eclipse-vertx · pmlopes · Oct 11, 2023 · Aug 30, 2023
diff --git a/vertx-auth-oauth2/src/main/java/io/vertx/ext/auth/oauth2/impl/OAuth2AuthProviderImpl.java b/vertx-auth-oauth2/src/main/java/io/vertx/ext/auth/oauth2/impl/OAuth2AuthProviderImpl.java
@@ -326,7 +326,7 @@ public Future<User> authenticate(Credentials credentials) {
 
             // attempt to create a user from the json object
             final User newUser = createUser(
-              json,
+              json.put("access_token", tokenCredentials.getToken()),
               user.attributes().containsKey("missing-kid"));
 
             // final step, verify if the user is not expired

diff --git a/vertx-auth-oauth2/src/test/java/io/vertx/ext/auth/test/oauth2/OAuth2IntrospectTest.java b/vertx-auth-oauth2/src/test/java/io/vertx/ext/auth/test/oauth2/OAuth2IntrospectTest.java
@@ -141,12 +141,11 @@ public void introspectAccessToken(TestContext should) {
           should.assertNotNull(token2);
           JsonObject principal = token2.principal().copy();
 
-          // clean time specific value
-          principal.remove("expires_at");
-          principal.remove("access_token");
-          principal.remove("opaque");
-
           final JsonObject assertion = fixtureIntrospect.copy();
+          // principal should be identified as opaque
+          assertion.put("opaque", true);
+          // access token should be present in the principal
+          assertion.put("access_token", token);
 
           should.assertEquals(assertion.getMap(), principal.getMap());
 
@@ -180,11 +179,13 @@ public void introspectAccessTokenGoogleWay(TestContext should) {
           should.assertNotNull(token);
           // make a copy because later we need to original data
           JsonObject principal = token.principal().copy();
-          // clean time specific value
-          principal.remove("opaque");
 
           // clean up control
           final JsonObject assertion = fixtureGoogle.copy();
+          // principal should be identified as opaque
+          assertion.put("opaque", true);
+          // access token should be present in the principal
+          assertion.put("access_token", OAuth2IntrospectTest.token);
 
           should.assertEquals(assertion.getMap(), principal.getMap());
 
@@ -230,7 +231,17 @@ public void introspectAccessTokenKeyCloakWay(TestContext should) {
         } else {
           User token = res.result();
           should.assertNotNull(token);
-          should.assertNotNull(token.principal());
+          // make a copy because later we need to original data
+          JsonObject principal = token.principal().copy();
+
+          // clean up control
+          final JsonObject assertion = fixtureKeycloak.copy();
+          // principal should be identified as opaque
+          assertion.put("opaque", true);
+          // access token should be present in the principal
+          assertion.put("access_token", OAuth2IntrospectTest.token);
+
+          should.assertEquals(assertion.getMap(), principal.getMap());
           test.complete();
         }
       });