github-mirrors/oauth-playground-server
1
0
Fork 0
mirror of https://github.com/ysoftdevs/oauth-playground-server.git synced 2026-03-25 18:42:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

test of PKCE flow

Browse Source
This commit is contained in:
Dusan Jakub
2023-09-18 16:36:48 +02:00
parent 744e7d3375
commit f300fdb13f
2 changed files with 41 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
src/test/java/com/ysoft/geecon/AuthCodeGrantTest.java
View File

@@ -69,4 +69,24 @@ public class AuthCodeGrantTest {
assertThat(flow.getAccessToken(), is(notNullValue())); assertThat(flow.getAccessToken(), is(notNullValue()));
} }
@Test
public void authCodeGrantWithPkce() throws IOException {
AuthorizationCodeFlow flow = new AuthorizationCodeFlow(authUrl, CLIENT);
flow.setPkce("PnRLncOTibrwxaBmBYm4QC89u0m4mz518sk1WFKjxnc", "bbb");
LoginScreen loginScreen = flow.start(Map.of("scope", "scope1 scope2"));
ConsentScreen consentScreen = loginScreen.submitCorrect("bob", "password");
assertThat(consentScreen.getScopes(), is(List.of("scope1", "scope2")));
Document submit = consentScreen.submit();
flow.parseAndValidateRedirect(submit.connection().response());
assertThat(flow.getCode(), is(notNullValue()));
assertThat(flow.getAccessToken(), is(nullValue()));
flow.exchangeCode();
assertThat(flow.getAccessToken(), is(notNullValue()));
}
} }

25
src/test/java/com/ysoft/geecon/helpers/AuthorizationCodeFlow.java
View File

@@ -25,6 +25,8 @@ public class AuthorizationCodeFlow {
private final String authUrl; private final String authUrl;
private final OAuthClient client; private final OAuthClient client;
private String state = "testStateIsNotRandom"; private String state = "testStateIsNotRandom";
private String codeChallenge;
private String codeVerifier;
private String code; private String code;
private String accessToken; private String accessToken;
private String idToken; private String idToken;
@@ -52,6 +54,10 @@ public class AuthorizationCodeFlow {
map.put("client_id", client.clientId()); map.put("client_id", client.clientId());
map.put("redirect_uri", client.redirectUri()); map.put("redirect_uri", client.redirectUri());
map.put("state", state); map.put("state", state);
if (codeChallenge != null) {
map.put("code_challenge", codeChallenge);
map.put("code_challenge_method", "S256");
}
return map; return map;
} }
@@ -71,11 +77,17 @@ public class AuthorizationCodeFlow {
} }
public AccessTokenResponse exchangeCode() { public AccessTokenResponse exchangeCode() {
Map<String, String> tokenForm = new HashMap<>();
tokenForm.put("grant_type", "authorization_code");
tokenForm.put("client_id", client.clientId());
tokenForm.put("redirect_uri", client.redirectUri());
tokenForm.put("code", code);
if (codeVerifier != null) {
tokenForm.put("code_verifier", codeVerifier);
}
AccessTokenResponse accessTokenResponse = given() AccessTokenResponse accessTokenResponse = given()
.formParam("grant_type", "authorization_code") .formParams(tokenForm)
.formParam("client_id", client.clientId())
.formParam("redirect_uri", client.redirectUri())
.formParam("code", code)
.when() .when()
.post("/auth/token") .post("/auth/token")
.then() .then()
@@ -106,4 +118,9 @@ public class AuthorizationCodeFlow {
public String getIdToken() { public String getIdToken() {
return idToken; return idToken;
} }
public void setPkce(String codeChallenge, String codeVerifier) {
this.codeChallenge = codeChallenge;
this.codeVerifier = codeVerifier;
}
} }