test of PKCE flow

2026-01-17 00:57:16 +01:00 · 2023-09-18 16:36:48 +02:00
parent 744e7d3375
commit f300fdb13f
2 changed files with 41 additions and 4 deletions
--- a/src/test/java/com/ysoft/geecon/AuthCodeGrantTest.java
+++ b/src/test/java/com/ysoft/geecon/AuthCodeGrantTest.java
@@ -69,4 +69,24 @@ public class AuthCodeGrantTest {

        assertThat(flow.getAccessToken(), is(notNullValue()));
    }
+
+    @Test
+    public void authCodeGrantWithPkce() throws IOException {
+        AuthorizationCodeFlow flow = new AuthorizationCodeFlow(authUrl, CLIENT);
+        flow.setPkce("PnRLncOTibrwxaBmBYm4QC89u0m4mz518sk1WFKjxnc", "bbb");
+        LoginScreen loginScreen = flow.start(Map.of("scope", "scope1 scope2"));
+
+        ConsentScreen consentScreen = loginScreen.submitCorrect("bob", "password");
+        assertThat(consentScreen.getScopes(), is(List.of("scope1", "scope2")));
+
+        Document submit = consentScreen.submit();
+        flow.parseAndValidateRedirect(submit.connection().response());
+
+        assertThat(flow.getCode(), is(notNullValue()));
+        assertThat(flow.getAccessToken(), is(nullValue()));
+        flow.exchangeCode();
+
+        assertThat(flow.getAccessToken(), is(notNullValue()));
+
+    }
 }
--- a/src/test/java/com/ysoft/geecon/helpers/AuthorizationCodeFlow.java
+++ b/src/test/java/com/ysoft/geecon/helpers/AuthorizationCodeFlow.java
@@ -25,6 +25,8 @@ public class AuthorizationCodeFlow {
    private final String authUrl;
    private final OAuthClient client;
    private String state = "testStateIsNotRandom";
+    private String codeChallenge;
+    private String codeVerifier;
    private String code;
    private String accessToken;
    private String idToken;
@@ -52,6 +54,10 @@ public class AuthorizationCodeFlow {
        map.put("client_id", client.clientId());
        map.put("redirect_uri", client.redirectUri());
        map.put("state", state);
+        if (codeChallenge != null) {
+            map.put("code_challenge", codeChallenge);
+            map.put("code_challenge_method", "S256");
+        }
        return map;
    }

@@ -71,11 +77,17 @@ public class AuthorizationCodeFlow {
    }

    public AccessTokenResponse exchangeCode() {
+        Map<String, String> tokenForm = new HashMap<>();
+        tokenForm.put("grant_type", "authorization_code");
+        tokenForm.put("client_id", client.clientId());
+        tokenForm.put("redirect_uri", client.redirectUri());
+        tokenForm.put("code", code);
+        if (codeVerifier != null) {
+            tokenForm.put("code_verifier", codeVerifier);
+        }
+
        AccessTokenResponse accessTokenResponse = given()
-                .formParam("grant_type", "authorization_code")
-                .formParam("client_id", client.clientId())
-                .formParam("redirect_uri", client.redirectUri())
-                .formParam("code", code)
+                .formParams(tokenForm)
                .when()
                .post("/auth/token")
                .then()
@@ -106,4 +118,9 @@ public class AuthorizationCodeFlow {
    public String getIdToken() {
        return idToken;
    }
+
+    public void setPkce(String codeChallenge, String codeVerifier) {
+        this.codeChallenge = codeChallenge;
+        this.codeVerifier = codeVerifier;
+    }
 }