Skip to content

Commit

Permalink
fix: specify content type when validating OIDC (#3902)
Browse files Browse the repository at this point in the history
* specify content type, include tests

Signed-off-by: ac892247 <[email protected]>

* include in okta auth tests

Signed-off-by: ac892247 <[email protected]>

---------

Signed-off-by: ac892247 <[email protected]>
  • Loading branch information
achmelo authored Nov 14, 2024
1 parent f1f29e0 commit ae65470
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 3 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,10 @@
import io.jsonwebtoken.SignatureAlgorithm;
import org.apache.commons.codec.binary.Base64;
import org.hamcrest.core.Is;
import org.junit.jupiter.api.*;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.Arguments;
import org.junit.jupiter.params.provider.MethodSource;
Expand All @@ -26,12 +29,17 @@
import org.zowe.apiml.util.config.ConfigReader;
import org.zowe.apiml.util.config.ConfigReaderZaasClient;
import org.zowe.apiml.zaasclient.config.ConfigProperties;
import org.zowe.apiml.zaasclient.exception.*;
import org.zowe.apiml.zaasclient.exception.ZaasClientErrorCodes;
import org.zowe.apiml.zaasclient.exception.ZaasClientException;
import org.zowe.apiml.zaasclient.exception.ZaasConfigurationException;
import org.zowe.apiml.zaasclient.service.ZaasClient;
import org.zowe.apiml.zaasclient.service.ZaasToken;
import org.zowe.apiml.zaasclient.service.internal.ZaasClientImpl;

import java.io.*;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.security.*;
import java.security.cert.CertificateException;
Expand Down Expand Up @@ -256,16 +264,19 @@ void givenEmptyToken() {
}

@Nested
@Tag("OktaOauth2Test")
class WhenOidcQuery {

private static final String VALID_TOKEN_NO_MAPPING = SecurityUtils.validOktaAccessToken(false);

@Test
void givenValidOidcToken_thenValidDetailsAreProvided() throws ZaasClientException {
var validationResult = tokenService.validateOidc(VALID_TOKEN_NO_MAPPING);
assertNotNull(validationResult);
assertTrue(validationResult.isValid());
}

@Test
void givenInvalidOidcToken_thenNotValidIsIssued() throws ZaasClientException {
var validationResult = tokenService.validateOidc("invalidtoken");
assertNotNull(validationResult);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -160,6 +160,7 @@ private ClassicHttpRequest validateOidcToken(String oidcToken) throws JsonProces
String json = objectMapper.writeValueAsString(new TokenRequest(oidcToken));
var entity = new StringEntity(json);
httpPost.setEntity(entity);
httpPost.setHeader("Content-Type", "application/json");
return httpPost;
}

Expand Down

0 comments on commit ae65470

Please sign in to comment.