Added methods and tests to refresh tokens for non-public clients (#28361)

2024-10-28 18:20:18 +01:00 · 2024-10-28 18:20:18 +01:00 · fcdd61c252
parent 9161d29e30
commit fcdd61c252
2 changed files with 67 additions and 0 deletions
--- a/src/main/java/org/gcube/common/iam/AbstractIAMResponse.java
+++ b/src/main/java/org/gcube/common/iam/AbstractIAMResponse.java
@ -87,6 +87,19 @@ public class AbstractIAMResponse implements IAMResponse {
        }
    }

+//    @Override
+    public void refresh(String clientId, String clientSecret) throws D4ScienceIAMClientException {
+        try {
+            KeycloakClient keycloakClient = iamClient.getKeycloakClient();
+            this.tokenResponse = keycloakClient.refreshToken(
+                    keycloakClient.getTokenEndpointURL(getIamClient().getRealmBaseURL()), clientId, clientSecret,
+                    getTokenResponse());
+
+        } catch (KeycloakClientException e) {
+            throw new D4ScienceIAMClientException(e);
+        }
+    }
+
    @Override
    public Set<String> getGlobalRoles() throws D4ScienceIAMClientException {
        AccessToken accessToken = getAccessToken();
--- a/src/test/java/org/gcube/common/iam/TestD4ScienceIAMClient.java
+++ b/src/test/java/org/gcube/common/iam/TestD4ScienceIAMClient.java
@ -71,6 +71,13 @@ public class TestD4ScienceIAMClient {
        assertEquals("Contact person is not the expected.", CONTACT_PERSON, authn.getContactPerson());
        assertEquals("Contat organization is not the expected.", CONTACT_ORGANIZATION, authn.getContactOrganization());
        assertTrue("The authn access token is not valid.", authn.isAccessTokenValid());
+
+        if (authn.canBeRefreshed()) {
+            logger.info("Refreshing token...");
+            authn.refresh(CLIENT_ID, CLIENT_SECRET);
+        } else {
+            logger.warn("Token cannot be refreshed");
+        }
    }

    @Test
@ -98,6 +105,13 @@ public class TestD4ScienceIAMClient {
        assertEquals(CONTACT_PERSON, authn.getContactPerson());
        assertEquals(CONTACT_ORGANIZATION, authn.getContactOrganization());
        assertTrue("The authn access token is not valid.", authn.isAccessTokenValid());
+
+        if (authn.canBeRefreshed()) {
+            logger.info("Refreshing token...");
+            authn.refresh(CLIENT_ID, CLIENT_SECRET);
+        } else {
+            logger.warn("Token cannot be refreshed");
+        }
    }

    @Test
@ -178,6 +192,12 @@ public class TestD4ScienceIAMClient {

        assertTrue("Realm roles are not as expected.", authn.getGlobalRoles().containsAll(USER_REALM_ROLES));
        assertTrue("The authn access token is not valid.", authn.isAccessTokenValid());
+        if (authn.canBeRefreshed()) {
+            logger.info("Refreshing token...");
+            authn.refresh();
+        } else {
+            logger.warn("Token cannot be refreshed");
+        }
    }

    @SuppressWarnings("deprecation")
@ -201,6 +221,12 @@ public class TestD4ScienceIAMClient {

        assertEquals("Realm roles are not as expected.", USER_REALM_ROLES, authn.getGlobalRoles());
        assertTrue("The authn access token is not valid.", authn.isAccessTokenValid());
+        if (authn.canBeRefreshed()) {
+            logger.info("Refreshing token...");
+            authn.refresh(CLIENT_ID, CLIENT_SECRET);
+        } else {
+            logger.warn("Token cannot be refreshed");
+        }
    }

    @SuppressWarnings("deprecation")
@ -224,6 +250,13 @@ public class TestD4ScienceIAMClient {

        assertTrue("Realm roles are not as expected.", authn.getGlobalRoles().containsAll(USER_REALM_ROLES));
        assertTrue("The authn access token is not valid.", authn.isAccessTokenValid());
+
+        if (authn.canBeRefreshed()) {
+            logger.info("Refreshing token...");
+            authn.refresh();
+        } else {
+            logger.warn("Token cannot be refreshed");
+        }
    }

    @SuppressWarnings("deprecation")
@ -247,6 +280,13 @@ public class TestD4ScienceIAMClient {

        assertTrue("Realm roles are not as expected.", authn.getGlobalRoles().containsAll(USER_REALM_ROLES));
        assertTrue("The authn access token is not valid.", authn.isAccessTokenValid());
+
+        if (authn.canBeRefreshed()) {
+            logger.info("Refreshing token...");
+            authn.refresh();
+        } else {
+            logger.warn("Token cannot be refreshed");
+        }
    }

    @SuppressWarnings("deprecation")
@ -271,6 +311,13 @@ public class TestD4ScienceIAMClient {
        assertEquals(TOKEN_RESTRICTION_VRE_CONTEXT, authn.getAccessToken().getAudience()[0]);
        assertEquals(USER_REALM_ROLES, authn.getGlobalRoles());
        assertTrue("The authn access token is not valid.", authn.isAccessTokenValid());
+
+        if (authn.canBeRefreshed()) {
+            logger.info("Refreshing token...");
+            authn.refresh(CLIENT_ID, CLIENT_SECRET);
+        } else {
+            logger.warn("Token cannot be refreshed");
+        }
    }

    @SuppressWarnings("deprecation")
@ -295,6 +342,13 @@ public class TestD4ScienceIAMClient {
        assertEquals(TOKEN_RESTRICTION_VRE_CONTEXT, authn.getAccessToken().getAudience()[0]);
        assertTrue("Realm roles are not as expected.", authn.getGlobalRoles().containsAll(USER_REALM_ROLES));
        assertTrue("The authn access token is not valid.", authn.isAccessTokenValid());
+
+        if (authn.canBeRefreshed()) {
+            logger.info("Refreshing token...");
+            authn.refresh();
+        } else {
+            logger.warn("Token cannot be refreshed");
+        }
    }

    @Test(expected = ExpiredJwtException.class)