Merge pull request #218 from rolsonquadras/issue-167

test: [gnap] continue and introspect api - initial integration
trustbloc · May 11, 2022 · 8b599c2 · 8b599c2
2 parents 0e2bd24 + faa6a85
commit 8b599c2
Show file tree

Hide file tree

Showing 6 changed files with 54 additions and 14 deletions.
diff --git a/cmd/auth-rest/startcmd/start.go b/cmd/auth-rest/startcmd/start.go
@@ -506,7 +506,7 @@ func startAuthService(parameters *authRestParameters, srv server) error {
 		SecretsToken:   parameters.secretsAPIToken,
 	}, &gnap.Config{
 		StoreProvider:      provider,
-		BaseURL:            parameters.hostURL,
+		BaseURL:            parameters.externalURL,
 		AccessPolicyConfig: gnapAPConfig,
 		InteractionHandler: interact,
 		UIEndpoint:         uiEndpoint,

diff --git a/component/gnap/as/client.go b/component/gnap/as/client.go
@@ -79,7 +79,7 @@ func (c *Client) RequestAccess(req *gnap.AuthRequest) (*gnap.AuthResponse, error
 
 	url := c.gnapAuthServerURL + gnaprest.AuthRequestPath
 
-	httpReq, err := http.NewRequest(http.MethodPost, url, requestReader)
+	httpReq, err := http.NewRequest(http.MethodPost, url, requestReader) // nolint:noctx
 	if err != nil {
 		return nil, fmt.Errorf("requestAccess: failed to build http request: %w", err)
 	}
@@ -122,7 +122,7 @@ func (c *Client) RequestAccess(req *gnap.AuthRequest) (*gnap.AuthResponse, error
 }
 
 // Continue gnap auth request containing interact_ref.
-func (c *Client) Continue(req *gnap.ContinueRequest) (*gnap.AuthResponse, error) {
+func (c *Client) Continue(req *gnap.ContinueRequest, token string) (*gnap.AuthResponse, error) {
 	if req == nil {
 		return nil, fmt.Errorf("continue: empty request")
 	}
@@ -150,6 +150,7 @@ func (c *Client) Continue(req *gnap.ContinueRequest) (*gnap.AuthResponse, error)
 	httpReq.Header.Add("Content-Type", contentType)
 	// httpReq.Header.Add("Signature-Input", "TODO") // TODO update signature input
 	httpReq.Header.Add("Signature", base64.URLEncoding.EncodeToString(sig))
+	httpReq.Header.Add("Authorization", "GNAP "+token)
 
 	r, err := c.httpClient.Do(httpReq)
 	if err != nil {

diff --git a/component/gnap/as/client_test.go b/component/gnap/as/client_test.go
@@ -21,6 +21,7 @@ import (
 	"testing"
 	"time"
 
+	"github.com/google/uuid"
 	"github.com/stretchr/testify/require"
 
 	gnaprest "github.com/trustbloc/auth/pkg/restapi/gnap"
@@ -276,7 +277,7 @@ func TestContinue(t *testing.T) {
 			c, err := NewClient(tc.signer, httpClient, url)
 			require.NoError(t, err)
 
-			response, err := c.Continue(tc.grantReq)
+			response, err := c.Continue(tc.grantReq, uuid.NewString())
 			if tc.errMsg != "" {
 				if tc.name == "error continuing gnap access with bad http client error" {
 					require.Contains(t, err.Error(), fmt.Sprintf(tc.errMsg, url+gnaprest.AuthContinuePath))

diff --git a/pkg/gnap/interact/redirect/interact.go b/pkg/gnap/interact/redirect/interact.go
@@ -41,8 +41,8 @@ func (l InteractHandler) CompleteInteraction(flowID string, consentSet *api.Cons
 
 // QueryInteraction fetches the interaction under the given interact_ref.
 func (l InteractHandler) QueryInteraction(interactRef string) (*api.ConsentResult, error) {
-	// TODO implement me
-	panic("implement me")
+	// TODO implement query interaction
+	return &api.ConsentResult{}, nil
 }
 
 // DeleteInteraction deletes the interaction under the given interact_ref.

diff --git a/test/bdd/features/gnap.feature b/test/bdd/features/gnap.feature
@@ -13,3 +13,4 @@ Feature: Grant Negotiation and Authorization Protocol(GNAP) flow (https://www.ie
     Then the client calls the tx request with httpsign and gets back a redirect interaction
     Then client redirects to the interaction URL, user logs into the external oidc provider and the client receives a redirect back
     And client calls continue API and gets back the access token
+    And resource server validates the gnap access token
diff --git a/test/bdd/pkg/gnap/steps.go b/test/bdd/pkg/gnap/steps.go
@@ -15,9 +15,11 @@ import (
 	"strings"
 
 	"github.com/cucumber/godog"
+	"github.com/google/uuid"
 	"github.com/hyperledger/aries-framework-go/pkg/doc/jose/jwk"
 	"github.com/hyperledger/aries-framework-go/pkg/doc/jose/jwk/jwksupport"
 	"github.com/trustbloc/auth/component/gnap/as"
+	"github.com/trustbloc/auth/component/gnap/rs"
 	"github.com/trustbloc/auth/spi/gnap"
 
 	bddctx "github.com/trustbloc/auth/test/bdd/pkg/context"
@@ -35,11 +37,12 @@ const (
 )
 
 type Steps struct {
-	ctx        *bddctx.BDDContext
-	gnapClient *as.Client
-	pubKeyJWK  jwk.JWK
-	authResp   *gnap.AuthResponse
-	browser    *http.Client
+	ctx          *bddctx.BDDContext
+	gnapClient   *as.Client
+	gnapRSClient *rs.Client
+	pubKeyJWK    jwk.JWK
+	authResp     *gnap.AuthResponse
+	browser      *http.Client
 }
 
 func NewSteps(ctx *bddctx.BDDContext) *Steps {
@@ -53,6 +56,7 @@ func (s *Steps) RegisterSteps(gs *godog.ScenarioContext) {
 	gs.Step(`^the client calls the tx request with httpsign and gets back a redirect interaction$`, s.txnRequest)
 	gs.Step(`^client redirects to the interaction URL, user logs into the external oidc provider and the client receives a redirect back$`, s.interactRedirect)
 	gs.Step(`^client calls continue API and gets back the access token$`, s.continueRequest)
+	gs.Step(`^resource server validates the gnap access token$`, s.introspection)
 }
 
 func (s *Steps) createGNAPClient() error {
@@ -81,10 +85,23 @@ func (s *Steps) createGNAPClient() error {
 		authServerURL,
 	)
 	if err != nil {
-		return fmt.Errorf("failed to gnap go-client: %w", err)
+		return fmt.Errorf("failed to create gnap as go-client: %w", err)
+	}
+
+	// create gnap rs client
+	gnapRSClient, err := rs.NewClient(
+		&Signer{
+			PrivateKey: private,
+		},
+		httpClient,
+		authServerURL,
+	)
+	if err != nil {
+		return fmt.Errorf("failed to create gnap rs go-client: %w", err)
 	}
 
 	s.gnapClient = gnapClient
+	s.gnapRSClient = gnapRSClient
 	s.pubKeyJWK = *pubKeyJWK
 
 	return nil
@@ -168,12 +185,32 @@ func (s *Steps) interactRedirect() error {
 }
 
 func (s *Steps) continueRequest() error {
-	// TODO get continue req API url
+	req := &gnap.ContinueRequest{
+		InteractRef: uuid.NewString(),
+	}
 
-	// TODO call continue API
+	authResp, err := s.gnapClient.Continue(req, s.authResp.Continue.AccessToken.Value)
+	if err != nil {
+		return fmt.Errorf("failed to call continue request: %w", err)
+	}
 
 	// TODO validate acess token
 
+	s.authResp = authResp
+
+	return nil
+}
+
+func (s *Steps) introspection() error {
+	req := &gnap.IntrospectRequest{}
+
+	_, err := s.gnapRSClient.Introspect(req)
+	if err != nil {
+		return fmt.Errorf("failed to call continue request: %w", err)
+	}
+
+	// TODO validate introspection data
+
 	return nil
 }