Skip to content

Commit

Permalink
Feature toggle for device flow
Browse files Browse the repository at this point in the history
  • Loading branch information
oharsta committed Oct 28, 2024
1 parent 0b284ec commit 2955cc0
Show file tree
Hide file tree
Showing 3 changed files with 61 additions and 1 deletion.
2 changes: 2 additions & 0 deletions src/main/java/oidc/endpoints/DeviceAuthorizationEndpoint.java
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
import org.springframework.context.i18n.LocaleContextHolder;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
Expand Down Expand Up @@ -45,6 +46,7 @@
import static oidc.endpoints.AuthorizationEndpoint.validateScopes;

@RestController
@ConditionalOnExpression("${features.oidcng_device_flow:false}")
public class DeviceAuthorizationEndpoint implements OidcEndpoint{

private static final Log LOG = LogFactory.getLog(DeviceAuthorizationEndpoint.class);
Expand Down
3 changes: 2 additions & 1 deletion src/main/resources/application.yml
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,8 @@ features:
enforce-eduid-resource-server-linked-account: true
# Do we show consent if configured for a RP in manage
consent-enabled: true

# Do we allow for Device Authorization flow
oidcng_device_flow: true
sp:
entity_id: https://org.openconext.local.oidc.ng
acs_location: http://localhost:8080/login/saml2/sso/oidcng
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
package oidc.endpoints;

import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.oauth2.sdk.GrantType;
import io.restassured.filter.cookie.CookieFilter;
import io.restassured.http.ContentType;
import io.restassured.response.Response;
import lombok.SneakyThrows;
import oidc.AbstractIntegrationTest;
import oidc.model.DeviceAuthorization;
import oidc.model.DeviceAuthorizationStatus;
import org.apache.commons.io.IOUtils;
import org.junit.Test;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.data.mongodb.core.query.Criteria;
import org.springframework.data.mongodb.core.query.Query;

import java.io.InputStream;
import java.nio.charset.Charset;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import java.util.regex.Pattern;
import java.util.stream.IntStream;

import static io.restassured.RestAssured.given;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertNull;
import static org.junit.jupiter.api.Assertions.assertTrue;

@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,
properties = {
"cron.node-cron-job-responsible=false",
"features.oidcng_device_flow=false"
})
public class DeviceAuthorizationEndpointDisabledTest extends AbstractIntegrationTest {

@SneakyThrows
@Test
public void deviceAuthorizationHappyFlow() {
Map<String, Object> body = given()
.when()
.header("Content-type", "application/x-www-form-urlencoded")
.formParam("grant_type", GrantType.AUTHORIZATION_CODE.getValue())
.formParam("client_id", "mock-sp")
.formParam("scope", String.join(",", List.of("openid", "groups")))
.post("oidc/device_authorization")
.as(mapTypeRef);
assertEquals(404, body.get("status"));

}


}

0 comments on commit 2955cc0

Please sign in to comment.