/** * {@inheritDoc} */ @Override public Map<String, Object> getTokenAttributes() { return this.getToken().getClaims(); }
/** * Gets the scopes from a {@link Jwt} token * @param jwt The {@link Jwt} token * @return The scopes from the token */ private Collection<String> getScopes(Jwt jwt) { for ( String attributeName : WELL_KNOWN_SCOPE_ATTRIBUTE_NAMES ) { Object scopes = jwt.getClaims().get(attributeName); if (scopes instanceof String) { if (StringUtils.hasText((String) scopes)) { return Arrays.asList(((String) scopes).split(" ")); } else { return Collections.emptyList(); } } else if (scopes instanceof Collection) { return (Collection<String>) scopes; } } return Collections.emptyList(); } }
@Override protected Collection<GrantedAuthority> extractAuthorities(Jwt jwt) { String[] claims = ((String) jwt.getClaims().get("scope")).split(" "); return Stream.of(claims).map(SimpleGrantedAuthority::new).collect(Collectors.toList()); } };
@Test public void decodeWhenIssuedAtThenSuccess() { String withIssuedAt = "eyJraWQiOiJrZXktaWQtMSIsImFsZyI6IlJTMjU2In0.eyJzY29wZSI6IiIsImV4cCI6OTIyMzM3MjAwNjA5NjM3NSwiaWF0IjoxNTI5OTQyNDQ4fQ.LBzAJO-FR-uJDHST61oX4kimuQjz6QMJPW_mvEXRB6A-fMQWpfTQ089eboipAqsb33XnwWth9ELju9HMWLk0FjlWVVzwObh9FcoKelmPNR8mZIlFG-pAYGgSwi8HufyLabXHntFavBiFtqwp_z9clSOFK1RxWvt3lywEbGgtCKve0BXOjfKWiH1qe4QKGixH-NFxidvz8Qd5WbJwyb9tChC6ZKoKPv7Jp-N5KpxkY-O2iUtINvn4xOSactUsvKHgF8ZzZjvJGzG57r606OZXaNtoElQzjAPU5xDGg5liuEJzfBhvqiWCLRmSuZ33qwp3aoBnFgEw0B85gsNe3ggABg"; Jwt jwt = this.decoder.decode(withIssuedAt).block(); assertThat(jwt.getClaims().get(JwtClaimNames.IAT)).isEqualTo(Instant.ofEpochSecond(1529942448L)); }
@Test public void decodeWhenUsingSignedJwtThenReturnsClaimsGivenByClaimSetConverter() { Converter<Map<String, Object>, Map<String, Object>> claimSetConverter = mock(Converter.class); when(claimSetConverter.convert(any(Map.class))) .thenReturn(Collections.singletonMap("custom", "value")); this.jwtDecoder.setClaimSetConverter(claimSetConverter); Jwt jwt = this.jwtDecoder.decode(SIGNED_JWT); assertThat(jwt.getClaims().size()).isEqualTo(1); assertThat(jwt.getClaims().get("custom")).isEqualTo("value"); }
@Test public void decodeWhenUsingSignedJwtThenReturnsClaimsGivenByClaimSetConverter() { Converter<Map<String, Object>, Map<String, Object>> claimSetConverter = mock(Converter.class); this.decoder.setClaimSetConverter(claimSetConverter); when(claimSetConverter.convert(any(Map.class))).thenReturn(Collections.singletonMap("custom", "value")); Jwt jwt = this.decoder.decode(this.messageReadToken).block(); assertThat(jwt.getClaims().size()).isEqualTo(1); assertThat(jwt.getClaims().get("custom")).isEqualTo("value"); verify(claimSetConverter).convert(any(Map.class)); }
@Test public void decodeWhenMessageReadScopeThenSuccess() { Jwt jwt = this.decoder.decode(this.messageReadToken).block(); assertThat(jwt.getClaims().get("scope")).isEqualTo("message:read"); }
private Mono<OidcIdToken> createOidcToken(ClientRegistration clientRegistration, OAuth2AccessTokenResponse accessTokenResponse) { ReactiveJwtDecoder jwtDecoder = this.jwtDecoderFactory.createDecoder(clientRegistration); String rawIdToken = (String) accessTokenResponse.getAdditionalParameters().get(OidcParameterNames.ID_TOKEN); return jwtDecoder.decode(rawIdToken) .map(jwt -> new OidcIdToken(jwt.getTokenValue(), jwt.getIssuedAt(), jwt.getExpiresAt(), jwt.getClaims())); } }
@Test public void decodeWhenUsingSignedJwtThenReturnsClaimsGivenByClaimSetConverter() throws Exception { try ( MockWebServer server = new MockWebServer() ) { server.enqueue(new MockResponse().setBody(JWK_SET)); String jwkSetUrl = server.url("/.well-known/jwks.json").toString(); NimbusJwtDecoderJwkSupport decoder = new NimbusJwtDecoderJwkSupport(jwkSetUrl); Converter<Map<String, Object>, Map<String, Object>> claimSetConverter = mock(Converter.class); when(claimSetConverter.convert(any(Map.class))).thenReturn(Collections.singletonMap("custom", "value")); decoder.setClaimSetConverter(claimSetConverter); Jwt jwt = decoder.decode(SIGNED_JWT); assertThat(jwt.getClaims().size()).isEqualTo(1); assertThat(jwt.getClaims().get("custom")).isEqualTo("value"); } }
@Test public void constructorWhenParametersProvidedAndValidThenCreated() { Jwt jwt = new Jwt(JWT_TOKEN_VALUE, Instant.ofEpochMilli(IAT_VALUE), Instant.ofEpochMilli(EXP_VALUE), HEADERS, CLAIMS); assertThat(jwt.getTokenValue()).isEqualTo(JWT_TOKEN_VALUE); assertThat(jwt.getHeaders()).isEqualTo(HEADERS); assertThat(jwt.getClaims()).isEqualTo(CLAIMS); assertThat(jwt.getIssuer().toString()).isEqualTo(ISS_VALUE); assertThat(jwt.getSubject()).isEqualTo(SUB_VALUE); assertThat(jwt.getAudience()).isEqualTo(AUD_VALUE); assertThat(jwt.getExpiresAt().toEpochMilli()).isEqualTo(EXP_VALUE); assertThat(jwt.getNotBefore().getEpochSecond()).isEqualTo(NBF_VALUE); assertThat(jwt.getIssuedAt().toEpochMilli()).isEqualTo(IAT_VALUE); assertThat(jwt.getId()).isEqualTo(JTI_VALUE); } }
private OidcIdToken createOidcToken(ClientRegistration clientRegistration, OAuth2AccessTokenResponse accessTokenResponse) { JwtDecoder jwtDecoder = this.jwtDecoderFactory.createDecoder(clientRegistration); Jwt jwt; try { jwt = jwtDecoder.decode((String) accessTokenResponse.getAdditionalParameters().get(OidcParameterNames.ID_TOKEN)); } catch (JwtException ex) { OAuth2Error invalidIdTokenError = new OAuth2Error(INVALID_ID_TOKEN_ERROR_CODE, ex.getMessage(), null); throw new OAuth2AuthenticationException(invalidIdTokenError, invalidIdTokenError.toString(), ex); } OidcIdToken idToken = new OidcIdToken(jwt.getTokenValue(), jwt.getIssuedAt(), jwt.getExpiresAt(), jwt.getClaims()); return idToken; } }
/** * {@inheritDoc} */ @Override public Map<String, Object> getTokenAttributes() { return this.getToken().getClaims(); }
private Collection<String> getScopes(Jwt jwt) { for ( String attributeName : WELL_KNOWN_SCOPE_ATTRIBUTE_NAMES ) { Object scopes = jwt.getClaims().get(attributeName); if (scopes instanceof String) { if (StringUtils.hasText((String) scopes)) { return Arrays.asList(((String) scopes).split(" ")); } else { return Collections.emptyList(); } } else if (scopes instanceof Collection) { return (Collection<String>) scopes; } } return Collections.emptyList(); } }
@Override protected Collection<GrantedAuthority> extractAuthorities(Jwt jwt) { Collection<GrantedAuthority> result = new HashSet<>(super.extractAuthorities(jwt)); result.addAll(TokenUtil.tokenClaimsToAuthorities(jwt.getClaims(), groupClaim)); return result; } }
Map<String, Object> resourceMap = (Map<String, Object>) token.getClaims().get("resource_access"); String clientId = userRequest.getClientRegistration().getClientId();
private Mono<OidcIdToken> createOidcToken(ClientRegistration clientRegistration, OAuth2AccessTokenResponse accessTokenResponse) { ReactiveJwtDecoder jwtDecoder = this.decoderFactory.apply(clientRegistration); String rawIdToken = (String) accessTokenResponse.getAdditionalParameters().get(OidcParameterNames.ID_TOKEN); return jwtDecoder.decode(rawIdToken) .map(jwt -> new OidcIdToken(jwt.getTokenValue(), jwt.getIssuedAt(), jwt.getExpiresAt(), jwt.getClaims())) .doOnNext(idToken -> OidcTokenValidator.validateIdToken(idToken, clientRegistration)); }
private OidcIdToken createOidcToken(ClientRegistration clientRegistration, OAuth2AccessTokenResponse accessTokenResponse) { JwtDecoder jwtDecoder = getJwtDecoder(clientRegistration); Jwt jwt = jwtDecoder.decode((String) accessTokenResponse.getAdditionalParameters().get( OidcParameterNames.ID_TOKEN)); OidcIdToken idToken = new OidcIdToken(jwt.getTokenValue(), jwt.getIssuedAt(), jwt.getExpiresAt(), jwt.getClaims()); OidcTokenValidator.validateIdToken(idToken, clientRegistration); return idToken; }