This is an automated email from the ASF dual-hosted git repository.

angela pushed a commit to branch master
in repository 
https://gitbox.apache.org/repos/asf/sling-org-apache-sling-auth-oauth-client.git


The following commit(s) were added to refs/heads/master by this push:
     new 6e151a2  SLING-12871 SlingUserInfoProcessor doesn't store Refresh 
token (#27)
6e151a2 is described below

commit 6e151a2533513bae7220983676df5434b3e29ced
Author: Nicola Scendoni <[email protected]>
AuthorDate: Tue Aug 5 11:01:44 2025 +0200

    SLING-12871 SlingUserInfoProcessor doesn't store Refresh token (#27)
    
    * SLING-12851 SlingUserInfoProcessor should be a ServiceFactory
    
    * address review finding in SlingUserInfoProcessorImpl.java
    
    * review finding as discussed: handle missing userinfoprocessor
    
    * added test for missing UserInfoProcessor
    
    * SLING-12871 SlingUserInfoProcessor doesn't store Refresh token
    
    ---------
    
    Co-authored-by: angela <[email protected]>
---
 .../impl/SlingUserInfoProcessorImpl.java           |  2 +-
 .../impl/SlingUserInfoProcessorImplTest.java       | 23 ++++++++++++++++++++++
 2 files changed, 24 insertions(+), 1 deletion(-)

diff --git 
a/src/main/java/org/apache/sling/auth/oauth_client/impl/SlingUserInfoProcessorImpl.java
 
b/src/main/java/org/apache/sling/auth/oauth_client/impl/SlingUserInfoProcessorImpl.java
index a41d023..8a55e03 100644
--- 
a/src/main/java/org/apache/sling/auth/oauth_client/impl/SlingUserInfoProcessorImpl.java
+++ 
b/src/main/java/org/apache/sling/auth/oauth_client/impl/SlingUserInfoProcessorImpl.java
@@ -166,7 +166,7 @@ public class SlingUserInfoProcessorImpl implements 
UserInfoProcessor {
         // Store the Refresh Token on user node
         String refreshToken = tokens.accessToken();
         if (storeRefreshToken && refreshToken != null) {
-            
credentials.setAttribute(OAuthTokenStore.PROPERTY_NAME_ACCESS_TOKEN, 
cryptoService.encrypt(refreshToken));
+            
credentials.setAttribute(OAuthTokenStore.PROPERTY_NAME_REFRESH_TOKEN, 
cryptoService.encrypt(refreshToken));
         } else {
             logger.debug(
                     "Refresh Token is null, omit adding as credentials 
attribute '{}'",
diff --git 
a/src/test/java/org/apache/sling/auth/oauth_client/impl/SlingUserInfoProcessorImplTest.java
 
b/src/test/java/org/apache/sling/auth/oauth_client/impl/SlingUserInfoProcessorImplTest.java
index b296cb8..ff7d292 100644
--- 
a/src/test/java/org/apache/sling/auth/oauth_client/impl/SlingUserInfoProcessorImplTest.java
+++ 
b/src/test/java/org/apache/sling/auth/oauth_client/impl/SlingUserInfoProcessorImplTest.java
@@ -175,6 +175,29 @@ class SlingUserInfoProcessorImplTest {
         verify(cryptoService).encrypt(TEST_ACCESS_TOKEN);
     }
 
+    @Test
+    void testStoreRefreshToken() throws Exception {
+        SlingUserInfoProcessorImpl.Config cfg = Converters.standardConverter()
+                .convert(Map.of(
+                        "groupsInIdToken", false,
+                        "storeAccessToken", false,
+                        "storeRefreshToken", true,
+                        "groupsClaimName", "groups",
+                        "connection", "test"))
+                .to(SlingUserInfoProcessorImpl.Config.class);
+        processor = new SlingUserInfoProcessorImpl(cryptoService, cfg);
+
+        String tokenResponse = createTokenResponse(TEST_ACCESS_TOKEN, 
TEST_REFRESH_TOKEN);
+
+        OidcAuthCredentials result = processor.process(null, tokenResponse, 
TEST_SUBJECT, TEST_IDP);
+
+        assertNotNull(result);
+        // Note: There's a bug in the original code - it uses accessToken() 
instead of refreshToken()
+        // This test validates the current behavior
+        assertEquals(ENCRYPTED_TOKEN, 
result.getAttribute(OAuthTokenStore.PROPERTY_NAME_REFRESH_TOKEN));
+        verify(cryptoService).encrypt(TEST_ACCESS_TOKEN); // This should be 
TEST_REFRESH_TOKEN
+    }
+
     @Test
     void testProcessWithEmptyGroups() throws Exception {
         // Create user info with empty groups array

Reply via email to