@Test
public void testClientId() {
Claims result = endpoint.checkToken(accessToken.getValue());
assertEquals("client", result.getAzp());
assertEquals("client", result.getCid());
assertEquals("client", result.getClientId());
}
@Test
public void testValidateAudParameter() {
Claims result = endpoint.checkToken(accessToken.getValue());
List<String> aud = result.getAud();
assertEquals(2, aud.size());
assertTrue(aud.contains("scim"));
assertTrue(aud.contains("client"));
}
@Test
public void validatateIssuedAtIsSmallerThanExpiredAt() {
Claims result = endpoint.checkToken(accessToken.getValue());
Integer iat = result.getIat();
assertNotNull(iat);
Integer exp = result.getExp();
assertNotNull(exp);
assertTrue(iat < exp);
}
@Test
public void testIssuerInResults() throws Exception {
tokenServices.setIssuer("http://some.other.issuer");
tokenServices.afterPropertiesSet();
accessToken = tokenServices.createAccessToken(authentication);
Claims result = endpoint.checkToken(accessToken.getValue());
assertNotNull("iss field is not present", result.getIss());
assertEquals("http://some.other.issuer/oauth/token", result.getIss());
}
@Test
public void testClientOnly() {
authentication =
new OAuth2Authentication(
new AuthorizationRequest("client", Collections.singleton("scim.read"))
.createOAuth2Request(),
null);
accessToken = tokenServices.createAccessToken(authentication);
Claims result = endpoint.checkToken(accessToken.getValue());
assertEquals("client", result.getClientId());
assertEquals("client", result.getUserId());
}
@Test(expected = InvalidTokenException.class)
public void testUpdatedApprovals() {
Date thirtySecondsAhead = new Date(System.currentTimeMillis() + 30000);
approvalStore.addApproval(
new Approval()
.setUserId(userId)
.setClientId("client")
.setScope("read")
.setExpiresAt(thirtySecondsAhead)
.setStatus(ApprovalStatus.APPROVED));
Claims result = endpoint.checkToken(accessToken.getValue());
assertEquals(null, result.getAuthorities());
}
@Test
public void testIssuerInResultsInNonDefaultZone() throws Exception {
try {
IdentityZone zone = MultitenancyFixture.identityZone("id", "subdomain");
IdentityZoneHolder.set(zone);
tokenServices.setIssuer("http://some.other.issuer");
tokenServices.afterPropertiesSet();
accessToken = tokenServices.createAccessToken(authentication);
Claims result = endpoint.checkToken(accessToken.getValue());
assertNotNull("iss field is not present", result.getIss());
assertEquals("http://subdomain.some.other.issuer/oauth/token", result.getIss());
} finally {
IdentityZoneHolder.clear();
}
}
@Test(expected = InvalidTokenException.class)
public void testExpiredApprovals() {
approvalStore.revokeApproval(
new Approval()
.setUserId(userId)
.setClientId("client")
.setScope("read")
.setExpiresAt(new Date())
.setStatus(ApprovalStatus.APPROVED));
approvalStore.addApproval(
new Approval()
.setUserId(userId)
.setClientId("client")
.setScope("read")
.setExpiresAt(new Date())
.setStatus(ApprovalStatus.APPROVED));
Claims result = endpoint.checkToken(accessToken.getValue());
assertEquals(null, result.getAuthorities());
}
@Test
public void testClientAuthoritiesNotInResult() {
Claims result = endpoint.checkToken(accessToken.getValue());
assertEquals(null, result.getAuthorities());
}
@Test
public void testExpiryResult() {
Claims result = endpoint.checkToken(accessToken.getValue());
assertTrue(expiresIn + System.currentTimeMillis() / 1000 >= result.getExp());
}
@Test
public void testClientIdInAud() {
Claims result = endpoint.checkToken(accessToken.getValue());
assertTrue(result.getAud().contains("client"));
}
@Test
public void testEmailInResult() {
Claims result = endpoint.checkToken(accessToken.getValue());
assertEquals("*****@*****.**", result.getEmail());
}
@Test
public void validateAuthTime() {
Claims result = endpoint.checkToken(accessToken.getValue());
assertNotNull(result.getAuthTime());
}
@Test
public void testUserIdInResult() {
Claims result = endpoint.checkToken(accessToken.getValue());
assertEquals("olds", result.getUserName());
assertEquals("12345", result.getUserId());
}