From 8df24823269ad1f02cc910be46ebaea9a8796fd7 Mon Sep 17 00:00:00 2001 From: Chris Patmore Date: Wed, 30 Aug 2023 10:36:19 +0100 Subject: [PATCH] fix: ensure access_token is available after introspect Update the code to ensure the access token is available after validating the token using token introspect Contributes to: https://github.com/eclipse-vertx/vertx-auth/issues/659 Signed-off-by: Chris Patmore --- .../oauth2/impl/OAuth2AuthProviderImpl.java | 2 +- .../test/oauth2/OAuth2IntrospectTest.java | 27 +++++++++++++------ 2 files changed, 20 insertions(+), 9 deletions(-) diff --git a/vertx-auth-oauth2/src/main/java/io/vertx/ext/auth/oauth2/impl/OAuth2AuthProviderImpl.java b/vertx-auth-oauth2/src/main/java/io/vertx/ext/auth/oauth2/impl/OAuth2AuthProviderImpl.java index 4cae996a6..8f9586a02 100644 --- a/vertx-auth-oauth2/src/main/java/io/vertx/ext/auth/oauth2/impl/OAuth2AuthProviderImpl.java +++ b/vertx-auth-oauth2/src/main/java/io/vertx/ext/auth/oauth2/impl/OAuth2AuthProviderImpl.java @@ -326,7 +326,7 @@ public Future authenticate(Credentials credentials) { // attempt to create a user from the json object final User newUser = createUser( - json, + json.put("access_token", tokenCredentials.getToken()), user.attributes().containsKey("missing-kid")); // final step, verify if the user is not expired diff --git a/vertx-auth-oauth2/src/test/java/io/vertx/ext/auth/test/oauth2/OAuth2IntrospectTest.java b/vertx-auth-oauth2/src/test/java/io/vertx/ext/auth/test/oauth2/OAuth2IntrospectTest.java index cd07b3958..5c2a48361 100644 --- a/vertx-auth-oauth2/src/test/java/io/vertx/ext/auth/test/oauth2/OAuth2IntrospectTest.java +++ b/vertx-auth-oauth2/src/test/java/io/vertx/ext/auth/test/oauth2/OAuth2IntrospectTest.java @@ -141,12 +141,11 @@ public void introspectAccessToken(TestContext should) { should.assertNotNull(token2); JsonObject principal = token2.principal().copy(); - // clean time specific value - principal.remove("expires_at"); - principal.remove("access_token"); - principal.remove("opaque"); - final JsonObject assertion = fixtureIntrospect.copy(); + // principal should be identified as opaque + assertion.put("opaque", true); + // access token should be present in the principal + assertion.put("access_token", token); should.assertEquals(assertion.getMap(), principal.getMap()); @@ -180,11 +179,13 @@ public void introspectAccessTokenGoogleWay(TestContext should) { should.assertNotNull(token); // make a copy because later we need to original data JsonObject principal = token.principal().copy(); - // clean time specific value - principal.remove("opaque"); // clean up control final JsonObject assertion = fixtureGoogle.copy(); + // principal should be identified as opaque + assertion.put("opaque", true); + // access token should be present in the principal + assertion.put("access_token", OAuth2IntrospectTest.token); should.assertEquals(assertion.getMap(), principal.getMap()); @@ -230,7 +231,17 @@ public void introspectAccessTokenKeyCloakWay(TestContext should) { } else { User token = res.result(); should.assertNotNull(token); - should.assertNotNull(token.principal()); + // make a copy because later we need to original data + JsonObject principal = token.principal().copy(); + + // clean up control + final JsonObject assertion = fixtureKeycloak.copy(); + // principal should be identified as opaque + assertion.put("opaque", true); + // access token should be present in the principal + assertion.put("access_token", OAuth2IntrospectTest.token); + + should.assertEquals(assertion.getMap(), principal.getMap()); test.complete(); } });