diff --git a/src/main/java/org/gcube/oidc/rest/OpenIdConnectRESTHelper.java b/src/main/java/org/gcube/oidc/rest/OpenIdConnectRESTHelper.java index c8d2161..12ea16e 100644 --- a/src/main/java/org/gcube/oidc/rest/OpenIdConnectRESTHelper.java +++ b/src/main/java/org/gcube/oidc/rest/OpenIdConnectRESTHelper.java @@ -166,7 +166,7 @@ public class OpenIdConnectRESTHelper { /** * Queries from the OIDC server an UMA token, by using provided clientId and client secret for the given audience - * (context) in URLEncoded form and optionally a list of permissions. + * (context), in URLEncoded form or not, and optionally a list of permissions. * * @param tokenUrl the token endpoint {@link URL} of the OIDC server * @param clientId the client id @@ -179,13 +179,14 @@ public class OpenIdConnectRESTHelper { public static JWTToken queryUMAToken(URL tokenUrl, String clientId, String clientSecret, String audience, List permissions) throws OpenIdConnectRESTHelperException { - return queryUMAToken(tokenUrl, "Basic " + Base64.getEncoder().encodeToString((clientId + ":" + clientSecret).getBytes()), + return queryUMAToken(tokenUrl, + "Basic " + Base64.getEncoder().encodeToString((clientId + ":" + clientSecret).getBytes()), audience, permissions); } /** - * Queries from the OIDC server an UMA token, by using provided access token, for the given audience (context) - * in URLEncoded form and optionally a list of permissions. + * Queries from the OIDC server an UMA token, by using provided access token, for the given audience (context), + * in URLEncoded form or not, and optionally a list of permissions. * * @param tokenUrl the token endpoint {@link URL} of the OIDC server * @param authorization the auth token (the access token URLEncoded by the "Bearer " string) @@ -199,6 +200,14 @@ public class OpenIdConnectRESTHelper { Map> params = new HashMap<>(); params.put("grant_type", Arrays.asList("urn:ietf:params:oauth:grant-type:uma-ticket")); + if (audience.startsWith("/")) { + try { + logger.trace("Audience was provided in non URL encoded form, encoding it"); + audience = URLEncoder.encode(audience, "UTF-8"); + } catch (UnsupportedEncodingException e) { + logger.error("Cannot URL encode 'audience'", e); + } + } try { params.put("audience", Arrays.asList(URLEncoder.encode(audience, "UTF-8"))); } catch (UnsupportedEncodingException e) { diff --git a/src/test/java/org/gcube/oidc/rest/RestHelperTest.java b/src/test/java/org/gcube/oidc/rest/RestHelperTest.java index 656cdb9..84ebb00 100644 --- a/src/test/java/org/gcube/oidc/rest/RestHelperTest.java +++ b/src/test/java/org/gcube/oidc/rest/RestHelperTest.java @@ -8,34 +8,43 @@ public class RestHelperTest { public RestHelperTest() { } - /** - * To be re-enabled when the token is took programmatically - */ -// @Test + // @Test public void getAvatar() throws MalformedURLException { String accessTokenBearer = "Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJSSklZNEpoNF9qdDdvNmREY0NlUDFfS1l0akcxVExXVW9oMkQ2Tzk1bFNBIn0.eyJleHAiOjE1OTc0MTc4MzEsImlhdCI6MTU5NzQxNzUzMSwiYXV0aF90aW1lIjoxNTk3NDE3NTI5LCJqdGkiOiI5ZjAwMzM1Yy1jM2NlLTQ3ZTktYTRhZS05MmM4ZDc1NmUyOWMiLCJpc3MiOiJodHRwczovL2FjY291bnRzLmRldi5kNHNjaWVuY2Uub3JnL2F1dGgvcmVhbG1zL2Q0c2NpZW5jZSIsImF1ZCI6ImFjY291bnQiLCJzdWIiOiIzZTcwMzBhNS00M2MzLTRiNjUtYWMwYS0xNTJkYmU3MDI0NTIiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJwcmVwcm9kMi5kNHNjaWVuY2Uub3JnIiwic2Vzc2lvbl9zdGF0ZSI6IjAxOWEzMTVjLTY3MTQtNDQyZi1hNDE2LWM4MjAxNWFhYzFmNSIsImFjciI6IjEiLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoib3BlbmlkIGVtYWlsIHByb2ZpbGUiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwibmFtZSI6Ik1hdXJvIE11Z25haW5pIiwicHJlZmVycmVkX3VzZXJuYW1lIjoidGhlbWF4eDc2IiwiZ2l2ZW5fbmFtZSI6Ik1hdXJvIiwiZmFtaWx5X25hbWUiOiJNdWduYWluaSIsInBpY3R1cmUiOiJodHRwczovL2xoMy5nb29nbGV1c2VyY29udGVudC5jb20vYS0vQU9oMTRHaUFxUzZRc00xaDNXV1BqMU15VUdlRFA2VnFaQlhtOTZ4cHhZLXNndyIsImVtYWlsIjoidGhlbWF4eDc2QGdtYWlsLmNvbSJ9.WMddlUQujlpmzW07Lrk50vOyWpiT1Tp_RsBWRbzyrQnu5EQQSCq1uGOuSf7Z3VZFv8fbnzWekMZRNzhngEddzOQHgAlsgRdqNI_-ucjmb_8SfR2I5PkYJLTG0jF-Urqi-GvfJtLr2B8dBDnMDO6FLFsg1e5qb-5HkV60eEtY2Wult1PGxlkD05w-K2w513IOMkVIl25ZxKbP61-Iu1qfV_q3QFvUHl_pdqL7uKC5bkl1lqTVeuCwrXrKubHnKc-UzpHtHp8XY0Iao7LdLtON7SODYhU8EkZ860ZlFTSCszmLUpSH4t_shSk9Fiqd8wBKAet5ngmyAPzKx9TT2FK65g"; URL avatarURL = new URL("https://accounts.dev.d4science.org/auth/realms/d4science/avatar-provider/"); byte[] avatarBytes = OpenIdConnectRESTHelper.getUserAvatar(avatarURL, accessTokenBearer); -// assertNotNull(avatarBytes); + // assertNotNull(avatarBytes); } -// @Test + // @Test + public void getUMATokenWithBasicAuth() + throws MalformedURLException, OpenIdConnectRESTHelperException, InterruptedException { + URL tokenURL = new URL( + "https://accounts.dev.d4science.org/auth/realms/d4science/protocol/openid-connect/token"); + JWTToken token = OpenIdConnectRESTHelper.queryUMAToken(tokenURL, "robcomp", + "0fec31cb-23c3-44e2-9359-d6db6784b7d3", + "/gcube/devNext/NextNext", null); + System.out.println(token.getAccessTokenString()); + } + + // @Test public void getExp() throws MalformedURLException, OpenIdConnectRESTHelperException, InterruptedException { - URL tokenURL = new URL("https://accounts.dev.d4science.org/auth/realms/d4science/protocol/openid-connect/token"); - JWTToken token = OpenIdConnectRESTHelper.queryClientToken("lr62_portal", "28726d01-9f24-4ef4-a057-3d208d96aaa0", + URL tokenURL = new URL( + "https://accounts.dev.d4science.org/auth/realms/d4science/protocol/openid-connect/token"); + JWTToken token = OpenIdConnectRESTHelper.queryClientToken("robcomp", "0fec31cb-23c3-44e2-9359-d6db6784b7d3", tokenURL); System.out.println(token.getExpAsDate()); System.out.println(token.getAzp()); - Thread.sleep((token.getExp() * 1000 - System.currentTimeMillis() + 5000)); + // Thread.sleep((token.getExp() * 1000 - System.currentTimeMillis() + 5000)); System.out.println(token.isExpired()); } public static void main(String[] args) throws Exception { RestHelperTest rht = new RestHelperTest(); -// rht.getAvatar(); + // rht.getAvatar(); try { - rht.getExp(); + rht.getUMATokenWithBasicAuth(); } catch (OpenIdConnectRESTHelperException e) { if (e.hasJSONPayload()) { System.out.println("JSON response: " + e.getResponseString());