Class ClientCredentialsTokenFlowTest
- java.lang.Object
-
- org.springframework.test.context.testng.AbstractTestNGSpringContextTests
-
- net.shibboleth.idp.test.flows.AbstractFlowTest
-
- net.shibboleth.idp.plugin.oidc.op.profile.flow.AbstractOidcFlowTest
-
- net.shibboleth.idp.plugin.oidc.op.profile.flow.AbstractOidcApiFlowTest
-
- net.shibboleth.idp.plugin.oidc.op.profile.flow.AbstractOidcClientAuthenticationFlowTest
-
- net.shibboleth.idp.plugin.oidc.op.profile.flow.ClientCredentialsTokenFlowTest
-
- All Implemented Interfaces:
Aware,ApplicationContextAware,IHookable,ITestNGListener
public class ClientCredentialsTokenFlowTest extends AbstractOidcClientAuthenticationFlowTest
Unit tests for the token flow when using the client_credentials grant type.
-
-
Field Summary
Fields Modifier and Type Field Description static StringFLOW_IDprivate Stringresourceprivate StringresourceSamlprivate com.nimbusds.oauth2.sdk.Scopescope(package private) StorageServicestorageService-
Fields inherited from class net.shibboleth.idp.plugin.oidc.op.profile.flow.AbstractOidcClientAuthenticationFlowTest
clientId, clientIdSaml, clientSecret, clientSecretSaml, jwtAud, rsaPrivateKey, rsaPublicKey
-
Fields inherited from class net.shibboleth.idp.plugin.oidc.op.profile.flow.AbstractOidcFlowTest
END_STATE_ID
-
Fields inherited from class net.shibboleth.idp.test.flows.AbstractFlowTest
builderFactory, certFactoryBean, directoryServer, END_STATE_OUTPUT_ATTR_EXPR, END_STATE_OUTPUT_ATTR_NAME, externalContext, flowExecutor, idGenerator, IDP_ENTITY_ID, idpCredential, IP_ADDRESS_AUTHN_FLOW_ID, IP_ADDRESS_AUTHN_MAP_BEAN_NAME, KEYSTORE_FILE, LDIF_FILE, marshallerFactory, parserPool, request, response, SAML1_TRANSFORM_C14N_BEAN_NAME, SAML2_TRANSFORM_C14N_BEAN_NAME, SP_ACS_URL, SP_ENTITY_ID, SP_RELAY_STATE, spCredential, unmarshallerFactory
-
Fields inherited from class org.springframework.test.context.testng.AbstractTestNGSpringContextTests
applicationContext, logger
-
-
Constructor Summary
Constructors Constructor Description ClientCredentialsTokenFlowTest()Constructor.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description private voidaddNonNullValue(Map<String,String> map, String key, String value)protected voidassertSuccessResponse(FlowExecutionResult result)Verify that the given result is a success response.protected Map<String,String>createRequestParameters(String clientId, com.nimbusds.oauth2.sdk.Scope s, String r)protected Pair<String,String>getErrorDetaisForJWTValidation()Get the pair of error code and error description for the error produced via eventEventIds.ACCESS_DENIED.protected FlowExecutionResultlaunchWithJwtAuthentication(com.nimbusds.jwt.SignedJWT jwt, com.nimbusds.jose.JWSAlgorithm algorithm, com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod method)Launch the flow with the JWT client authentication method.protected FlowExecutionResultlaunchWithJwtAuthentication(com.nimbusds.oauth2.sdk.auth.JWTAuthentication authnMethod, com.nimbusds.jose.JWSAlgorithm algorithm)voidtearDown()voidtestInvalidAudience()voidtestInvalidClientSecret()voidtestInvalidSecretJWTAuthn()voidtestNoScope()voidtestNoScopeUnverifiedClient()voidtestNoScopeUnverifiedClientBadAudience()voidtestRequestedScope()voidtestRequestedScopeJWT()voidtestRequestedScopeJWTEncrypted()voidtestRequestedScopeJWTUnverifiedClient()voidtestRequestedScopeNoAudienceJWT()voidtestRequestedScopeUnverifiedClient()voidtestSaml()voidtestUntrustedClient()voidtestValidSecretJWTAuthn()private AccessTokenClaimsSetunwrapAccessToken(com.nimbusds.oauth2.sdk.AccessTokenResponse tokenResponse)private voidverifyClaims(String type, com.nimbusds.oauth2.sdk.token.AccessToken token, String cid, com.nimbusds.oauth2.sdk.Scope s, Collection<String> audiences, String... customClaims)Verify access token's claims.-
Methods inherited from class net.shibboleth.idp.plugin.oidc.op.profile.flow.AbstractOidcClientAuthenticationFlowTest
buildPrivateKeyJwtAuth, buildSecretJwtAuth, claimsSetExpiredExp, claimsSetIssuedInTheFuture, claimsSetMissingAud, claimsSetMissingExp, claimsSetMissingIss, claimsSetMissingJti, claimsSetMissingSub, initKeys, populateClientAssertionParams, populateClientAssertionParams, testInvalidPrivateKeyJWT_expiredExp, testInvalidPrivateKeyJWT_issuedInTheFuture, testInvalidPrivateKeyJWT_missingAud, testInvalidPrivateKeyJWT_missingExp, testInvalidPrivateKeyJWT_missingIss, testInvalidPrivateKeyJWT_missingJti, testInvalidPrivateKeyJWT_missingSub, testInvalidPrivateKeyJWT_replayJti, testInvalidSecretJWT_expiredExp, testInvalidSecretJWT_issuedInTheFuture, testInvalidSecretJWT_missingAud, testInvalidSecretJWT_missingExp, testInvalidSecretJWT_missingIss, testInvalidSecretJWT_missingJti, testInvalidSecretJWT_missingSub, testInvalidSecretJWT_replayJti, testValidPrivateKeyJWT, testValidSecretJWT, validClaimsSet
-
Methods inherited from class net.shibboleth.idp.plugin.oidc.op.profile.flow.AbstractOidcApiFlowTest
buildJWTToken, buildJWTToken, buildLegacyToken, buildLegacyToken, buildRefreshToken, buildToken, buildToken, buildToken
-
Methods inherited from class net.shibboleth.idp.plugin.oidc.op.profile.flow.AbstractOidcFlowTest
assertErrorCode, assertErrorDescriptionContains, buildJsonForLegacyToken, createPrivateKeyJWT, createSecretJWT, getDataSealer, initializeMocks, initializeThreadLocals, parseErrorResponse, parseResponse, parseSuccessResponse, removeMetadata, setBasicAuth, setHttpFormRequest, setJsonRequest, setRequest, storeConsent, storeMetadata, storeMetadata, storeMetadata, storeMetadata, storeMetadata
-
Methods inherited from class net.shibboleth.idp.test.flows.AbstractFlowTest
assertFlowExecutionOutcome, assertFlowExecutionOutcome, assertFlowExecutionResult, assertProfileRequestContext, buildSOAP11Envelope, clearThreadLocals, getFlow, initializeFlowExecutor, initializeXMLObjectSupport, overrideEndStateOutput, overrideEndStateOutput, registerFlowsInParentRegistry, retrieveProfileRequestContext, setupDirectoryServer, teardownDirectoryServer
-
Methods inherited from class org.springframework.test.context.testng.AbstractTestNGSpringContextTests
run, setApplicationContext, springTestContextAfterTestClass, springTestContextAfterTestMethod, springTestContextBeforeTestClass, springTestContextBeforeTestMethod, springTestContextPrepareTestInstance
-
-
-
-
Field Detail
-
FLOW_ID
public static final String FLOW_ID
- See Also:
- Constant Field Values
-
scope
private final com.nimbusds.oauth2.sdk.Scope scope
-
resource
private final String resource
- See Also:
- Constant Field Values
-
resourceSaml
private final String resourceSaml
- See Also:
- Constant Field Values
-
storageService
@Autowired @Qualifier("shibboleth.StorageService") StorageService storageService
-
-
Method Detail
-
tearDown
@AfterMethod public void tearDown() throws IOException
- Throws:
IOException
-
testUntrustedClient
public void testUntrustedClient() throws IOException, ParseException- Throws:
IOExceptionParseException
-
testInvalidClientSecret
public void testInvalidClientSecret() throws ParseException, IOException- Throws:
ParseExceptionIOException
-
testInvalidAudience
public void testInvalidAudience() throws ParseException, IOException- Throws:
ParseExceptionIOException
-
testNoScopeUnverifiedClient
public void testNoScopeUnverifiedClient() throws Exception- Throws:
Exception
-
testNoScopeUnverifiedClientBadAudience
public void testNoScopeUnverifiedClientBadAudience() throws Exception- Throws:
Exception
-
testRequestedScopeUnverifiedClient
public void testRequestedScopeUnverifiedClient() throws Exception- Throws:
Exception
-
testRequestedScopeNoAudienceJWT
public void testRequestedScopeNoAudienceJWT() throws Exception- Throws:
Exception
-
testRequestedScopeJWTUnverifiedClient
public void testRequestedScopeJWTUnverifiedClient() throws Exception- Throws:
Exception
-
testRequestedScopeJWTEncrypted
public void testRequestedScopeJWTEncrypted() throws Exception- Throws:
Exception
-
testInvalidSecretJWTAuthn
public void testInvalidSecretJWTAuthn() throws Exception- Throws:
Exception
-
unwrapAccessToken
private AccessTokenClaimsSet unwrapAccessToken(com.nimbusds.oauth2.sdk.AccessTokenResponse tokenResponse)
-
launchWithJwtAuthentication
protected FlowExecutionResult launchWithJwtAuthentication(com.nimbusds.oauth2.sdk.auth.JWTAuthentication authnMethod, com.nimbusds.jose.JWSAlgorithm algorithm) throws Exception
- Throws:
Exception
-
launchWithJwtAuthentication
protected FlowExecutionResult launchWithJwtAuthentication(com.nimbusds.jwt.SignedJWT jwt, com.nimbusds.jose.JWSAlgorithm algorithm, com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod method) throws Exception
Description copied from class:AbstractOidcClientAuthenticationFlowTestLaunch the flow with the JWT client authentication method.- Specified by:
launchWithJwtAuthenticationin classAbstractOidcClientAuthenticationFlowTest- Parameters:
jwt- The JWT to be used for client authentication.algorithm- The algorithm to be used in the client authentication.method- The client authentication method.- Returns:
- The flow execution result.
- Throws:
Exception
-
createRequestParameters
protected Map<String,String> createRequestParameters(String clientId, com.nimbusds.oauth2.sdk.Scope s, String r)
-
getErrorDetaisForJWTValidation
protected Pair<String,String> getErrorDetaisForJWTValidation()
Description copied from class:AbstractOidcClientAuthenticationFlowTestGet the pair of error code and error description for the error produced via eventEventIds.ACCESS_DENIED. This is abstract due to the fact that each endpoint may have its own mappings.- Specified by:
getErrorDetaisForJWTValidationin classAbstractOidcClientAuthenticationFlowTest- Returns:
- The pair of error code and error description.
-
verifyClaims
private void verifyClaims(@Nullable String type, @Nonnull com.nimbusds.oauth2.sdk.token.AccessToken token, @Nonnull String cid, @Nonnull com.nimbusds.oauth2.sdk.Scope s, @Nonnull @NonnullElements Collection<String> audiences, @Nullable String... customClaims) throws ParseException, DataSealerException, com.nimbusds.jose.JOSEExceptionVerify access token's claims.- Parameters:
type- token type/formattoken- access tokencid- client IDs- scope to check foraudiences- audiences to check forcustomClaims- custom claim names to check for- Throws:
DataSealerExceptionParseExceptioncom.nimbusds.jose.JOSEException
-
assertSuccessResponse
protected void assertSuccessResponse(FlowExecutionResult result)
Description copied from class:AbstractOidcClientAuthenticationFlowTestVerify that the given result is a success response.- Specified by:
assertSuccessResponsein classAbstractOidcClientAuthenticationFlowTest- Parameters:
result- The flow execution result to be verified.
-
-