Update OAuth2 handler to handle JWT access tokens (#2419)
This commit is contained in:
parent
f1335c3f1e
commit
80db94c501
|
@ -1,4 +1,5 @@
|
|||
package Lemonldap::NG::Handler::Lib::OAuth2;
|
||||
use Lemonldap::NG::Common::JWT qw(getAccessTokenSessionId);
|
||||
|
||||
use strict;
|
||||
|
||||
|
@ -86,7 +87,12 @@ sub fetchId {
|
|||
}
|
||||
|
||||
# Get access token session
|
||||
my $infos = $class->getOIDCInfos($access_token);
|
||||
my $access_token_sid = getAccessTokenSessionId($access_token);
|
||||
unless ($access_token_sid) {
|
||||
$req->data->{oauth2_error} = 'invalid_token';
|
||||
return;
|
||||
}
|
||||
my $infos = $class->getOIDCInfos($access_token_sid);
|
||||
|
||||
# Store scope and rpid for future session attributes
|
||||
if ( $infos->{rp} ) {
|
||||
|
|
|
@ -4,7 +4,7 @@ BEGIN {
|
|||
require 't/test-psgi-lib.pm';
|
||||
}
|
||||
|
||||
my $maintests = 18;
|
||||
my $maintests = 21;
|
||||
|
||||
init(
|
||||
'Lemonldap::NG::Handler::Server',
|
||||
|
@ -172,6 +172,24 @@ ok(
|
|||
);
|
||||
is( $res->[0], 403, "Unauthorized because the write scope is not granted" );
|
||||
|
||||
# Request with JWT Access Token
|
||||
ok(
|
||||
$res = $client->_get(
|
||||
'/test', undef,
|
||||
'test1.example.com', '',
|
||||
VHOSTTYPE => 'OAuth2',
|
||||
HTTP_AUTHORIZATION =>
|
||||
'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwianRpIjoiZjBmZDRlODUwMDBjZTM1ZDA2MmY5N2Y1YjQ2NmZjMDBhYmMyZmFkMDQwNmUwM2UwODY2MDVmOTI5ZWM0YTI0OSJ9.h0RDBLo5Vy8lqbltEP2L496KOzJLhLCIRZZmEqcPuN8',
|
||||
),
|
||||
'Invalid access token'
|
||||
);
|
||||
|
||||
# Check headers
|
||||
%h = @{ $res->[1] };
|
||||
is( $res->[0], 200, "Request accepted" );
|
||||
ok( $h{'Auth-User'} eq 'dwho', 'Header Auth-User is set to "dwho"' )
|
||||
or explain( \%h, 'Auth-User => "dwho"' );
|
||||
|
||||
# Request with Access token from offline session
|
||||
ok(
|
||||
$res = $client->_get(
|
||||
|
|
Loading…
Reference in New Issue
Block a user