search

ch4mpy / spring-addons

Ease spring OAuth2 resource-servers configuration and testing
Apache License 2.0
557 stars 90 forks source link

`Jwt.id` (jti) isn't been populated with `OpenIdClaims.jti` value #35

Closed SrMouraSilva closed 2 years ago

SrMouraSilva commented 2 years ago

Describe the bug

Jwt.id (jti) isn't been populated with OpenIdClaims.jti value

Code sample

@WithMockJwtAuth(
    claims=OpenIdClaims(
        sub="00000000-0000-0000-0000-000000000000", jti="00000000-0000-0000-0000-000000000000", sessionState="00000000-0000-0000-0000-000000000000",
        otherClaims=Claims(stringClaims=[StringClaim(name="id_institucional", value="aa91613e-34b2-488a-94ef-09ac5bef1904")])
    )
)
fun sampleTest() {}

If I check the id of Jwt, it appears null: 

val authenticationJwt = authentication as JwtAuthenticationToken
val principal = authenticationJwtprincipal as Jwt

principal.id == null

Tested in

Expected behavior Jwt.id be populated based in jti value.

SrMouraSilva commented 2 years ago

Note: If I use a (redudant) definition in otherClaims, then will works

@WithMockJwtAuth(
    claims=OpenIdClaims(
        sub="00000000-0000-0000-0000-000000000000", jti="00000000-0000-0000-0000-000000000000", sessionState="00000000-0000-0000-0000-000000000000",
        otherClaims=Claims(stringClaims=[StringClaim(name="id_institucional", value="aa91613e-34b2-488a-94ef-09ac5bef1904"), StringClaim(name="jti", value="00000000-0000-0000-0000-000000000000")])
    )
)
ch4mpy commented 2 years ago

This looks like a bug. Will have a look ASAP.

ch4mpy commented 2 years ago

@SrMouraSilva thank you for taking time to report.

I just fogot JTI when extracting annotation value. Sorry about that

This bug affects all @WithMock..., but the fix works for all of it too. You can have a look at the commit linked above, it demoes your use-case in a new test.

Release onging. Please comment or re-open if the solution is not what you expected.

ch4mpy commented 2 years ago

@SrMouraSilva release 3.1.8 done.

It usually takes about two hours for the libs to be transfered to https://repo1.maven.org/maven2/com/c4-soft/springaddons/spring-security-oauth2-test-addons/

SrMouraSilva commented 2 years ago

@ch4mpy. Tested. Thanks!