@Test public void refreshToken_includesClaimsNeededToBuildIdTokens() { UaaUser user = new UaaUser(new UaaUserPrototype() .withId("id") .withEmail("spongebob@krustykrab.com") .withUsername("spongebob") .withOrigin("uaa") ); Date authTime = new Date(1000L); HashSet<String> authenticationMethods = Sets.newHashSet("pwd"); RefreshTokenRequestData refreshTokenRequestData = new RefreshTokenRequestData( "refresh_token", Sets.newHashSet(), authenticationMethods, null, Sets.newHashSet(), "someclient", false, authTime, Sets.newHashSet("urn:oasis:names:tc:SAML:2.0:ac:classes:Password"), Maps.newHashMap()); ExpiringOAuth2RefreshToken refreshToken = refreshTokenCreator.createRefreshToken(user, refreshTokenRequestData, "abcdef"); Map<String, Object> refreshClaims = UaaTokenUtils.getClaims(refreshToken.getValue()); assertThat(refreshClaims.get(AUTH_TIME), is(1)); assertThat((List<String>) refreshClaims.get(AMR), hasItem("pwd")); assertThat((Map<String, List<String>>) refreshClaims.get(ACR), hasKey("values")); assertThat(((Map<String, List<String>>) refreshClaims.get(ACR)).get("values"), hasItem("urn:oasis:names:tc:SAML:2.0:ac:classes:Password")); }
@Test public void refreshToken_ifIdTokenClaimsAreUnknown_omitsThem() { // This is a backwards compatibility case when trying to construct a new refresh token from an old refresh // token issued before auth_time, amr, etc were included in the token claims. We can't show a value for the auth_time // because we don't know when the user authenticated. UaaUser user = new UaaUser(new UaaUserPrototype() .withId("id") .withEmail("spongebob@krustykrab.com") .withUsername("spongebob") .withOrigin("uaa") ); Date authTime = null; HashSet<String> authenticationMethods = Sets.newHashSet(); RefreshTokenRequestData refreshTokenRequestData = new RefreshTokenRequestData( "refresh_token", Sets.newHashSet(), authenticationMethods, null, Sets.newHashSet(), "someclient", false, authTime, Sets.newHashSet(), Maps.newHashMap()); ExpiringOAuth2RefreshToken refreshToken = refreshTokenCreator.createRefreshToken(user, refreshTokenRequestData, "abcdef"); Map<String, Object> refreshClaims = UaaTokenUtils.getClaims(refreshToken.getValue()); assertFalse(refreshClaims.containsKey(AUTH_TIME)); assertFalse(refreshClaims.containsKey(AMR)); assertFalse(refreshClaims.containsKey(ACR)); }