Merge 114249337-openid-connect-token to master

[#114249337]

Author: Steve Powell

cloudfoundry-client-spring/src/main/java/org/cloudfoundry/reactor/uaa/tokens/ReactorTokens.java

@@ -25,6 +25,8 @@
 import org.cloudfoundry.uaa.tokens.GetTokenByAuthorizationCodeResponse;
 import org.cloudfoundry.uaa.tokens.GetTokenByClientCredentialsRequest;
 import org.cloudfoundry.uaa.tokens.GetTokenByClientCredentialsResponse;
+import org.cloudfoundry.uaa.tokens.GetTokenByOpenIdRequest;
+import org.cloudfoundry.uaa.tokens.GetTokenByOpenIdResponse;
 import org.cloudfoundry.uaa.tokens.GetTokenByPasswordRequest;
 import org.cloudfoundry.uaa.tokens.GetTokenByPasswordResponse;
 import org.cloudfoundry.uaa.tokens.GetTokenKeyRequest;
@@ -80,6 +82,12 @@ public Mono<GetTokenByClientCredentialsResponse> getByClientCredentials(GetToken
             function((builder, validRequest) -> builder.pathSegment("oauth", "token").queryParam("grant_type", "client_credentials").queryParam("response_type", "token")));
     }
 
+    @Override
+    public Mono<GetTokenByOpenIdResponse> getByOpenId(GetTokenByOpenIdRequest request) {
+        return post(request, GetTokenByOpenIdResponse.class,
+            function((builder, validRequest) -> builder.pathSegment("oauth", "token").queryParam("grant_type", "authorization_code").queryParam("response_type", "id_token")));
+    }
+
     @Override
     public Mono<GetTokenByPasswordResponse> getByPassword(GetTokenByPasswordRequest request) {
         return post(request, GetTokenByPasswordResponse.class,

cloudfoundry-client-spring/src/test/java/org/cloudfoundry/reactor/uaa/tokens/ReactorTokensTest.java

@@ -26,6 +26,8 @@
 import org.cloudfoundry.uaa.tokens.GetTokenByAuthorizationCodeResponse;
 import org.cloudfoundry.uaa.tokens.GetTokenByClientCredentialsRequest;
 import org.cloudfoundry.uaa.tokens.GetTokenByClientCredentialsResponse;
+import org.cloudfoundry.uaa.tokens.GetTokenByOpenIdRequest;
+import org.cloudfoundry.uaa.tokens.GetTokenByOpenIdResponse;
 import org.cloudfoundry.uaa.tokens.GetTokenByPasswordRequest;
 import org.cloudfoundry.uaa.tokens.GetTokenByPasswordResponse;
 import org.cloudfoundry.uaa.tokens.GetTokenKeyRequest;
@@ -249,6 +251,55 @@ protected Mono<GetTokenByClientCredentialsResponse> invoke(GetTokenByClientCrede
 
     }
 
+    public static final class GetTokenByOpenId extends AbstractUaaApiTest<GetTokenByOpenIdRequest, GetTokenByOpenIdResponse> {
+
+        private final ReactorTokens tokens = new ReactorTokens(AUTHORIZATION_PROVIDER, CLIENT_ID, CLIENT_SECRET, HTTP_CLIENT, OBJECT_MAPPER, this.root);
+
+        @Override
+        protected InteractionContext getInteractionContext() {
+            return InteractionContext.builder()
+                .request(TestRequest.builder()
+                    .method(POST).path("/oauth/token?code=NAlA1d&client_id=app&client_secret=appclientsecret&redirect_uri=https://uaa.cloudfoundry.com/redirect/cf&token_format=opaque" +
+                        "&grant_type=authorization_code&response_type=id_token")
+                    .build())
+                .response(TestResponse.builder()
+                    .status(OK)
+                    .payload("fixtures/uaa/tokens/GET_response_OI.json")
+                    .build())
+                .build();
+        }
+
+        @Override
+        protected GetTokenByOpenIdResponse getResponse() {
+            return GetTokenByOpenIdResponse.builder()
+                .accessToken("53a58e6581ee49d08f9e572f673bc8db")
+                .tokenType("bearer")
+                .openIdToken("eyJhbGciOiJIUzI1NiIsImtpZCI6ImxlZ2FjeS10b2tlbi1rZXkiLC")
+                .refreshToken("53a58e6581ee49d08f9e572f673bc8db-r")
+                .expiresInSeconds(43199)
+                .scopes("openid oauth.approvals")
+                .tokenId("53a58e6581ee49d08f9e572f673bc8db")
+                .build();
+        }
+
+        @Override
+        protected GetTokenByOpenIdRequest getValidRequest() {
+            return GetTokenByOpenIdRequest.builder()
+                .clientId("app")
+                .clientSecret("appclientsecret")
+                .authorizationCode("NAlA1d")
+                .redirectUri("https://uaa.cloudfoundry.com/redirect/cf")
+                .tokenFormat(TokenFormat.OPAQUE)
+                .build();
+        }
+
+        @Override
+        protected Mono<GetTokenByOpenIdResponse> invoke(GetTokenByOpenIdRequest request) {
+            return this.tokens.getByOpenId(request);
+        }
+
+    }
+
     public static final class GetTokenByPassword extends AbstractUaaApiTest<GetTokenByPasswordRequest, GetTokenByPasswordResponse> {
 
         private final ReactorTokens tokens = new ReactorTokens(AUTHORIZATION_PROVIDER, CLIENT_ID, CLIENT_SECRET, HTTP_CLIENT, OBJECT_MAPPER, this.root);

cloudfoundry-client-spring/src/test/resources/fixtures/uaa/tokens/GET_response_OI.json

@@ -0,0 +1,9 @@
+{
+  "access_token": "53a58e6581ee49d08f9e572f673bc8db",
+  "token_type": "bearer",
+  "id_token": "eyJhbGciOiJIUzI1NiIsImtpZCI6ImxlZ2FjeS10b2tlbi1rZXkiLC",
+  "refresh_token": "53a58e6581ee49d08f9e572f673bc8db-r",
+  "expires_in": 43199,
+  "scope": "openid oauth.approvals",
+  "jti": "53a58e6581ee49d08f9e572f673bc8db"
+}

cloudfoundry-client/src/main/java/org/cloudfoundry/uaa/tokens/AbstractGetTokenByOpenIdRequest.java

@@ -0,0 +1,61 @@
+/*
+ * Copyright 2013-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.cloudfoundry.uaa.tokens;
+
+import org.cloudfoundry.Nullable;
+import org.cloudfoundry.QueryParameter;
+import org.immutables.value.Value;
+
+/**
+ * The request payload for the get token by OpenId operation
+ */
+@Value.Immutable
+abstract class AbstractGetTokenByOpenIdRequest {
+
+    /**
+     * The authorization code
+     */
+    @QueryParameter("code")
+    abstract String getAuthorizationCode();
+
+    /**
+     * The client identifier
+     */
+    @QueryParameter("client_id")
+    abstract String getClientId();
+
+    /**
+     * The client's secret passphrase
+     */
+    @QueryParameter("client_secret")
+    abstract String getClientSecret();
+
+    /**
+     * The redirection URI
+     */
+    @Nullable
+    @QueryParameter("redirect_uri")
+    abstract String getRedirectUri();
+
+    /**
+     * The token format
+     */
+    @Nullable
+    @QueryParameter("token_format")
+    abstract TokenFormat getTokenFormat();
+
+}

cloudfoundry-client/src/main/java/org/cloudfoundry/uaa/tokens/AbstractGetTokenByOpenIdResponse.java

@@ -0,0 +1,42 @@
+/*
+ * Copyright 2013-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.cloudfoundry.uaa.tokens;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import org.immutables.value.Value;
+
+/**
+ * The response from the get token by OpenId request
+ */
+@JsonDeserialize
+@Value.Immutable
+abstract class AbstractGetTokenByOpenIdResponse extends AbstractToken {
+
+    /**
+     * The OpenId token
+     */
+    @JsonProperty("id_token")
+    abstract String getOpenIdToken();
+
+    /**
+     * The refresh token
+     */
+    @JsonProperty("refresh_token")
+    abstract String getRefreshToken();
+
+}

cloudfoundry-client/src/main/java/org/cloudfoundry/uaa/tokens/Tokens.java

@@ -47,6 +47,14 @@ public interface Tokens {
      */
     Mono<GetTokenByClientCredentialsResponse> getByClientCredentials(GetTokenByClientCredentialsRequest request);
 
+    /**
+     * Makes the <a href="http://docs.cloudfoundry.com/uaa/#openid-connect">OpenID Connect</a> request
+     *
+     * @param request the OpenId request
+     * @return the response from the OpenId request
+     */
+    Mono<GetTokenByOpenIdResponse> getByOpenId(GetTokenByOpenIdRequest request);
+
     /**
      * Makes the <a href="http://docs.cloudfoundry.com/uaa/#password-grant">Password Grant</a> request
      *

cloudfoundry-client/src/test/java/org/cloudfoundry/uaa/tokens/GetTokenByOpenIdRequestTest.java

@@ -0,0 +1,73 @@
+/*
+ * Copyright 2013-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.cloudfoundry.uaa.tokens;
+
+import org.junit.Test;
+
+public final class GetTokenByOpenIdRequestTest {
+
+    @Test(expected = IllegalStateException.class)
+    public void noAuthorizationCode() {
+        GetTokenByOpenIdRequest.builder()
+            .clientId("test-client-id")
+            .clientSecret("test-client-secret")
+            .redirectUri("test-redirect-uri")
+            .tokenFormat(TokenFormat.OPAQUE)
+            .build();
+    }
+
+    @Test(expected = IllegalStateException.class)
+    public void noClientId() {
+        GetTokenByOpenIdRequest.builder()
+            .authorizationCode("test-authorization-code")
+            .clientSecret("test-client-secret")
+            .redirectUri("test-redirect-uri")
+            .tokenFormat(TokenFormat.OPAQUE)
+            .build();
+    }
+
+    @Test(expected = IllegalStateException.class)
+    public void noClientSecret() {
+        GetTokenByOpenIdRequest.builder()
+            .authorizationCode("test-authorization-code")
+            .clientId("test-client-id")
+            .redirectUri("test-redirect-uri")
+            .tokenFormat(TokenFormat.OPAQUE)
+            .build();
+    }
+
+    @Test
+    public void validMax() {
+        GetTokenByOpenIdRequest.builder()
+            .authorizationCode("test-authorization-code")
+            .clientId("test-client-id")
+            .clientSecret("test-client-secret")
+            .redirectUri("test-redirect-uri")
+            .tokenFormat(TokenFormat.OPAQUE)
+            .build();
+    }
+
+    @Test
+    public void validMin() {
+        GetTokenByOpenIdRequest.builder()
+            .authorizationCode("test-authorization-code")
+            .clientId("test-client-id")
+            .clientSecret("test-client-secret")
+            .build();
+    }
+
+}