This is an automated email from the ASF dual-hosted git repository.
angela pushed a commit to branch master
in repository
https://gitbox.apache.org/repos/asf/sling-org-apache-sling-auth-oauth-client.git
The following commit(s) were added to refs/heads/master by this push:
new 6e151a2 SLING-12871 SlingUserInfoProcessor doesn't store Refresh
token (#27)
6e151a2 is described below
commit 6e151a2533513bae7220983676df5434b3e29ced
Author: Nicola Scendoni <[email protected]>
AuthorDate: Tue Aug 5 11:01:44 2025 +0200
SLING-12871 SlingUserInfoProcessor doesn't store Refresh token (#27)
* SLING-12851 SlingUserInfoProcessor should be a ServiceFactory
* address review finding in SlingUserInfoProcessorImpl.java
* review finding as discussed: handle missing userinfoprocessor
* added test for missing UserInfoProcessor
* SLING-12871 SlingUserInfoProcessor doesn't store Refresh token
---------
Co-authored-by: angela <[email protected]>
---
.../impl/SlingUserInfoProcessorImpl.java | 2 +-
.../impl/SlingUserInfoProcessorImplTest.java | 23 ++++++++++++++++++++++
2 files changed, 24 insertions(+), 1 deletion(-)
diff --git
a/src/main/java/org/apache/sling/auth/oauth_client/impl/SlingUserInfoProcessorImpl.java
b/src/main/java/org/apache/sling/auth/oauth_client/impl/SlingUserInfoProcessorImpl.java
index a41d023..8a55e03 100644
---
a/src/main/java/org/apache/sling/auth/oauth_client/impl/SlingUserInfoProcessorImpl.java
+++
b/src/main/java/org/apache/sling/auth/oauth_client/impl/SlingUserInfoProcessorImpl.java
@@ -166,7 +166,7 @@ public class SlingUserInfoProcessorImpl implements
UserInfoProcessor {
// Store the Refresh Token on user node
String refreshToken = tokens.accessToken();
if (storeRefreshToken && refreshToken != null) {
-
credentials.setAttribute(OAuthTokenStore.PROPERTY_NAME_ACCESS_TOKEN,
cryptoService.encrypt(refreshToken));
+
credentials.setAttribute(OAuthTokenStore.PROPERTY_NAME_REFRESH_TOKEN,
cryptoService.encrypt(refreshToken));
} else {
logger.debug(
"Refresh Token is null, omit adding as credentials
attribute '{}'",
diff --git
a/src/test/java/org/apache/sling/auth/oauth_client/impl/SlingUserInfoProcessorImplTest.java
b/src/test/java/org/apache/sling/auth/oauth_client/impl/SlingUserInfoProcessorImplTest.java
index b296cb8..ff7d292 100644
---
a/src/test/java/org/apache/sling/auth/oauth_client/impl/SlingUserInfoProcessorImplTest.java
+++
b/src/test/java/org/apache/sling/auth/oauth_client/impl/SlingUserInfoProcessorImplTest.java
@@ -175,6 +175,29 @@ class SlingUserInfoProcessorImplTest {
verify(cryptoService).encrypt(TEST_ACCESS_TOKEN);
}
+ @Test
+ void testStoreRefreshToken() throws Exception {
+ SlingUserInfoProcessorImpl.Config cfg = Converters.standardConverter()
+ .convert(Map.of(
+ "groupsInIdToken", false,
+ "storeAccessToken", false,
+ "storeRefreshToken", true,
+ "groupsClaimName", "groups",
+ "connection", "test"))
+ .to(SlingUserInfoProcessorImpl.Config.class);
+ processor = new SlingUserInfoProcessorImpl(cryptoService, cfg);
+
+ String tokenResponse = createTokenResponse(TEST_ACCESS_TOKEN,
TEST_REFRESH_TOKEN);
+
+ OidcAuthCredentials result = processor.process(null, tokenResponse,
TEST_SUBJECT, TEST_IDP);
+
+ assertNotNull(result);
+ // Note: There's a bug in the original code - it uses accessToken()
instead of refreshToken()
+ // This test validates the current behavior
+ assertEquals(ENCRYPTED_TOKEN,
result.getAttribute(OAuthTokenStore.PROPERTY_NAME_REFRESH_TOKEN));
+ verify(cryptoService).encrypt(TEST_ACCESS_TOKEN); // This should be
TEST_REFRESH_TOKEN
+ }
+
@Test
void testProcessWithEmptyGroups() throws Exception {
// Create user info with empty groups array
