@Test public void validateWhenIssuedAt5minAheadAnd5minClockSkewThenNoErrors() { this.issuedAt = Instant.now().plus(Duration.ofMinutes(5)); this.expiresAt = this.issuedAt.plus(Duration.ofSeconds(60)); this.clockSkew = Duration.ofMinutes(5); assertThat(this.validateIdToken()).isEmpty(); }
@Test public void validateWhenMultipleAudAzpClientIdThenNoErrors() { this.claims.put(IdTokenClaimNames.AUD, Arrays.asList("client-id", "other")); this.claims.put(IdTokenClaimNames.AZP, "client-id"); assertThat(this.validateIdToken()).isEmpty(); }
@Test public void validateWhenExpiredAnd60secClockSkewThenNoErrors() { this.issuedAt = Instant.now().minus(Duration.ofSeconds(60)); this.expiresAt = this.issuedAt.plus(Duration.ofSeconds(30)); this.clockSkew = Duration.ofSeconds(60); assertThat(this.validateIdToken()).isEmpty(); }
@Test public void validateWhenIssuedAt1minAheadAnd0minClockSkewThenHasErrors() { this.issuedAt = Instant.now().plus(Duration.ofMinutes(1)); this.expiresAt = this.issuedAt.plus(Duration.ofSeconds(60)); this.clockSkew = Duration.ofMinutes(0); assertThat(this.validateIdToken()) .hasSize(1) .extracting(OAuth2Error::getDescription) .allMatch(msg -> msg.contains(IdTokenClaimNames.IAT)); }
@Test public void validateWhenValidThenNoErrors() { assertThat(this.validateIdToken()).isEmpty(); }
@Test public void validateWhenMultipleAudAzpNotClientIdThenHasErrors() { this.claims.put(IdTokenClaimNames.AUD, Arrays.asList("client-id-1", "client-id-2")); this.claims.put(IdTokenClaimNames.AZP, "other-client"); assertThat(this.validateIdToken()) .hasSize(1) .extracting(OAuth2Error::getDescription) .allMatch(msg -> msg.contains(IdTokenClaimNames.AZP)); }
@Test public void validateWhenExpiredAnd0secClockSkewThenHasErrors() { this.issuedAt = Instant.now().minus(Duration.ofSeconds(60)); this.expiresAt = this.issuedAt.plus(Duration.ofSeconds(30)); this.clockSkew = Duration.ofSeconds(0); assertThat(this.validateIdToken()) .hasSize(1) .extracting(OAuth2Error::getDescription) .allMatch(msg -> msg.contains(IdTokenClaimNames.EXP)); }
@Test public void validateWhenAudMultipleAndAzpNullThenHasErrors() { this.claims.put(IdTokenClaimNames.AUD, Arrays.asList("client-id", "other")); assertThat(this.validateIdToken()) .hasSize(1) .extracting(OAuth2Error::getDescription) .allMatch(msg -> msg.contains(IdTokenClaimNames.AZP)); }
@Test public void validateWhenAudNotClientIdThenHasErrors() { this.claims.put(IdTokenClaimNames.AUD, Collections.singletonList("other-client")); assertThat(this.validateIdToken()) .hasSize(1) .extracting(OAuth2Error::getDescription) .allMatch(msg -> msg.contains(IdTokenClaimNames.AUD)); }
@Test public void validateWhenExpiresAtBeforeNowThenHasErrors() { this.issuedAt = Instant.now().minus(Duration.ofSeconds(10)); this.expiresAt = this.issuedAt.plus(Duration.ofSeconds(5)); this.clockSkew = Duration.ofSeconds(0); assertThat(this.validateIdToken()) .hasSize(1) .extracting(OAuth2Error::getDescription) .allMatch(msg -> msg.contains(IdTokenClaimNames.EXP)); }
@Test public void validateWhenAudNullThenHasErrors() { this.claims.remove(IdTokenClaimNames.AUD); assertThat(this.validateIdToken()) .hasSize(1) .extracting(OAuth2Error::getDescription) .allMatch(msg -> msg.contains(IdTokenClaimNames.AUD)); }
@Test public void validateWhenSubNullThenHasErrors() { this.claims.remove(IdTokenClaimNames.SUB); assertThat(this.validateIdToken()) .hasSize(1) .extracting(OAuth2Error::getDescription) .allMatch(msg -> msg.contains(IdTokenClaimNames.SUB)); }
@Test public void validateWhenIssuerNullThenHasErrors() { this.claims.remove(IdTokenClaimNames.ISS); assertThat(this.validateIdToken()) .hasSize(1) .extracting(OAuth2Error::getDescription) .allMatch(msg -> msg.contains(IdTokenClaimNames.ISS)); }
@Test public void validateWhenAzpNotClientIdThenHasErrors() { this.claims.put(IdTokenClaimNames.AZP, "other"); assertThat(this.validateIdToken()) .hasSize(1) .extracting(OAuth2Error::getDescription) .allMatch(msg -> msg.contains(IdTokenClaimNames.AZP)); }
@Test public void validateWhenMissingClaimsThenHasErrors() { this.claims.remove(IdTokenClaimNames.SUB); this.claims.remove(IdTokenClaimNames.AUD); this.issuedAt = null; this.expiresAt = null; assertThat(this.validateIdToken()) .hasSize(1) .extracting(OAuth2Error::getDescription) .allMatch(msg -> msg.contains(IdTokenClaimNames.SUB)) .allMatch(msg -> msg.contains(IdTokenClaimNames.AUD)) .allMatch(msg -> msg.contains(IdTokenClaimNames.IAT)) .allMatch(msg -> msg.contains(IdTokenClaimNames.EXP)); }
@Test public void validateWhenIssuedAtNullThenHasErrors() { this.issuedAt = null; assertThat(this.validateIdToken()) .hasSize(1) .extracting(OAuth2Error::getDescription) .allMatch(msg -> msg.contains(IdTokenClaimNames.IAT)); }
@Test public void validateWhenExpiresAtNullThenHasErrors() { this.expiresAt = null; assertThat(this.validateIdToken()) .hasSize(1) .extracting(OAuth2Error::getDescription) .allMatch(msg -> msg.contains(IdTokenClaimNames.EXP)); }