You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2019/09/18 13:01:16 UTC

[cxf] 01/03: Enhancing OIDC nonce test

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git

commit 4cfe84eec0fa7c4bb3e496078ed8aedad3e353f3
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Wed Sep 18 10:33:27 2019 +0100

    Enhancing OIDC nonce test
---
 .../jaxrs/security/oidc/OIDCNegativeTest.java      | 36 ++++++++++++++++++++--
 1 file changed, 34 insertions(+), 2 deletions(-)

diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCNegativeTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCNegativeTest.java
index c7ba47c..a19b5f2 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCNegativeTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCNegativeTest.java
@@ -211,9 +211,41 @@ public class OIDCNegativeTest extends AbstractBusClientServerTestBase {
         }
 
         // Add a nonce and it should succeed
-        client.query("nonce", "1234565635");
+        String nonce = "1234565635";
+        client.query("nonce", nonce);
         response = client.get();
-        response.readEntity(OAuthAuthorizationData.class);
+
+        OAuthAuthorizationData authzData = response.readEntity(OAuthAuthorizationData.class);
+
+        // Now call "decision" to get the access token
+        client.path("decision");
+        client.type("application/x-www-form-urlencoded");
+
+        Form form = new Form();
+        form.param("session_authenticity_token", authzData.getAuthenticityToken());
+        form.param("client_id", authzData.getClientId());
+        form.param("redirect_uri", authzData.getRedirectUri());
+        form.param("scope", authzData.getProposedScope());
+        if (authzData.getResponseType() != null) {
+            form.param("response_type", authzData.getResponseType());
+        }
+        if (authzData.getNonce() != null) {
+            form.param("nonce", authzData.getNonce());
+        }
+        form.param("oauthDecision", "allow");
+
+        response = client.post(form);
+
+        String location = response.getHeaderString("Location");
+
+        // Check IdToken
+        String idToken = OAuth2TestUtils.getSubstring(location, "id_token");
+        assertNotNull(idToken);
+
+        JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(idToken);
+        JwtToken jwt = jwtConsumer.getJwtToken();
+        // Check the nonce is in the idToken
+        assertEquals(jwt.getClaim("nonce"), nonce);
     }
 
     @org.junit.Test