Add Authorization Code Grant OAuth security test #457
Conversation
joeyleeeeeee97
force-pushed
the
oauth
branch
from
bc21c6e to
87d804e
Compare
joeyleeeeeee97
force-pushed
the
oauth
branch
2 times, most recently
from
6cbe2ce to
26bbd38
Compare
|
I'll let the test experts speak to the details of this, but it looks like a great contribution to me! Thank you. |
There was a problem hiding this comment.
Thanks for this PR @joeyleeeeeee97 ! I am still reviewing this, but thought I would submit some initial comments, which are minor grammar/spelling in comments. There are also a couple of binary files in this PR. Do you mean to include the .DS_store file?
As part of a review, reviewers will want to run some Grinder jobs in Jenkins. For this and for inclusion into our regular automated testing, there will need to be a complementary PR in the aqa-tests repo.
Do you plan to create a PR in aqa-tests to hook this test into our AQA automation? Likely in its own subdirectory called security inside https://github.com/adoptium/aqa-tests/tree/master/system with a build.xml to instruct how to fetch/build this material and playlist.xml for the test target to execute.
openjdk.test.security/doc/README.md
Outdated
| Test the data that travels across a network can not be accessed by someone who is not the intended recipient, and test varities combination of | ||
| cryptography and application protocol works together. |
There was a problem hiding this comment.
| Test the data that travels across a network can not be accessed by someone who is not the intended recipient, and test varities combination of | |
| cryptography and application protocol works together. | |
| Test the data that travels across a network can not be accessed by someone who is not the intended recipient, and test various combinations of cryptography and application protocols work together. |
openjdk.test.security/doc/README.md
Outdated
|
|
||
| ## Overview | ||
| ### Security Tests | ||
| Security technology includes a large set of APIs, tools, and implementations of commonly-used security algorithms, mechanisms, and protocols. |
There was a problem hiding this comment.
| Security technology includes a large set of APIs, tools, and implementations of commonly-used security algorithms, mechanisms, and protocols. | |
| Security technology includes a large set of APIs, tools, and implementations of commonly used security algorithms, mechanisms, and protocols. |
openjdk.test.security/doc/README.md
Outdated
| ##### OAuth | ||
| An Application using 'Authorization Code Grant', which contains | ||
| - a Client(performs a login) | ||
| - Server(Proxy login to Auth Centor) |
There was a problem hiding this comment.
| - Server(Proxy login to Auth Centor) | |
| - Server(Proxy login to Auth Center) |
openjdk.test.security/doc/README.md
Outdated
| An Application using 'Authorization Code Grant', which contains | ||
| - a Client(performs a login) | ||
| - Server(Proxy login to Auth Centor) | ||
| - Auth Center(authenticat user login) |
There was a problem hiding this comment.
| - Auth Center(authenticat user login) | |
| - Auth Center(authenticate user login) |
openjdk.test.security/doc/README.md
Outdated
| - User Story | ||
| > Assume server is an small application needs to read data from github, and github access requires a token to use its public API. | ||
| > Normally, users won't trust the 3rd party application with their account and password, so we need to redirect user to the github login website | ||
| and callback to app with logined token. |
There was a problem hiding this comment.
| and callback to app with logined token. | |
| and callback to app with login token. |
openjdk.test.security/doc/README.md
Outdated
| > But still, token is very important and shouldn't be transported via plain text, so we introduce Authorization Code and let the application backend | ||
| > to request the token with specific app secret. |
There was a problem hiding this comment.
| > But still, token is very important and shouldn't be transported via plain text, so we introduce Authorization Code and let the application backend | |
| > to request the token with specific app secret. | |
| > But still, the token is very important and should not be transported via plain text, so we introduce an Authorization Code and let the application backend request the token with specific app secret. |
|
@smlambert Thanks for the suggestions and yes I am working on a PR in aqa-tests to include this test. |
joeyleeeeeee97
force-pushed
the
oauth
branch
3 times, most recently
from
c9fdbb2 to
d4fbaf1
Compare
|
https://ci.adoptopenjdk.net/job/Grinder/1661/console Did I miss something? |
|
re: #457 (comment) I've added a comment on adoptium/aqa-tests#2970 - I think you just need to include the TEST_STATUS in the |
|
Another grinder link testing this PR : https://ci.adoptopenjdk.net/view/Test_grinder/job/Grinder/1686/console |
There was a problem hiding this comment.
Most October release activities have finished, so we can now merge this and its related aqa-tests PR in, thanks @joeyleeeeeee97 !
Secure Communication
Test the data that travels across a network can not be accessed by someone who is not the intended recipient, and test varities combination of
cryptography and application protocol works together.