Update OAuth2 handler to handle JWT access tokens (#2419)

lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/OAuth2.pm

@@ -1,4 +1,5 @@
 package Lemonldap::NG::Handler::Lib::OAuth2;
+use Lemonldap::NG::Common::JWT qw(getAccessTokenSessionId);
 
 use strict;
 
@@ -86,7 +87,12 @@ sub fetchId {
     }
 
     # Get access token session
-    my $infos = $class->getOIDCInfos($access_token);
+    my $access_token_sid = getAccessTokenSessionId($access_token);
+    unless ($access_token_sid) {
+        $req->data->{oauth2_error} = 'invalid_token';
+        return;
+    }
+    my $infos = $class->getOIDCInfos($access_token_sid);
 
     # Store scope and rpid for future session attributes
     if ( $infos->{rp} ) {

lemonldap-ng-handler/t/71-Lemonldap-NG-Handler-PSGI-OAuth2.t

@@ -4,7 +4,7 @@ BEGIN {
     require 't/test-psgi-lib.pm';
 }
 
-my $maintests = 18;
+my $maintests = 21;
 
 init(
     'Lemonldap::NG::Handler::Server',
@@ -172,6 +172,24 @@ ok(
 );
 is( $res->[0], 403, "Unauthorized because the write scope is not granted" );
 
+# Request with JWT Access Token
+ok(
+    $res = $client->_get(
+        '/test',             undef,
+        'test1.example.com', '',
+        VHOSTTYPE => 'OAuth2',
+        HTTP_AUTHORIZATION =>
+'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwianRpIjoiZjBmZDRlODUwMDBjZTM1ZDA2MmY5N2Y1YjQ2NmZjMDBhYmMyZmFkMDQwNmUwM2UwODY2MDVmOTI5ZWM0YTI0OSJ9.h0RDBLo5Vy8lqbltEP2L496KOzJLhLCIRZZmEqcPuN8',
+    ),
+    'Invalid access token'
+);
+
+# Check headers
+%h = @{ $res->[1] };
+is( $res->[0], 200, "Request accepted" );
+ok( $h{'Auth-User'} eq 'dwho', 'Header Auth-User is set to "dwho"' )
+  or explain( \%h, 'Auth-User => "dwho"' );
+
 # Request with Access token from offline session
 ok(
     $res = $client->_get(