Unit test for refresh token hooks (#2768)
This commit is contained in:
parent
a868f2696f
commit
d3cb90a1cd
|
@ -43,10 +43,12 @@ my $op = LLNG::Manager::Test->new( {
|
|||
oidcRPMetaDataOptionsClientID => "rpid",
|
||||
oidcRPMetaDataOptionsIDTokenSignAlg => "HS512",
|
||||
oidcRPMetaDataOptionsAccessTokenJWT => 1,
|
||||
oidcRPMetaDataOptionsClientSecret => "rpsecret",
|
||||
oidcRPMetaDataOptionsClientSecret => "rpid",
|
||||
oidcRPMetaDataOptionsUserIDAttr => "",
|
||||
oidcRPMetaDataOptionsAccessTokenExpiration => 3600,
|
||||
oidcRPMetaDataOptionsBypassConsent => 1,
|
||||
oidcRPMetaDataOptionsRefreshToken => 1,
|
||||
oidcRPMetaDataOptionsAllowOffline => 1,
|
||||
},
|
||||
oauth => {
|
||||
oidcRPMetaDataOptionsDisplayName => "oauth",
|
||||
|
@ -104,7 +106,7 @@ ok(
|
|||
accept => 'text/html',
|
||||
length => length($query),
|
||||
custom => {
|
||||
HTTP_AUTHORIZATION => "Basic " . encode_base64("rpid:rpsecret"),
|
||||
HTTP_AUTHORIZATION => "Basic " . encode_base64("rpid:rpid"),
|
||||
},
|
||||
),
|
||||
"Post token"
|
||||
|
@ -114,6 +116,8 @@ my $token = $json->{access_token};
|
|||
ok( $token, 'Access token present' );
|
||||
my $id_token = $json->{id_token};
|
||||
ok( $id_token, 'ID token present' );
|
||||
my $refresh_token = $json->{refresh_token};
|
||||
ok( $refresh_token, 'Refresh token present' );
|
||||
my $id_token_payload = id_token_payload($id_token);
|
||||
is( $id_token_payload->{id_token_hook}, 1, "Found hooked claim in ID token" );
|
||||
|
||||
|
@ -130,7 +134,7 @@ $res = $op->_post(
|
|||
|
||||
$json = expectJSON($res);
|
||||
is( $json->{userinfo_hook}, 1, "Found hooked claim in Userinfo token" );
|
||||
is( $json->{_auth}, "Demo", "Found session variable in Userinfo token" );
|
||||
is( $json->{_auth}, "Demo", "Found session variable in Userinfo token" );
|
||||
|
||||
expectJWT( $token, access_token_hook => 1 );
|
||||
|
||||
|
@ -154,6 +158,38 @@ $json = from_json( $res->[2]->[0] );
|
|||
like( $json->{scope}, qr/\bmy_hooked_scope\b/, "Found hook defined scope" );
|
||||
like( $json->{scope}, qr/\bmyscope\b/, "Found result of oidcResolveScope" );
|
||||
|
||||
# Refresh access token
|
||||
$res = refreshGrant( $op, 'rpid', $refresh_token );
|
||||
$json = expectJSON($res);
|
||||
|
||||
$token = $json->{access_token};
|
||||
ok( $token, 'Access token present' );
|
||||
|
||||
# Make sure the Refresh hook added a scope to the token
|
||||
expectJWT( $token,
|
||||
scope =>
|
||||
"openid profile email my_hooked_scope myscope refreshed_online_french" );
|
||||
|
||||
## Test Offline refresh hook
|
||||
$code = authorize(
|
||||
$op, $idpId,
|
||||
{
|
||||
response_type => 'code',
|
||||
scope => 'openid profile email offline_access',
|
||||
client_id => 'rpid',
|
||||
state => 'af0ifjsldkj',
|
||||
redirect_uri => 'http://rp2.com/',
|
||||
}
|
||||
);
|
||||
|
||||
$json = expectJSON( codeGrant( $op, 'rpid', $code, "http://rp2.com/" ) );
|
||||
$refresh_token = $json->{refresh_token};
|
||||
ok( $refresh_token, 'Refresh token present' );
|
||||
|
||||
$json = expectJSON( refreshGrant( $op, 'rpid', $refresh_token ) );
|
||||
expectJWT( $json->{access_token},
|
||||
scope => "openid profile email my_hooked_scope myscope refreshed_french" );
|
||||
|
||||
clean_sessions();
|
||||
done_testing();
|
||||
|
||||
|
|
|
@ -19,6 +19,8 @@ use constant hook => {
|
|||
oidcGenerateTokenRequest => 'genTokenRequest',
|
||||
oidcGotUserInfo => 'modifyUserInfo',
|
||||
oidcGotIDToken => 'modifyIDToken',
|
||||
oidcGotOnlineRefresh => 'refreshHook',
|
||||
oidcGotOfflineRefresh => 'refreshHook',
|
||||
};
|
||||
|
||||
sub addClaimToIDToken {
|
||||
|
@ -97,4 +99,11 @@ sub modifyUserInfo {
|
|||
return PE_OK;
|
||||
}
|
||||
|
||||
sub refreshHook {
|
||||
my ( $self, $req, $rp, $refreshInfo, $sessionInfo ) = @_;
|
||||
my $uid = $refreshInfo->{uid} || ( "online_" . $sessionInfo->{uid} );
|
||||
$refreshInfo->{scope} = $refreshInfo->{scope} . " refreshed_" . $uid;
|
||||
return PE_OK;
|
||||
}
|
||||
|
||||
1;
|
||||
|
|
Loading…
Reference in New Issue