This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to branch master
in repository
https://gitbox.apache.org/repos/asf/sling-org-apache-sling-auth-oauth-client.git
The following commit(s) were added to refs/heads/master by this push:
new c84fd60 SLING-12871 SlingUserInfoProcessor doesn't store Refresh
token (#29)
c84fd60 is described below
commit c84fd60772fbe9dc4287fcd5ed03cc9630b31ebc
Author: Nicola Scendoni <[email protected]>
AuthorDate: Wed Aug 6 10:55:46 2025 +0200
SLING-12871 SlingUserInfoProcessor doesn't store Refresh token (#29)
Follow-up fix.
---
.../auth/oauth_client/impl/SlingUserInfoProcessorImpl.java | 2 +-
.../oauth_client/impl/SlingUserInfoProcessorImplTest.java | 14 ++++++++------
2 files changed, 9 insertions(+), 7 deletions(-)
diff --git
a/src/main/java/org/apache/sling/auth/oauth_client/impl/SlingUserInfoProcessorImpl.java
b/src/main/java/org/apache/sling/auth/oauth_client/impl/SlingUserInfoProcessorImpl.java
index 8a55e03..a8880f4 100644
---
a/src/main/java/org/apache/sling/auth/oauth_client/impl/SlingUserInfoProcessorImpl.java
+++
b/src/main/java/org/apache/sling/auth/oauth_client/impl/SlingUserInfoProcessorImpl.java
@@ -164,7 +164,7 @@ public class SlingUserInfoProcessorImpl implements
UserInfoProcessor {
}
// Store the Refresh Token on user node
- String refreshToken = tokens.accessToken();
+ String refreshToken = tokens.refreshToken();
if (storeRefreshToken && refreshToken != null) {
credentials.setAttribute(OAuthTokenStore.PROPERTY_NAME_REFRESH_TOKEN,
cryptoService.encrypt(refreshToken));
} else {
diff --git
a/src/test/java/org/apache/sling/auth/oauth_client/impl/SlingUserInfoProcessorImplTest.java
b/src/test/java/org/apache/sling/auth/oauth_client/impl/SlingUserInfoProcessorImplTest.java
index ff7d292..3c0d867 100644
---
a/src/test/java/org/apache/sling/auth/oauth_client/impl/SlingUserInfoProcessorImplTest.java
+++
b/src/test/java/org/apache/sling/auth/oauth_client/impl/SlingUserInfoProcessorImplTest.java
@@ -54,6 +54,7 @@ class SlingUserInfoProcessorImplTest {
private static final String TEST_ACCESS_TOKEN = "test-access-token";
private static final String TEST_REFRESH_TOKEN = "test-refresh-token";
private static final String ENCRYPTED_TOKEN = "encrypted-token";
+ private static final String ENCRYPTED_REFRESH_TOKEN =
"encrypted-refresh-token";
@BeforeEach
void setUp() {
@@ -66,8 +67,6 @@ class SlingUserInfoProcessorImplTest {
"connection", "test"))
.to(SlingUserInfoProcessorImpl.Config.class);
processor = new SlingUserInfoProcessorImpl(cryptoService, cfg);
-
- when(cryptoService.encrypt(anyString())).thenReturn(ENCRYPTED_TOKEN);
}
@Test
@@ -156,6 +155,8 @@ class SlingUserInfoProcessorImplTest {
@Test
void testStoreAccessToken() throws Exception {
+ when(cryptoService.encrypt(anyString())).thenReturn(ENCRYPTED_TOKEN);
+
SlingUserInfoProcessorImpl.Config cfg = Converters.standardConverter()
.convert(Map.of(
"groupsInIdToken", false,
@@ -177,6 +178,8 @@ class SlingUserInfoProcessorImplTest {
@Test
void testStoreRefreshToken() throws Exception {
+
when(cryptoService.encrypt(anyString())).thenReturn(ENCRYPTED_REFRESH_TOKEN);
+
SlingUserInfoProcessorImpl.Config cfg = Converters.standardConverter()
.convert(Map.of(
"groupsInIdToken", false,
@@ -192,10 +195,9 @@ class SlingUserInfoProcessorImplTest {
OidcAuthCredentials result = processor.process(null, tokenResponse,
TEST_SUBJECT, TEST_IDP);
assertNotNull(result);
- // Note: There's a bug in the original code - it uses accessToken()
instead of refreshToken()
- // This test validates the current behavior
- assertEquals(ENCRYPTED_TOKEN,
result.getAttribute(OAuthTokenStore.PROPERTY_NAME_REFRESH_TOKEN));
- verify(cryptoService).encrypt(TEST_ACCESS_TOKEN); // This should be
TEST_REFRESH_TOKEN
+
+ assertEquals(ENCRYPTED_REFRESH_TOKEN,
result.getAttribute(OAuthTokenStore.PROPERTY_NAME_REFRESH_TOKEN));
+ verify(cryptoService).encrypt(TEST_REFRESH_TOKEN);
}
@Test
