You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2019/09/18 13:01:16 UTC
[cxf] 01/03: Enhancing OIDC nonce test
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 4cfe84eec0fa7c4bb3e496078ed8aedad3e353f3
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Wed Sep 18 10:33:27 2019 +0100
Enhancing OIDC nonce test
---
.../jaxrs/security/oidc/OIDCNegativeTest.java | 36 ++++++++++++++++++++--
1 file changed, 34 insertions(+), 2 deletions(-)
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCNegativeTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCNegativeTest.java
index c7ba47c..a19b5f2 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCNegativeTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCNegativeTest.java
@@ -211,9 +211,41 @@ public class OIDCNegativeTest extends AbstractBusClientServerTestBase {
}
// Add a nonce and it should succeed
- client.query("nonce", "1234565635");
+ String nonce = "1234565635";
+ client.query("nonce", nonce);
response = client.get();
- response.readEntity(OAuthAuthorizationData.class);
+
+ OAuthAuthorizationData authzData = response.readEntity(OAuthAuthorizationData.class);
+
+ // Now call "decision" to get the access token
+ client.path("decision");
+ client.type("application/x-www-form-urlencoded");
+
+ Form form = new Form();
+ form.param("session_authenticity_token", authzData.getAuthenticityToken());
+ form.param("client_id", authzData.getClientId());
+ form.param("redirect_uri", authzData.getRedirectUri());
+ form.param("scope", authzData.getProposedScope());
+ if (authzData.getResponseType() != null) {
+ form.param("response_type", authzData.getResponseType());
+ }
+ if (authzData.getNonce() != null) {
+ form.param("nonce", authzData.getNonce());
+ }
+ form.param("oauthDecision", "allow");
+
+ response = client.post(form);
+
+ String location = response.getHeaderString("Location");
+
+ // Check IdToken
+ String idToken = OAuth2TestUtils.getSubstring(location, "id_token");
+ assertNotNull(idToken);
+
+ JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(idToken);
+ JwtToken jwt = jwtConsumer.getJwtToken();
+ // Check the nonce is in the idToken
+ assertEquals(jwt.getClaim("nonce"), nonce);
}
@org.junit.Test