New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow mapping of UserSessionNotes into UserInfo #15370
Conversation
6981014
to
c8f643e
Compare
c8f643e
to
e7f1089
Compare
This seems to be a duplicate of #15263 |
e7f1089
to
574a09e
Compare
@thomasdarimont Thanks for pointing that! @sonOfRa This PR may require test (see #15263 for the details). I am keeping this PR open for now. When test is added, we can merge that one PR, which will first add a test :-) Another hint: |
574a09e
to
57e4b96
Compare
57e4b96
to
22e8873
Compare
I added a test as an additional test in That required a bit of fiddling with the SPNEGO helper methods so I could actually get the access token as a string, rather than just the parsed object. I also added an overload to |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@sonOfRa Thanks! Overaly looks like you're in good direction. Would be just good to avoid introducing so much code duplicities and instead re-use as much as possible for various tests - added some inline comments regarding that.
return assertSpnegoLoginTokenResponse("kerberos-app", loginUsername, expectedUsername, password); | ||
} | ||
|
||
protected OAuthClient.AccessTokenResponse assertSpnegoLoginTokenResponse(String clientId, String loginUsername, String expectedUsername, String password) throws Exception { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IS it possible to update existing method assertSuccessfulSpnegoLogin
to use your newly added method to avoid so much code duplications?
I am thinking about something around:
protected AccessToken assertSuccessfulSpnegoLogin(String clientId, String loginUsername, String expectedUsername, String password) throws Exception {
OAuthClient.AccessTokenResponse tokenResponse = assertSpnegoLoginTokenResponse(.. arguments of your new method here ...;
AccessToken token = oauth.verifyToken(tokenResponse.getAccessToken());
Assert.assertEquals(userId, token.getSubject());
Assert.assertEquals(expectedUsername, token.getPreferredUsername());
return token;
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I got rid of that method entirely. The return value AccessToken is only used in one other test, which I adjusted by adding an addition oauth.verifyToken(response.getAccessToken())
call there.
This feels much cleaner to me, and with relatively minimal overhead of running an extra token verification in a few cases.
@@ -216,4 +213,53 @@ public void credentialDelegationTest() throws Exception { | |||
|
|||
events.clear(); | |||
} | |||
|
|||
@Test | |||
public void credentialDelegationUserInfoTest() throws Exception { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is it possible to use existing method credentialDelegationTest()
and just add the call to userInfo to that method?
I know that you need to use AccessTokenResponse, but you can possibly just use your new method to retrieve AccessTokenResponse
and then do simply:
AccessToken token = oauth.verifyToken(tokenResponse.getAccessToken());
And then you have both tokenResponse
and token
though?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done, integrated the test into the existing credentialDelegationTest()
22e8873
to
e7b27cb
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@sonOfRa That works, Thanks! I hope to merge once tests are OK
Fixes #15369
Simply adds the interface as a marker, which is then picked up by
OIDCAttributeMapperHelper#addIncludeInTokensConfig
to add the configuration option automatically.