@Test public void setRestOperationsWhenNullThenThrowIllegalArgumentException() { Assertions.assertThatThrownBy(() -> this.jwtDecoder.setRestOperations(null)) .isInstanceOf(IllegalArgumentException.class); }
@Test public void decodeWhenCustomRestOperationsSetThenUsed() throws Exception { try ( MockWebServer server = new MockWebServer() ) { server.enqueue(new MockResponse().setBody(JWK_SET)); String jwkSetUrl = server.url("/.well-known/jwks.json").toString(); NimbusJwtDecoderJwkSupport jwtDecoder = new NimbusJwtDecoderJwkSupport(jwkSetUrl); RestTemplate restTemplate = spy(new RestTemplate()); jwtDecoder.setRestOperations(restTemplate); assertThatCode(() -> jwtDecoder.decode(SIGNED_JWT)).doesNotThrowAnyException(); verify(restTemplate).exchange(any(RequestEntity.class), eq(String.class)); server.shutdown(); } }
@Test public void decodeWhenExpClaimNullThenDoesNotThrowException() throws Exception { NimbusJwtDecoderJwkSupport jwtDecoder = new NimbusJwtDecoderJwkSupport(JWK_SET_URL); jwtDecoder.setRestOperations(mockJwkSetResponse(JWK_SET)); jwtDecoder.setClaimSetConverter(map -> { Map<String, Object> claims = new HashMap<>(map); claims.remove(JwtClaimNames.EXP); return claims; }); assertThatCode(() -> jwtDecoder.decode(SIGNED_JWT)).doesNotThrowAnyException(); }
@Bean @ConditionalOnMissingBean JwtDecoder jwtDecoder(OAuth2ResourceServerProperties oAuth2ResourceServerProperties, OktaOAuth2Properties oktaOAuth2Properties) { List<OAuth2TokenValidator<Jwt>> validators = new ArrayList<>(); validators.add(new JwtTimestampValidator()); validators.add(new JwtIssuerValidator(oAuth2ResourceServerProperties.getJwt().getIssuerUri())); validators.add(token -> { Set<String> expectedAudience = new HashSet<>(); expectedAudience.add(oktaOAuth2Properties.getAudience()); return !Collections.disjoint(token.getAudience(), expectedAudience) ? OAuth2TokenValidatorResult.success() : OAuth2TokenValidatorResult.failure(INVALID_AUDIENCE); }); OAuth2TokenValidator<Jwt> validator = new DelegatingOAuth2TokenValidator<>(validators); NimbusJwtDecoderJwkSupport decoder = new NimbusJwtDecoderJwkSupport(oAuth2ResourceServerProperties.getJwt().getJwkSetUri()); decoder.setJwtValidator(validator); decoder.setRestOperations(restOperations()); return decoder; }