diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/token/PkceEnhancedAuthorizationCodeTokenGranterTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/token/PkceEnhancedAuthorizationCodeTokenGranterTest.java index 49fdc4e9c55..77fb53a532d 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/token/PkceEnhancedAuthorizationCodeTokenGranterTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/token/PkceEnhancedAuthorizationCodeTokenGranterTest.java @@ -21,6 +21,7 @@ import static org.cloudfoundry.identity.uaa.oauth.TokenTestSupport.GRANT_TYPE; import static org.cloudfoundry.identity.uaa.oauth.token.TokenConstants.GRANT_TYPE_AUTHORIZATION_CODE; import static org.cloudfoundry.identity.uaa.util.JwtTokenSignedByThisUAATest.CLIENT_ID; +import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertThrows; import static org.mockito.ArgumentMatchers.any; import static org.mockito.ArgumentMatchers.anyString; @@ -67,12 +68,12 @@ public void setup() { when(clientDetailsService.loadClientByClientId(eq(requestingClient.getClientId()), anyString())).thenReturn(requestingClient); when(authorizationCodeServices.consumeAuthorizationCode("1234")).thenReturn(authentication); when(authentication.getOAuth2Request()).thenReturn(oAuth2Request); - when(oAuth2Request.getRequestParameters()).thenReturn(requestParameters); requestParameters = new HashMap<>(); requestParameters.put(GRANT_TYPE, TokenConstants.GRANT_TYPE_USER_TOKEN); requestParameters.put(CLIENT_ID, requestingClient.getClientId()); requestParameters.put("code", "1234"); requestParameters.put(PkceValidationService.CODE_VERIFIER, "E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM"); + when(oAuth2Request.getRequestParameters()).thenReturn(requestParameters); tokenRequest = new UserTokenGranterTest.PublicTokenRequest(); tokenRequest.setRequestParameters(requestParameters); @@ -84,4 +85,14 @@ void getOAuth2Authentication() throws PkceValidationException { when(pkceValidationService.checkAndValidate(any(), any(), any())).thenReturn(false); assertThrows(InvalidGrantException.class, () -> granter.getOAuth2Authentication(requestingClient, tokenRequest)); } + + @Test + void getOAuth2AuthenticationMethod() throws PkceValidationException { + HashMap authMap = new HashMap(); + authMap.put(ClaimConstants.CLIENT_AUTH_METHOD, "none"); + when(pkceValidationService.checkAndValidate(any(), any(), any())).thenReturn(true); + when(oAuth2Request.getExtensions()).thenReturn(authMap); + when(oAuth2Request.createOAuth2Request(any())).thenReturn(oAuth2Request); + assertNotNull(granter.getOAuth2Authentication(requestingClient, tokenRequest)); + } } \ No newline at end of file diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaTokenServicesTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaTokenServicesTests.java index 96128a0a1b1..dca60e0b3e1 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaTokenServicesTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaTokenServicesTests.java @@ -33,10 +33,12 @@ import org.junit.jupiter.params.provider.ValueSource; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.oauth2.common.OAuth2AccessToken; import org.springframework.security.oauth2.provider.AuthorizationRequest; import org.springframework.security.oauth2.provider.NoSuchClientException; import org.springframework.security.oauth2.provider.OAuth2Authentication; +import org.springframework.security.oauth2.provider.OAuth2Request; import org.springframework.security.oauth2.provider.TokenRequest; import org.springframework.test.annotation.DirtiesContext; import org.springframework.test.context.TestPropertySource; @@ -69,6 +71,8 @@ import static org.junit.Assert.assertThat; import static org.junit.jupiter.api.Assertions.assertAll; import static org.junit.jupiter.api.Assumptions.assumeTrue; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; @DisplayName("Uaa Token Services Tests") @DefaultTestContext @@ -275,9 +279,16 @@ void happyCase() { UaaUser uaaUser = jdbcUaaUserDatabase.retrieveUserByName("admin", "uaa"); refreshToken = refreshTokenCreator.createRefreshToken(uaaUser, refreshTokenRequestData, null); assertThat(refreshToken, is(notNullValue())); + OAuth2Authentication authentication = mock(OAuth2Authentication.class); + SecurityContextHolder.getContext().setAuthentication(authentication); + OAuth2Request auth2Request = mock(OAuth2Request.class); + when(authentication.getOAuth2Request()).thenReturn(auth2Request); + when(auth2Request.getExtensions()).thenReturn(Map.of(ClaimConstants.CLIENT_AUTH_METHOD, "client_secret_basic")); OAuth2AccessToken refreshedToken = tokenServices.refreshAccessToken(this.refreshToken.getValue(), new TokenRequest(new HashMap<>(), "jku_test", Lists.newArrayList("openid", "user_attributes"), GRANT_TYPE_REFRESH_TOKEN)); assertThat(refreshedToken, is(notNullValue())); + Map claims = UaaTokenUtils.getClaims(refreshedToken.getValue()); + assertThat(claims, hasKey(ClaimConstants.CLIENT_AUTH_METHOD)); } @MethodSource("org.cloudfoundry.identity.uaa.oauth.UaaTokenServicesTests#dates")