From 911aef5bbfa7c374157f490bac01364cf5934aaf Mon Sep 17 00:00:00 2001 From: Kalin Borisov <72891329+borisovkalin@users.noreply.github.com> Date: Wed, 15 Nov 2023 14:57:27 +0200 Subject: [PATCH] Update JwtBearerTokenFlow.java (#1346) JwtBearerTokenFlow: add additional setter to request an opaque token response Co-authored-by: Kalin Borisov <72891329+borisovkalin@users.noreply.github.com> --- .../client/OAuth2TokenServiceConstants.java | 2 +- .../xsuaa/tokenflows/JwtBearerTokenFlow.java | 20 ++++++++++++++ .../tokenflows/JwtBearerTokenFlowTest.java | 26 +++++++++++++++++++ 3 files changed, 47 insertions(+), 1 deletion(-) diff --git a/token-client/src/main/java/com/sap/cloud/security/xsuaa/client/OAuth2TokenServiceConstants.java b/token-client/src/main/java/com/sap/cloud/security/xsuaa/client/OAuth2TokenServiceConstants.java index da01ddaaa..a2f0bcd75 100644 --- a/token-client/src/main/java/com/sap/cloud/security/xsuaa/client/OAuth2TokenServiceConstants.java +++ b/token-client/src/main/java/com/sap/cloud/security/xsuaa/client/OAuth2TokenServiceConstants.java @@ -35,7 +35,7 @@ private OAuth2TokenServiceConstants() { public static final String GRANT_TYPE_CLIENT_X509 = "client_x509"; public static final String GRANT_TYPE_AUTHORIZATION_CODE = "authorization_code"; // not supported by token-client // lib - + public static final String TOKEN_FORMAT = "token_format"; public static final String TOKEN_TYPE_OPAQUE = "opaque"; public static final String PARAMETER_CLIENT_ID = "client_id"; diff --git a/token-client/src/main/java/com/sap/cloud/security/xsuaa/tokenflows/JwtBearerTokenFlow.java b/token-client/src/main/java/com/sap/cloud/security/xsuaa/tokenflows/JwtBearerTokenFlow.java index edf0e96de..ce63075e9 100644 --- a/token-client/src/main/java/com/sap/cloud/security/xsuaa/tokenflows/JwtBearerTokenFlow.java +++ b/token-client/src/main/java/com/sap/cloud/security/xsuaa/tokenflows/JwtBearerTokenFlow.java @@ -10,6 +10,8 @@ import static com.sap.cloud.security.xsuaa.Assertions.assertNotNull; import static com.sap.cloud.security.xsuaa.client.OAuth2TokenServiceConstants.AUTHORITIES; import static com.sap.cloud.security.xsuaa.client.OAuth2TokenServiceConstants.SCOPE; +import static com.sap.cloud.security.xsuaa.client.OAuth2TokenServiceConstants.TOKEN_FORMAT; +import static com.sap.cloud.security.xsuaa.client.OAuth2TokenServiceConstants.TOKEN_TYPE_OPAQUE; import static com.sap.cloud.security.xsuaa.tokenflows.XsuaaTokenFlowsUtils.buildAdditionalAuthoritiesJson; /** @@ -28,6 +30,7 @@ public class JwtBearerTokenFlow { private List scopes = new ArrayList<>(); private String subdomain; private boolean disableCache; + private boolean opaque = false; public JwtBearerTokenFlow(@Nonnull OAuth2TokenService tokenService, @Nonnull OAuth2ServiceEndpointsProvider endpointsProvider, @@ -139,6 +142,17 @@ public JwtBearerTokenFlow disableCache(boolean disableCache) { return this; } + /** + * Can be used to change the format of the returned token. + * + * @param opaque enables opaque token format when set to {@code true}. + * @return this builder. + */ + public JwtBearerTokenFlow setOpaqueTokenFormat(boolean opaque) { + this.opaque = opaque; + return this; + } + /** * Executes this flow against the XSUAA endpoint. As a result the exchanged JWT * token is returned. @@ -156,6 +170,12 @@ public OAuth2TokenResponse execute() throws TokenFlowException { throw new IllegalStateException("A bearer token must be set before executing the flow"); } + if (opaque) { + optionalParameters.put(TOKEN_FORMAT, TOKEN_TYPE_OPAQUE); + } else { + optionalParameters.remove(TOKEN_FORMAT); + } + String scopesParameter = String.join(" ", scopes); if (!scopesParameter.isEmpty()) { optionalParameters.put(SCOPE, scopesParameter); diff --git a/token-client/src/test/java/com/sap/cloud/security/xsuaa/tokenflows/JwtBearerTokenFlowTest.java b/token-client/src/test/java/com/sap/cloud/security/xsuaa/tokenflows/JwtBearerTokenFlowTest.java index e5169ec71..d68cc12e2 100644 --- a/token-client/src/test/java/com/sap/cloud/security/xsuaa/tokenflows/JwtBearerTokenFlowTest.java +++ b/token-client/src/test/java/com/sap/cloud/security/xsuaa/tokenflows/JwtBearerTokenFlowTest.java @@ -126,6 +126,32 @@ public void disableCacheIsUsed() throws Exception { verifyThatDisableCacheIs(false); } + @Test + public void execute_withOpaqueTokenFormat() throws TokenFlowException, OAuth2ServiceException { + final String OPAQUE = "opaque"; + final String TOKEN_FORMAT = "token_format"; + ArgumentCaptor> optionalParametersCaptor = ArgumentCaptor.forClass(Map.class); + + cut.execute(); + verify(tokenService, times(1)) + .retrieveAccessTokenViaJwtBearerTokenGrant(any(), any(), any(), any(), + optionalParametersCaptor.capture(), anyBoolean()); + assertThat(optionalParametersCaptor.getValue()).doesNotContainEntry(TOKEN_FORMAT, OPAQUE); + + + cut.setOpaqueTokenFormat(true).execute(); + verify(tokenService, times(2)) + .retrieveAccessTokenViaJwtBearerTokenGrant(any(), any(), any(), any(), + optionalParametersCaptor.capture(), anyBoolean()); + assertThat(optionalParametersCaptor.getValue()).containsEntry(TOKEN_FORMAT, OPAQUE); + + cut.setOpaqueTokenFormat(false).execute(); + verify(tokenService, times(3)) + .retrieveAccessTokenViaJwtBearerTokenGrant(any(), any(), any(), any(), + optionalParametersCaptor.capture(), anyBoolean()); + assertThat(optionalParametersCaptor.getValue()).doesNotContainEntry(TOKEN_FORMAT, OPAQUE); + } + @Test public void execute_withAdditionalAuthorities() throws TokenFlowException, OAuth2ServiceException { Map additionalAuthorities = new HashMap<>();