diff --git a/build.gradle b/build.gradle index a790694..6de694b 100644 --- a/build.gradle +++ b/build.gradle @@ -126,7 +126,7 @@ dependencies { implementation 'com.google.guava:guava:32.0.1-jre' implementation 'commons-codec:commons-codec:1.20.0' - api 'com.auth0:auth0:1.45.1' + api 'com.auth0:auth0:3.3.0' api 'com.auth0:java-jwt:4.5.0' api 'com.auth0:jwks-rsa:0.23.0' diff --git a/src/main/java/com/auth0/AuthenticationController.java b/src/main/java/com/auth0/AuthenticationController.java index 1aed380..e3f2b21 100644 --- a/src/main/java/com/auth0/AuthenticationController.java +++ b/src/main/java/com/auth0/AuthenticationController.java @@ -1,9 +1,9 @@ package com.auth0; -import com.auth0.client.HttpOptions; import com.auth0.client.auth.AuthAPI; import com.auth0.jwk.JwkProvider; -import com.auth0.net.Telemetry; +import com.auth0.net.client.Auth0HttpClient; +import com.auth0.net.client.DefaultHttpClient; import com.google.common.annotations.VisibleForTesting; import org.apache.commons.lang3.Validate; @@ -61,7 +61,6 @@ public static class Builder { private boolean useLegacySameSiteCookie; private String organization; private String invitation; - private HttpOptions httpOptions; private String cookiePath; Builder(String domain, String clientId, String clientSecret) { @@ -76,18 +75,6 @@ public static class Builder { this.useLegacySameSiteCookie = true; } - /** - * Customize certain aspects of the underlying HTTP client networking library, such as timeouts and proxy configuration. - * - * @param httpOptions a non-null {@code HttpOptions} - * @return this same builder instance. - */ - public Builder withHttpOptions(HttpOptions httpOptions) { - Validate.notNull(httpOptions); - this.httpOptions = httpOptions; - return this; - } - /** * Specify that transient authentication-based cookies such as state and nonce are created with the specified * {@code Path} cookie attribute. @@ -196,8 +183,7 @@ public Builder withInvitation(String invitation) { * @throws UnsupportedOperationException if the Implicit Grant is chosen and the environment doesn't support UTF-8 encoding. */ public AuthenticationController build() throws UnsupportedOperationException { - AuthAPI apiClient = createAPIClient(domain, clientId, clientSecret, httpOptions); - setupTelemetry(apiClient); + AuthAPI apiClient = createAPIClient(domain, clientId, clientSecret); final boolean expectedAlgorithmIsExplicitlySetAndAsymmetric = jwkProvider != null; final SignatureVerifier signatureVerifier; @@ -234,17 +220,15 @@ IdTokenVerifier.Options createIdTokenVerificationOptions(String issuer, String a } @VisibleForTesting - AuthAPI createAPIClient(String domain, String clientId, String clientSecret, HttpOptions httpOptions) { - if (httpOptions != null) { - return new AuthAPI(domain, clientId, clientSecret, httpOptions); - } - return new AuthAPI(domain, clientId, clientSecret); - } + AuthAPI createAPIClient(String domain, String clientId, String clientSecret) { + Auth0HttpClient http = DefaultHttpClient.newBuilder() + .telemetryEnabled(true) + .build(); - @VisibleForTesting - void setupTelemetry(AuthAPI client) { - Telemetry telemetry = new Telemetry("auth0-java-mvc-common", obtainPackageVersion()); - client.setTelemetry(telemetry); + + return AuthAPI.newBuilder(domain, clientId, clientSecret) + .withHttpClient(http) + .build(); } @VisibleForTesting @@ -265,23 +249,6 @@ private String getIssuer(String domain) { } } - /** - * Whether to enable or not the HTTP Logger for every Request and Response. - * Enabling this can expose sensitive information. - * - * @param enabled whether to enable the HTTP logger or not. - */ - public void setLoggingEnabled(boolean enabled) { - requestProcessor.getClient().setLoggingEnabled(enabled); - } - - /** - * Disable sending the Telemetry header on every request to the Auth0 API - */ - public void doNotSendTelemetry() { - requestProcessor.getClient().doNotSendTelemetry(); - } - /** * Process a request to obtain a set of {@link Tokens} that represent successful authentication or authorization. * diff --git a/src/main/java/com/auth0/AuthorizeUrl.java b/src/main/java/com/auth0/AuthorizeUrl.java index e871ca6..694bf4a 100644 --- a/src/main/java/com/auth0/AuthorizeUrl.java +++ b/src/main/java/com/auth0/AuthorizeUrl.java @@ -224,7 +224,7 @@ public String fromPushedAuthorizationRequest() throws InvalidRequestException { storeTransient(); try { - PushedAuthorizationResponse pushedAuthResponse = authAPI.pushedAuthorizationRequest(redirectUri, responseType, params).execute(); + PushedAuthorizationResponse pushedAuthResponse = authAPI.pushedAuthorizationRequest(redirectUri, responseType, params).execute().getBody(); String requestUri = pushedAuthResponse.getRequestURI(); if (requestUri == null || requestUri.isEmpty()) { throw new InvalidRequestException(API_ERROR, "The PAR request returned a missing or empty request_uri value"); diff --git a/src/main/java/com/auth0/RequestProcessor.java b/src/main/java/com/auth0/RequestProcessor.java index 6796982..2027e0d 100644 --- a/src/main/java/com/auth0/RequestProcessor.java +++ b/src/main/java/com/auth0/RequestProcessor.java @@ -346,7 +346,8 @@ private void checkSessionState(HttpServletRequest request, String stateFromReque private Tokens exchangeCodeForTokens(String authorizationCode, String redirectUri) throws Auth0Exception { TokenHolder holder = client .exchangeCode(authorizationCode, redirectUri) - .execute(); + .execute() + .getBody(); return new Tokens(holder.getAccessToken(), holder.getIdToken(), holder.getRefreshToken(), holder.getTokenType(), holder.getExpiresIn()); } diff --git a/src/test/java/com/auth0/AuthenticationControllerTest.java b/src/test/java/com/auth0/AuthenticationControllerTest.java index 25302f0..b9e1d52 100644 --- a/src/test/java/com/auth0/AuthenticationControllerTest.java +++ b/src/test/java/com/auth0/AuthenticationControllerTest.java @@ -1,11 +1,10 @@ package com.auth0; -import com.auth0.client.HttpOptions; import com.auth0.client.auth.AuthAPI; import com.auth0.client.auth.AuthorizeUrlBuilder; import com.auth0.json.auth.TokenHolder; import com.auth0.jwk.JwkProvider; -import com.auth0.net.Telemetry; +import com.auth0.net.Response; import com.auth0.net.TokenRequest; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; @@ -45,84 +44,11 @@ public void setUp() { AuthenticationController.Builder builder = AuthenticationController.newBuilder("domain", "clientId", "clientSecret"); builderSpy = spy(builder); - doReturn(client).when(builderSpy).createAPIClient(eq("domain"), eq("clientId"), eq("clientSecret"), eq(null)); + doReturn(client).when(builderSpy).createAPIClient(eq("domain"), eq("clientId"), eq("clientSecret")); doReturn(verificationOptions).when(builderSpy).createIdTokenVerificationOptions(eq("https://domain/"), eq("clientId"), signatureVerifierCaptor.capture()); doReturn("1.2.3").when(builderSpy).obtainPackageVersion(); } - @Test - public void shouldSetupClientWithTelemetry() { - AuthenticationController controller = builderSpy.build(); - - ArgumentCaptor telemetryCaptor = ArgumentCaptor.forClass(Telemetry.class); - - assertThat(controller, is(notNullValue())); - RequestProcessor requestProcessor = controller.getRequestProcessor(); - assertThat(requestProcessor.getClient(), is(client)); - verify(client).setTelemetry(telemetryCaptor.capture()); - - Telemetry capturedTelemetry = telemetryCaptor.getValue(); - assertThat(capturedTelemetry, is(notNullValue())); - assertThat(capturedTelemetry.getName(), is("auth0-java-mvc-common")); - assertThat(capturedTelemetry.getVersion(), is("1.2.3")); - } - - @Test - public void shouldCreateAuthAPIClientWithoutCustomHttpOptions() { - ArgumentCaptor captor = ArgumentCaptor.forClass(HttpOptions.class); - AuthenticationController.Builder spy = spy(AuthenticationController.newBuilder("domain", "clientId", "clientSecret")); - - spy.build(); - verify(spy).createAPIClient(eq("domain"), eq("clientId"), eq("clientSecret"), captor.capture()); - - HttpOptions actual = captor.getValue(); - assertThat(actual, is(nullValue())); - - } - - @Test - public void shouldCreateAuthAPIClientWithCustomHttpOptions() { - HttpOptions options = new HttpOptions(); - options.setConnectTimeout(5); - options.setReadTimeout(6); - - ArgumentCaptor captor = ArgumentCaptor.forClass(HttpOptions.class); - AuthenticationController.Builder spy = spy(AuthenticationController.newBuilder("domain", "clientId", "clientSecret") - .withHttpOptions(options)); - - spy.build(); - verify(spy).createAPIClient(eq("domain"), eq("clientId"), eq("clientSecret"), captor.capture()); - - HttpOptions actual = captor.getValue(); - assertThat(actual, is(notNullValue())); - assertThat(actual.getConnectTimeout(), is(5)); - assertThat(actual.getReadTimeout(), is(6)); - } - - @Test - public void shouldDisableTelemetry() { - AuthenticationController controller = builderSpy.build(); - controller.doNotSendTelemetry(); - - verify(client).doNotSendTelemetry(); - } - - @Test - public void shouldEnableLogging() { - AuthenticationController controller = builderSpy.build(); - - controller.setLoggingEnabled(true); - verify(client).setLoggingEnabled(true); - } - - @Test - public void shouldDisableLogging() { - AuthenticationController controller = builderSpy.build(); - - controller.setLoggingEnabled(true); - verify(client).setLoggingEnabled(true); - } - @Test public void shouldCreateWithSymmetricSignatureVerifierForNoCodeGrants() { AuthenticationController controller = builderSpy @@ -463,8 +389,10 @@ public void shouldCheckSessionFallbackWhenHandleCalledWithRequestAndResponse() t AuthenticationController controller = builderSpy.withResponseType("code").build(); TokenRequest codeExchangeRequest = mock(TokenRequest.class); + Response tokenResponse = mock(Response.class); TokenHolder tokenHolder = mock(TokenHolder.class); - when(codeExchangeRequest.execute()).thenReturn(tokenHolder); + when(tokenResponse.getBody()).thenReturn(tokenHolder); + when(codeExchangeRequest.execute()).thenReturn(tokenResponse); when(client.exchangeCode("abc123", "http://localhost")).thenReturn(codeExchangeRequest); AuthorizeUrlBuilder mockBuilder = mock(AuthorizeUrlBuilder.class); @@ -499,8 +427,10 @@ public void shouldCheckSessionFallbackWhenHandleCalledWithRequest() throws Excep AuthenticationController controller = builderSpy.withResponseType("code").build(); TokenRequest codeExchangeRequest = mock(TokenRequest.class); + Response tokenResponse = mock(Response.class); TokenHolder tokenHolder = mock(TokenHolder.class); - when(codeExchangeRequest.execute()).thenReturn(tokenHolder); + when(tokenResponse.getBody()).thenReturn(tokenHolder); + when(codeExchangeRequest.execute()).thenReturn(tokenResponse); when(client.exchangeCode("abc123", "http://localhost")).thenReturn(codeExchangeRequest); AuthorizeUrlBuilder mockBuilder = mock(AuthorizeUrlBuilder.class); diff --git a/src/test/java/com/auth0/AuthorizeUrlTest.java b/src/test/java/com/auth0/AuthorizeUrlTest.java index 5818265..6366191 100644 --- a/src/test/java/com/auth0/AuthorizeUrlTest.java +++ b/src/test/java/com/auth0/AuthorizeUrlTest.java @@ -1,10 +1,10 @@ package com.auth0; -import com.auth0.client.HttpOptions; import com.auth0.client.auth.AuthAPI; import com.auth0.exception.Auth0Exception; import com.auth0.json.auth.PushedAuthorizationResponse; import com.auth0.net.Request; +import com.auth0.net.Response; import okhttp3.HttpUrl; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; @@ -14,7 +14,6 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.util.Collection; -import java.util.Map; import static org.hamcrest.CoreMatchers.*; import static org.hamcrest.MatcherAssert.assertThat; @@ -32,7 +31,7 @@ public class AuthorizeUrlTest { @BeforeEach public void setUp() { - client = new AuthAPI("domain.auth0.com", "clientId", "clientSecret"); + client = AuthAPI.newBuilder("domain.auth0.com", "clientId", "clientSecret").build(); request = new MockHttpServletRequest(); response = new MockHttpServletResponse(); } @@ -246,13 +245,19 @@ public void shouldThrowWhenChangingTheNonceUsingCustomParameterSetter() { @Test public void shouldGetAuthorizeUrlFromPAR() throws Exception { - AuthAPIStub authAPIStub = new AuthAPIStub("https://domain.com", "clientId", "clientSecret"); + AuthAPI authAPIMock = mock(AuthAPI.class); Request requestMock = mock(Request.class); - when(requestMock.execute()).thenReturn(new PushedAuthorizationResponse("urn:example:bwc4JK-ESC0w8acc191e-Y1LTC2", 90)); + Response pushedAuthorizationResponseResponse = mock(Response.class); + when(requestMock.execute()).thenReturn(pushedAuthorizationResponseResponse); + when(requestMock.execute().getBody()).thenReturn(new PushedAuthorizationResponse("urn:example:bwc4JK-ESC0w8acc191e-Y1LTC2", 90)); + + when(authAPIMock.pushedAuthorizationRequest(eq("https://domain.com/callback"), eq("code"), anyMap())) + .thenReturn(requestMock); + when(authAPIMock.authorizeUrlWithPAR("urn:example:bwc4JK-ESC0w8acc191e-Y1LTC2")) + .thenReturn("https://domain.com/authorize?client_id=clientId&request_uri=urn%3Aexample%3Abwc4JK-ESC0w8acc191e-Y1LTC2"); - authAPIStub.pushedAuthorizationResponseRequest = requestMock; - String url = new AuthorizeUrl(authAPIStub, request, response, "https://domain.com/callback", "code") + String url = new AuthorizeUrl(authAPIMock, request, response, "https://domain.com/callback", "code") .fromPushedAuthorizationRequest(); assertThat(url, is("https://domain.com/authorize?client_id=clientId&request_uri=urn%3Aexample%3Abwc4JK-ESC0w8acc191e-Y1LTC2")); @@ -260,14 +265,17 @@ public void shouldGetAuthorizeUrlFromPAR() throws Exception { @Test public void fromPushedAuthorizationRequestThrowsWhenRequestUriIsNull() throws Exception { - AuthAPIStub authAPIStub = new AuthAPIStub("https://domain.com", "clientId", "clientSecret"); + AuthAPI authAPIMock = mock(AuthAPI.class); Request requestMock = mock(Request.class); - when(requestMock.execute()).thenReturn(new PushedAuthorizationResponse(null, 90)); + Response pushedAuthorizationResponseResponse = mock(Response.class); + when(requestMock.execute()).thenReturn(pushedAuthorizationResponseResponse); + when(requestMock.execute().getBody()).thenReturn(new PushedAuthorizationResponse(null, 90)); - authAPIStub.pushedAuthorizationResponseRequest = requestMock; + when(authAPIMock.pushedAuthorizationRequest(eq("https://domain.com/callback"), eq("code"), anyMap())) + .thenReturn(requestMock); InvalidRequestException exception = assertThrows(InvalidRequestException.class, () -> { - new AuthorizeUrl(authAPIStub, request, response, "https://domain.com/callback", "code") + new AuthorizeUrl(authAPIMock, request, response, "https://domain.com/callback", "code") .fromPushedAuthorizationRequest(); }); @@ -276,14 +284,17 @@ public void fromPushedAuthorizationRequestThrowsWhenRequestUriIsNull() throws Ex @Test public void fromPushedAuthorizationRequestThrowsWhenRequestUriIsEmpty() throws Exception { - AuthAPIStub authAPIStub = new AuthAPIStub("https://domain.com", "clientId", "clientSecret"); + AuthAPI authAPIMock = mock(AuthAPI.class); Request requestMock = mock(Request.class); - when(requestMock.execute()).thenReturn(new PushedAuthorizationResponse("urn:example:bwc4JK-ESC0w8acc191e-Y1LTC2", null)); + Response pushedAuthorizationResponseResponse = mock(Response.class); + when(requestMock.execute()).thenReturn(pushedAuthorizationResponseResponse); + when(requestMock.execute().getBody()).thenReturn(new PushedAuthorizationResponse("urn:example:bwc4JK-ESC0w8acc191e-Y1LTC2", null)); - authAPIStub.pushedAuthorizationResponseRequest = requestMock; + when(authAPIMock.pushedAuthorizationRequest(eq("https://domain.com/callback"), eq("code"), anyMap())) + .thenReturn(requestMock); InvalidRequestException exception = assertThrows(InvalidRequestException.class, () -> { - new AuthorizeUrl(authAPIStub, request, response, "https://domain.com/callback", "code") + new AuthorizeUrl(authAPIMock, request, response, "https://domain.com/callback", "code") .fromPushedAuthorizationRequest(); }); @@ -292,14 +303,17 @@ public void fromPushedAuthorizationRequestThrowsWhenRequestUriIsEmpty() throws E @Test public void fromPushedAuthorizationRequestThrowsWhenExpiresInIsNull() throws Exception { - AuthAPIStub authAPIStub = new AuthAPIStub("https://domain.com", "clientId", "clientSecret"); + AuthAPI authAPIMock = mock(AuthAPI.class); Request requestMock = mock(Request.class); - when(requestMock.execute()).thenReturn(new PushedAuthorizationResponse(null, 90)); + Response pushedAuthorizationResponseResponse = mock(Response.class); + when(requestMock.execute()).thenReturn(pushedAuthorizationResponseResponse); + when(requestMock.execute().getBody()).thenReturn(new PushedAuthorizationResponse(null, 90)); - authAPIStub.pushedAuthorizationResponseRequest = requestMock; + when(authAPIMock.pushedAuthorizationRequest(eq("https://domain.com/callback"), eq("code"), anyMap())) + .thenReturn(requestMock); InvalidRequestException exception = assertThrows(InvalidRequestException.class, () -> { - new AuthorizeUrl(authAPIStub, request, response, "https://domain.com/callback", "code") + new AuthorizeUrl(authAPIMock, request, response, "https://domain.com/callback", "code") .fromPushedAuthorizationRequest(); }); @@ -325,21 +339,4 @@ public void fromPushedAuthorizationRequestThrowsWhenRequestThrows() throws Excep assertThat(exception.getCause(), instanceOf(Auth0Exception.class)); } - static class AuthAPIStub extends AuthAPI { - - Request pushedAuthorizationResponseRequest; - - public AuthAPIStub(String domain, String clientId, String clientSecret, HttpOptions options) { - super(domain, clientId, clientSecret, options); - } - - public AuthAPIStub(String domain, String clientId, String clientSecret) { - super(domain, clientId, clientSecret); - } - - @Override - public Request pushedAuthorizationRequest(String redirectUri, String responseType, Map params) { - return pushedAuthorizationResponseRequest; - } - } } diff --git a/src/test/java/com/auth0/RequestProcessorTest.java b/src/test/java/com/auth0/RequestProcessorTest.java index 7ffcf60..0760c06 100644 --- a/src/test/java/com/auth0/RequestProcessorTest.java +++ b/src/test/java/com/auth0/RequestProcessorTest.java @@ -3,6 +3,7 @@ import com.auth0.client.auth.AuthAPI; import com.auth0.exception.Auth0Exception; import com.auth0.json.auth.TokenHolder; +import com.auth0.net.Response; import com.auth0.net.TokenRequest; import org.hamcrest.CoreMatchers; import org.junit.jupiter.api.BeforeEach; @@ -237,9 +238,11 @@ public void shouldThrowOnProcessIfCodeRequestSucceedsButDoesNotPassIdTokenVerifi request.setCookies(new Cookie("com.auth0.state", "1234")); TokenRequest codeExchangeRequest = mock(TokenRequest.class); + Response tokenResponse = mock(Response.class); TokenHolder tokenHolder = mock(TokenHolder.class); when(tokenHolder.getIdToken()).thenReturn("backIdToken"); - when(codeExchangeRequest.execute()).thenReturn(tokenHolder); + when(codeExchangeRequest.execute()).thenReturn(tokenResponse); + when(codeExchangeRequest.execute().getBody()).thenReturn(tokenHolder); when(client.exchangeCode("abc123", "https://me.auth0.com:80/callback")).thenReturn(codeExchangeRequest); RequestProcessor handler = new RequestProcessor.Builder(client, "code", verifyOptions) @@ -266,10 +269,12 @@ public void shouldReturnTokensOnProcessIfIdTokenCodeRequestPassesIdTokenVerifica TokenRequest codeExchangeRequest = mock(TokenRequest.class); TokenHolder tokenHolder = mock(TokenHolder.class); + Response tokenResponse = mock(Response.class); when(tokenHolder.getIdToken()).thenReturn("backIdToken"); when(tokenHolder.getExpiresIn()).thenReturn(4800L); when(tokenHolder.getTokenType()).thenReturn("backTokenType"); - when(codeExchangeRequest.execute()).thenReturn(tokenHolder); + when(codeExchangeRequest.execute()).thenReturn(tokenResponse); + when(codeExchangeRequest.execute().getBody()).thenReturn(tokenHolder); when(client.exchangeCode("abc123", "https://me.auth0.com:80/callback")).thenReturn(codeExchangeRequest); RequestProcessor handler = new RequestProcessor.Builder(client, "id_token code", verifyOptions) @@ -303,10 +308,12 @@ public void shouldReturnTokensOnProcessIfIdTokenCodeRequestPassesIdTokenVerifica TokenRequest codeExchangeRequest = mock(TokenRequest.class); TokenHolder tokenHolder = mock(TokenHolder.class); + Response tokenResponse = mock(Response.class); when(tokenHolder.getIdToken()).thenReturn("backIdToken"); when(tokenHolder.getExpiresIn()).thenReturn(4800L); when(tokenHolder.getTokenType()).thenReturn("backTokenType"); - when(codeExchangeRequest.execute()).thenReturn(tokenHolder); + when(codeExchangeRequest.execute()).thenReturn(tokenResponse); + when(codeExchangeRequest.execute().getBody()).thenReturn(tokenHolder); when(client.exchangeCode("abc123", "https://me.auth0.com:80/callback")).thenReturn(codeExchangeRequest); RequestProcessor handler = new RequestProcessor.Builder(client, "id_token code", verifyOptions) @@ -340,10 +347,12 @@ public void shouldReturnTokensOnProcessIfIdTokenCodeRequestPassesIdTokenVerifica TokenRequest codeExchangeRequest = mock(TokenRequest.class); TokenHolder tokenHolder = mock(TokenHolder.class); + Response tokenResponse = mock(Response.class); when(tokenHolder.getIdToken()).thenReturn("backIdToken"); when(tokenHolder.getExpiresIn()).thenReturn(4800L); when(tokenHolder.getTokenType()).thenReturn("backTokenType"); - when(codeExchangeRequest.execute()).thenReturn(tokenHolder); + when(codeExchangeRequest.execute()).thenReturn(tokenResponse); + when(codeExchangeRequest.execute().getBody()).thenReturn(tokenHolder); when(client.exchangeCode("abc123", "https://me.auth0.com:80/callback")).thenReturn(codeExchangeRequest); RequestProcessor handler = new RequestProcessor.Builder(client, "id_token code", verifyOptions) @@ -378,12 +387,14 @@ public void shouldReturnTokensOnProcessIfTokenIdTokenCodeRequestPassesIdTokenVer TokenRequest codeExchangeRequest = mock(TokenRequest.class); TokenHolder tokenHolder = mock(TokenHolder.class); + Response tokenResponse = mock(Response.class); when(tokenHolder.getIdToken()).thenReturn("backIdToken"); when(tokenHolder.getAccessToken()).thenReturn("backAccessToken"); when(tokenHolder.getRefreshToken()).thenReturn("backRefreshToken"); when(tokenHolder.getExpiresIn()).thenReturn(4800L); when(tokenHolder.getTokenType()).thenReturn("backTokenType"); - when(codeExchangeRequest.execute()).thenReturn(tokenHolder); + when(codeExchangeRequest.execute()).thenReturn(tokenResponse); + when(codeExchangeRequest.execute().getBody()).thenReturn(tokenHolder); when(client.exchangeCode("abc123", "https://me.auth0.com:80/callback")).thenReturn(codeExchangeRequest); RequestProcessor handler = new RequestProcessor.Builder(client, "id_token token code", verifyOptions) @@ -416,10 +427,12 @@ public void shouldReturnTokensOnProcessIfCodeRequestPassesIdTokenVerification() TokenRequest codeExchangeRequest = mock(TokenRequest.class); TokenHolder tokenHolder = mock(TokenHolder.class); + Response tokenResponse = mock(Response.class); when(tokenHolder.getIdToken()).thenReturn("backIdToken"); when(tokenHolder.getAccessToken()).thenReturn("backAccessToken"); when(tokenHolder.getRefreshToken()).thenReturn("backRefreshToken"); - when(codeExchangeRequest.execute()).thenReturn(tokenHolder); + when(codeExchangeRequest.execute()).thenReturn(tokenResponse); + when(codeExchangeRequest.execute().getBody()).thenReturn(tokenHolder); when(client.exchangeCode("abc123", "https://me.auth0.com:80/callback")).thenReturn(codeExchangeRequest); RequestProcessor handler = new RequestProcessor.Builder(client, "code", verifyOptions) @@ -446,7 +459,9 @@ public void shouldReturnEmptyTokensWhenCodeRequestReturnsNoTokens() throws Excep TokenRequest codeExchangeRequest = mock(TokenRequest.class); TokenHolder tokenHolder = mock(TokenHolder.class); - when(codeExchangeRequest.execute()).thenReturn(tokenHolder); + Response tokenResponse = mock(Response.class); + when(codeExchangeRequest.execute()).thenReturn(tokenResponse); + when(codeExchangeRequest.execute().getBody()).thenReturn(tokenHolder); when(client.exchangeCode("abc123", "https://me.auth0.com:80/callback")).thenReturn(codeExchangeRequest); RequestProcessor handler = new RequestProcessor.Builder(client, "code", verifyOptions) @@ -465,7 +480,7 @@ public void shouldReturnEmptyTokensWhenCodeRequestReturnsNoTokens() throws Excep @Test public void shouldBuildAuthorizeUrl() { - AuthAPI client = new AuthAPI("me.auth0.com", "clientId", "clientSecret"); + AuthAPI client = AuthAPI.newBuilder("me.auth0.com", "clientId", "clientSecret").build(); SignatureVerifier signatureVerifier = mock(SignatureVerifier.class); IdTokenVerifier.Options verifyOptions = new IdTokenVerifier.Options("issuer", "audience", signatureVerifier); RequestProcessor handler = new RequestProcessor.Builder(client, "code", verifyOptions) @@ -488,7 +503,7 @@ public void shouldBuildAuthorizeUrl() { @Test public void shouldSetMaxAgeIfProvided() { - AuthAPI client = new AuthAPI("me.auth0.com", "clientId", "clientSecret"); + AuthAPI client = AuthAPI.newBuilder("me.auth0.com", "clientId", "clientSecret").build(); when(verifyOptions.getMaxAge()).thenReturn(906030); RequestProcessor handler = new RequestProcessor.Builder(client, "code", verifyOptions) .build(); @@ -502,7 +517,7 @@ public void shouldSetMaxAgeIfProvided() { @Test public void shouldNotSetNonceIfRequestTypeIsNotIdToken() { - AuthAPI client = new AuthAPI("me.auth0.com", "clientId", "clientSecret"); + AuthAPI client = AuthAPI.newBuilder("me.auth0.com", "clientId", "clientSecret").build(); RequestProcessor handler = new RequestProcessor.Builder(client, "code", verifyOptions) .build(); HttpServletRequest request = new MockHttpServletRequest(); @@ -515,7 +530,7 @@ public void shouldNotSetNonceIfRequestTypeIsNotIdToken() { @Test public void shouldSetNonceIfRequestTypeIsIdToken() { - AuthAPI client = new AuthAPI("me.auth0.com", "clientId", "clientSecret"); + AuthAPI client = AuthAPI.newBuilder("me.auth0.com", "clientId", "clientSecret").build(); RequestProcessor handler = new RequestProcessor.Builder(client, "id_token", verifyOptions) .build(); HttpServletRequest request = new MockHttpServletRequest(); @@ -528,7 +543,7 @@ public void shouldSetNonceIfRequestTypeIsIdToken() { @Test public void shouldNotSetNullNonceIfRequestTypeIsIdToken() { - AuthAPI client = new AuthAPI("me.auth0.com", "clientId", "clientSecret"); + AuthAPI client = AuthAPI.newBuilder("me.auth0.com", "clientId", "clientSecret").build(); RequestProcessor handler = new RequestProcessor.Builder(client, "id_token", verifyOptions) .build(); HttpServletRequest request = new MockHttpServletRequest(); @@ -541,7 +556,7 @@ public void shouldNotSetNullNonceIfRequestTypeIsIdToken() { @Test public void shouldBuildAuthorizeUrlWithNonceAndFormPostIfResponseTypeIsIdToken() { - AuthAPI client = new AuthAPI("me.auth0.com", "clientId", "clientSecret"); + AuthAPI client = AuthAPI.newBuilder("me.auth0.com", "clientId", "clientSecret").build(); RequestProcessor handler = new RequestProcessor.Builder(client, "id_token", verifyOptions) .build(); HttpServletRequest request = new MockHttpServletRequest(); @@ -561,7 +576,7 @@ public void shouldBuildAuthorizeUrlWithNonceAndFormPostIfResponseTypeIsIdToken() @Test public void shouldBuildAuthorizeUrlWithFormPostIfResponseTypeIsToken() { - AuthAPI client = new AuthAPI("me.auth0.com", "clientId", "clientSecret"); + AuthAPI client = AuthAPI.newBuilder("me.auth0.com", "clientId", "clientSecret").build(); RequestProcessor handler = new RequestProcessor.Builder(client, "token", verifyOptions) .build(); HttpServletRequest request = new MockHttpServletRequest();