final String token = accessTokenOpt.get().getTokenValue(); headers.put("Authorization", singletonList("Bearer " + token)); log.debug("Add Authorization header with bearer token");
private RegistryAuth authForAccessToken(final AccessToken accessToken) { return RegistryAuth.builder() .username("oauth2accesstoken") .password(accessToken.getTokenValue()) .build(); }
private void useAccessToken(AccessToken token) { this.temporaryAccess = token; this.requestMetadata = Collections.singletonMap( AuthHttpConstants.AUTHORIZATION, Collections.singletonList(OAuth2Utils.BEARER_PREFIX + token.getTokenValue())); }
private void useAccessToken(AccessToken token) { this.temporaryAccess = token; this.requestMetadata = Collections.singletonMap( AuthHttpConstants.AUTHORIZATION, Collections.singletonList(OAuth2Utils.BEARER_PREFIX + token.getTokenValue())); }
private static String wrapOAuthToken(AccessToken result, Map<String, Object> authVariable) { if (result == null) { // This shouldn't happen in the actual production SDK, but can happen in tests. return null; } GAuthToken googleAuthToken = new GAuthToken(result.getTokenValue(), authVariable); return googleAuthToken.serializeToString(); }
private HeaderCacheElement(AccessToken token) { if (token.getExpirationTime() == null) { actualExpirationTimeMs = Long.MAX_VALUE; } else { actualExpirationTimeMs = token.getExpirationTime().getTime(); } this.token = new HeaderToken(Status.OK, "Bearer " + token.getTokenValue()); }
@Test() public void credential_with_invalid_scope() throws IOException, IllegalStateException { GoogleCredentials sourceCredentials = getSourceCredentials(); try { ImpersonatedCredentials targetCredentials = ImpersonatedCredentials.create(sourceCredentials, IMPERSONATED_CLIENT_EMAIL, null, null, VALID_LIFETIME); targetCredentials.refreshAccessToken().getTokenValue(); fail(String.format("Should throw exception with message containing '%s'", "Scopes cannot be null")); } catch (IllegalStateException expected) { assertTrue(expected.getMessage().contains("Scopes cannot be null")); } }
@Test() public void credential_with_invalid_lifetime() throws IOException, IllegalStateException { GoogleCredentials sourceCredentials = getSourceCredentials(); try { ImpersonatedCredentials targetCredentials = ImpersonatedCredentials.create(sourceCredentials, IMPERSONATED_CLIENT_EMAIL, null, SCOPES, INVALID_LIFETIME); targetCredentials.refreshAccessToken().getTokenValue(); fail(String.format("Should throw exception with message containing '%s'", "lifetime must be less than or equal to 3600")); } catch (IllegalStateException expected) { assertTrue(expected.getMessage().contains("lifetime must be less than or equal to 3600")); } }
@Test public void toString_containsFields() throws IOException { AccessToken accessToken = new AccessToken("1/MkSJoj1xsli0AccessToken_NKPY2", null); OAuth2Credentials credentials = OAuth2Credentials.newBuilder() .setAccessToken(accessToken) .build(); String expectedToString = String.format("OAuth2Credentials{requestMetadata=%s, temporaryAccess=%s}", ImmutableMap.of(AuthHttpConstants.AUTHORIZATION, ImmutableList.of(OAuth2Utils.BEARER_PREFIX + accessToken.getTokenValue())), accessToken.toString()); assertEquals(expectedToString, credentials.toString()); }
@Test public void constructor() { AccessToken accessToken = new AccessToken(TOKEN, EXPIRATION_DATE); assertEquals(TOKEN, accessToken.getTokenValue()); assertEquals(EXPIRATION_DATE, accessToken.getExpirationTime()); assertEquals(EXPIRATION_DATE.getTime(), (long) accessToken.getExpirationTimeMillis()); }
@Test() public void refreshAccessToken_unauthorized() throws IOException { GoogleCredentials sourceCredentials = getSourceCredentials(); String expectedMessage = "The caller does not have permission"; MockIAMCredentialsServiceTransportFactory mtransportFactory = new MockIAMCredentialsServiceTransportFactory(); mtransportFactory.transport.setTargetPrincipal(IMPERSONATED_CLIENT_EMAIL); mtransportFactory.transport.setTokenResponseErrorCode(HttpStatusCodes.STATUS_CODE_UNAUTHORIZED); mtransportFactory.transport.setTokenResponseErrorContent( generateErrorJson(HttpStatusCodes.STATUS_CODE_UNAUTHORIZED, expectedMessage, "global", "forbidden")); ImpersonatedCredentials targetCredentials = ImpersonatedCredentials.create(sourceCredentials, IMPERSONATED_CLIENT_EMAIL, null, SCOPES, VALID_LIFETIME, mtransportFactory); try { targetCredentials.refreshAccessToken().getTokenValue(); fail(String.format("Should throw exception with message containing '%s'", expectedMessage)); } catch (IOException expected) { assertEquals("Error requesting access token", expected.getMessage()); assertTrue(expected.getCause().getMessage().contains(expectedMessage)); } }
@Test() public void refreshAccessToken_invalidDate() throws IOException, IllegalStateException { GoogleCredentials sourceCredentials = getSourceCredentials(); String expectedMessage = "Unparseable date"; MockIAMCredentialsServiceTransportFactory mtransportFactory = new MockIAMCredentialsServiceTransportFactory(); mtransportFactory.transport.setTargetPrincipal(IMPERSONATED_CLIENT_EMAIL); mtransportFactory.transport.setAccessToken("foo"); mtransportFactory.transport.setexpireTime("1973-09-29T15:01:23"); ImpersonatedCredentials targetCredentials = ImpersonatedCredentials.create(sourceCredentials, IMPERSONATED_CLIENT_EMAIL, null, SCOPES, VALID_LIFETIME, mtransportFactory); try { targetCredentials.refreshAccessToken().getTokenValue(); fail(String.format("Should throw exception with message containing '%s'", expectedMessage)); } catch (IOException expected) { assertTrue(expected.getMessage().contains(expectedMessage)); } }
@Test public void refreshAccessToken_sameAs() throws IOException { TestAppEngineCredentials credentials = new TestAppEngineCredentials(SCOPES); AccessToken accessToken = credentials.refreshAccessToken(); assertEquals(EXPECTED_ACCESS_TOKEN, accessToken.getTokenValue()); assertEquals(EXPECTED_EXPIRATION_DATE, accessToken.getExpirationTime()); }
@Test public void constructor_storesAccessToken() { OAuth2Credentials credentials = OAuth2Credentials.newBuilder() .setAccessToken(new AccessToken(ACCESS_TOKEN, null)) .build(); assertEquals(credentials.getAccessToken().getTokenValue(), ACCESS_TOKEN); }
@Test() public void refreshAccessToken_delegates_success() throws IOException, IllegalStateException { GoogleCredentials sourceCredentials = getSourceCredentials(); MockIAMCredentialsServiceTransportFactory mtransportFactory = new MockIAMCredentialsServiceTransportFactory(); mtransportFactory.transport.setTargetPrincipal(IMPERSONATED_CLIENT_EMAIL); mtransportFactory.transport.setAccessToken(ACCESS_TOKEN); mtransportFactory.transport.setexpireTime(getDefaultExpireTime()); List<String> delegates = Arrays.asList("delegate-account@iam.gserviceaccount.com"); ImpersonatedCredentials targetCredentials = ImpersonatedCredentials.create(sourceCredentials, IMPERSONATED_CLIENT_EMAIL, delegates, SCOPES, VALID_LIFETIME, mtransportFactory); assertEquals(ACCESS_TOKEN, targetCredentials.refreshAccessToken().getTokenValue()); }
@Test public void refreshAccessToken_sameAs() throws IOException { final String expectedAccessToken = "ExpectedAccessToken"; MockAppIdentityService appIdentity = new MockAppIdentityService(); appIdentity.setAccessTokenText(expectedAccessToken); appIdentity.setExpiration(new Date(System.currentTimeMillis() + 60L * 60L * 100L)); AppEngineCredentials credentials = AppEngineCredentials.newBuilder() .setScopes(SCOPES) .setAppIdentityService(appIdentity) .build(); AccessToken accessToken = credentials.refreshAccessToken(); assertEquals(appIdentity.getAccessTokenText(), accessToken.getTokenValue()); assertEquals(appIdentity.getExpiration(), accessToken.getExpirationTime()); }
@Test() public void refreshAccessToken_success() throws IOException, IllegalStateException { GoogleCredentials sourceCredentials = getSourceCredentials(); MockIAMCredentialsServiceTransportFactory mtransportFactory = new MockIAMCredentialsServiceTransportFactory(); mtransportFactory.transport.setTargetPrincipal(IMPERSONATED_CLIENT_EMAIL); mtransportFactory.transport.setAccessToken(ACCESS_TOKEN); mtransportFactory.transport.setexpireTime(getDefaultExpireTime()); ImpersonatedCredentials targetCredentials = ImpersonatedCredentials.create(sourceCredentials, IMPERSONATED_CLIENT_EMAIL, null, SCOPES, VALID_LIFETIME, mtransportFactory); assertEquals(ACCESS_TOKEN, targetCredentials.refreshAccessToken().getTokenValue()); }
@Test public void createScoped_clonesWithScopes() throws IOException { TestAppEngineCredentials credentials = new TestAppEngineCredentials(null); assertTrue(credentials.createScopedRequired()); try { credentials.refreshAccessToken(); fail("Should not be able to use credential without scopes."); } catch (Exception expected) { // Expected } GoogleCredentials scopedCredentials = credentials.createScoped(SCOPES); assertNotSame(credentials, scopedCredentials); AccessToken accessToken = scopedCredentials.refreshAccessToken(); assertEquals(EXPECTED_ACCESS_TOKEN, accessToken.getTokenValue()); assertEquals(EXPECTED_EXPIRATION_DATE, accessToken.getExpirationTime()); }
@Test public void getCredentialsFromCode_conevertsCodeToTokens() throws IOException { MockTokenServerTransportFactory transportFactory = new MockTokenServerTransportFactory(); transportFactory.transport.addClient(CLIENT_ID_VALUE, CLIENT_SECRET); transportFactory.transport.addAuthorizationCode(CODE, REFRESH_TOKEN, ACCESS_TOKEN_VALUE); TokenStore tokenStore = new MemoryTokensStorage(); UserAuthorizer authorizer = UserAuthorizer.newBuilder() .setClientId(CLIENT_ID) .setScopes(SCOPES) .setTokenStore(tokenStore) .setHttpTransportFactory(transportFactory) .build(); UserCredentials credentials = authorizer.getCredentialsFromCode(CODE, BASE_URI); assertEquals(REFRESH_TOKEN, credentials.getRefreshToken()); assertEquals(ACCESS_TOKEN_VALUE, credentials.getAccessToken().getTokenValue()); }
@Test public void getCredentials_storedCredentials_returnsStored() throws IOException { TokenStore tokenStore = new MemoryTokensStorage(); UserCredentials initialCredentials = UserCredentials.newBuilder() .setClientId(CLIENT_ID_VALUE) .setClientSecret(CLIENT_SECRET) .setRefreshToken(REFRESH_TOKEN) .setAccessToken(ACCESS_TOKEN) .build(); UserAuthorizer authorizer = UserAuthorizer.newBuilder() .setClientId(CLIENT_ID) .setScopes(SCOPES) .setTokenStore(tokenStore) .build(); authorizer.storeCredentials(USER_ID, initialCredentials); UserCredentials credentials = authorizer.getCredentials(USER_ID); assertEquals(REFRESH_TOKEN, credentials.getRefreshToken()); assertEquals(ACCESS_TOKEN_VALUE, credentials.getAccessToken().getTokenValue()); assertEquals(EXPIRATION_TIME, credentials.getAccessToken().getExpirationTimeMillis()); }