worteks
/
lemonldap-ng
mirror of https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng
3
0
Fork 0
Code Issues Projects Releases Wiki Activity

Improve introspection endpoint (#2096)

Browse Source
merge-requests/133/head
Maxime Besson 5 years ago
parent 95ad4cac37
commit 5758e371bf
2 changed files with 22 additions and 2 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 3
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm
  2. 21
      lemonldap-ng-portal/t/32-OIDC-Token-Introspection.t

3
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm
Unescape View File

@ -1631,7 +1631,7 @@ sub introspection {
my $rp = $self->checkEndPointAuthenticationCredentials($req);
unless ($rp) {
return $self->p->sendError( $req, 'invalid_request', 400 );
return $self->p->sendError( $req, 'invalid_client', 401 );
}
if ( $self->conf->{oidcRPMetaDataOptions}->{$rp}
@ -1672,6 +1672,7 @@ sub introspection {
$self->oidcRPList->{ $oidcSession->{data}->{rp} }
->{oidcRPMetaDataOptionsClientID}
if $oidcSession->{data}->{rp};
$response->{iss} = $self->iss;
$response->{exp} =
$oidcSession->{data}->{_utime} + $self->conf->{timeout};
}

21
lemonldap-ng-portal/t/32-OIDC-Token-Introspection.t
Unescape View File

@ -76,7 +76,7 @@ my $op = LLNG::Manager::Test->new( {
'loa-3' => 3
},
oidcServicePrivateKeySig => oidc_key_op_private_sig,
oidcServicePublicKeySig => oidc_key_op_public_sig,
oidcServicePublicKeySig => oidc_key_op_public_sig,
}
}
);
@ -132,6 +132,19 @@ my $token = $json->{access_token};
ok( $token, 'Access token present' );
$query = "token=$token";
ok(
$res = $op->_post(
"/oauth2/introspect",
IO::String->new($query),
accept => 'application/json',
length => length($query),
),
"Try introspection without authentication"
);
expectReject($res);
ok(
$res = $op->_post(
"/oauth2/introspect",
@ -149,6 +162,12 @@ expectOK($res);
$json = from_json( $res->[2]->[0] );
ok( $json->{active}, "Token is valid" );
is( $json->{sub}, "french", "Response contains the correct sub" );
is( $json->{iss}, "http://auth.op.com",
"Response contains the correct issuer" );
is( $json->{client_id}, "rpid", "Response contains the correct client id" );
like( $json->{scope}, qr/\bopenid\b/, "Response contains the correct scopes" );
like( $json->{scope}, qr/\bprofile\b/, "Response contains the correct scopes" );
like( $json->{scope}, qr/\bemail\b/, "Response contains the correct scopes" );
# Check status after expiration
Time::Fake->offset("+2h");

Write Preview
Loading…
Cancel
Save