This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to branch master
in repository
https://gitbox.apache.org/repos/asf/sling-org-apache-sling-auth-oauth-client.git
The following commit(s) were added to refs/heads/master by this push:
new 12def55 SLING-12838 - Support for non-OIDC connections broken (#24)
12def55 is described below
commit 12def553f5b106ec54a8f80e62db7b1f67f00500
Author: Nicola Scendoni <[email protected]>
AuthorDate: Wed Jun 25 10:40:27 2025 +0200
SLING-12838 - Support for non-OIDC connections broken (#24)
---
.../oauth_client/impl/ResolvedOAuthConnection.java | 13 ++-
.../auth/oauth_client/AuthorizationCodeFlowIT.java | 20 +++--
.../impl/ResolvedOAuthConnectionTest.java | 95 ++++++++++++++++++++++
3 files changed, 120 insertions(+), 8 deletions(-)
diff --git
a/src/main/java/org/apache/sling/auth/oauth_client/impl/ResolvedOAuthConnection.java
b/src/main/java/org/apache/sling/auth/oauth_client/impl/ResolvedOAuthConnection.java
index 5aa325f..d774041 100644
---
a/src/main/java/org/apache/sling/auth/oauth_client/impl/ResolvedOAuthConnection.java
+++
b/src/main/java/org/apache/sling/auth/oauth_client/impl/ResolvedOAuthConnection.java
@@ -25,7 +25,8 @@ import org.apache.sling.auth.oauth_client.ClientConnection;
import org.jetbrains.annotations.NotNull;
/**
- * An OAuth connection that has all configuration parameters materialised
+ * An OAuth connection that has all configuration parameters materialised.
+ * Remark that it can be an OAuth Connection, or an OpenID Connect (OIDC)
Connection.
*
* <p>Serves as an internal abstraction over the client-facing {@link
ClientConnection} and its implementations.</p>
*/
@@ -60,6 +61,16 @@ class ResolvedOAuthConnection extends ResolvedConnection {
oidcConnection.clientSecret(),
Arrays.asList(oidcConnection.scopes()),
Arrays.asList(oidcConnection.additionalAuthorizationParameters()));
+ } else if (connection instanceof OAuthConnectionImpl) {
+ OAuthConnectionImpl oauthConnection = (OAuthConnectionImpl)
connection;
+ return new ResolvedOAuthConnection(
+ connection.name(),
+ oauthConnection.authorizationEndpoint(),
+ oauthConnection.tokenEndpoint(),
+ oauthConnection.clientId(),
+ oauthConnection.clientSecret(),
+ Arrays.asList(oauthConnection.scopes()),
+
Arrays.asList(oauthConnection.additionalAuthorizationParameters()));
}
throw new IllegalArgumentException(String.format(
"Unable to resolve %s (name=%s) of type %s",
diff --git
a/src/test/java/org/apache/sling/auth/oauth_client/AuthorizationCodeFlowIT.java
b/src/test/java/org/apache/sling/auth/oauth_client/AuthorizationCodeFlowIT.java
index 1b3d4af..1836212 100644
---
a/src/test/java/org/apache/sling/auth/oauth_client/AuthorizationCodeFlowIT.java
+++
b/src/test/java/org/apache/sling/auth/oauth_client/AuthorizationCodeFlowIT.java
@@ -198,14 +198,20 @@ class AuthorizationCodeFlowIT {
configPidsToCleanup.add(sling.adaptTo(OsgiConsoleClient.class)
.editConfiguration(
OAUTH_CONFIG_PID + ".keycloak",
- OIDC_CONFIG_PID,
+ OAUTH_CONFIG_PID,
Map.of(
- "name", oidcConnectionName,
- "baseUrl", "http://localhost:"; + keycloakPort
+ "/realms/sling",
- "clientId", "oidc-test",
- "clientSecret",
"wM2XIbxBTLJAac2rJSuHyKaoP8IWvSwJ",
- "scopes", "openid")));
-
+ "name",
+ oidcConnectionName,
+ "tokenEndpoint",
+ "http://localhost:"; + keycloakPort +
"/realms/sling/protocol/openid-connect/token",
+ "authorizationEndpoint",
+ "http://localhost:"; + keycloakPort +
"/realms/sling/protocol/openid-connect/auth",
+ "clientId",
+ "oidc-test",
+ "clientSecret",
+ "wM2XIbxBTLJAac2rJSuHyKaoP8IWvSwJ",
+ "scopes",
+ "openid")));
// clean up any existing tokens
String userPath = getUserPath(sling, sling.getUser());
sling.deletePath(userPath + "/oauth-tokens/" + oidcConnectionName,
200);
diff --git
a/src/test/java/org/apache/sling/auth/oauth_client/impl/ResolvedOAuthConnectionTest.java
b/src/test/java/org/apache/sling/auth/oauth_client/impl/ResolvedOAuthConnectionTest.java
new file mode 100644
index 0000000..27bd23a
--- /dev/null
+++
b/src/test/java/org/apache/sling/auth/oauth_client/impl/ResolvedOAuthConnectionTest.java
@@ -0,0 +1,95 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.auth.oauth_client.impl;
+
+import org.junit.jupiter.api.Test;
+
+import static org.junit.jupiter.api.Assertions.*;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+class ResolvedOAuthConnectionTest {
+
+ // Write test for resolve(@NotNull ClientConnection connection)
+ // This test should cover both OAuthConnectionImpl and OidcConnectionImpl
+ // and ensure that the resolved connection has all parameters materialised
correctly.
+ @Test
+ void testResolveOAuthConnection_OAuth() {
+ // Create an instance of OAuthConnectionImpl
+ // Mock the Config interface
+ OAuthConnectionImpl.Config mockConfig =
mock(OAuthConnectionImpl.Config.class);
+
+ // Stub the methods
+ when(mockConfig.name()).thenReturn("TestOAuthConnection");
+
when(mockConfig.authorizationEndpoint()).thenReturn("https://auth.example.com/oauth/authorize";);
+
when(mockConfig.tokenEndpoint()).thenReturn("https://auth.example.com/oauth/token";);
+ when(mockConfig.clientId()).thenReturn("test-client-id");
+ when(mockConfig.clientSecret()).thenReturn("test-client-secret");
+ when(mockConfig.scopes()).thenReturn(new String[] {"scope1",
"scope2"});
+ when(mockConfig.additionalAuthorizationParameters())
+ .thenReturn(new String[] {"param1=value1", "param2=value2"});
+
+ // Create an instance of OAuthConnectionImpl using the mocked Config
+ OAuthConnectionImpl oauthConnection = new
OAuthConnectionImpl(mockConfig);
+
+ // Resolve the connection
+ ResolvedConnection resolved =
ResolvedOAuthConnection.resolve(oauthConnection);
+
+ // Assert that the resolved connection has all parameters materialised
correctly
+ assertTrue(resolved instanceof ResolvedOAuthConnection);
+ assertEquals("TestOAuthConnection", resolved.name());
+ assertEquals("https://auth.example.com/oauth/authorize";,
resolved.authorizationEndpoint());
+ assertEquals("https://auth.example.com/oauth/token";,
resolved.tokenEndpoint());
+ assertEquals("test-client-id", resolved.clientId());
+ assertEquals("test-client-secret", resolved.clientSecret());
+ assertArrayEquals(new String[] {"scope1", "scope2"},
resolved.scopes().toArray());
+ assertArrayEquals(
+ new String[] {"param1=value1", "param2=value2"},
+ resolved.additionalAuthorizationParameters().toArray());
+ }
+
+ @Test
+ void testResolveOidcConnection_OIDC() {
+ // mock the OidcConnectionImpl
+ OidcConnectionImpl mockOidcConnection = mock(OidcConnectionImpl.class);
+ when(mockOidcConnection.name()).thenReturn("TestOidcConnection");
+
when(mockOidcConnection.authorizationEndpoint()).thenReturn("https://auth.example.com/oidc/authorize";);
+
when(mockOidcConnection.tokenEndpoint()).thenReturn("https://auth.example.com/oidc/token";);
+ when(mockOidcConnection.clientId()).thenReturn("test-oidc-client-id");
+
when(mockOidcConnection.clientSecret()).thenReturn("test-oidc-client-secret");
+ when(mockOidcConnection.scopes()).thenReturn(new String[] {"openid",
"profile"});
+ when(mockOidcConnection.additionalAuthorizationParameters())
+ .thenReturn(new String[] {"param1=value1", "param2=value2"});
+
+ // Resolve the connection
+ ResolvedConnection resolved =
ResolvedOAuthConnection.resolve(mockOidcConnection);
+
+ // Assert that the resolved connection has all parameters materialised
correctly
+ assertTrue(resolved instanceof ResolvedOAuthConnection);
+ assertEquals("TestOidcConnection", resolved.name());
+ assertEquals("https://auth.example.com/oidc/authorize";,
resolved.authorizationEndpoint());
+ assertEquals("https://auth.example.com/oidc/token";,
resolved.tokenEndpoint());
+ assertEquals("test-oidc-client-id", resolved.clientId());
+ assertEquals("test-oidc-client-secret", resolved.clientSecret());
+ assertArrayEquals(new String[] {"openid", "profile"},
resolved.scopes().toArray());
+ assertArrayEquals(
+ new String[] {"param1=value1", "param2=value2"},
+ resolved.additionalAuthorizationParameters().toArray());
+ }
+}
