From 079a75e3f55f50f82d57cf51087b9e43b40ad16a Mon Sep 17 00:00:00 2001 From: gtaban Date: Thu, 4 Apr 2019 19:23:53 -0500 Subject: [PATCH] master <-- development (#139) * Update login widget section in readme (#133) * Updates Server endpoints to v4 (#135) * Changes SDK to use server v4 endpoints. Updates test cases * 1. Adds version and AZP validation 2. Updates iss validation * Issue 2439 (#138) Removed azp check --- README.md | 2 +- build.gradle | 3 +- .../api/AppIDAuthorizationManager.java | 25 ++---- .../android/api/tokens/IdentityToken.java | 2 - .../appid/android/api/tokens/OAuthClient.java | 24 ----- .../appid/android/internal/config/Config.java | 70 +++++++-------- .../internal/tokenmanager/TokenManager.java | 19 +++- .../internal/tokens/AbstractToken.java | 38 +++++--- .../internal/tokens/IdentityTokenImpl.java | 12 --- .../internal/tokens/OAuthClientImpl.java | 88 ------------------- .../appid/android/internal/tokens/Token.java | 3 +- .../ibm/cloud/appid/android/TestSuite.java | 2 - .../api/AppIDAuthorizationManager_Test.java | 11 +-- .../appid/android/api/ConfigOld_Test.java | 8 +- .../cloud/appid/android/api/Config_Test.java | 16 +++- .../android/api/tokens/AccessToken_Test.java | 2 +- .../api/tokens/IdentityToken_Test.java | 11 ++- .../android/api/tokens/OAuthClient_Test.java | 63 ------------- .../AuthorizationManager_Test.java | 12 +-- .../tokenmanager/TokenManager_Test.java | 14 +-- .../internal/tokens/AbstractToken_Test.java | 21 +++-- .../UserProfileManagerImpl_Test.java | 7 +- .../appid/android/testing/helpers/Consts.java | 37 +++++--- 23 files changed, 172 insertions(+), 318 deletions(-) delete mode 100644 lib/src/main/java/com/ibm/cloud/appid/android/api/tokens/OAuthClient.java delete mode 100644 lib/src/main/java/com/ibm/cloud/appid/android/internal/tokens/OAuthClientImpl.java delete mode 100644 lib/src/test/java/com/ibm/cloud/appid/android/api/tokens/OAuthClient_Test.java diff --git a/README.md b/README.md index 27b003c..cfca8a0 100644 --- a/README.md +++ b/README.md @@ -78,7 +78,7 @@ loginWidget.launch(this, new AuthorizationListener() { ``` **Note**: -* The default configuration use Facebook and Google as authentication options. If you configure only one of them the login widget will *not* launch and the user will be redirected to the configured identity provider authentication screen. +* By default, App ID is configured to use Facebook, Google, and Cloud Directory as identity providers. If you change your identity provider settings to provide only one option, then the Login Widget is not needed and will not display. The user is directed to your chosen identity provider's authentication screen. * When using Cloud Directory, and "Email verification" is configured to *not* allow users to sign-in without email verification, then the "onAuthorizationSuccess" of the "AuthorizationListener" will be invoked without tokens. ## Managing Cloud Directory with the Android SDK diff --git a/build.gradle b/build.gradle index 0c04b5a..74f7232 100644 --- a/build.gradle +++ b/build.gradle @@ -8,9 +8,10 @@ buildscript { url 'https://maven.google.com/' name 'Google' } + google() } dependencies { - classpath "com.android.tools.build:gradle:3.1.1" + classpath 'com.android.tools.build:gradle:3.1.3' // classpath 'com.android.tools.build:gradle:3.1.2' classpath "org.kt3k.gradle.plugin:coveralls-gradle-plugin:2.7.1" // classpath 'org.robolectric:robolectric-gradle-plugin:1.1.0' diff --git a/lib/src/main/java/com/ibm/cloud/appid/android/api/AppIDAuthorizationManager.java b/lib/src/main/java/com/ibm/cloud/appid/android/api/AppIDAuthorizationManager.java index 447f935..79c10e6 100644 --- a/lib/src/main/java/com/ibm/cloud/appid/android/api/AppIDAuthorizationManager.java +++ b/lib/src/main/java/com/ibm/cloud/appid/android/api/AppIDAuthorizationManager.java @@ -158,31 +158,18 @@ public UserIdentity getUserIdentity () { @Override public DeviceIdentity getDeviceIdentity () { + //Not getting rid of this function because, this class implements an interface from another SDK and the interface expects this method. + //returning null here because we no longer have oauth_client in our tokens. logger.debug("getDeviceIdentity"); - IdentityToken identityToken = getIdentityToken(); - if (identityToken == null) { - return null; - } - Map map = new HashMap(); - map.put(DeviceIdentity.ID, identityToken.getOAuthClient().getDeviceId()); - map.put(DeviceIdentity.OS, identityToken.getOAuthClient().getDeviceOS()); - map.put(DeviceIdentity.MODEL, identityToken.getOAuthClient().getDeviceModel()); - map.put(DeviceIdentity.BRAND, Build.BRAND); - map.put(DeviceIdentity.OS_VERSION, Build.VERSION.RELEASE); - return new BaseDeviceIdentity(map); + return null; } @Override public AppIdentity getAppIdentity () { + //Not getting rid of this function because, this class implements an interface from another SDK and the interface expects this method. + //returning null here because we no longer have oauth_client in our tokens. logger.debug("getAppIdentity"); - IdentityToken identityToken = getIdentityToken(); - if (identityToken == null) { - return null; - } - Map map = new HashMap(); - map.put(AppIdentity.ID, identityToken.getOAuthClient().getSoftwareId()); - map.put(AppIdentity.VERSION, identityToken.getOAuthClient().getSoftwareVersion()); - return new BaseAppIdentity(map); + return null; } /** diff --git a/lib/src/main/java/com/ibm/cloud/appid/android/api/tokens/IdentityToken.java b/lib/src/main/java/com/ibm/cloud/appid/android/api/tokens/IdentityToken.java index ff2f023..c00afbf 100644 --- a/lib/src/main/java/com/ibm/cloud/appid/android/api/tokens/IdentityToken.java +++ b/lib/src/main/java/com/ibm/cloud/appid/android/api/tokens/IdentityToken.java @@ -20,9 +20,7 @@ public interface IdentityToken extends Token { String getName(); String getEmail(); - String getGender(); String getLocale(); String getPicture(); JSONArray getIdentities(); - OAuthClient getOAuthClient(); } diff --git a/lib/src/main/java/com/ibm/cloud/appid/android/api/tokens/OAuthClient.java b/lib/src/main/java/com/ibm/cloud/appid/android/api/tokens/OAuthClient.java deleted file mode 100644 index dc4fcb6..0000000 --- a/lib/src/main/java/com/ibm/cloud/appid/android/api/tokens/OAuthClient.java +++ /dev/null @@ -1,24 +0,0 @@ -/* - Copyright 2017 IBM Corp. - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package com.ibm.cloud.appid.android.api.tokens; - -public interface OAuthClient { - String getType(); - String getName(); - String getSoftwareId(); - String getSoftwareVersion(); - String getDeviceId(); - String getDeviceModel(); - String getDeviceOS(); -} diff --git a/lib/src/main/java/com/ibm/cloud/appid/android/internal/config/Config.java b/lib/src/main/java/com/ibm/cloud/appid/android/internal/config/Config.java index 648ab06..f85dfcb 100644 --- a/lib/src/main/java/com/ibm/cloud/appid/android/internal/config/Config.java +++ b/lib/src/main/java/com/ibm/cloud/appid/android/internal/config/Config.java @@ -23,19 +23,15 @@ public class Config { public final static String REGION_GERMANY_OLD = ".eu-de.bluemix.net"; public final static String REGION_TOKYO_OLD = ".jp-tok.bluemix.net"; - private final static String OAUTH_ENDPOINT = "/oauth/v3/"; + private final static String OAUTH_ENDPOINT = "/oauth/v4/"; private final static String ATTRIBUTES_ENDPOINT = "/api/v1/"; - private static final String serverUrlPrefix = "https://appid-oauth"; - private static final String userProfilesPrefix = "https://appid-profiles"; private static final String PUBLIC_KEYS_ENDPOINT = "/publickeys"; - private static final String PROTOCOL = "http"; private Config(){} public static String getOAuthServerUrl (AppID appId) { - String region = appId.getBluemixRegion(); + String serverUrl = convertEndpoints(appId.getBluemixRegion()); - String serverUrl = (region != null && region.startsWith(PROTOCOL)) ? region : serverUrlPrefix + region; serverUrl += OAUTH_ENDPOINT; if (null != appId.overrideOAuthServerHost) { @@ -46,8 +42,7 @@ public static String getOAuthServerUrl (AppID appId) { } public static String getUserProfilesServerUrl (AppID appId) { - String region = appId.getBluemixRegion(); - String serverUrl = (region != null && region.startsWith(PROTOCOL)) ? region : userProfilesPrefix + region; + String serverUrl = convertEndpoints(appId.getBluemixRegion()); if (null != appId.overrideUserProfilesHost) { serverUrl = appId.overrideUserProfilesHost; @@ -63,41 +58,42 @@ public static String getPublicKeysEndpoint (AppID appId) { public static String getIssuer(AppID appId) { if (null != appId.overrideOAuthServerHost) { - return appId.overrideOAuthServerHost.split("/")[2]; + String[] overrideServerUrlSplit = appId.overrideOAuthServerHost.split("/"); + return overrideServerUrlSplit[0] + "//" + overrideServerUrlSplit[2] + OAUTH_ENDPOINT + appId.getTenantId(); } - String region = appId.getBluemixRegion(); - if (region == null) { - return serverUrlPrefix; - } - - String issuer = region.contains("cloud.ibm.com") ? serverUrlPrefix + suffixFromRegion(region) : - Config.getOAuthServerUrl(appId); - - return issuer.split("/")[2]; + return Config.getOAuthServerUrl(appId); } - private static String suffixFromRegion(String region) { - switch (region) { - case AppID.REGION_UK_STAGE1: - return ".stage1" + REGION_UK_OLD; - case AppID.REGION_US_SOUTH_STAGE1: - return ".stage1" + REGION_US_SOUTH_OLD; - case AppID.REGION_US_SOUTH: - return REGION_US_SOUTH_OLD; - case AppID.REGION_UK: - return REGION_UK_OLD; - case AppID.REGION_SYDNEY: - return REGION_SYDNEY_OLD; - case AppID.REGION_GERMANY: - return REGION_GERMANY_OLD; - case AppID.REGION_US_EAST: - return REGION_US_EAST_OLD; - case AppID.REGION_TOKYO: - return REGION_TOKYO_OLD; + + /** + * converts old bluemix.net endpoints to new cloud.ibm.com endpoints + * @param region + * @return + */ + private static String convertEndpoints(String region) { + + if(region != null && region.contains("bluemix.net")) { + switch (region) { + case ".stage1" + REGION_UK_OLD: + return AppID.REGION_UK_STAGE1; + case ".stage1" + REGION_US_SOUTH_OLD: + return AppID.REGION_US_SOUTH_STAGE1; + case REGION_US_SOUTH_OLD: + return AppID.REGION_US_SOUTH; + case REGION_UK_OLD: + return AppID.REGION_UK; + case REGION_SYDNEY_OLD: + return AppID.REGION_SYDNEY; + case REGION_GERMANY_OLD: + return AppID.REGION_GERMANY; + case REGION_US_EAST_OLD: + return AppID.REGION_US_EAST; + case REGION_TOKYO_OLD: + return AppID.REGION_TOKYO; + } } return region; } - } diff --git a/lib/src/main/java/com/ibm/cloud/appid/android/internal/tokenmanager/TokenManager.java b/lib/src/main/java/com/ibm/cloud/appid/android/internal/tokenmanager/TokenManager.java index 6045013..b014a14 100644 --- a/lib/src/main/java/com/ibm/cloud/appid/android/internal/tokenmanager/TokenManager.java +++ b/lib/src/main/java/com/ibm/cloud/appid/android/internal/tokenmanager/TokenManager.java @@ -45,8 +45,10 @@ import java.security.Signature; import java.security.interfaces.RSAPublicKey; import java.security.spec.RSAPublicKeySpec; +import java.util.ArrayList; import java.util.HashMap; import java.util.Map; +import io.jsonwebtoken.Claims; import io.jsonwebtoken.IncorrectClaimException; import io.jsonwebtoken.Jwts; import io.jsonwebtoken.SignatureException; @@ -346,14 +348,27 @@ protected Key getPublickey(Response response, String tokenKid) throws Authorizat } } - protected boolean verifyToken(Key rsaPublicKey, String token, String issuer, String audience, String tenant) throws SignatureException,IncorrectClaimException { + protected boolean verifyToken(Key rsaPublicKey, String token, String issuer, String clientId, String tenant) throws SignatureException,IncorrectClaimException { if (rsaPublicKey == null){ return false; } try { - Jwts.parser().requireIssuer(issuer).requireAudience(audience) + + Claims claims = Jwts.parser().requireIssuer(issuer) .require("tenant", tenant).setSigningKey(rsaPublicKey) .parseClaimsJws(token).getBody(); + + try { + //since the jwt library does not support audience as an array yet, we do the validation manually. + ArrayList aud = claims.get("aud", ArrayList.class); + + if(aud == null || !aud.contains(clientId)) { + throw new IncorrectClaimException(null, claims, "Invalid audience"); + } + } catch (ClassCastException ce) { + throw new IncorrectClaimException(null, claims, "Invalid audience"); + } + return true; } catch (SignatureException|IncorrectClaimException exception) { // Invalid signature/claims throw exception; diff --git a/lib/src/main/java/com/ibm/cloud/appid/android/internal/tokens/AbstractToken.java b/lib/src/main/java/com/ibm/cloud/appid/android/internal/tokens/AbstractToken.java index adfdb7e..c49aa1b 100644 --- a/lib/src/main/java/com/ibm/cloud/appid/android/internal/tokens/AbstractToken.java +++ b/lib/src/main/java/com/ibm/cloud/appid/android/internal/tokens/AbstractToken.java @@ -40,6 +40,7 @@ public abstract class AbstractToken implements Token { private final static String ISSUED_AT = "iat"; private final static String TENANT = "tenant"; private final static String AUTHENTICATION_METHODS = "amr"; + private final static String VERSION = "ver"; private final static Logger logger = Logger.getLogger(Logger.INTERNAL_PREFIX + AbstractToken.class.getName()); @@ -96,8 +97,8 @@ public String getSubject () { } @Override - public String getAudience () { - return (String) getValue(AUDIENCE); + public List getAudience () { + return convertJsonArrayToList(AUDIENCE); } @Override @@ -119,15 +120,7 @@ public String getTenant () { @Override public List getAuthenticationMethods(){ - List list = new ArrayList<>(); - JSONArray array = (JSONArray) getValue(AUTHENTICATION_METHODS); - for (int i=0; i convertJsonArrayToList(String name) { + List list = new ArrayList<>(); + JSONArray array = (JSONArray) getValue(name); + for (int i=0; i getAudience(); Date getExpiration(); Date getIssuedAt(); String getTenant(); + Integer getVersion(); List getAuthenticationMethods(); boolean isExpired(); boolean isAnonymous(); diff --git a/lib/src/test/java/com/ibm/cloud/appid/android/TestSuite.java b/lib/src/test/java/com/ibm/cloud/appid/android/TestSuite.java index 5b7afee..93f2be5 100644 --- a/lib/src/test/java/com/ibm/cloud/appid/android/TestSuite.java +++ b/lib/src/test/java/com/ibm/cloud/appid/android/TestSuite.java @@ -20,7 +20,6 @@ import com.ibm.cloud.appid.android.api.ConfigOld_Test; import com.ibm.cloud.appid.android.api.tokens.AccessToken_Test; import com.ibm.cloud.appid.android.api.tokens.IdentityToken_Test; -import com.ibm.cloud.appid.android.api.tokens.OAuthClient_Test; import com.ibm.cloud.appid.android.api.userprofile.UserProfileException_Test; import com.ibm.cloud.appid.android.internal.authorizationmanager.AuthorizationManager_Test; import com.ibm.cloud.appid.android.internal.authorizationmanager.AuthorizationUIManager_Test; @@ -45,7 +44,6 @@ AuthorizationException_Test.class, AccessToken_Test.class, IdentityToken_Test.class, - OAuthClient_Test.class, UserProfileException_Test.class, AppIDAuthorizationManager_Test.class, diff --git a/lib/src/test/java/com/ibm/cloud/appid/android/api/AppIDAuthorizationManager_Test.java b/lib/src/test/java/com/ibm/cloud/appid/android/api/AppIDAuthorizationManager_Test.java index 39d4043..eefd38c 100644 --- a/lib/src/test/java/com/ibm/cloud/appid/android/api/AppIDAuthorizationManager_Test.java +++ b/lib/src/test/java/com/ibm/cloud/appid/android/api/AppIDAuthorizationManager_Test.java @@ -164,12 +164,7 @@ public void testGetDeviceIdentity(){ when(tokenManagerMock.getLatestIdentityToken()).thenReturn(idToken); DeviceIdentity deviceIdentity = appIdAuthManager.getDeviceIdentity(); - assertThat(deviceIdentity).isNotNull(); - assertThat(deviceIdentity.getId()).isEqualTo(idToken.getOAuthClient().getDeviceId()); - assertThat(deviceIdentity.getModel()).isEqualTo(idToken.getOAuthClient().getDeviceModel()); - assertThat(deviceIdentity.getBrand()).isEqualTo(Build.BRAND); - assertThat(deviceIdentity.getOS()).isEqualTo(idToken.getOAuthClient().getDeviceOS()); - assertThat(deviceIdentity.getOSVersion()).isEqualTo(Build.VERSION.RELEASE); + assertThat(deviceIdentity).isNull(); //v4 tokens do no have oauth_client } @Test @@ -179,9 +174,7 @@ public void testGetAppIdentity(){ when(tokenManagerMock.getLatestIdentityToken()).thenReturn(idToken); AppIdentity appIdentity = appIdAuthManager.getAppIdentity(); - assertThat(appIdentity).isNotNull(); - assertThat(appIdentity.getId()).isEqualTo(idToken.getOAuthClient().getSoftwareId()); - assertThat(appIdentity.getVersion()).isEqualTo(idToken.getOAuthClient().getSoftwareVersion()); + assertThat(appIdentity).isNull(); //v4 tokens do no have oauth_client } @Test diff --git a/lib/src/test/java/com/ibm/cloud/appid/android/api/ConfigOld_Test.java b/lib/src/test/java/com/ibm/cloud/appid/android/api/ConfigOld_Test.java index 0f42019..3058831 100644 --- a/lib/src/test/java/com/ibm/cloud/appid/android/api/ConfigOld_Test.java +++ b/lib/src/test/java/com/ibm/cloud/appid/android/api/ConfigOld_Test.java @@ -38,19 +38,19 @@ public class ConfigOld_Test { @Before public void before() { MockitoAnnotations.initMocks(this); - when(appId.getBluemixRegion()).thenReturn(".region"); + when(appId.getBluemixRegion()).thenReturn(".ng.bluemix.net"); when(appId.getTenantId()).thenReturn("tenant-id"); } @Test public void testConfigOld(){ String url = com.ibm.cloud.appid.android.internal.config.Config.getOAuthServerUrl(appId); - assertThat(url).isEqualTo("https://appid-oauth.region/oauth/v3/tenant-id"); + assertThat(url).isEqualTo("https://us-south.appid.cloud.ibm.com/oauth/v4/tenant-id"); url = com.ibm.cloud.appid.android.internal.config.Config.getUserProfilesServerUrl(appId); - assertThat(url).isEqualTo("https://appid-profiles.region/api/v1/"); + assertThat(url).isEqualTo("https://us-south.appid.cloud.ibm.com/api/v1/"); url = com.ibm.cloud.appid.android.internal.config.Config.getIssuer(appId); - assertThat(url).isEqualTo("appid-oauth.region"); + assertThat(url).isEqualTo("https://us-south.appid.cloud.ibm.com/oauth/v4/tenant-id"); } } diff --git a/lib/src/test/java/com/ibm/cloud/appid/android/api/Config_Test.java b/lib/src/test/java/com/ibm/cloud/appid/android/api/Config_Test.java index 3e62116..7d47fc7 100644 --- a/lib/src/test/java/com/ibm/cloud/appid/android/api/Config_Test.java +++ b/lib/src/test/java/com/ibm/cloud/appid/android/api/Config_Test.java @@ -44,13 +44,13 @@ public void before() { @Test public void testConfig() { String url = com.ibm.cloud.appid.android.internal.config.Config.getOAuthServerUrl(appId); - assertThat(url).isEqualTo("https://us-south.appid.cloud.ibm.com/oauth/v3/tenant-id"); + assertThat(url).isEqualTo("https://us-south.appid.cloud.ibm.com/oauth/v4/tenant-id"); url = com.ibm.cloud.appid.android.internal.config.Config.getUserProfilesServerUrl(appId); assertThat(url).isEqualTo("https://us-south.appid.cloud.ibm.com/api/v1/"); url = com.ibm.cloud.appid.android.internal.config.Config.getIssuer(appId); - assertThat(url).isEqualTo("appid-oauth.ng.bluemix.net"); + assertThat(url).isEqualTo("https://us-south.appid.cloud.ibm.com/oauth/v4/tenant-id"); appId.overrideOAuthServerHost = "https://oauth-server-host-"; appId.overrideUserProfilesHost = "https://user-profiles-host"; @@ -62,10 +62,20 @@ public void testConfig() { assertThat(url).isEqualTo("https://user-profiles-host/api/v1/"); url = com.ibm.cloud.appid.android.internal.config.Config.getIssuer(appId); - assertThat(url).isEqualTo("oauth-server-host-"); + assertThat(url).isEqualTo("https://oauth-server-host-/oauth/v4/tenant-id"); // need to reset server hosts, because they are global variables that can impact other tests appId.overrideOAuthServerHost = null; appId.overrideUserProfilesHost = null; + + + //verify old endpoints are converted to new cloud.ibm.com + when(appId.getBluemixRegion()).thenReturn(".ng.bluemix.net"); + url = com.ibm.cloud.appid.android.internal.config.Config.getOAuthServerUrl(appId); + assertThat(url).isEqualTo("https://us-south.appid.cloud.ibm.com/oauth/v4/tenant-id"); + + url = com.ibm.cloud.appid.android.internal.config.Config.getIssuer(appId); + assertThat(url).isEqualTo("https://us-south.appid.cloud.ibm.com/oauth/v4/tenant-id"); + } } diff --git a/lib/src/test/java/com/ibm/cloud/appid/android/api/tokens/AccessToken_Test.java b/lib/src/test/java/com/ibm/cloud/appid/android/api/tokens/AccessToken_Test.java index 2cbb6b1..781e270 100644 --- a/lib/src/test/java/com/ibm/cloud/appid/android/api/tokens/AccessToken_Test.java +++ b/lib/src/test/java/com/ibm/cloud/appid/android/api/tokens/AccessToken_Test.java @@ -33,6 +33,6 @@ public class AccessToken_Test { public void testWithValidAccessToken () { AccessToken accessToken = new AccessTokenImpl(Consts.ACCESS_TOKEN); assertThat(accessToken).isNotNull(); - assertThat(accessToken.getScope()).isEqualTo("appid_default appid_readprofile appid_readuserattr appid_writeuserattr"); + assertThat(accessToken.getScope()).isEqualTo("openid appid_default appid_readprofile appid_readuserattr appid_writeuserattr appid_authenticated"); } } \ No newline at end of file diff --git a/lib/src/test/java/com/ibm/cloud/appid/android/api/tokens/IdentityToken_Test.java b/lib/src/test/java/com/ibm/cloud/appid/android/api/tokens/IdentityToken_Test.java index 1ef1b29..b99cf1c 100644 --- a/lib/src/test/java/com/ibm/cloud/appid/android/api/tokens/IdentityToken_Test.java +++ b/lib/src/test/java/com/ibm/cloud/appid/android/api/tokens/IdentityToken_Test.java @@ -35,17 +35,16 @@ public class IdentityToken_Test { public void testWithValidIdentityToken() throws JSONException{ IdentityToken idToken = new IdentityTokenImpl(Consts.ID_TOKEN); assertThat(idToken).isNotNull(); - assertThat(idToken.getName()).isEqualTo("Don Lon"); + assertThat(idToken.getName()).isEqualTo("Lon Don"); assertThat(idToken.getEmail()).isEqualTo("donlonqwerty@gmail.com"); - assertThat(idToken.getGender()).isNull(); - assertThat(idToken.getLocale()).isNull(); - assertThat(idToken.getPicture()).isEqualTo("https://scontent.xx.fbcdn.net/v/t1.0-1/p50x50/13501551_286407838378892_1785766211766730697_n.jpg?oh=148d2eee64bb14afcd891b2d5c1d6f86&oe=592F3EBC"); + assertThat(idToken.getLocale()).isNotNull(); + assertThat(idToken.getPicture()).isEqualTo("https://lh6.googleusercontent.com/-LyKHZ9PWhic/AAAAAAAAAAI/AAAAAAAAACk/AmSje4HEi1A/photo.jpg"); JSONArray identities = idToken.getIdentities(); assertThat(identities).isNotNull(); assertThat(identities.length()).isEqualTo(1); - assertThat(identities.getJSONObject(0).getString("provider")).isEqualTo("facebook"); - assertThat(identities.getJSONObject(0).getString("id")).isEqualTo("377440159275659"); + assertThat(identities.getJSONObject(0).getString("provider")).isEqualTo("google"); + assertThat(identities.getJSONObject(0).getString("id")).isEqualTo("105747725068605084657"); idToken.getPayload().remove("identities"); assertThat(idToken.getIdentities().length()).isEqualTo(0); diff --git a/lib/src/test/java/com/ibm/cloud/appid/android/api/tokens/OAuthClient_Test.java b/lib/src/test/java/com/ibm/cloud/appid/android/api/tokens/OAuthClient_Test.java deleted file mode 100644 index 493af0d..0000000 --- a/lib/src/test/java/com/ibm/cloud/appid/android/api/tokens/OAuthClient_Test.java +++ /dev/null @@ -1,63 +0,0 @@ -/* - Copyright 2017 IBM Corp. - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package com.ibm.cloud.appid.android.api.tokens; -import com.ibm.cloud.appid.android.internal.tokens.IdentityTokenImpl; -import com.ibm.cloud.appid.android.internal.tokens.OAuthClientImpl; -import com.ibm.cloud.appid.android.testing.helpers.Consts; -import com.ibm.mobilefirstplatform.appid_clientsdk_android.BuildConfig; - -import org.json.JSONException; -import org.junit.FixMethodOrder; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.junit.runners.MethodSorters; -import org.robolectric.RobolectricTestRunner; -import org.robolectric.annotation.Config; -import static org.assertj.core.api.Java6Assertions.*; - -@RunWith (RobolectricTestRunner.class) -@FixMethodOrder (MethodSorters.NAME_ASCENDING) -@Config (constants = BuildConfig.class) -public class OAuthClient_Test { - - @Test () - public void testWithValidIdToken () { - IdentityToken idToken = new IdentityTokenImpl(Consts.ID_TOKEN); - OAuthClient oAuthClient = new OAuthClientImpl(idToken); - assertThat(oAuthClient).isNotNull(); - assertThat(oAuthClient.getType()).isEqualTo("mobileapp"); - assertThat(oAuthClient.getName()).isEqualTo("appid"); - assertThat(oAuthClient.getSoftwareId()).isEqualTo("com.ibm.mobilefirstplatform.appid"); - assertThat(oAuthClient.getSoftwareVersion()).isEqualTo("1.0"); - assertThat(oAuthClient.getDeviceId()).isEqualTo("eee2c78d-0f12-3808-91eb-c63475dbbf95"); - assertThat(oAuthClient.getDeviceModel()).isEqualTo("GT-I9500"); - assertThat(oAuthClient.getDeviceOS()).isEqualTo("android"); - - } - - @Test (expected = RuntimeException.class) - public void testWithNoOAuthClientInIdToken(){ - IdentityToken idToken = new IdentityTokenImpl(Consts.ID_TOKEN); - idToken.getPayload().remove("oauth_client"); - new OAuthClientImpl(idToken); - } - - @Test () - public void testWithMissingOAuthClientProperties() throws JSONException{ - IdentityToken idToken = new IdentityTokenImpl(Consts.ID_TOKEN); - idToken.getPayload().getJSONObject("oauth_client").remove("type"); - OAuthClient oAuthClient = new OAuthClientImpl(idToken); - assertThat(oAuthClient.getType()).isNull(); - } -} \ No newline at end of file diff --git a/lib/src/test/java/com/ibm/cloud/appid/android/internal/authorizationmanager/AuthorizationManager_Test.java b/lib/src/test/java/com/ibm/cloud/appid/android/internal/authorizationmanager/AuthorizationManager_Test.java index 977ed64..3215b41 100644 --- a/lib/src/test/java/com/ibm/cloud/appid/android/internal/authorizationmanager/AuthorizationManager_Test.java +++ b/lib/src/test/java/com/ibm/cloud/appid/android/internal/authorizationmanager/AuthorizationManager_Test.java @@ -468,7 +468,7 @@ public Void answer(InvocationOnMock invocation) { spyAuthManager.launchAuthorizationUI(mockActivity, new AuthorizationListener() { @Override public void onAuthorizationFailure(AuthorizationException exception) { - String expectedAuthUrl = "https://region/oauth/v3/null/authorization?response_type=code&client_id=null&redirect_uri=null&scope=openid&state=state&language="+defaultLocale; + String expectedAuthUrl = "https://region/oauth/v4/null/authorization?response_type=code&client_id=null&redirect_uri=null&scope=openid&state=state&language="+defaultLocale; assertEquals(exception.getMessage(), "Could NOT find installed browser that support Chrome tabs on the device."); verify(spyAuthManager).createAuthorizationUIManager(any(OAuthManager.class), any(AuthorizationListener.class), eq(expectedAuthUrl), anyString()); @@ -509,7 +509,7 @@ public Void answer(InvocationOnMock invocation) { doAnswer(new Answer() { public Void answer(InvocationOnMock invocation) { - String expectedAuthUrl = "https://region/oauth/v3/null/authorization?response_type=code&client_id=null&redirect_uri=null&scope=openid&state=state&language="+overrideLocale; + String expectedAuthUrl = "https://region/oauth/v4/null/authorization?response_type=code&client_id=null&redirect_uri=null&scope=openid&state=state&language="+overrideLocale; verify(spyAuthManager).createAuthorizationUIManager(any(OAuthManager.class), any(AuthorizationListener.class), eq(expectedAuthUrl), anyString()); return null; } @@ -572,7 +572,7 @@ public Void answer(InvocationOnMock invocation) { spyAuthManager.launchSignUpAuthorizationUI(mockActivity, new AuthorizationListener() { @Override public void onAuthorizationFailure(AuthorizationException exception) { - String expectedAuthUrl = "https://region/oauth/v3/null/authorization?response_type=sign_up&client_id=null&redirect_uri=null&scope=openid&state=state&language="+defaultLocale; + String expectedAuthUrl = "https://region/oauth/v4/null/authorization?response_type=sign_up&client_id=null&redirect_uri=null&scope=openid&state=state&language="+defaultLocale; assertEquals(exception.getMessage(), "Could NOT find installed browser that support Chrome tabs on the device."); verify(spyAuthManager).createAuthorizationUIManager(any(OAuthManager.class), any(AuthorizationListener.class), eq(expectedAuthUrl), anyString()); } @@ -651,7 +651,7 @@ public void launchChangePasswordUI_success() throws Exception { spyAuthManager.launchChangePasswordUI(mockActivity, new AuthorizationListener() { @Override public void onAuthorizationFailure(AuthorizationException exception) { - String expectedAuthUrl = "https://region/oauth/v3/null/cloud_directory/change_password?user_id=1234&language="+defaultLocale; + String expectedAuthUrl = "https://region/oauth/v4/null/cloud_directory/change_password?user_id=1234&language="+defaultLocale; assertEquals(exception.getMessage(), "Could NOT find installed browser that support Chrome tabs on the device."); verify(spyAuthManager).createAuthorizationUIManager(any(OAuthManager.class), any(AuthorizationListener.class), eq(expectedAuthUrl), anyString()); } @@ -770,7 +770,7 @@ public Void answer(InvocationOnMock invocation) { spyAuthManager.launchChangeDetailsUI(mockActivity, new AuthorizationListener() { @Override public void onAuthorizationFailure(AuthorizationException exception) { - String expectedAuthUrl = "https://region/oauth/v3/null/cloud_directory/change_details?code=1234&language="+defaultLocale; + String expectedAuthUrl = "https://region/oauth/v4/null/cloud_directory/change_details?code=1234&language="+defaultLocale; assertEquals(exception.getMessage(), "Could NOT find installed browser that support Chrome tabs on the device."); verify(spyAuthManager).createAuthorizationUIManager(any(OAuthManager.class), any(AuthorizationListener.class), eq(expectedAuthUrl), anyString()); } @@ -978,7 +978,7 @@ public void onAuthorizationSuccess(AccessToken accessToken, IdentityToken identi @Override public void onAuthorizationFailure(AuthorizationException exception) { - String expectedAuthUrl = "https://region/oauth/v3/null/cloud_directory/forgot_password?language="+defaultLocale; + String expectedAuthUrl = "https://region/oauth/v4/null/cloud_directory/forgot_password?language="+defaultLocale; assertEquals(exception.getMessage(), "Could NOT find installed browser that support Chrome tabs on the device."); verify(spyAuthManager).createAuthorizationUIManager(any(OAuthManager.class), any(AuthorizationListener.class), eq(expectedAuthUrl), anyString()); } diff --git a/lib/src/test/java/com/ibm/cloud/appid/android/internal/tokenmanager/TokenManager_Test.java b/lib/src/test/java/com/ibm/cloud/appid/android/internal/tokenmanager/TokenManager_Test.java index 425e442..999a9d4 100644 --- a/lib/src/test/java/com/ibm/cloud/appid/android/internal/tokenmanager/TokenManager_Test.java +++ b/lib/src/test/java/com/ibm/cloud/appid/android/internal/tokenmanager/TokenManager_Test.java @@ -341,19 +341,23 @@ public void getPublicKeyByKid() { public void verifyToken() { boolean result = spyTokenManager.verifyToken(null,"token","issuer","aud","tenant"); assertEquals(result,false); - Key key=null; + Key key = null; try { - key = spyTokenManager.getPublickey(createResponse(Consts.JWK,200), Consts.Kid); + key = spyTokenManager.getPublickey(createResponse(Consts.ACCESS_TOKEN_JWK_PUBLIC_KEY,200), Consts.Kid); } catch (AuthorizationException e) { e.printStackTrace(); } - result = spyTokenManager.verifyToken(key, Consts.ACCESS_TOKEN_JWK, Consts.ISSUER, Consts.AUDIENCE, Consts.TENANT); + result = spyTokenManager.verifyToken(key, Consts.ACCESS_TOKEN_JWK, Consts.ISSUER, Consts.CLIENT_ID, Consts.TENANT); assertEquals(result,true); - doThrow(IncorrectClaimException.class).when(spyTokenManager).verifyToken(key, Consts.ACCESS_TOKEN_JWK,"issuer", Consts.AUDIENCE, Consts.TENANT); + doThrow(IncorrectClaimException.class).when(spyTokenManager).verifyToken(key, Consts.ACCESS_TOKEN_JWK,"issuer", Consts.CLIENT_ID, Consts.TENANT); doThrow(IncorrectClaimException.class).when(spyTokenManager).verifyToken(key, Consts.ACCESS_TOKEN_JWK, Consts.ISSUER,"aud", Consts.TENANT); - doThrow(IncorrectClaimException.class).when(spyTokenManager).verifyToken(key, Consts.ACCESS_TOKEN_JWK, Consts.ISSUER, Consts.AUDIENCE,"tenant"); + doThrow(IncorrectClaimException.class).when(spyTokenManager).verifyToken(key, Consts.ACCESS_TOKEN_JWK, Consts.ISSUER, Consts.CLIENT_ID,"tenant"); + + //verify v3 token should fail + doThrow(IncorrectClaimException.class).when(spyTokenManager).verifyToken(key, Consts.V3_ID_TOKEN, Consts.ISSUER, Consts.CLIENT_ID, Consts.TENANT); } + @Test public void getPublicKey(){ try { diff --git a/lib/src/test/java/com/ibm/cloud/appid/android/internal/tokens/AbstractToken_Test.java b/lib/src/test/java/com/ibm/cloud/appid/android/internal/tokens/AbstractToken_Test.java index ba083b6..2f84bc1 100644 --- a/lib/src/test/java/com/ibm/cloud/appid/android/internal/tokens/AbstractToken_Test.java +++ b/lib/src/test/java/com/ibm/cloud/appid/android/internal/tokens/AbstractToken_Test.java @@ -24,7 +24,9 @@ import org.robolectric.RobolectricTestRunner; import org.robolectric.annotation.Config; +import java.util.ArrayList; import java.util.Date; +import java.util.List; import static org.assertj.core.api.Java6Assertions.*; @@ -50,19 +52,24 @@ public void withInvalidTokenComponents(){ @Test() public void withValidToken(){ + + List expectedAud = new ArrayList<>(); + expectedAud.add(Consts.CLIENT_ID); + AccessToken token = new AccessTokenImpl(Consts.ACCESS_TOKEN); assertThat(token).isNotNull(); assertThat(token.getRaw()).isEqualTo(Consts.ACCESS_TOKEN); assertThat(token.getHeader()).isNotNull(); assertThat(token.getPayload()).isNotNull(); assertThat(token.getSignature()).isNotNull(); - assertThat(token.getIssuer()).isEqualTo("imf-authserver.stage1.mybluemix.net"); - assertThat(token.getSubject()).isEqualTo("09b7fea5-2e4e-40b8-9d81-df50071a3053"); - assertThat(token.getAudience()).isEqualTo("408eb36a2a069ad89cd19c789a96b7cf36b550ec"); - assertThat(token.getExpiration()).isEqualTo(new Date(1489957459000L)); - assertThat(token.getIssuedAt()).isEqualTo(new Date(1487365459000L)); - assertThat(token.getTenant()).isEqualTo("50d0beed-add7-48dd-8b0a-c818cb456bb4"); - assertThat(token.getAuthenticationMethods().get(0)).isEqualTo("facebook"); + assertThat(token.getIssuer()).isEqualTo(Consts.ISSUER); + assertThat(token.getSubject()).isEqualTo(Consts.SUB); + assertThat(token.getAudience()).isEqualTo(expectedAud); + assertThat(token.getExpiration()).isEqualTo(new Date(1552502424L*1000)); + assertThat(token.getIssuedAt()).isEqualTo(new Date(1552502422L*1000)); + assertThat(token.getTenant()).isEqualTo(Consts.TENANT); + assertThat(token.getAuthenticationMethods().get(0)).isEqualTo("google"); + assertThat(token.getVersion()).isEqualTo(Consts.VERSION); Object nonExistingValue = ((AbstractToken)token).getValue("do-not-exist"); assertThat(nonExistingValue).isNull(); diff --git a/lib/src/test/java/com/ibm/cloud/appid/android/internal/userprofilemanager/UserProfileManagerImpl_Test.java b/lib/src/test/java/com/ibm/cloud/appid/android/internal/userprofilemanager/UserProfileManagerImpl_Test.java index 5545729..7bd70a6 100644 --- a/lib/src/test/java/com/ibm/cloud/appid/android/internal/userprofilemanager/UserProfileManagerImpl_Test.java +++ b/lib/src/test/java/com/ibm/cloud/appid/android/internal/userprofilemanager/UserProfileManagerImpl_Test.java @@ -1334,7 +1334,7 @@ public int getStatus() { @Override public String getResponseText() { - return "{\"sub\": \"09b7fea5-2e4e-40b8-9d81-df50071a3053\", \"email\":\"test@ibm.com\"}"; + return "{\"sub\": " + Consts.SUB + ", \"email\":\"donlonqwerty@gmail.com\"}"; } @Override @@ -1377,8 +1377,8 @@ public Object answer(InvocationOnMock invocation) throws Throwable { @Override public void onSuccess(JSONObject userInfo) { try { - assertEquals(userInfo.getInt("sub"), "09b7fea5-2e4e-40b8-9d81-df50071a3053"); - assertEquals(userInfo.getString("email"), "test@ibm.com"); + assertEquals(userInfo.getInt("sub"), Consts.SUB); + assertEquals(userInfo.getString("email"), "donlonqwerty@gmail.com"); } catch (JSONException e) { e.printStackTrace(); } @@ -1387,6 +1387,7 @@ public void onSuccess(JSONObject userInfo) { @Override public void onFailure(UserProfileException e) { + fail(String.valueOf(e)); fail("should get to onSuccess"); } }); diff --git a/lib/src/test/java/com/ibm/cloud/appid/android/testing/helpers/Consts.java b/lib/src/test/java/com/ibm/cloud/appid/android/testing/helpers/Consts.java index b0c95c2..39a47c6 100644 --- a/lib/src/test/java/com/ibm/cloud/appid/android/testing/helpers/Consts.java +++ b/lib/src/test/java/com/ibm/cloud/appid/android/testing/helpers/Consts.java @@ -14,16 +14,31 @@ package com.ibm.cloud.appid.android.testing.helpers; public class Consts { - public static final String ACCESS_TOKEN = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpPU0UifQ.eyJpc3MiOiJpbWYtYXV0aHNlcnZlci5zdGFnZTEubXlibHVlbWl4Lm5ldCIsImV4cCI6MTQ4OTk1NzQ1OSwiYXVkIjoiNDA4ZWIzNmEyYTA2OWFkODljZDE5Yzc4OWE5NmI3Y2YzNmI1NTBlYyIsInN1YiI6IjA5YjdmZWE1LTJlNGUtNDBiOC05ZDgxLWRmNTAwNzFhMzA1MyIsImFtciI6WyJmYWNlYm9vayJdLCJpYXQiOjE0ODczNjU0NTksInRlbmFudCI6IjUwZDBiZWVkLWFkZDctNDhkZC04YjBhLWM4MThjYjQ1NmJiNCIsInNjb3BlIjoiYXBwaWRfZGVmYXVsdCBhcHBpZF9yZWFkcHJvZmlsZSBhcHBpZF9yZWFkdXNlcmF0dHIgYXBwaWRfd3JpdGV1c2VyYXR0ciJ9.gQq4_IxbkPg1FsVZiiTqsejURL4E_Ijr8U1vDob-06GcsorVijS7HHf0kgWD84cDNa6z4Lp7HkmvI8vmiUIfV6ch-xJS_LSJphKy5nZxXqVHchRDJAMUNMiAYqC5ohZ4MXmjuGFIrVl1iZdTyP5Oz-5e6UzDccdAGkPokNs_IyXwiSmGWF5fOKSgfqANYwRBaC-JeXlzEcVZ697q92kiErBNl3ziuSFWxss86ZHHiKdLoHUpkDRKgPHwSQmE_Kwzj8v8Td9WuIVwXCF-D4koTuPJSe2aPqCLuV28PE9wRh5j3sFraKbQIcjuHuiAd5KBhzwaeVT20_0zrgyr3QG0Vg"; - public static final String ID_TOKEN = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpPU0UifQ.eyJpc3MiOiJpbWYtYXV0aHNlcnZlci5zdGFnZTEubXlibHVlbWl4Lm5ldCIsImF1ZCI6IjQwOGViMzZhMmEwNjlhZDg5Y2QxOWM3ODlhOTZiN2NmMzZiNTUwZWMiLCJleHAiOjE0ODk5NTc0NTksInRlbmFudCI6IjUwZDBiZWVkLWFkZDctNDhkZC04YjBhLWM4MThjYjQ1NmJiNCIsImlhdCI6MTQ4NzM2NTQ1OSwiZW1haWwiOiJkb25sb25xd2VydHlAZ21haWwuY29tIiwibmFtZSI6IkRvbiBMb24iLCJwaWN0dXJlIjoiaHR0cHM6Ly9zY29udGVudC54eC5mYmNkbi5uZXQvdi90MS4wLTEvcDUweDUwLzEzNTAxNTUxXzI4NjQwNzgzODM3ODg5Ml8xNzg1NzY2MjExNzY2NzMwNjk3X24uanBnP29oPTE0OGQyZWVlNjRiYjE0YWZjZDg5MWIyZDVjMWQ2Zjg2Jm9lPTU5MkYzRUJDIiwic3ViIjoiMDliN2ZlYTUtMmU0ZS00MGI4LTlkODEtZGY1MDA3MWEzMDUzIiwiaWRlbnRpdGllcyI6W3sicHJvdmlkZXIiOiJmYWNlYm9vayIsImlkIjoiMzc3NDQwMTU5Mjc1NjU5In1dLCJhbXIiOlsiZmFjZWJvb2siXSwib2F1dGhfY2xpZW50Ijp7Im5hbWUiOiJhcHBpZCIsInR5cGUiOiJtb2JpbGVhcHAiLCJzb2Z0d2FyZV9pZCI6ImNvbS5pYm0ubW9iaWxlZmlyc3RwbGF0Zm9ybS5hcHBpZCIsInNvZnR3YXJlX3ZlcnNpb24iOiIxLjAiLCJkZXZpY2VfaWQiOiJlZWUyYzc4ZC0wZjEyLTM4MDgtOTFlYi1jNjM0NzVkYmJmOTUiLCJkZXZpY2VfbW9kZWwiOiJHVC1JOTUwMCIsImRldmljZV9vcyI6ImFuZHJvaWQifX0.Iy0l7C5mT8vum46G8Depk4KRXmOyBlJSWTRoPP41cXztSAqwOEZOXo4IWJVnwia46UbRgJ751VYZId2KTGap8H8R1sT-DkB8o27k8aIUT8dp0oNdnnjBYZR5sI5FLaqGJ02g8oddTlx2Dhb_XxZ4GwtfDCXLvIPgi3Q-1GrPjWNWOMP279KuBpy1a5KfOspQXp69rTaMJFXBzTo2ekVCKhx1mKwLRMWaE4RWkcwtl880lH6Nutz9B0ZneFrFl9MdNYH4y4BpWCUZKDobqgDl7kZFeSg5Zj8knOdlieDgevNKqMXAFERnV6q5pg2xgg5r-uvrjl7dg4Hol7j_MyTp8w"; + public static final int VERSION = 4; + public static final String ACCESS_TOKEN = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImFwcElkLWRiOGEyN2M0LWI4ODctNGY4ZC1hODlmLWYxMmZiNzc1YjMxMS0yMDE4LTA4LTAyVDEyOjA0OjA5LjcyOCIsInZlciI6NH0.eyJpc3MiOiJodHRwczovL2V1LWdiLmFwcGlkLnRlc3QuY2xvdWQuaWJtLmNvbS9vYXV0aC92NC9kYjhhMjdjNC1iODg3LTRmOGQtYTg5Zi1mMTJmYjc3NWIzMTEiLCJleHAiOjE1NTI1MDI0MjQsImF1ZCI6WyIyMWU4YjUyMy1lYjQyLTRhMzQtYTA1Ny0wNGNhOTQ0NWY2ZmYiXSwic3ViIjoiMGU4NzRhZDEtMzJiZS00NWI5LWExNmEtZmEyOGIyZjMyZmNkIiwiYW1yIjpbImdvb2dsZSJdLCJpYXQiOjE1NTI1MDI0MjIsInRlbmFudCI6ImRiOGEyN2M0LWI4ODctNGY4ZC1hODlmLWYxMmZiNzc1YjMxMSIsInNjb3BlIjoib3BlbmlkIGFwcGlkX2RlZmF1bHQgYXBwaWRfcmVhZHByb2ZpbGUgYXBwaWRfcmVhZHVzZXJhdHRyIGFwcGlkX3dyaXRldXNlcmF0dHIgYXBwaWRfYXV0aGVudGljYXRlZCJ9.YNkhVtNKmL9wForrm1dx3YRzzC291qzlDUKX0VZ9eP8tElec0HtZbuwhk08gyvyBWfXDkQu45kZVYS71f48xgSlKz8O5TLPgGsSZI3agWPccCqjxMcBdfvvkNKNaV3QBAo2dN7SM5K553K_JTzMPFfbaFa0farENfjRWAl7kp9zielmq7C9kkfg8mJCWQwbp5RBdXX-k79-6kNlAnbBAOhWxYM_gz9gu8pxHmfs8RSuRY972FMEEJoE5hdeICE8j1yW113O-QKUTkphFnz7sprx0_6_bvzmDXvYnPIXqGc6d_83iojBGyPXygitp8jO6gfTCTxZvNFQzRYFq1DuQqw"; + public static final String ID_TOKEN = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImFwcElkLWRiOGEyN2M0LWI4ODctNGY4ZC1hODlmLWYxMmZiNzc1YjMxMS0yMDE4LTA4LTAyVDEyOjA0OjA5LjcyOCIsInZlciI6NH0.eyJpc3MiOiJodHRwczovL2V1LWdiLmFwcGlkLnRlc3QuY2xvdWQuaWJtLmNvbS9vYXV0aC92NC9kYjhhMjdjNC1iODg3LTRmOGQtYTg5Zi1mMTJmYjc3NWIzMTEiLCJhdWQiOlsiMjFlOGI1MjMtZWI0Mi00YTM0LWEwNTctMDRjYTk0NDVmNmZmIl0sImV4cCI6MTU1MjUwMjQyNCwidGVuYW50IjoiZGI4YTI3YzQtYjg4Ny00ZjhkLWE4OWYtZjEyZmI3NzViMzExIiwiaWF0IjoxNTUyNTAyNDIyLCJlbWFpbCI6ImRvbmxvbnF3ZXJ0eUBnbWFpbC5jb20iLCJuYW1lIjoiTG9uIERvbiIsImxvY2FsZSI6ImVuIiwicGljdHVyZSI6Imh0dHBzOi8vbGg2Lmdvb2dsZXVzZXJjb250ZW50LmNvbS8tTHlLSFo5UFdoaWMvQUFBQUFBQUFBQUkvQUFBQUFBQUFBQ2svQW1TamU0SEVpMUEvcGhvdG8uanBnIiwic3ViIjoiMGU4NzRhZDEtMzJiZS00NWI5LWExNmEtZmEyOGIyZjMyZmNkIiwiaWRlbnRpdGllcyI6W3sicHJvdmlkZXIiOiJnb29nbGUiLCJpZCI6IjEwNTc0NzcyNTA2ODYwNTA4NDY1NyJ9XSwiYW1yIjpbImdvb2dsZSJdfQ.QSD6li3Lo2zFG_Iy-IWdh0wJ4tWauc0Mj5IekP5ai3puLocuk6ucQnwKgqOt5lxALSosmXLb8fQsrZixmDWmthkdmY523t6rRIJvRO9-dJXc8fCkdYJdG6AuOwb_e9eHgg41U-E3AeIoc4n0JKkXkQKDTz8I6gfPQua7UPfzsODMjqCp95JevjLJbxHm2lLq-aT2zR0YDG4P-hJb335fxFGlQNldLvYtN8hQfHo_8xeriIH3zYjTqYiXMgSoM6xsU3WwFOD_IShqR2CEXD9sxEXfpdt4SJeJ79--0kTQ958CCb0nnbOjrjqzSSh-U52DWFLgU2jdkQg0nfB29lcGnQ"; + public static final String V3_ID_TOKEN = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImFwcElkLTM5YTM3ZjU3LWEyMjctNGJmZS1hMDQ0LTkzYjZlNjA2MGI2MS0yMDE4LTA4LTAyVDExOjU3OjQzLjQwMSJ9.eyJpc3MiOiJhcHBpZC1vYXV0aC5zdGFnZTEuZXUtZ2IuYmx1ZW1peC5uZXQiLCJhdWQiOiI5MWQ2ZmFhMjAwZThhZDE4Mjg5NjMxNTk5YTNmM2E1ZDVjYWYwYjI3IiwiZXhwIjoyNTUwNTExNTcyLCJ0ZW5hbnQiOiIzOWEzN2Y1Ny1hMjI3LTRiZmUtYTA0NC05M2I2ZTYwNjBiNjEiLCJpYXQiOjE1NTA1MDc5NjIsImVtYWlsIjoiZG9ubG9ucXdlcnR5QGdtYWlsLmNvbSIsIm5hbWUiOiJEb24gTG9uIiwiZ2VuZGVyIjoibWFsZSIsImxvY2FsZSI6ImVuX1VTIiwicGljdHVyZSI6Imh0dHBzOi8vcGxhdGZvcm0tbG9va2FzaWRlLmZic2J4LmNvbS9wbGF0Zm9ybS9wcm9maWxlcGljLz9hc2lkPTM3NzQ0MDE1OTI3NTY1OSZoZWlnaHQ9NTAmd2lkdGg9NTAmZXh0PTE1NTMwOTk5NjAmaGFzaD1BZVNBSHN1MHBDcUM5b1htIiwic3ViIjoiMzExYTlmNzQtNDM5ZC00NzQxLTkzNDctYWU1NjVhMGViMTM3IiwiaWRlbnRpdGllcyI6W3sicHJvdmlkZXIiOiJmYWNlYm9vayIsImlkIjoiMzc3NDQwMTU5Mjc1NjU5In1dLCJhbXIiOlsiZmFjZWJvb2siXX0.oxbln_lAna0C7LLJdljbB4aoKXfoEZ_2znBM-UP98GmAG037FGXJocNlSJQZaASTRvyKaHoDueH_3GemzssTICKJYHrfhnTHUHzw_sn5u4KFQBDgOjp9dyawd-0SYbITnMx8DoBM7UBHyxBQ6gnXeXcVgIg5DNlTXNDZlwLwzs0LTYHyEEGhtOnU761d2pbdahps5UHpI_njeeDOFdDQNn1Kgb2eySFGqCOOpFqQIJeNqZmaV333RQsePl2VM_g1dL9l6qIH88joALq-YBfAxLBQft1R3EkxW3u5cQm4UbkZkfSEgKJ1BEO_W4g7q4xL_rMeLos0Yq0HWl24S7TcaA"; public static final String REFRESH_TOKEN = "ENCODEDREFRESHTOKEN"; - public static final String ISSUER = "mobileclientaccess.stage1.ng.bluemix.net"; - public static final String AUDIENCE = "26cb012eb327c612d90a6819163b6bcbd4849cbb"; - public static final String TENANT = "4dba9430-54e6-4cf2-a516-6f73feb702bb"; - public static final String JWK ="{\"keys\":[{\"kty\":\"RSA\",\"use\":\"sig\",\"n\":\"s8SVzmkIslnxYmr0fa_i88fTS_a6wH3tNzRjE1M2SUHjz0E7IJ2-2Jjqwsefu0QcYDnH_oiwnLGn_m-etw1toAIC30UeeKiskM1pqRi6Z8LTRZIS3WYHRFGqa3IfVEBf_sjlxjNqfG8y9c4fJ_pRYGxpzCbjeXsDefs0zfSXmlQcWL1MwIIDHN0ZnAcmpjSsOzo0wPQGb_n8MIfT-rUr90bxch9-51wOEVXROE5nQpjkW9n6aCECeySDIK0nvILsgXMWUNW3oAIF35tK9yaUkGxXVNju-RGJLipnIIDU5apJY8lmKTVmzBMglY2fgXpNKbgQmMBlUJ4L1X05qUzw5w\",\"e\":\"AQAB\",\"kid\":\"appId-1504675475000\"}]}"; - public static final String Kid ="appId-1504675475000"; - public static final String ACCESS_TOKEN_JWK = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpPU0UifQ.eyJpc3MiOiJtb2JpbGVjbGllbnRhY2Nlc3Muc3RhZ2UxLm5nLmJsdWVtaXgubmV0IiwiZXhwIjoyNDg3MDg0ODc4LCJhdWQiOiIyNmNiMDEyZWIzMjdjNjEyZDkwYTY4MTkxNjNiNmJjYmQ0ODQ5Y2JiIiwiaWF0IjoxNDg3MDgxMjc4LCJhdXRoX2J5IjoiZmFjZWJvb2siLCJ0ZW5hbnQiOiI0ZGJhOTQzMC01NGU2LTRjZjItYTUxNi02ZjczZmViNzAyYmIiLCJzY29wZSI6ImFwcGlkX2RlZmF1bHQgYXBwaWRfcmVhZHByb2ZpbGUgYXBwaWRfcmVhZHVzZXJhdHRyIGFwcGlkX3dyaXRldXNlcmF0dHIifQ.qU_9KueH3qKLdxqHNdoQ7XOGdjY323WQK9VhzhlhrSkw7dmYkt7bIFVIvr37RJsi7X47v4nsxNewgClmt6tXDcSsQDrvzsq-lFGH2Ot3MFliQxweCzlOTy4EJPHMZtBRHbT6u_7nvegQBTZ1uAqTEQ_0L0eiqGf9BmpY0lDkZNv3Ro73bNku__jdY8M60X-P6trDYHBLOcMdQU0RjTrKm-OQx0jgidKbuTKXlZ2HSASH6knaS1pc7Z89JHeOqg0mF8D4vzD_vwe_yI-XuKg9q3HaFqddaOvVf1tC2cjuy8l54EoyZTLr5aMiPQaboV6DNfyY1YRCfvJd5d7Y1UA5ug"; - public static final String APP_ANON_ACCESS_TOKEN = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpPU0UiLCJraWQiOiJhcHBJZC0xNTA0Njg1OTYxMDAwLWMyZDNkYTk0LWM5MDEtNDM5Mi04ZjI3LWQ5MGVmZDI4YjViNyJ9.eyJpc3MiOiJhcHBpZC1vYXV0aC5uZy5ibHVlbWl4Lm5ldCIsImV4cCI6MTUyOTY5NjQyNSwiYXVkIjoiMDZhNDIwNDY5YzRiZWEyYTY5NGFhN2U5NzFkMTU2ODBiYjY5Nzk0YSIsInN1YiI6Ijk2OWRlYmZlLTFhNzItNDk5NC1iZTE0LWNmODMyYTcxYjU5ZSIsImFtciI6WyJhcHBpZF9hbm9uIl0sImlhdCI6MTUyNzEwNDQyNSwidGVuYW50IjoiYzJkM2RhOTQtYzkwMS00MzkyLThmMjctZDkwZWZkMjhiNWI3Iiwic2NvcGUiOiJvcGVuaWQgYXBwaWRfZGVmYXVsdCBhcHBpZF9yZWFkcHJvZmlsZSBhcHBpZF9yZWFkdXNlcmF0dHIgYXBwaWRfd3JpdGV1c2VyYXR0ciJ9.WGnEmW7RstkIAkjXswJgwuwQauprUP808nE9pkKP_NpImc0vh6AsrVmmGuAh5tzGZ_8Y9_4vBR4LpRUzBWI3lRgWW6fX3hJqQdHv8zJpkIcg7FkpXmF_0TSll3_KeRes7ks5jEQ55MvOly6I3-PaKcX--cxNXnMBkjIRl3DQdSecxaIAWrov9efrrtee93eo6r8VGKVAgUEyj88WJQYSac9odhIx8PgA0NgdriGDqHp1oewDjpiM6Hxxv4Ph3LmnY46XdI2fg6pSTT6f9OGTAMoDWyDOEkVr0zUlhcEDYtofhCpO6mSJyvRzLQDVKhwHNeCYqhwh0xGuyXaCXKqvdA"; - public static final String APP_ANON_Kid ="appId-1504685961000-c2d3da94-c901-4392-8f27-d90efd28b5b7"; - public static final String APP_ANON_JWK = "{\"keys\":[{\"kty\":\"RSA\",\"use\":\"sig\",\"n\":\"AJ-E8O4KJT6So_lUkCIkU0QKW7QjMp9vG7S7vZx0M399idZ4mP7iWWW6OTvjLHpDTx7uapiwRQktDNx3GHigJDmbbu8_VtS5K6J6be1gVrvu6pxmZtrz8PazlH5WYxkuUIfUYpzyfUubZzqzuVWqQO0W9kOhFN7HILAxb1WsQREX-iLg14MGGafrQnJgXHBAwSH0OOJr7v-nRz8AFCAicN8v0uIar9lRA7JRHQCZtpI_lkSGKKBQT1Zae9-9YlWbZlfXErQS1uYoAb3j3uaLbJVO7SNjQqEsRTjYxfpBsTtkvJmwcwA0wV2gBO3JR6K6ep0Y_KyMR8w9Fd_lvJqdltU\",\"e\":\"AQAB\",\"kid\":\"appId-1504685961000-c2d3da94-c901-4392-8f27-d90efd28b5b7\"}]}"; + public static final String TENANT = "db8a27c4-b887-4f8d-a89f-f12fb775b311"; + public static final String ISSUER = "https://eu-gb.appid.test.cloud.ibm.com/oauth/v4/" + TENANT; + public static final String SUB = "0e874ad1-32be-45b9-a16a-fa28b2f32fcd"; + public static final String CLIENT_ID = "21e8b523-eb42-4a34-a057-04ca9445f6ff"; + public static final String JWK = "{\n" + " \"keys\": [\n" + " {\n" + " \"kty\": \"RSA\",\n" + " \"use\": \"sig\",\n" + " \"n\": \"ALePj2tZTsUDtGlBKMPU1GjbdpVdKPITqDyLM4YhktHzrB2tt690Sdkr5g8wTFflhMEsNARxQnDr7ZywIgsCvpAqv8JSzuoIu-N8hp3FJeGvMJ_4Fh7mlrxh_KVE7Xv1zbqCGSrmsiWsA-Y0Fxt4QEcPlPd_BDh1W7_vm5WuP0sCNsclziq9t7UIrIrvHXFRA9nuxMsM2OfaisU0T9PczfO16EuJW6jflmP6J3ewoJ1AT1SbX7e98ecyD2Ke5I0ta33yk7AVCLtzubJz2NCDGPTWRivqFC0J1OkV90jzme4Eo7zs-CDK-ItVCkV4mgX6Caknd_j2hucGN4fMUDviWwE\",\n" + " \"e\": \"AQAB\",\n" + " \"kid\": \"appId-1533805626000-39a37f57-a227-4bfe-a044-93b6e6060b61\"\n" + " },\n" + " {\n" + " \"kty\": \"RSA\",\n" + " \"use\": \"sig\",\n" + " \"n\": \"ALnYtiiOJBatW7w9D3lrot21pogKjYIV9ZEytCKQitAmHpH2MoL9h4Tps7xP1lmd5HVOJoUomZg_S5pS8OlVfa74kVfkozZNuQAJKRNmblRFrv4AjIUCaaKAs4S7qYlGjTA3KhBqqIGOdYeyPLbjyzzzN9vwlK1g2kS2pBtJk_ONP5CHh343FEbdC_5p0A3OvSpn-ce8gn2n0czVyIL5_kxI5oCaNPHdnXrJGhOgARvwMNI8J88pCEJEjuMHZa7sHQIh5-zqKRiONJ7XzeVmOr7q4ySbXcPhDLu2KXSk-At18QvPiUIQ2DZmO9DO4fpsM8MWaZDuX-5Sd-uozGW4fhM\",\n" + " \"e\": \"AQAB\",\n" + " \"kid\": \"appId-39a37f57-a227-4bfe-a044-93b6e6060b61-2018-08-02T11:57:43.401\"\n" + " }\n" + " ]\n" + "}"; + public static final String Kid ="appId-db8a27c4-b887-4f8d-a89f-f12fb775b311-2018-08-02T12:04:09.728"; + public static final String ACCESS_TOKEN_JWK = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImFwcElkLWRiOGEyN2M0LWI4ODctNGY4ZC1hODlmLWYxMmZiNzc1YjMxMS0yMDE4LTA4LTAyVDEyOjA0OjA5LjcyOCIsInZlciI6NH0.eyJpc3MiOiJodHRwczovL2V1LWdiLmFwcGlkLnRlc3QuY2xvdWQuaWJtLmNvbS9vYXV0aC92NC9kYjhhMjdjNC1iODg3LTRmOGQtYTg5Zi1mMTJmYjc3NWIzMTEiLCJleHAiOjQ1NTI1MDI0MjQsImF1ZCI6WyIyMWU4YjUyMy1lYjQyLTRhMzQtYTA1Ny0wNGNhOTQ0NWY2ZmYiXSwic3ViIjoiMGU4NzRhZDEtMzJiZS00NWI5LWExNmEtZmEyOGIyZjMyZmNkIiwiYW1yIjpbImdvb2dsZSJdLCJpYXQiOjE1NTI1MDI0MjIsInRlbmFudCI6ImRiOGEyN2M0LWI4ODctNGY4ZC1hODlmLWYxMmZiNzc1YjMxMSIsInNjb3BlIjoib3BlbmlkIGFwcGlkX2RlZmF1bHQgYXBwaWRfcmVhZHByb2ZpbGUgYXBwaWRfcmVhZHVzZXJhdHRyIGFwcGlkX3dyaXRldXNlcmF0dHIgYXBwaWRfYXV0aGVudGljYXRlZCJ9.mJE-8nHWLnMSK6SUUm_8mNCFcLAGVuwOTO8zZ0QdadSX0LeRCx0_JR11L1ApMcDB-EazoRZmtCyVDtfnd1qHqytjHMM0VmMZ9LWnUisx38RrfXL80QHoYwcZAnjhwVre2saCEtHM94utk0B8buSOjFxiOqOEJJY-hKB8o9kPTaG0eyb5OW6_BeWTnLzpuEHkzfJ_HyOJFqEzJzrvCTTMNXar42vWf-hF8ybUDqHdYGDHsfqX-Q1dYGSAIGAGBocYqYrNkJ4KGSlAcC-hB7MhmcivNbmmTTwHY_SZJEI68Ll3VFcGn0D719xe1XD_z7ZsjXjWhsg10f4AM0qAO4TaWw"; + public static final String ACCESS_TOKEN_JWK_PUBLIC_KEY = + "{\n" + + " \"keys\": [\n" + + " {\n" + + " \"kty\": \"RSA\",\n" + + " \"n\": \"tmHvKoPklP-f7ZmYxOjf292_VdBr110t2X9_77fgTLiSj82W8jZ-m1bZ_JbZSVVhYtyvT61RXoHY0ooH45IHStDDDh7AHo0qdX12SJMl_BfZ1TC2z7Kv8iYERqO0F0fpoHUri0SfLu9_Hp0nTR2b0T2KPub00-BWyIisFuomDSdNdJa6r2SxdtYfAfr6XKDtT1k4qwioWRfeAd_JY0RzgPhlzpzwhwvkkpugGBColWCMXHqELXuX_03x5NUU39vyx1wzBbgHb4Wa4h-FvqYQYscKcSRqT4maSdFxELAPyLsH5TMlW5sOcUrkM7oifmfMRKFNweRk-9toJ3npLv0kxQ\",\n" + + " \"e\": \"AQAB\",\n" + + " \"use\": \"sig\",\n" + + " \"kid\": \"appId-db8a27c4-b887-4f8d-a89f-f12fb775b311-2018-08-02T12:04:09.728\"\n" + + " }\n" + + " ]\n" + + "}"; + public static final String APP_ANON_ACCESS_TOKEN = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImFwcElkLTM5YTM3ZjU3LWEyMjctNGJmZS1hMDQ0LTkzYjZlNjA2MGI2MS0yMDE4LTA4LTAyVDExOjU3OjQzLjQwMSJ9.eyJpc3MiOiJodHRwOi8vMTAuMC4yLjI6NjAwMiIsImV4cCI6MTU1MzA5NzcyNywiYXVkIjpbIjkxZDZmYWEyMDBlOGFkMTgyODk2MzE1OTlhM2YzYTVkNWNhZjBiMjciXSwidmVyc2lvbiI6InY0Iiwic3ViIjoiM2Y2MGZkOWEtZTdiNi00ZDM1LWFkZjctMGM4MDQwMGRhZDJlIiwiYW1yIjpbImFwcGlkX2Fub24iXSwiaWF0IjoxNTUwNTA1NzI3LCJ0ZW5hbnQiOiIzOWEzN2Y1Ny1hMjI3LTRiZmUtYTA0NC05M2I2ZTYwNjBiNjEiLCJzY29wZSI6Im9wZW5pZCBhcHBpZF9kZWZhdWx0IGFwcGlkX3JlYWRwcm9maWxlIGFwcGlkX3JlYWR1c2VyYXR0ciBhcHBpZF93cml0ZXVzZXJhdHRyIn0.Fs-BLoIos8tGaevtpIc0aCih-PG3hy-55ZfJl7orcXHWB2ELo_9M6-fNU6N6f1vpOSQ9NgyL3QsA1ytPvE70LZ0Qslkj4bvB5QwGfftrJaNhgHO_UV-YwxJRdMf0Scg3deaHM-wqz4u9d49spCZhQArlc1kT_n5o8JtjpsUwSA6fAws7fakYi4_jCeyK1UFDk6ErpOgEudi_RP1kNlGWML6EoNsDN2MikjFRy82c3wx0xWKowfGi1kKGpnk1zKY0EPNP_1Dbjt-maWbzCKnszYtBr_38o6cL99-Yo6NEncdpJe78307OXeohc-U4co2CgG5qVhwfIdnDIW9rW4Vjfg"; + public static final String APP_ANON_Kid ="appId-39a37f57-a227-4bfe-a044-93b6e6060b61-2018-08-02T11:57:43.401"; + public static final String APP_ANON_JWK ="{\"keys\":[{\"kty\":\"RSA\",\"use\":\"sig\",\"n\":\"AJ-E8O4KJT6So_lUkCIkU0QKW7QjMp9vG7S7vZx0M399idZ4mP7iWWW6OTvjLHpDTx7uapiwRQktDNx3GHigJDmbbu8_VtS5K6J6be1gVrvu6pxmZtrz8PazlH5WYxkuUIfUYpzyfUubZzqzuVWqQO0W9kOhFN7HILAxb1WsQREX-iLg14MGGafrQnJgXHBAwSH0OOJr7v-nRz8AFCAicN8v0uIar9lRA7JRHQCZtpI_lkSGKKBQT1Zae9-9YlWbZlfXErQS1uYoAb3j3uaLbJVO7SNjQqEsRTjYxfpBsTtkvJmwcwA0wV2gBO3JR6K6ep0Y_KyMR8w9Fd_lvJqdltU\",\"e\":\"AQAB\",\"kid\":\"appId-1504685961000-c2d3da94-c901-4392-8f27-d90efd28b5b7\"}]}"; }