Add unit tests for federated PKCE flow

sadilchamishka · Mar 30, 2023 · 35ff37f · 35ff37f
1 parent 2f08df5
commit 35ff37f
Showing 1 changed file with 28 additions and 0 deletions.
diff --git a/...g/wso2/carbon/identity/application/authenticator/oidc/OpenIDConnectAuthenticatorTest.java b/...g/wso2/carbon/identity/application/authenticator/oidc/OpenIDConnectAuthenticatorTest.java
@@ -30,6 +30,7 @@
 import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
 import org.mockito.Matchers;
 import org.mockito.Mock;
+import org.powermock.core.classloader.annotations.PowerMockIgnore;
 import org.powermock.core.classloader.annotations.PrepareForTest;
 import org.powermock.modules.testng.PowerMockTestCase;
 import org.powermock.reflect.Whitebox;
@@ -51,6 +52,7 @@
 import org.wso2.carbon.identity.claim.metadata.mgt.ClaimMetadataManagementService;
 import org.wso2.carbon.identity.core.ServiceURL;
 import org.wso2.carbon.identity.core.ServiceURLBuilder;
+import org.wso2.carbon.identity.core.URLBuilderException;
 import org.wso2.carbon.identity.core.util.IdentityCoreConstants;
 import org.wso2.carbon.identity.core.util.IdentityUtil;
 import org.wso2.carbon.user.api.RealmConfiguration;
@@ -89,6 +91,7 @@
 @PrepareForTest({LogFactory.class, OAuthClient.class, URL.class, FrameworkUtils.class,
         OpenIDConnectAuthenticatorDataHolder.class, OAuthAuthzResponse.class, OAuthClientRequest.class,
         OAuthClientResponse.class, IdentityUtil.class, OpenIDConnectAuthenticator.class, ServiceURLBuilder.class})
+@PowerMockIgnore("jdk.internal.reflect.*")
 public class OpenIDConnectAuthenticatorTest extends PowerMockTestCase {
 
     @Mock
@@ -411,6 +414,31 @@ public void testPassProcessAuthenticationResponse() throws Exception {
                 "Invalid Id token in the authentication context.");
     }
 
+    /**
+     * Test whether the token request contains the code verifier when PKCE is enabled.
+     *
+     * @throws URLBuilderException
+     * @throws AuthenticationFailedException
+     */
+    @Test()
+    public void testGetAccessTokenRequestWithPKCE() throws URLBuilderException, AuthenticationFailedException {
+        mockAuthenticationRequestContext(mockAuthenticationContext);
+        mockAuthenticationContext.getAuthenticatorProperties()
+                .put(OIDCAuthenticatorConstants.ENABLE_FEDERATED_PKCE, "true");
+        when(mockAuthenticationContext.getProperty(OIDCAuthenticatorConstants.OAUTH_FEDERATED_PKCE_CODE_VERIFIER))
+                .thenReturn("sample_code_verifier");
+        OAuthAuthzResponse oAuthAuthzResponse = mock(OAuthAuthzResponse.class);
+        when(oAuthAuthzResponse.getCode()).thenReturn("abc");
+        mockStatic(ServiceURLBuilder.class);
+        ServiceURLBuilder serviceURLBuilder = mock(ServiceURLBuilder.class);
+        when(ServiceURLBuilder.create()).thenReturn(serviceURLBuilder);
+        when(serviceURLBuilder.build()).thenReturn(serviceURL);
+        when(serviceURL.getAbsolutePublicURL()).thenReturn("http://localhost:9443");
+        OAuthClientRequest request = openIDConnectAuthenticator
+                .getAccessTokenRequest(mockAuthenticationContext, oAuthAuthzResponse);
+        assertTrue(request.getBody().contains("code_verifier=sample_code_verifier"));
+    }
+
     @Test(expectedExceptions = AuthenticationFailedException.class)
     public void testPassProcessAuthenticationResponseWithoutAccessToken() throws Exception {