
- "alice", "security", null);
- // Save the Cookie for the second request...
- WebClient.getConfig(client).getRequestContext().put(
- org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+ String code = null;
- // Get Authorization Code
- String code = OAuth2TestUtils.getAuthorizationCode(client, "openid",
"consumer-id",
- null, "123456789");
- assertNotNull(code);
+ try (WebClient client = WebClient.create(address,
OAuth2TestUtils.setupProviders(),
+ "alice", "security", null)) {
+ // Save the Cookie for the second request...
+ WebClient.getConfig(client).getRequestContext().put(
+ org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+
+ // Get Authorization Code
+ code = OAuth2TestUtils.getAuthorizationCode(client, "openid",
"consumer-id",
+ null,
"123456789");
+ assertNotNull(code);
+ }
// Now get the access token
- client = WebClient.create(address, "consumer-id", "this-is-a-secret",
null);
-
- ClientAccessToken accessToken =
- OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code);
- assertNotNull(accessToken.getTokenKey());
- assertTrue(accessToken.getApprovedScope().contains("openid"));
-
- String idToken = accessToken.getParameters().get("id_token");
- assertNotNull(idToken);
- validateIdToken(idToken, null);
-
- if (isAccessTokenInJWTFormat()) {
- validateAccessToken(accessToken.getTokenKey());
+ try (WebClient client = WebClient.create(address, "consumer-id",
"this-is-a-secret", null)) {
+ ClientAccessToken accessToken =
+ OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client,
code);
+ assertNotNull(accessToken.getTokenKey());
+ assertTrue(accessToken.getApprovedScope().contains("openid"));
+
+ String idToken = accessToken.getParameters().get("id_token");
+ assertNotNull(idToken);
+ validateIdToken(idToken, null);
+
+ if (isAccessTokenInJWTFormat()) {
+ validateAccessToken(accessToken.getTokenKey());
+ }
}
}
@org.junit.Test
public void testAuthorizationCodeFlowWithAudience() throws Exception {
String address = "https://localhost:" + port + "/services/";
- WebClient client = WebClient.create(address,
OAuth2TestUtils.setupProviders(),
- "alice", "security", null);
- // Save the Cookie for the second request...
- WebClient.getConfig(client).getRequestContext().put(
- org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+ String code = null;
- // Get Authorization Code
- String code = OAuth2TestUtils.getAuthorizationCode(client, "openid",
"consumer-id-aud",
- null, null);
- assertNotNull(code);
+ try (WebClient client = WebClient.create(address,
OAuth2TestUtils.setupProviders(),
+ "alice", "security", null)) {
+ // Save the Cookie for the second request...
+ WebClient.getConfig(client).getRequestContext().put(
+ org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+
+ // Get Authorization Code
+ code = OAuth2TestUtils.getAuthorizationCode(client, "openid",
"consumer-id-aud",
+ null, null);
+ assertNotNull(code);
+ }
// Now get the access token
- client = WebClient.create(address, "consumer-id-aud",
"this-is-a-secret", null);
-
- String audience = "https://localhost:" + port +
"/secured/bookstore/books";
- ClientAccessToken accessToken =
- OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code,
"consumer-id-aud", audience);
- assertNotNull(accessToken.getTokenKey());
-
- if (isAccessTokenInJWTFormat()) {
- validateAccessToken(accessToken.getTokenKey());
+ try (WebClient client = WebClient.create(address, "consumer-id-aud",
"this-is-a-secret", null)) {
+ String audience = "https://localhost:" + port +
"/secured/bookstore/books";
+ ClientAccessToken accessToken =
+ OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client,
code, "consumer-id-aud", audience);
+ assertNotNull(accessToken.getTokenKey());
+
+ if (isAccessTokenInJWTFormat()) {
+ validateAccessToken(accessToken.getTokenKey());
+ }
}
}
@org.junit.Test
public void testAuthorizationCodeFlowWithPKCE() throws Exception {
String address = "https://localhost:" + port + "/services/";
- WebClient client = WebClient.create(address,
OAuth2TestUtils.setupProviders(),
- "alice", "security", null);
- // Save the Cookie for the second request...
- WebClient.getConfig(client).getRequestContext().put(
- org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
-
- // Get Authorization Code
- AuthorizationCodeParameters parameters = new
AuthorizationCodeParameters();
- parameters.setConsumerId("consumer-id");
- parameters.setScope(OidcUtils.OPENID_SCOPE);
- parameters.setResponseType(OAuthConstants.CODE_RESPONSE_TYPE);
- parameters.setPath("authorize/");
String codeVerifier =
Base64UrlUtility.encode(CryptoUtils.generateSecureRandomBytes(32));
- CodeVerifierTransformer transformer = new DigestCodeVerifier();
-
parameters.setCodeChallenge(transformer.transformCodeVerifier(codeVerifier));
- parameters.setCodeChallengeMethod(transformer.getChallengeMethod());
+ String code = null;
- String location = OAuth2TestUtils.getLocation(client, parameters);
- String code = OAuth2TestUtils.getSubstring(location, "code");
-
- assertNotNull(code);
+ try (WebClient client = WebClient.create(address,
OAuth2TestUtils.setupProviders(),
+ "alice", "security", null)) {
+ // Save the Cookie for the second request...
+ WebClient.getConfig(client).getRequestContext().put(
+ org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+
+ // Get Authorization Code
+ AuthorizationCodeParameters parameters = new
AuthorizationCodeParameters();
+ parameters.setConsumerId("consumer-id");
+ parameters.setScope(OidcUtils.OPENID_SCOPE);
+ parameters.setResponseType(OAuthConstants.CODE_RESPONSE_TYPE);
+ parameters.setPath("authorize/");
+ CodeVerifierTransformer transformer = new DigestCodeVerifier();
+
parameters.setCodeChallenge(transformer.transformCodeVerifier(codeVerifier));
+
parameters.setCodeChallengeMethod(transformer.getChallengeMethod());
+
+ String location = OAuth2TestUtils.getLocation(client, parameters);
+ code = OAuth2TestUtils.getSubstring(location, "code");
+
+ assertNotNull(code);
+ }
// Now get the access token
- client = WebClient.create(address, "consumer-id", "this-is-a-secret",
null);
-
- ClientAccessToken accessToken =
- OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code,
"consumer-id", null, codeVerifier);
- assertNotNull(accessToken.getTokenKey());
-
- if (isAccessTokenInJWTFormat()) {
- validateAccessToken(accessToken.getTokenKey());
+ try (WebClient client = WebClient.create(address, "consumer-id",
"this-is-a-secret", null)) {
+ ClientAccessToken accessToken =
+ OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client,
code, "consumer-id", null, codeVerifier);
+ assertNotNull(accessToken.getTokenKey());
+
+ if (isAccessTokenInJWTFormat()) {
+ validateAccessToken(accessToken.getTokenKey());
+ }
}
}
@org.junit.Test
public void testImplicitFlow() throws Exception {
String address = "https://localhost:" + port + "/services/";
- WebClient client = WebClient.create(address,
OAuth2TestUtils.setupProviders(),
- "alice", "security", null);
- // Save the Cookie for the second request...
- WebClient.getConfig(client).getRequestContext().put(
- org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
-
- // Get Access Token
- client.type("application/json").accept("application/json");
- client.query("client_id", "consumer-id");
- client.query("redirect_uri", "http://www.blah.apache.org");
- client.query("scope", "openid");
- client.query("response_type", "id_token token");
- client.query("nonce", "123456789");
- client.path("authorize-implicit/");
- Response response = client.get();
-
- OAuthAuthorizationData authzData =
response.readEntity(OAuthAuthorizationData.class);
-
- // Now call "decision" to get the access token
- client.path("decision");
- client.type("application/x-www-form-urlencoded");
-
- Form form = new Form();
- form.param("session_authenticity_token",
authzData.getAuthenticityToken());
- form.param("client_id", authzData.getClientId());
- form.param("redirect_uri", authzData.getRedirectUri());
- form.param("scope", authzData.getProposedScope());
- if (authzData.getResponseType() != null) {
- form.param("response_type", authzData.getResponseType());
- }
- if (authzData.getNonce() != null) {
- form.param("nonce", authzData.getNonce());
- }
- form.param("oauthDecision", "allow");
-
- response = client.post(form);
-
- String location = response.getHeaderString("Location");
-
- // Check Access Token
- String accessToken = OAuth2TestUtils.getSubstring(location,
"access_token");
- assertNotNull(accessToken);
-
- // Check IdToken
- String idToken = OAuth2TestUtils.getSubstring(location, "id_token");
- assertNotNull(idToken);
- validateIdToken(idToken, null);
-
- JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(idToken);
- JwtToken jwt = jwtConsumer.getJwtToken();
-
assertNotNull(jwt.getClaims().getClaim(IdToken.ACCESS_TOKEN_HASH_CLAIM));
- assertNotNull(jwt.getClaims().getClaim(IdToken.NONCE_CLAIM));
- OidcUtils.validateAccessTokenHash(accessToken, jwt, true);
-
- if (isAccessTokenInJWTFormat()) {
- validateAccessToken(accessToken);
+ try (WebClient client = WebClient.create(address,
OAuth2TestUtils.setupProviders(),
+ "alice", "security", null)) {
+ // Save the Cookie for the second request...
+ WebClient.getConfig(client).getRequestContext().put(
+ org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+
+ // Get Access Token
+ client.type("application/json").accept("application/json");
+ client.query("client_id", "consumer-id");
+ client.query("redirect_uri", "http://www.blah.apache.org");
+ client.query("scope", "openid");
+ client.query("response_type", "id_token token");
+ client.query("nonce", "123456789");
+ client.path("authorize-implicit/");
+
+ OAuthAuthorizationData authzData = null;
+ try (Response response = client.get()) {
+ authzData = response.readEntity(OAuthAuthorizationData.class);
+ }
+
+ // Now call "decision" to get the access token
+ client.path("decision");
+ client.type("application/x-www-form-urlencoded");
+
+ Form form = new Form();
+ form.param("session_authenticity_token",
authzData.getAuthenticityToken());
+ form.param("client_id", authzData.getClientId());
+ form.param("redirect_uri", authzData.getRedirectUri());
+ form.param("scope", authzData.getProposedScope());
+ if (authzData.getResponseType() != null) {
+ form.param("response_type", authzData.getResponseType());
+ }
+ if (authzData.getNonce() != null) {
+ form.param("nonce", authzData.getNonce());
+ }
+ form.param("oauthDecision", "allow");
+
+ try (Response response = client.post(form)) {
+ String location = response.getHeaderString("Location");
+
+ // Check Access Token
+ String accessToken = OAuth2TestUtils.getSubstring(location,
"access_token");
+ assertNotNull(accessToken);
+
+ // Check IdToken
+ String idToken = OAuth2TestUtils.getSubstring(location,
"id_token");
+ assertNotNull(idToken);
+ validateIdToken(idToken, null);
+
+ JwsJwtCompactConsumer jwtConsumer = new
JwsJwtCompactConsumer(idToken);
+ JwtToken jwt = jwtConsumer.getJwtToken();
+
assertNotNull(jwt.getClaims().getClaim(IdToken.ACCESS_TOKEN_HASH_CLAIM));
+ assertNotNull(jwt.getClaims().getClaim(IdToken.NONCE_CLAIM));
+ OidcUtils.validateAccessTokenHash(accessToken, jwt, true);
+
+ if (isAccessTokenInJWTFormat()) {
+ validateAccessToken(accessToken);
+ }
+ }
}
}
@@ -512,451 +545,485 @@ public class OIDCFlowTest extends
AbstractBusClientServerTestBase {
@org.junit.Test
public void testImplicitFlowPOST() throws Exception {
String address = "https://localhost:" + port + "/services/";
- WebClient client = WebClient.create(address,
OAuth2TestUtils.setupProviders(),
- "alice", "security", null);
- // Save the Cookie for the second request...
- WebClient.getConfig(client).getRequestContext().put(
- org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
-
- // Get Access Token
- client.type("application/x-www-form-urlencoded");
-
- client.path("authorize-implicit/");
-
- Form form = new Form();
- form.param("client_id", "consumer-id");
- form.param("scope", "openid");
- form.param("redirect_uri", "http://www.blah.apache.org");
- form.param("response_type", "id_token token");
- form.param("nonce", "123456789");
- Response response = client.post(form);
-
- OAuthAuthorizationData authzData =
response.readEntity(OAuthAuthorizationData.class);
-
- // Now call "decision" to get the access token
- client.path("decision");
- client.type("application/x-www-form-urlencoded");
-
- form = new Form();
- form.param("session_authenticity_token",
authzData.getAuthenticityToken());
- form.param("client_id", authzData.getClientId());
- form.param("redirect_uri", authzData.getRedirectUri());
- form.param("scope", authzData.getProposedScope());
- if (authzData.getResponseType() != null) {
- form.param("response_type", authzData.getResponseType());
- }
- if (authzData.getNonce() != null) {
- form.param("nonce", authzData.getNonce());
- }
- form.param("oauthDecision", "allow");
-
- response = client.post(form);
-
- String location = response.getHeaderString("Location");
-
- // Check Access Token
- String accessToken = OAuth2TestUtils.getSubstring(location,
"access_token");
- assertNotNull(accessToken);
-
- // Check IdToken
- String idToken = OAuth2TestUtils.getSubstring(location, "id_token");
- assertNotNull(idToken);
- validateIdToken(idToken, null);
-
- JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(idToken);
- JwtToken jwt = jwtConsumer.getJwtToken();
-
assertNotNull(jwt.getClaims().getClaim(IdToken.ACCESS_TOKEN_HASH_CLAIM));
- assertNotNull(jwt.getClaims().getClaim(IdToken.NONCE_CLAIM));
- OidcUtils.validateAccessTokenHash(accessToken, jwt, true);
-
- if (isAccessTokenInJWTFormat()) {
- validateAccessToken(accessToken);
+ try (WebClient client = WebClient.create(address,
OAuth2TestUtils.setupProviders(),
+ "alice", "security", null)) {
+ // Save the Cookie for the second request...
+ WebClient.getConfig(client).getRequestContext().put(
+ org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+
+ // Get Access Token
+ client.type("application/x-www-form-urlencoded");
+
+ client.path("authorize-implicit/");
+
+ Form form = new Form();
+ form.param("client_id", "consumer-id");
+ form.param("scope", "openid");
+ form.param("redirect_uri", "http://www.blah.apache.org");
+ form.param("response_type", "id_token token");
+ form.param("nonce", "123456789");
+
+ OAuthAuthorizationData authzData = null;
+ try (Response response = client.post(form)) {
+ authzData = response.readEntity(OAuthAuthorizationData.class);
+ }
+
+ // Now call "decision" to get the access token
+ client.path("decision");
+ client.type("application/x-www-form-urlencoded");
+
+ form = new Form();
+ form.param("session_authenticity_token",
authzData.getAuthenticityToken());
+ form.param("client_id", authzData.getClientId());
+ form.param("redirect_uri", authzData.getRedirectUri());
+ form.param("scope", authzData.getProposedScope());
+ if (authzData.getResponseType() != null) {
+ form.param("response_type", authzData.getResponseType());
+ }
+ if (authzData.getNonce() != null) {
+ form.param("nonce", authzData.getNonce());
+ }
+ form.param("oauthDecision", "allow");
+
+ try (Response response = client.post(form)) {
+ String location = response.getHeaderString("Location");
+
+ // Check Access Token
+ String accessToken = OAuth2TestUtils.getSubstring(location,
"access_token");
+ assertNotNull(accessToken);
+
+ // Check IdToken
+ String idToken = OAuth2TestUtils.getSubstring(location,
"id_token");
+ assertNotNull(idToken);
+ validateIdToken(idToken, null);
+
+ JwsJwtCompactConsumer jwtConsumer = new
JwsJwtCompactConsumer(idToken);
+ JwtToken jwt = jwtConsumer.getJwtToken();
+
assertNotNull(jwt.getClaims().getClaim(IdToken.ACCESS_TOKEN_HASH_CLAIM));
+ assertNotNull(jwt.getClaims().getClaim(IdToken.NONCE_CLAIM));
+ OidcUtils.validateAccessTokenHash(accessToken, jwt, true);
+
+ if (isAccessTokenInJWTFormat()) {
+ validateAccessToken(accessToken);
+ }
+ }
}
}
@org.junit.Test
public void testImplicitFlowNoAccessToken() throws Exception {
String address = "https://localhost:" + port + "/services/";
- WebClient client = WebClient.create(address,
OAuth2TestUtils.setupProviders(),
- "alice", "security", null);
- // Save the Cookie for the second request...
- WebClient.getConfig(client).getRequestContext().put(
- org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
-
- // Get Access Token
- client.type("application/json").accept("application/json");
- client.query("client_id", "consumer-id");
- client.query("redirect_uri", "http://www.blah.apache.org");
- client.query("scope", "openid");
- client.query("response_type", "id_token");
- client.query("nonce", "123456789");
- client.path("authorize-implicit/");
- Response response = client.get();
-
- OAuthAuthorizationData authzData =
response.readEntity(OAuthAuthorizationData.class);
-
- // Now call "decision" to get the access token
- client.path("decision");
- client.type("application/x-www-form-urlencoded");
-
- Form form = new Form();
- form.param("session_authenticity_token",
authzData.getAuthenticityToken());
- form.param("client_id", authzData.getClientId());
- form.param("redirect_uri", authzData.getRedirectUri());
- form.param("scope", authzData.getProposedScope());
- if (authzData.getResponseType() != null) {
- form.param("response_type", authzData.getResponseType());
- }
- if (authzData.getNonce() != null) {
- form.param("nonce", authzData.getNonce());
+ try (WebClient client = WebClient.create(address,
OAuth2TestUtils.setupProviders(),
+ "alice", "security", null)) {
+ // Save the Cookie for the second request...
+ WebClient.getConfig(client).getRequestContext().put(
+ org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+
+ // Get Access Token
+ client.type("application/json").accept("application/json");
+ client.query("client_id", "consumer-id");
+ client.query("redirect_uri", "http://www.blah.apache.org");
+ client.query("scope", "openid");
+ client.query("response_type", "id_token");
+ client.query("nonce", "123456789");
+ client.path("authorize-implicit/");
+
+ OAuthAuthorizationData authzData = null;
+ try (Response response = client.get()) {
+ authzData = response.readEntity(OAuthAuthorizationData.class);
+ }
+
+ // Now call "decision" to get the access token
+ client.path("decision");
+ client.type("application/x-www-form-urlencoded");
+
+ Form form = new Form();
+ form.param("session_authenticity_token",
authzData.getAuthenticityToken());
+ form.param("client_id", authzData.getClientId());
+ form.param("redirect_uri", authzData.getRedirectUri());
+ form.param("scope", authzData.getProposedScope());
+ if (authzData.getResponseType() != null) {
+ form.param("response_type", authzData.getResponseType());
+ }
+ if (authzData.getNonce() != null) {
+ form.param("nonce", authzData.getNonce());
+ }
+ form.param("oauthDecision", "allow");
+
+ try (Response response = client.post(form)) {
+ String location = response.getHeaderString("Location");
+
+ // Check Access Token - it should not be present
+ String accessToken = OAuth2TestUtils.getSubstring(location,
"access_token");
+ assertNull(accessToken);
+
+ // Check IdToken
+ String idToken = OAuth2TestUtils.getSubstring(location,
"id_token");
+ assertNotNull(idToken);
+ validateIdToken(idToken, null);
+
+ JwsJwtCompactConsumer jwtConsumer = new
JwsJwtCompactConsumer(idToken);
+ JwtToken jwt = jwtConsumer.getJwtToken();
+
assertNull(jwt.getClaims().getClaim(IdToken.ACCESS_TOKEN_HASH_CLAIM));
+ assertNotNull(jwt.getClaims().getClaim(IdToken.NONCE_CLAIM));
+ }
}
- form.param("oauthDecision", "allow");
-
- response = client.post(form);
-
- String location = response.getHeaderString("Location");
-
- // Check Access Token - it should not be present
- String accessToken = OAuth2TestUtils.getSubstring(location,
"access_token");
- assertNull(accessToken);
-
- // Check IdToken
- String idToken = OAuth2TestUtils.getSubstring(location, "id_token");
- assertNotNull(idToken);
- validateIdToken(idToken, null);
-
- JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(idToken);
- JwtToken jwt = jwtConsumer.getJwtToken();
- assertNull(jwt.getClaims().getClaim(IdToken.ACCESS_TOKEN_HASH_CLAIM));
- assertNotNull(jwt.getClaims().getClaim(IdToken.NONCE_CLAIM));
}
@org.junit.Test
public void testHybridCodeIdToken() throws Exception {
String address = "https://localhost:" + port + "/services/";
- WebClient client = WebClient.create(address,
OAuth2TestUtils.setupProviders(),
- "alice", "security", null);
-
WebClient.getConfig(client).getHttpConduit().getClient().setReceiveTimeout(100000000);
- // Save the Cookie for the second request...
- WebClient.getConfig(client).getRequestContext().put(
- org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
-
- // Get location
- AuthorizationCodeParameters parameters = new
AuthorizationCodeParameters();
- parameters.setConsumerId("consumer-id");
- parameters.setScope("openid");
- parameters.setNonce("123456789");
- parameters.setResponseType("code id_token");
- parameters.setPath("authorize-hybrid/");
-
- String location = OAuth2TestUtils.getLocation(client, parameters);
- assertNotNull(location);
-
- // Check code
- String code = OAuth2TestUtils.getSubstring(location, "code");
- assertNotNull(code);
-
- // Check id_token
- String idToken = OAuth2TestUtils.getSubstring(location, "id_token");
- assertNotNull(idToken);
- validateIdToken(idToken, "123456789");
- // check the code hash is returned from the implicit authorization
endpoint
- JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(idToken);
- JwtToken jwt = jwtConsumer.getJwtToken();
- assertNotNull(jwt.getClaims().getClaim(IdToken.AUTH_CODE_HASH_CLAIM));
+ String idToken = null;
+ String code = null;
+
+ try (WebClient client = WebClient.create(address,
OAuth2TestUtils.setupProviders(),
+ "alice", "security", null)) {
+
WebClient.getConfig(client).getHttpConduit().getClient().setReceiveTimeout(100000000);
+ // Save the Cookie for the second request...
+ WebClient.getConfig(client).getRequestContext().put(
+ org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+
+ // Get location
+ AuthorizationCodeParameters parameters = new
AuthorizationCodeParameters();
+ parameters.setConsumerId("consumer-id");
+ parameters.setScope("openid");
+ parameters.setNonce("123456789");
+ parameters.setResponseType("code id_token");
+ parameters.setPath("authorize-hybrid/");
+
+ String location = OAuth2TestUtils.getLocation(client, parameters);
+ assertNotNull(location);
+
+ // Check code
+ code = OAuth2TestUtils.getSubstring(location, "code");
+ assertNotNull(code);
+
+ // Check id_token
+ idToken = OAuth2TestUtils.getSubstring(location, "id_token");
+ assertNotNull(idToken);
+ validateIdToken(idToken, "123456789");
+ // check the code hash is returned from the implicit authorization
endpoint
+ JwsJwtCompactConsumer jwtConsumer = new
JwsJwtCompactConsumer(idToken);
+ JwtToken jwt = jwtConsumer.getJwtToken();
+
assertNotNull(jwt.getClaims().getClaim(IdToken.AUTH_CODE_HASH_CLAIM));
+ }
// Now get the access token
- client = WebClient.create(address, "consumer-id", "this-is-a-secret",
null);
-
- ClientAccessToken accessToken =
- OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code);
- assertNotNull(accessToken.getTokenKey());
- assertTrue(accessToken.getApprovedScope().contains("openid"));
- assertEquals(OidcUtils.CODE_ID_TOKEN_RESPONSE_TYPE,
-
accessToken.getParameters().get(OAuthConstants.RESPONSE_TYPE));
-
- // Check id_token from the token endpoint
- idToken = accessToken.getParameters().get("id_token");
- assertNotNull(idToken);
- validateIdToken(idToken, null);
- // check the code hash is returned from the token endpoint
- jwtConsumer = new JwsJwtCompactConsumer(idToken);
- jwt = jwtConsumer.getJwtToken();
- assertNotNull(jwt.getClaims().getClaim(IdToken.AUTH_CODE_HASH_CLAIM));
-
- if (isAccessTokenInJWTFormat()) {
- validateAccessToken(accessToken.getTokenKey());
+ try (WebClient client = WebClient.create(address, "consumer-id",
"this-is-a-secret", null)) {
+ ClientAccessToken accessToken =
+ OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client,
code);
+ assertNotNull(accessToken.getTokenKey());
+ assertTrue(accessToken.getApprovedScope().contains("openid"));
+ assertEquals(OidcUtils.CODE_ID_TOKEN_RESPONSE_TYPE,
+
accessToken.getParameters().get(OAuthConstants.RESPONSE_TYPE));
+
+ // Check id_token from the token endpoint
+ idToken = accessToken.getParameters().get("id_token");
+ assertNotNull(idToken);
+ validateIdToken(idToken, null);
+ // check the code hash is returned from the token endpoint
+ JwsJwtCompactConsumer jwtConsumer = new
JwsJwtCompactConsumer(idToken);
+ JwtToken jwt = jwtConsumer.getJwtToken();
+
assertNotNull(jwt.getClaims().getClaim(IdToken.AUTH_CODE_HASH_CLAIM));
+
+ if (isAccessTokenInJWTFormat()) {
+ validateAccessToken(accessToken.getTokenKey());
+ }
}
}
@org.junit.Test
public void testHybridCodeToken() throws Exception {
String address = "https://localhost:" + port + "/services/";
- WebClient client = WebClient.create(address,
OAuth2TestUtils.setupProviders(),
- "alice", "security", null);
- // Save the Cookie for the second request...
- WebClient.getConfig(client).getRequestContext().put(
- org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
-
- // Get location
- AuthorizationCodeParameters parameters = new
AuthorizationCodeParameters();
- parameters.setConsumerId("consumer-id");
- parameters.setScope("openid");
- parameters.setNonce("123456789");
- parameters.setResponseType("code token");
- parameters.setPath("authorize-hybrid/");
-
- String location = OAuth2TestUtils.getLocation(client, parameters);
- assertNotNull(location);
-
- // Check code
- String code = OAuth2TestUtils.getSubstring(location, "code");
- assertNotNull(code);
-
- // Check id_token
- String idToken = OAuth2TestUtils.getSubstring(location, "id_token");
- assertNull(idToken);
-
- // Check Access Token
- String implicitAccessToken = OAuth2TestUtils.getSubstring(location,
"access_token");
- assertNotNull(implicitAccessToken);
-
- idToken = OAuth2TestUtils.getSubstring(location, "id_token");
- assertNull(idToken);
-
- // Now get the access token with the code
- client = WebClient.create(address, "consumer-id", "this-is-a-secret",
null);
-
- ClientAccessToken accessToken =
- OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code);
- assertNotNull(accessToken.getTokenKey());
- assertTrue(accessToken.getApprovedScope().contains("openid"));
-
- // Check id_token from the token endpoint
- idToken = accessToken.getParameters().get("id_token");
- assertNotNull(idToken);
- validateIdToken(idToken, null);
- // check the code hash is returned from the token endpoint
- JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(idToken);
- // returning c_hash in the id_token returned after exchanging the code
is optional
-
assertNull(jwtConsumer.getJwtClaims().getClaim(IdToken.AUTH_CODE_HASH_CLAIM));
-
- if (isAccessTokenInJWTFormat()) {
- validateAccessToken(accessToken.getTokenKey());
+ String idToken = null;
+ String code = null;
+
+ try (WebClient client = WebClient.create(address,
OAuth2TestUtils.setupProviders(),
+ "alice", "security", null)) {
+ // Save the Cookie for the second request...
+ WebClient.getConfig(client).getRequestContext().put(
+ org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+
+ // Get location
+ AuthorizationCodeParameters parameters = new
AuthorizationCodeParameters();
+ parameters.setConsumerId("consumer-id");
+ parameters.setScope("openid");
+ parameters.setNonce("123456789");
+ parameters.setResponseType("code token");
+ parameters.setPath("authorize-hybrid/");
+
+ String location = OAuth2TestUtils.getLocation(client, parameters);
+ assertNotNull(location);
+
+ // Check code
+ code = OAuth2TestUtils.getSubstring(location, "code");
+ assertNotNull(code);
+
+ // Check id_token
+ idToken = OAuth2TestUtils.getSubstring(location, "id_token");
+ assertNull(idToken);
+
+ // Check Access Token
+ String implicitAccessToken =
OAuth2TestUtils.getSubstring(location, "access_token");
+ assertNotNull(implicitAccessToken);
+
+ idToken = OAuth2TestUtils.getSubstring(location, "id_token");
+ assertNull(idToken);
+ }
+
+ // Now get the access token with the code
+ try (WebClient client = WebClient.create(address, "consumer-id",
"this-is-a-secret", null)) {
+ ClientAccessToken accessToken =
+ OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client,
code);
+ assertNotNull(accessToken.getTokenKey());
+ assertTrue(accessToken.getApprovedScope().contains("openid"));
+
+ // Check id_token from the token endpoint
+ idToken = accessToken.getParameters().get("id_token");
+ assertNotNull(idToken);
+ validateIdToken(idToken, null);
+ // check the code hash is returned from the token endpoint
+ JwsJwtCompactConsumer jwtConsumer = new
JwsJwtCompactConsumer(idToken);
+ // returning c_hash in the id_token returned after exchanging the
code is optional
+
assertNull(jwtConsumer.getJwtClaims().getClaim(IdToken.AUTH_CODE_HASH_CLAIM));
+
+ if (isAccessTokenInJWTFormat()) {
+ validateAccessToken(accessToken.getTokenKey());
+ }
}
}
@org.junit.Test
public void testHybridCodeIdTokenToken() throws Exception {
String address = "https://localhost:" + port + "/services/";
- WebClient client = WebClient.create(address,
OAuth2TestUtils.setupProviders(),
- "alice", "security", null);
- // Save the Cookie for the second request...
- WebClient.getConfig(client).getRequestContext().put(
- org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
-
- // Get location
- AuthorizationCodeParameters parameters = new
AuthorizationCodeParameters();
- parameters.setConsumerId("consumer-id");
- parameters.setScope("openid");
- parameters.setNonce("123456789");
- parameters.setResponseType("code id_token token");
- parameters.setPath("authorize-hybrid/");
-
- String location = OAuth2TestUtils.getLocation(client, parameters);
- assertNotNull(location);
-
- // Check code
- String code = OAuth2TestUtils.getSubstring(location, "code");
- assertNotNull(code);
-
- // Check id_token
- String idToken = OAuth2TestUtils.getSubstring(location, "id_token");
- assertNotNull(idToken);
- validateIdToken(idToken, "123456789");
-
- // check the code hash is returned from the implicit authorization
endpoint
- JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(idToken);
- JwtToken jwt = jwtConsumer.getJwtToken();
- assertNotNull(jwt.getClaims().getClaim(IdToken.AUTH_CODE_HASH_CLAIM));
-
- // Check Access Token
- String accessToken = OAuth2TestUtils.getSubstring(location,
"access_token");
- assertNotNull(accessToken);
-
- jwtConsumer = new JwsJwtCompactConsumer(idToken);
- jwt = jwtConsumer.getJwtToken();
-
assertNotNull(jwt.getClaims().getClaim(IdToken.ACCESS_TOKEN_HASH_CLAIM));
- OidcUtils.validateAccessTokenHash(accessToken, jwt, true);
- assertNotNull(jwt.getClaims().getClaim(IdToken.AUTH_CODE_HASH_CLAIM));
-
- if (isAccessTokenInJWTFormat()) {
- validateAccessToken(accessToken);
+ try (WebClient client = WebClient.create(address,
OAuth2TestUtils.setupProviders(),
+ "alice", "security", null)) {
+ // Save the Cookie for the second request...
+ WebClient.getConfig(client).getRequestContext().put(
+ org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+
+ // Get location
+ AuthorizationCodeParameters parameters = new
AuthorizationCodeParameters();
+ parameters.setConsumerId("consumer-id");
+ parameters.setScope("openid");
+ parameters.setNonce("123456789");
+ parameters.setResponseType("code id_token token");
+ parameters.setPath("authorize-hybrid/");
+
+ String location = OAuth2TestUtils.getLocation(client, parameters);
+ assertNotNull(location);
+
+ // Check code
+ String code = OAuth2TestUtils.getSubstring(location, "code");
+ assertNotNull(code);
+
+ // Check id_token
+ String idToken = OAuth2TestUtils.getSubstring(location,
"id_token");
+ assertNotNull(idToken);
+ validateIdToken(idToken, "123456789");
+
+ // check the code hash is returned from the implicit authorization
endpoint
+ JwsJwtCompactConsumer jwtConsumer = new
JwsJwtCompactConsumer(idToken);
+ JwtToken jwt = jwtConsumer.getJwtToken();
+
assertNotNull(jwt.getClaims().getClaim(IdToken.AUTH_CODE_HASH_CLAIM));
+
+ // Check Access Token
+ String accessToken = OAuth2TestUtils.getSubstring(location,
"access_token");
+ assertNotNull(accessToken);
+
+ jwtConsumer = new JwsJwtCompactConsumer(idToken);
+ jwt = jwtConsumer.getJwtToken();
+
assertNotNull(jwt.getClaims().getClaim(IdToken.ACCESS_TOKEN_HASH_CLAIM));
+ OidcUtils.validateAccessTokenHash(accessToken, jwt, true);
+
assertNotNull(jwt.getClaims().getClaim(IdToken.AUTH_CODE_HASH_CLAIM));
+
+ if (isAccessTokenInJWTFormat()) {
+ validateAccessToken(accessToken);
+ }
}
}
@org.junit.Test
public void testAuthorizationCodeFlowUnsignedJWT() throws Exception {
String address = "https://localhost:" + port + "/unsignedjwtservices/";
- WebClient client = WebClient.create(address,
OAuth2TestUtils.setupProviders(),
- "alice", "security", null);
- // Save the Cookie for the second request...
- WebClient.getConfig(client).getRequestContext().put(
- org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
-
- JwtClaims claims = new JwtClaims();
- claims.setIssuer("consumer-id");
- claims.setIssuedAt(Instant.now().getEpochSecond());
- claims.setAudiences(
- Collections.singletonList("https://localhost:" + port +
"/unsignedjwtservices/"));
-
- JwsHeaders headers = new JwsHeaders();
- headers.setAlgorithm("none");
-
- JwtToken token = new JwtToken(headers, claims);
-
- JwsJwtCompactProducer jws = new JwsJwtCompactProducer(token);
- String request = jws.getSignedEncodedJws();
-
- // Get Authorization Code
- AuthorizationCodeParameters parameters = new
AuthorizationCodeParameters();
- parameters.setConsumerId("consumer-id");
- parameters.setScope("openid");
- parameters.setResponseType("code");
- parameters.setPath("authorize/");
- parameters.setRequest(request);
-
- String location = OAuth2TestUtils.getLocation(client, parameters);
- String code = OAuth2TestUtils.getSubstring(location, "code");
- assertNotNull(code);
+ try (WebClient client = WebClient.create(address,
OAuth2TestUtils.setupProviders(),
+ "alice", "security", null)) {
+ // Save the Cookie for the second request...
+ WebClient.getConfig(client).getRequestContext().put(
+ org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+
+ JwtClaims claims = new JwtClaims();
+ claims.setIssuer("consumer-id");
+ claims.setIssuedAt(Instant.now().getEpochSecond());
+ claims.setAudiences(
+ Collections.singletonList("https://localhost:" + port +
"/unsignedjwtservices/"));
+
+ JwsHeaders headers = new JwsHeaders();
+ headers.setAlgorithm("none");
+
+ JwtToken token = new JwtToken(headers, claims);
+
+ JwsJwtCompactProducer jws = new JwsJwtCompactProducer(token);
+ String request = jws.getSignedEncodedJws();
+
+ // Get Authorization Code
+ AuthorizationCodeParameters parameters = new
AuthorizationCodeParameters();
+ parameters.setConsumerId("consumer-id");
+ parameters.setScope("openid");
+ parameters.setResponseType("code");
+ parameters.setPath("authorize/");
+ parameters.setRequest(request);
+
+ String location = OAuth2TestUtils.getLocation(client, parameters);
+ String code = OAuth2TestUtils.getSubstring(location, "code");
+ assertNotNull(code);
+ }
}
@org.junit.Test
public void testAuthorizationCodeFlowUnsignedJWTWithState() throws
Exception {
String address = "https://localhost:" + port + "/unsignedjwtservices/";
- WebClient client = WebClient.create(address,
OAuth2TestUtils.setupProviders(),
- "alice", "security", null);
- // Save the Cookie for the second request...
- WebClient.getConfig(client).getRequestContext().put(
- org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
-
- JwtClaims claims = new JwtClaims();
- claims.setIssuer("consumer-id");
- claims.setIssuedAt(Instant.now().getEpochSecond());
- claims.setAudiences(
- Collections.singletonList("https://localhost:" + port +
"/unsignedjwtservices/"));
-
- JwsHeaders headers = new JwsHeaders();
- headers.setAlgorithm("none");
-
- JwtToken token = new JwtToken(headers, claims);
-
- JwsJwtCompactProducer jws = new JwsJwtCompactProducer(token);
- String request = jws.getSignedEncodedJws();
-
- // Get Authorization Code
- AuthorizationCodeParameters parameters = new
AuthorizationCodeParameters();
- parameters.setConsumerId("consumer-id");
- parameters.setScope("openid");
- parameters.setResponseType("code");
- parameters.setPath("authorize/");
- parameters.setState("123456789");
- parameters.setRequest(request);
-
- String location = OAuth2TestUtils.getLocation(client, parameters);
- String code = OAuth2TestUtils.getSubstring(location, "code");
- assertNotNull(code);
+ try (WebClient client = WebClient.create(address,
OAuth2TestUtils.setupProviders(),
+ "alice", "security", null)) {
+ // Save the Cookie for the second request...
+ WebClient.getConfig(client).getRequestContext().put(
+ org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+
+ JwtClaims claims = new JwtClaims();
+ claims.setIssuer("consumer-id");
+ claims.setIssuedAt(Instant.now().getEpochSecond());
+ claims.setAudiences(
+ Collections.singletonList("https://localhost:" + port +
"/unsignedjwtservices/"));
+
+ JwsHeaders headers = new JwsHeaders();
+ headers.setAlgorithm("none");
+
+ JwtToken token = new JwtToken(headers, claims);
+
+ JwsJwtCompactProducer jws = new JwsJwtCompactProducer(token);
+ String request = jws.getSignedEncodedJws();
+
+ // Get Authorization Code
+ AuthorizationCodeParameters parameters = new
AuthorizationCodeParameters();
+ parameters.setConsumerId("consumer-id");
+ parameters.setScope("openid");
+ parameters.setResponseType("code");
+ parameters.setPath("authorize/");
+ parameters.setState("123456789");
+ parameters.setRequest(request);
+
+ String location = OAuth2TestUtils.getLocation(client, parameters);
+ String code = OAuth2TestUtils.getSubstring(location, "code");
+ assertNotNull(code);
+ }
}
@org.junit.Test
public void testGetKeys() throws Exception {
String address = "https://localhost:" + port + "/services/";
- WebClient client = WebClient.create(address,
OAuth2TestUtils.setupProviders(),
- "alice", "security", null);
- client.accept("application/json");
-
- client.path("keys/");
- Response response = client.get();
- JsonWebKeys jsonWebKeys = response.readEntity(JsonWebKeys.class);
-
- assertEquals(1, jsonWebKeys.getKeys().size());
+ try (WebClient client = WebClient.create(address,
OAuth2TestUtils.setupProviders(),
+ "alice", "security", null)) {
+ client.accept("application/json");
+
+ client.path("keys/");
+ try (Response response = client.get()) {
+ JsonWebKeys jsonWebKeys =
response.readEntity(JsonWebKeys.class);
+
+ assertEquals(1, jsonWebKeys.getKeys().size());
+ }
+ }
}
@org.junit.Test
public void testAuthorizationCodeFlowWithKey() throws Exception {
String address = "https://localhost:" + port + "/services/";
- WebClient client = WebClient.create(address,
OAuth2TestUtils.setupProviders(),
- "alice", "security", null);
- // Save the Cookie for the second request...
- WebClient.getConfig(client).getRequestContext().put(
- org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
-
- // Get Authorization Code
- String code = OAuth2TestUtils.getAuthorizationCode(client, "openid");
- assertNotNull(code);
-
- // Now get the access token
- client = WebClient.create(address, "consumer-id", "this-is-a-secret",
null);
-
- ClientAccessToken accessToken =
- OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code);
- assertNotNull(accessToken.getTokenKey());
- assertTrue(accessToken.getApprovedScope().contains("openid"));
-
- String idToken = accessToken.getParameters().get("id_token");
- assertNotNull(idToken);
+ String code = null;
+ String idToken = null;
+
+ try (WebClient client = WebClient.create(address,
OAuth2TestUtils.setupProviders(),
+ "alice", "security", null)) {
+ // Save the Cookie for the second request...
+ WebClient.getConfig(client).getRequestContext().put(
+ org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+
+ // Get Authorization Code
+ code = OAuth2TestUtils.getAuthorizationCode(client, "openid");
+ assertNotNull(code);
+ }
+
+ // Now get the access token
+ try (WebClient client = WebClient.create(address, "consumer-id",
"this-is-a-secret", null)) {
+ ClientAccessToken accessToken =
+ OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client,
code);
+ assertNotNull(accessToken.getTokenKey());
+ assertTrue(accessToken.getApprovedScope().contains("openid"));
+
+ idToken = accessToken.getParameters().get("id_token");
+ assertNotNull(idToken);
+ }
JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(idToken);
+
// Now get the key to validate the token
- client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
- "alice", "security", null);
- client.accept("application/json");
-
- client.path("keys/");
- Response response = client.get();
- JsonWebKeys jsonWebKeys = response.readEntity(JsonWebKeys.class);
-
-
assertTrue(jwtConsumer.verifySignatureWith(jsonWebKeys.getKeys().get(0),
-
SignatureAlgorithm.RS256));
+ try (WebClient client = WebClient.create(address,
OAuth2TestUtils.setupProviders(),
+ "alice", "security", null)) {
+ client.accept("application/json");
+
+ client.path("keys/");
+ try (Response response = client.get()) {
+ JsonWebKeys jsonWebKeys =
response.readEntity(JsonWebKeys.class);
+
+
assertTrue(jwtConsumer.verifySignatureWith(jsonWebKeys.getKeys().get(0),
+
SignatureAlgorithm.RS256));
+ }
+ }
}
@org.junit.Test
public void testAuthorizationCodeFlowRefreshToken() throws Exception {
+ IdToken idToken = null;
+ ClientAccessToken accessToken = null;
String address = "https://localhost:" + port + "/services/";
- WebClient client = WebClient.create(address,
OAuth2TestUtils.setupProviders(),
- "alice", "security", null);
- // Save the Cookie for the second request...
- WebClient.getConfig(client).getRequestContext().put(
- org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
-
- // Get Authorization Code
- String code = OAuth2TestUtils.getAuthorizationCode(client,
- String.join(" ", OidcUtils.getOpenIdScope(),
OAuthConstants.REFRESH_TOKEN_SCOPE),
- "consumer-id-oidc");
- assertNotNull(code);
-
- // Now get the access token
- client = WebClient.create(address, "consumer-id-oidc",
"this-is-a-secret", null);
-
- ClientAccessToken accessToken =
- OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code,
"consumer-id-oidc", null);
- assertNotNull(accessToken.getTokenKey());
- assertTrue(accessToken.getApprovedScope().contains("openid"));
+ String code = null;
- IdToken idToken = getIdToken(accessToken, address + "keys/",
"consumer-id-oidc");
- assertNotNull(idToken);
- Long issuedAt = idToken.getIssuedAt();
-
- TimeUnit.SECONDS.sleep(1L);
+ try (WebClient client = WebClient.create(address,
OAuth2TestUtils.setupProviders(),
+ "alice", "security", null)) {
+ // Save the Cookie for the second request...
+ WebClient.getConfig(client).getRequestContext().put(
+ org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+
+ // Get Authorization Code
+ code = OAuth2TestUtils.getAuthorizationCode(client,
+ String.join(" ", OidcUtils.getOpenIdScope(),
OAuthConstants.REFRESH_TOKEN_SCOPE),
+ "consumer-id-oidc");
+ assertNotNull(code);
+ }
- accessToken = OAuthClientUtils.refreshAccessToken(
- client,
- new Consumer("consumer-id-oidc"),
- accessToken);
- idToken = getIdToken(accessToken, address + "keys/",
"consumer-id-oidc");
+ // Now get the access token
+ try (WebClient client = WebClient.create(address, "consumer-id-oidc",
"this-is-a-secret", null)) {
+ accessToken =
+ OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client,
code, "consumer-id-oidc", null);
+ assertNotNull(accessToken.getTokenKey());
+ assertTrue(accessToken.getApprovedScope().contains("openid"));
+
+ idToken = getIdToken(accessToken, address + "keys/",
"consumer-id-oidc");
+ assertNotNull(idToken);
+ }
- assertNotEquals(issuedAt, idToken.getIssuedAt());
+ // Now get the access token
+ try (WebClient client = WebClient.create(address, "consumer-id-oidc",
"this-is-a-secret", null)) {
+ Long issuedAt = idToken.getIssuedAt();
+ TimeUnit.SECONDS.sleep(1L);
+
+ accessToken = OAuthClientUtils.refreshAccessToken(
+ client.path("token"),
+ new Consumer("consumer-id-oidc"),
+ accessToken);
+ idToken = getIdToken(accessToken, address + "keys/",
"consumer-id-oidc");
+
+ assertNotEquals(issuedAt, idToken.getIssuedAt());
+ }
}
@org.junit.Test
@@ -1014,15 +1081,17 @@ public class OIDCFlowTest extends
AbstractBusClientServerTestBase {
}
private static IdToken getIdToken(ClientAccessToken accessToken, String
jwksUri, String clientId) {
- WebClient c = WebClient.create(jwksUri,
+ try (WebClient c = WebClient.create(jwksUri,
Collections.singletonList(new JsonWebKeysProvider()),
"alice", "security", null)
- .accept(MediaType.APPLICATION_JSON);
- IdTokenReader idTokenReader = new IdTokenReader();
- idTokenReader.setJwkSetClient(c);
- idTokenReader.setIssuerId("OIDC IdP");
+ .accept(MediaType.APPLICATION_JSON)) {
- return idTokenReader.getIdToken(accessToken, new Consumer(clientId));
+ IdTokenReader idTokenReader = new IdTokenReader();
+ idTokenReader.setJwkSetClient(c);
+ idTokenReader.setIssuerId("OIDC IdP");
+
+ return idTokenReader.getIdToken(accessToken, new
Consumer(clientId));
+ }
}
private boolean isAccessTokenInJWTFormat() {