Allow mapping of UserSessionNotes into UserInfo #15370
Conversation
sonOfRa
force-pushed
the
usersession-userinfo
branch
2 times, most recently
from
6981014
to
c8f643e
Compare
sonOfRa
force-pushed
the
usersession-userinfo
branch
from
c8f643e
to
e7f1089
Compare
|
This seems to be a duplicate of #15263 |
sonOfRa
force-pushed
the
usersession-userinfo
branch
from
e7f1089
to
574a09e
Compare
|
@thomasdarimont Thanks for pointing that! @sonOfRa This PR may require test (see #15263 for the details). I am keeping this PR open for now. When test is added, we can merge that one PR, which will first add a test :-) Another hint: |
sonOfRa
force-pushed
the
usersession-userinfo
branch
from
574a09e
to
57e4b96
Compare
sonOfRa
force-pushed
the
usersession-userinfo
branch
from
57e4b96
to
22e8873
Compare
|
I added a test as an additional test in That required a bit of fiddling with the SPNEGO helper methods so I could actually get the access token as a string, rather than just the parsed object. I also added an overload to |
There was a problem hiding this comment.
@sonOfRa Thanks! Overaly looks like you're in good direction. Would be just good to avoid introducing so much code duplicities and instead re-use as much as possible for various tests - added some inline comments regarding that.
| return assertSpnegoLoginTokenResponse("kerberos-app", loginUsername, expectedUsername, password); | ||
| } | ||
|
|
||
| protected OAuthClient.AccessTokenResponse assertSpnegoLoginTokenResponse(String clientId, String loginUsername, String expectedUsername, String password) throws Exception { |
There was a problem hiding this comment.
IS it possible to update existing method assertSuccessfulSpnegoLogin to use your newly added method to avoid so much code duplications?
I am thinking about something around:
protected AccessToken assertSuccessfulSpnegoLogin(String clientId, String loginUsername, String expectedUsername, String password) throws Exception {
OAuthClient.AccessTokenResponse tokenResponse = assertSpnegoLoginTokenResponse(.. arguments of your new method here ...;
AccessToken token = oauth.verifyToken(tokenResponse.getAccessToken());
Assert.assertEquals(userId, token.getSubject());
Assert.assertEquals(expectedUsername, token.getPreferredUsername());
return token;
}
There was a problem hiding this comment.
I got rid of that method entirely. The return value AccessToken is only used in one other test, which I adjusted by adding an addition oauth.verifyToken(response.getAccessToken()) call there.
This feels much cleaner to me, and with relatively minimal overhead of running an extra token verification in a few cases.
| @@ -216,4 +213,53 @@ public void credentialDelegationTest() throws Exception { | |||
|
|
|||
| events.clear(); | |||
| } | |||
|
|
|||
| @Test | |||
| public void credentialDelegationUserInfoTest() throws Exception { | |||
There was a problem hiding this comment.
Is it possible to use existing method credentialDelegationTest() and just add the call to userInfo to that method?
I know that you need to use AccessTokenResponse, but you can possibly just use your new method to retrieve AccessTokenResponse and then do simply:
AccessToken token = oauth.verifyToken(tokenResponse.getAccessToken());
And then you have both tokenResponse and token though?
There was a problem hiding this comment.
Done, integrated the test into the existing credentialDelegationTest()
sonOfRa
force-pushed
the
usersession-userinfo
branch
from
22e8873
to
e7b27cb
Compare
Fixes #15369
Simply adds the interface as a marker, which is then picked up by
OIDCAttributeMapperHelper#addIncludeInTokensConfigto add the configuration option automatically.