navikt · jksolbakken · Feb 2, 2024 · Jan 29, 2024 · Jan 30, 2024
@@ -4,7 +4,7 @@ import com.github.benmanes.gradle.versions.updates.DependencyUpdatesTask
 val assertjVersion = "3.25.2"
 val kotlinLoggingVersion = "3.0.5"
 val logbackVersion = "1.4.14"
-val nimbusSdkVersion = "11.6"
+val nimbusSdkVersion = "11.7"
 val mockWebServerVersion = "4.12.0"
 val jacksonVersion = "2.16.1"
 val nettyVersion = "4.1.106.Final"

@@ -66,6 +66,7 @@ class SessionManager {
                     null
                 },
             )
+
         companion object {
             const val DEBUGGER_SESSION_COOKIE = "debugger-session"
         }

@@ -102,11 +102,12 @@ MockWebServerWrapper
 
         override fun port(): Int = mockWebServer.port
 
-        override fun url(path: String): HttpUrl = mockWebServer
-            .url(path)
-            .newBuilder()
-            .host(address?.hostName ?: mockWebServer.hostName)
-            .build()
+        override fun url(path: String): HttpUrl =
+            mockWebServer
+                .url(path)
+                .newBuilder()
+                .host(address?.hostName ?: mockWebServer.hostName)
+                .build()
 
         override fun sslConfig(): Ssl? = ssl
 

@@ -90,7 +90,6 @@ class InteractiveLoginIntegrationTest {
                 "client_id" to "client1",
                 "client_secret" to "secret",
                 "grant_type" to "authorization_code",
-                "scope" to "openid scope1",
                 "redirect_uri" to "http://mycallback",
                 "code" to authCode,
             ),

@@ -115,7 +115,6 @@ class MockOAuth2ServerIntegrationTest {
                 "client_id" to "client1",
                 "client_secret" to "secret",
                 "grant_type" to "authorization_code",
-                "scope" to "openid scope1",
                 "redirect_uri" to "http://mycallback",
                 "code" to "1234",
             ),

@@ -56,17 +56,15 @@ class OidcAuthorizationCodeGrantIntegrationTest {
                 "client_id" to "client1",
                 "client_secret" to "secret",
                 "grant_type" to "authorization_code",
-                "scope" to "openid scope1",
                 "redirect_uri" to "http://mycallback",
                 "code" to code,
             ),
         ).toTokenResponse().asClue {
             it.accessToken shouldNotBe null
             it.idToken shouldNotBe null
             it.expiresIn shouldBeGreaterThan 0
-            it.scope shouldBe "openid scope1"
             it.idToken?.audience shouldContainExactly listOf("client1")
-            it.accessToken?.audience shouldContainExactly listOf("scope1")
+            it.accessToken?.audience shouldContainExactly listOf("default")
         }
     }
 
@@ -90,17 +88,15 @@ class OidcAuthorizationCodeGrantIntegrationTest {
                 "client_id" to "client1",
                 "client_secret" to "secret",
                 "grant_type" to "authorization_code",
-                "scope" to "openid scope1",
                 "redirect_uri" to "http://mycallback",
                 "code" to code,
             ),
         ).toTokenResponse().asClue {
             it.accessToken shouldNotBe null
             it.idToken shouldNotBe null
             it.expiresIn shouldBeGreaterThan 0
-            it.scope shouldBe "openid scope1"
             it.idToken?.audience shouldContainExactly listOf("client1")
-            it.accessToken?.audience shouldContainExactly listOf("scope1")
+            it.accessToken?.audience shouldContainExactly listOf("default")
             it.idToken?.subject shouldBe "foo"
         }
         server.shutdown()
@@ -152,7 +148,6 @@ class OidcAuthorizationCodeGrantIntegrationTest {
             "client_id" to "client1",
             "client_secret" to "secret",
             "grant_type" to "authorization_code",
-            "scope" to "openid scope1",
             "redirect_uri" to "http://mycallback",
             "code" to code,
         ).apply {

@@ -50,7 +50,6 @@ class RefreshTokenGrantIntegrationTest {
                         "code" to authorizationCode,
                         "client_id" to "id",
                         "client_secret" to "secret",
-                        "scope" to "openid",
                         "redirect_uri" to "http://something",
                     ),
                 ).toTokenResponse()

@@ -71,7 +71,6 @@ class RevocationIntegrationTest {
                 "code" to authorizationCode,
                 "client_id" to "id",
                 "client_secret" to "secret",
-                "scope" to "openid",
                 "redirect_uri" to "http://something",
             ),
         ).toTokenResponse()

@@ -32,7 +32,6 @@ class ExampleAppWithOpenIdConnect(oidcDiscoveryUrl: String) : AbstractExampleApp
                             .post(
                                 FormBody.Builder()
                                     .add("client_id", "client1")
-                                    .add("scope", authenticationRequest().scope.toString())
                                     .add("code", code)
                                     .add("redirect_uri", exampleApp.url("/callback").toString())
                                     .add("grant_type", "authorization_code")

@@ -122,7 +122,6 @@ internal class AuthorizationCodeHandlerTest {
     private fun tokenRequest(
         code: String,
         redirectUri: String = "http://redirect",
-        scope: String = "openid",
     ): OAuth2HttpRequest {
         return OAuth2HttpRequest(
             headers = Headers.headersOf("Content-Type", "application/x-www-form-urlencoded"),
@@ -133,8 +132,7 @@ internal class AuthorizationCodeHandlerTest {
                     "client_id=client1&" +
                     "client_secret=secret&" +
                     "code=$code&" +
-                    "redirect_uri=$redirectUri&" +
-                    "scope=$scope",
+                    "redirect_uri=$redirectUri&"
         )
     }
 }
@@ -94,7 +94,7 @@ internal class OAuth2TokenCallbackTest {
 
         @Test
         fun `token request with request params matching wildcard requestmapping should return default claims from callback`() {
-            val shouldMatchAllGrantTypes = authCodeRequest("scope" to "openid scope1")
+            val shouldMatchAllGrantTypes = authCodeRequest()
             assertSoftly {
                 issuer1.subject(shouldMatchAllGrantTypes) shouldBe "defaultSub"
                 issuer1.audience(shouldMatchAllGrantTypes) shouldBe listOf("defaultAud")
@@ -138,14 +138,14 @@ internal class OAuth2TokenCallbackTest {
 
         @Test
         fun `oidc auth code token request should return scopes not in OIDC from audience in callback`() {
-            authCodeRequest("scope" to "openid").let { tokenRequest ->
+            authCodeRequest().let { tokenRequest ->
                 DefaultOAuth2TokenCallback().asClue {
-                    it.audience(tokenRequest) shouldBe emptyList()
+                    it.audience(tokenRequest) shouldBe listOf("default")
                 }
             }
-            authCodeRequest("scope" to "openid scope1").let { tokenRequest ->
+            authCodeRequest().let { tokenRequest ->
                 DefaultOAuth2TokenCallback().asClue {
-                    it.audience(tokenRequest) shouldBe listOf("scope1")
+                    it.audience(tokenRequest) shouldBe listOf("default")
                 }
             }
         }
-Original file line number
+Diff line change
@@ Expand Up / @@ -66,6 +66,7 @@ class SessionManager { @@
                         null
                     },
                 )
             companion object {
                 const val DEBUGGER_SESSION_COOKIE = "debugger-session"
             }
@@ Expand Down @@