@@ -121,23 +121,23 @@ public void simpleOperationsWithConfigurator() throws Exception {
121121 assertThat ("incorrect environments" , oip .getEnvironments (), is (set ("myenv" )));
122122 assertThat ("incorrect login url" , oip .getLoginURI ("foo3" , "pkce" , false , null ),
123123 is (new URI ("https://ologin.com/oauth/authorize?" +
124- "scope=openid" +
124+ "scope=openid+%2Fauthenticate " +
125125 "&state=foo3&redirect_uri=https%3A%2F%2Fologinredir.com" +
126126 "&response_type=code&client_id=ofoo" )));
127127 assertThat ("incorrect link url" , oip .getLoginURI ("foo4" , "pkce" , true , null ),
128128 is (new URI ("https://ologin.com/oauth/authorize?" +
129- "scope=openid" +
129+ "scope=openid+%2Fauthenticate " +
130130 "&state=foo4&redirect_uri=https%3A%2F%2Folinkredir.com" +
131131 "&response_type=code&client_id=ofoo" )));
132132
133133 assertThat ("incorrect login url" , oip .getLoginURI ("foo3" , "pkce" , false , "myenv" ),
134134 is (new URI ("https://ologin.com/oauth/authorize?" +
135- "scope=openid" +
135+ "scope=openid+%2Fauthenticate " +
136136 "&state=foo3&redirect_uri=https%3A%2F%2Fmyologinred.com" +
137137 "&response_type=code&client_id=ofoo" )));
138138 assertThat ("incorrect link url" , oip .getLoginURI ("foo4" , "pkce" , true , "myenv" ),
139139 is (new URI ("https://ologin.com/oauth/authorize?" +
140- "scope=openid" +
140+ "scope=openid+%2Fauthenticate " +
141141 "&state=foo4&redirect_uri=https%3A%2F%2Fmyolinkred.com" +
142142 "&response_type=code&client_id=ofoo" )));
143143 }
@@ -150,23 +150,23 @@ public void simpleOperationsWithoutConfigurator() throws Exception {
150150 assertThat ("incorrect environments" , oip .getEnvironments (), is (set ("myenv" )));
151151 assertThat ("incorrect login url" , oip .getLoginURI ("foo5" , "pkce" , false , null ),
152152 is (new URI ("https://ologin.com/oauth/authorize?" +
153- "scope=openid" +
153+ "scope=openid+%2Fauthenticate " +
154154 "&state=foo5&redirect_uri=https%3A%2F%2Fologinredir.com" +
155155 "&response_type=code&client_id=ofoo" )));
156156 assertThat ("incorrect link url" , oip .getLoginURI ("foo6" , "pkce" , true , null ),
157157 is (new URI ("https://ologin.com/oauth/authorize?" +
158- "scope=openid" +
158+ "scope=openid+%2Fauthenticate " +
159159 "&state=foo6&redirect_uri=https%3A%2F%2Folinkredir.com" +
160160 "&response_type=code&client_id=ofoo" )));
161161
162162 assertThat ("incorrect login url" , oip .getLoginURI ("foo3" , "pkce" , false , "myenv" ),
163163 is (new URI ("https://ologin.com/oauth/authorize?" +
164- "scope=openid" +
164+ "scope=openid+%2Fauthenticate " +
165165 "&state=foo3&redirect_uri=https%3A%2F%2Fmyologinred.com" +
166166 "&response_type=code&client_id=ofoo" )));
167167 assertThat ("incorrect link url" , oip .getLoginURI ("foo4" , "pkce" , true , "myenv" ),
168168 is (new URI ("https://ologin.com/oauth/authorize?" +
169- "scope=openid" +
169+ "scope=openid+%2Fauthenticate " +
170170 "&state=foo4&redirect_uri=https%3A%2F%2Fmyolinkred.com" +
171171 "&response_type=code&client_id=ofoo" )));
172172
@@ -267,15 +267,15 @@ public void returnsIllegalAuthtokenResponse() throws Exception {
267267 final IdentityRetrievalException e =
268268 new IdentityRetrievalException ("No access token was returned by OrcID" );
269269
270- setUpCallAuthToken (acode , null , redir , cliid , clisec , "name" , "fake ID" );
270+ setUpCallAuthTokenWithJWT (acode , null , redir , cliid , clisec , "name" , "fake ID" , createJWTWithoutAmr ( "fake ID" ) );
271271 failGetIdentities (idp , acode , "pkce" , false , e );
272- setUpCallAuthToken (acode , "\t " , redir , cliid , clisec , "name" , "fake ID" );
272+ setUpCallAuthTokenWithJWT (acode , "\t " , redir , cliid , clisec , "name" , "fake ID" , createJWTWithoutAmr ( "fake ID" ) );
273273 failGetIdentities (idp , acode , "pkce" , false , e );
274274
275- setUpCallAuthToken (acode , "fake token" , redir , cliid , clisec , "my name" , null );
275+ setUpCallAuthTokenWithJWT (acode , "fake token" , redir , cliid , clisec , "my name" , null , createJWTWithoutAmr ( "fake ID" ) );
276276 failGetIdentities (idp , acode , "pkce" , false , new IdentityRetrievalException (
277277 "No id was returned by OrcID" ));
278- setUpCallAuthToken (acode , "fake token" , redir , cliid , clisec , "my name" , " \t \n " );
278+ setUpCallAuthTokenWithJWT (acode , "fake token" , redir , cliid , clisec , "my name" , " \t \n " , createJWTWithoutAmr ( "fake ID" ) );
279279 failGetIdentities (idp , acode , "pkce" , false , new IdentityRetrievalException (
280280 "No id was returned by OrcID" ));
281281 }
@@ -336,25 +336,25 @@ public void returnsBadResponseIdentity() throws Exception {
336336 final String authtoken = "bartoken" ;
337337 final String orcID = "0000-0001-1234-5678" ;
338338
339- setUpCallAuthToken (authCode , authtoken , redir , cliid , clisec , "my name" , orcID );
339+ setUpCallAuthTokenWithJWT (authCode , authtoken , redir , cliid , clisec , "my name" , orcID , createJWTWithoutAmr ( orcID ) );
340340 setupCallID (authtoken , orcID , APP_JSON , 200 , "bleah" );
341341 failGetIdentities (idp , authCode , "pkce" , false , new IdentityRetrievalException (
342342 "Unable to parse response from OrcID service." ));
343343
344- setUpCallAuthToken (authCode , authtoken , redir , cliid , clisec , "my name" , orcID );
344+ setUpCallAuthTokenWithJWT (authCode , authtoken , redir , cliid , clisec , "my name" , orcID , createJWTWithoutAmr ( orcID ) );
345345 setupCallID (authtoken , orcID , "text/html" , 200 , MAPPER .writeValueAsString (
346346 map ("id" , "id1" , "displayName" , "dispname1" , "emails" , Arrays .asList (
347347 map ("value" , "email1" )))));
348348 failGetIdentities (idp , authCode , "pkce" , false , new IdentityRetrievalException (
349349 "Unable to parse response from OrcID service." ));
350350
351- setUpCallAuthToken (authCode , authtoken , redir , cliid , clisec , "my name" , orcID );
351+ setUpCallAuthTokenWithJWT (authCode , authtoken , redir , cliid , clisec , "my name" , orcID , createJWTWithoutAmr ( orcID ) );
352352 setupCallID (authtoken , orcID , APP_JSON , 500 , STRING1000 );
353353 failGetIdentities (idp , authCode , "pkce" , false , new IdentityRetrievalException (
354354 "Got unexpected HTTP code and unparseable " +
355355 "response from OrcID service: 500. Response: " + STRING1000 ));
356356
357- setUpCallAuthToken (authCode , authtoken , redir , cliid , clisec , "my name" , orcID );
357+ setUpCallAuthTokenWithJWT (authCode , authtoken , redir , cliid , clisec , "my name" , orcID , createJWTWithoutAmr ( orcID ) );
358358 setupCallID (authtoken , orcID , APP_JSON , 500 , STRING1001 );
359359 failGetIdentities (idp , authCode , "pkce" , false , new IdentityRetrievalException (
360360 "Got unexpected HTTP code and unparseable " +
@@ -398,8 +398,8 @@ private void getIdentityWithLoginURL(final String email, final Map<String, Objec
398398 final IdentityProvider idp = new OrcIDIdentityProvider (idconfig );
399399 final String orcID = "0000-0001-1234-5678" ;
400400
401- setUpCallAuthToken (authCode , "footoken3" , "https://ologinredir.com" ,
402- idconfig .getClientID (), idconfig .getClientSecret (), " My name " , orcID );
401+ setUpCallAuthTokenWithJWT (authCode , "footoken3" , "https://ologinredir.com" ,
402+ idconfig .getClientID (), idconfig .getClientSecret (), " My name " , orcID , createJWTWithoutAmr ( orcID ) );
403403 setupCallID ("footoken3" , orcID , APP_JSON , 200 , MAPPER .writeValueAsString (response ));
404404 final Set <RemoteIdentity > rids = idp .getIdentities (authCode , "pkce" , false , null );
405405 assertThat ("incorrect number of idents" , rids .size (), is (1 ));
@@ -416,15 +416,15 @@ public void getIdentityWithLoginURLAndEnvironment() throws Exception {
416416 final IdentityProvider idp = new OrcIDIdentityProvider (idconfig );
417417 final String orcID = "0000-0001-1234-5678" ;
418418
419- setUpCallAuthToken (authCode , "footoken3" , "https://lo.com" ,
420- idconfig .getClientID (), idconfig .getClientSecret (), " My name " , orcID );
419+ setUpCallAuthTokenWithJWT (authCode , "footoken3" , "https://lo.com" ,
420+ idconfig .getClientID (), idconfig .getClientSecret (), " My name " , orcID , createJWTWithoutAmr ( orcID ) );
421421 setupCallID ("footoken3" , orcID , APP_JSON , 200 , MAPPER .writeValueAsString (
422422 map ("email" , Arrays .asList (map ("email" , "email7" )))));
423423 final Set <RemoteIdentity > rids = idp .getIdentities (authCode , "pkce" , false , "e3" );
424424 assertThat ("incorrect number of idents" , rids .size (), is (1 ));
425425 final Set <RemoteIdentity > expected = new HashSet <>();
426426 expected .add (new RemoteIdentity (new RemoteIdentityID (ORCID , orcID ),
427- new RemoteIdentityDetails (orcID , "My name" , "email7" )));
427+ new RemoteIdentityDetails (orcID , "My name" , "email7" , MfaStatus . NOT_USED )));
428428 assertThat ("incorrect ident set" , rids , is (expected ));
429429 }
430430
@@ -454,9 +454,9 @@ private void getIdentityWithLinkURL(final String email, final Map<String, Object
454454 final IdentityProvider idp = new OrcIDIdentityProvider (idconfig );
455455 final String orcID = "0000-0001-1234-5678" ;
456456
457- setUpCallAuthToken (authCode , "footoken2" , "https://olinkredir2.com" ,
457+ setUpCallAuthTokenWithJWT (authCode , "footoken2" , "https://olinkredir2.com" ,
458458 idconfig .getClientID (), idconfig .getClientSecret (),
459- null , orcID );
459+ null , orcID , createJWTWithoutAmr ( orcID ) );
460460 setupCallID ("footoken2" , orcID , APP_JSON , 200 , MAPPER .writeValueAsString (
461461 response ));
462462 final Set <RemoteIdentity > rids = idp .getIdentities (authCode , "pkce" , true , null );
@@ -483,16 +483,16 @@ public void getIdentityWithLinkURLAndEnvironment() throws Exception {
483483 final IdentityProvider idp = new OrcIDIdentityProvider (idconfig );
484484 final String orcID = "0000-0001-1234-5678" ;
485485
486- setUpCallAuthToken (authCode , "footoken2" , "https://li.com" ,
486+ setUpCallAuthTokenWithJWT (authCode , "footoken2" , "https://li.com" ,
487487 idconfig .getClientID (), idconfig .getClientSecret (),
488- null , orcID );
488+ null , orcID , createJWTWithoutAmr () );
489489 setupCallID ("footoken2" , orcID , APP_JSON , 200 , MAPPER .writeValueAsString (
490490 map ("email" , Arrays .asList (map ("email" , "email4" )))));
491491 final Set <RemoteIdentity > rids = idp .getIdentities (authCode , "pkce" , true , "e3" );
492492 assertThat ("incorrect number of idents" , rids .size (), is (1 ));
493493 final Set <RemoteIdentity > expected = new HashSet <>();
494494 expected .add (new RemoteIdentity (new RemoteIdentityID (ORCID , orcID ),
495- new RemoteIdentityDetails (orcID , null , "email4" )));
495+ new RemoteIdentityDetails (orcID , null , "email4" , MfaStatus . NOT_USED )));
496496 assertThat ("incorrect ident set" , rids , is (expected ));
497497 }
498498
@@ -547,12 +547,15 @@ public void getIdentityWithNoJWT() throws Exception {
547547 idconfig .getClientID (), idconfig .getClientSecret (), " My name " , orcID );
548548 setupCallID ("footoken5" , orcID , APP_JSON , 200 , MAPPER .writeValueAsString (
549549 map (
"email" ,
Arrays .
asList (
map (
"email" ,
"[email protected] " )))));
550- final Set <RemoteIdentity > rids = idp .getIdentities (authCode , "pkce" , false , null );
551- assertThat ("incorrect number of idents" , rids .size (), is (1 ));
552- final Set <RemoteIdentity > expected = new HashSet <>();
553- expected .add (new RemoteIdentity (new RemoteIdentityID (ORCID , orcID ),
554- new RemoteIdentityDetails (
orcID ,
"My name" ,
"[email protected] " ,
MfaStatus .
UNKNOWN )));
555- assertThat ("incorrect ident set" , rids , is (expected ));
550+
551+ // Now that JWT is required, this should fail with missing JWT error
552+ try {
553+ idp .getIdentities (authCode , "pkce" , false , null );
554+ fail ("Expected IdentityRetrievalException" );
555+ } catch (IdentityRetrievalException e ) {
556+ assertThat ("incorrect exception message" , e .getMessage (),
557+ is ("10030 Identity retrieval failed: No JWT token provided by ORCID despite requesting OpenID scope" ));
558+ }
556559 }
557560
558561 @ Test
0 commit comments