Add Device Authorization Grant tests

Author: solevic

library/javatests/net/openid/appauth/AuthStateTest.java

@@ -20,20 +20,28 @@
 import static net.openid.appauth.TestValues.TEST_ID_TOKEN;
 import static net.openid.appauth.TestValues.TEST_REFRESH_TOKEN;
 import static net.openid.appauth.TestValues.getMinimalAuthRequestBuilder;
+import static net.openid.appauth.TestValues.getMinimalDeviceAuthRequestBuilder;
 import static net.openid.appauth.TestValues.getTestAuthCodeExchangeResponse;
 import static net.openid.appauth.TestValues.getTestAuthCodeExchangeResponseBuilder;
 import static net.openid.appauth.TestValues.getTestAuthRequest;
 import static net.openid.appauth.TestValues.getTestAuthResponse;
 import static net.openid.appauth.TestValues.getTestAuthResponseBuilder;
+import static net.openid.appauth.TestValues.getTestDeviceAuthorizationResponse;
 import static net.openid.appauth.TestValues.getTestRegistrationResponse;
 import static net.openid.appauth.TestValues.getTestRegistrationResponseBuilder;
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.junit.Assert.assertTrue;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyLong;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.ArgumentMatchers.isNull;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyNoInteractions;
+import static org.mockito.Mockito.when;
+
+import androidx.annotation.Nullable;
 
 import java.util.Collections;
 import org.junit.Before;
@@ -71,6 +79,7 @@ public void testInitialState() {
         assertThat(state.getLastAuthorizationResponse()).isNull();
         assertThat(state.getLastTokenResponse()).isNull();
         assertThat(state.getLastRegistrationResponse()).isNull();
+        assertThat(state.getLastDeviceAuthorizationResponse()).isNull();
 
         assertThat(state.getScope()).isNull();
         assertThat(state.getScopeSet()).isNull();
@@ -93,6 +102,7 @@ public void testInitialState_fromAuthorizationResponse() {
         assertThat(state.getAuthorizationException()).isNull();
         assertThat(state.getLastAuthorizationResponse()).isSameAs(resp);
         assertThat(state.getLastTokenResponse()).isNull();
+        assertThat(state.getLastDeviceAuthorizationResponse()).isNull();
 
         assertThat(state.getScope()).isEqualTo(authCodeRequest.scope);
         assertThat(state.getScopeSet()).isEqualTo(authCodeRequest.getScopeSet());
@@ -103,7 +113,7 @@ public void testInitialState_fromAuthorizationResponse() {
     @Test
     public void testInitialState_fromAuthorizationException() {
         AuthState state = new AuthState(
-                null,
+                (AuthorizationResponse) null,
                 AuthorizationException.AuthorizationRequestErrors.ACCESS_DENIED);
 
         assertThat(state.isAuthorized()).isFalse();
@@ -181,6 +191,28 @@ public void testInitialState_fromRegistrationResponse() {
         assertThat(state.getNeedsTokenRefresh(mClock)).isTrue();
     }
 
+    @Test
+    public void testInitialState_fromDeviceAuthResponse() {
+        DeviceAuthorizationResponse deviceAuthResp = getTestDeviceAuthorizationResponse();
+        AuthState state = new AuthState(deviceAuthResp, null);
+
+        assertThat(state.isAuthorized()).isFalse();
+        assertThat(state.getAccessToken()).isNull();
+        assertThat(state.getAccessTokenExpirationTime()).isNull();
+        assertThat(state.getIdToken()).isNull();
+        assertThat(state.getRefreshToken()).isNull();
+
+        assertThat(state.getAuthorizationException()).isNull();
+        assertThat(state.getLastAuthorizationResponse()).isNull();
+        assertThat(state.getLastTokenResponse()).isNull();
+        assertThat(state.getLastRegistrationResponse()).isNull();
+        assertThat(state.getLastDeviceAuthorizationResponse()).isSameAs(deviceAuthResp);
+
+        assertThat(state.getScope()).isNull();
+        assertThat(state.getScopeSet()).isNull();
+        assertThat(state.getNeedsTokenRefresh(mClock)).isTrue();
+    }
+
     @Test(expected = IllegalArgumentException.class)
     public void testConstructor_withAuthResponseAndException() {
         new AuthState(getTestAuthResponse(),
@@ -225,6 +257,25 @@ public void testUpdate_tokenResponseWithException_ignoredErrorType() {
         assertThat(state.getAuthorizationException()).isNull();
     }
 
+    @Test
+    public void testUpdate_deviceAuthResponseWithException_deviceAuthErrorType() {
+        AuthState state = new AuthState();
+        state.update((DeviceAuthorizationResponse) null,
+            AuthorizationException.DeviceCodeRequestErrors.ACCESS_DENIED);
+
+        assertThat(state.getAuthorizationException())
+            .isSameAs(AuthorizationException.DeviceCodeRequestErrors.ACCESS_DENIED);
+    }
+
+    @Test
+    public void testUpdate_deviceAuthResponseWithException_ignoredErrorType() {
+        AuthState state = new AuthState();
+        state.update((DeviceAuthorizationResponse) null,
+            AuthorizationException.GeneralErrors.SERVER_ERROR);
+
+        assertThat(state.getAuthorizationException()).isNull();
+    }
+
     @Test(expected = IllegalArgumentException.class)
     public void testUpdate_withAuthResponseAndException() {
         AuthState state = new AuthState();
@@ -239,6 +290,13 @@ public void testUpdate_withTokenResponseAndException() {
                 AuthorizationException.AuthorizationRequestErrors.ACCESS_DENIED);
     }
 
+    @Test(expected = IllegalArgumentException.class)
+    public void testUpdate_withDeviceAuthResponseAndException() {
+        AuthState state = new AuthState();
+        state.update(getTestDeviceAuthorizationResponse(),
+            AuthorizationException.AuthorizationRequestErrors.ACCESS_DENIED);
+    }
+
     @Test
     public void testGetAccessToken_fromAuthResponse() {
         AuthorizationRequest authReq = getMinimalAuthRequestBuilder("code token")
@@ -319,6 +377,60 @@ public void testGetIdToken_fromTokenResponse() {
         assertThat(state.getIdToken()).isEqualTo(tokenResp.idToken);
     }
 
+    @Test
+    public void testGetConfiguration() {
+        AuthorizationResponse authResp = getTestAuthResponse();
+        AuthState state = new AuthState(authResp, null);
+        assertThat(state.getConfiguration()).isEqualTo(authResp.request.configuration);
+
+        TokenResponse tokenResp = getTestAuthCodeExchangeResponse();
+        state.update(tokenResp, null);
+        assertThat(state.getConfiguration()).isEqualTo(tokenResp.request.configuration);
+
+        DeviceAuthorizationResponse deviceAuthResp = getTestDeviceAuthorizationResponse();
+        state.update(deviceAuthResp, null);
+        assertThat(state.getConfiguration()).isEqualTo(deviceAuthResp.request.configuration);
+    }
+
+    @Test
+    public void testGetClientId_fromAuthResponse() {
+        AuthorizationResponse authResp = getTestAuthResponse();
+        AuthState state = new AuthState(authResp, null);
+
+        assertThat(state.getClientId()).isEqualTo((Object) authResp.request.clientId);
+    }
+
+    @Test
+    public void testGetClientId_fromTokenResponse() {
+        AuthorizationRequest authReq = getMinimalAuthRequestBuilder("code")
+            .setClientId("123456")
+            .build();
+        AuthorizationResponse authResp = new AuthorizationResponse.Builder(authReq)
+            .build();
+        TokenResponse tokenResp = getTestAuthCodeExchangeResponse();
+        AuthState state = new AuthState(authResp, tokenResp, null);
+
+        // in this scenario, we have a client ID on both the authorization response and the
+        // token response. The value on the token response takes precedence.
+        assertThat(state.getClientId()).isEqualTo((Object) tokenResp.request.clientId);
+    }
+
+    @Test
+    public void testGetClientId_fromDeviceAuthResponse() {
+        AuthorizationRequest authReq = getMinimalAuthRequestBuilder("code")
+            .setClientId("123456")
+            .build();
+        AuthorizationResponse authResp = new AuthorizationResponse.Builder(authReq)
+            .build();
+        DeviceAuthorizationResponse deviceAuthResp = getTestDeviceAuthorizationResponse();
+        AuthState state = new AuthState(authResp,null);
+        state.update(deviceAuthResp, null);
+
+        // in this scenario, we have a client ID on both the authorization response and the device
+        // authorization response. The value on the device authorization response takes precedence.
+        assertThat(state.getClientId()).isEqualTo((Object) deviceAuthResp.request.clientId);
+    }
+
     @Test
     public void testCreateTokenRefreshRequest() {
         AuthorizationResponse authResp = getTestAuthResponse();
@@ -580,6 +692,70 @@ public void testPerformActionWithFreshToken_afterTokenExpiration_multipleActions
         assertThat(state.getIdToken()).isEqualTo(freshIdToken);
     }
 
+    @Test
+    public void testPerformTokenPollRequest() {
+        DeviceAuthorizationResponse deviceAuthResp = getTestDeviceAuthorizationResponse();
+        AuthState state = new AuthState(deviceAuthResp, null);
+
+        AuthorizationService service = mock(AuthorizationService.class);
+        AuthorizationService.TokenResponseCallback callback =
+            mock(AuthorizationService.TokenResponseCallback.class);
+
+        state.performTokenPollRequest(service, callback);
+
+        verify(service, times(1)).performTokenPollRequest(
+            any(TokenRequest.class),
+            any(ClientAuthentication.class),
+            anyLong(),
+            anyLong(),
+            any(AuthorizationService.TokenResponseCallback.class));
+    }
+
+    @Test
+    public void testPerformTokenPollRequest_deviceAuthMissingError() {
+        AuthState state = new AuthState();
+
+        AuthorizationService service = mock(AuthorizationService.class);
+        AuthorizationService.TokenResponseCallback callback =
+            mock(AuthorizationService.TokenResponseCallback.class);
+
+        state.performTokenPollRequest(service, callback);
+
+        ArgumentCaptor<AuthorizationException> exceptionCaptor =
+            ArgumentCaptor.forClass(AuthorizationException.class);
+
+        verify(callback, times(1)).onTokenRequestCompleted(
+            ArgumentMatchers.<TokenResponse>isNull(),
+            exceptionCaptor.capture());
+
+        assertThat(exceptionCaptor.getValue())
+            .isEqualTo(AuthorizationException.DeviceCodeRequestErrors.CLIENT_ERROR);
+    }
+
+    @Test
+    public void testCancelTokenPoll() {
+        DeviceAuthorizationResponse deviceAuthResp = getTestDeviceAuthorizationResponse();
+        AuthState state = new AuthState(deviceAuthResp, null);
+
+        AuthorizationService service = mock(AuthorizationService.class);
+        AuthorizationService.TokenResponseCallback callback =
+            mock(AuthorizationService.TokenResponseCallback.class);
+        CancelAsyncTaskRunnable cancelRunnable = mock(CancelAsyncTaskRunnable.class);
+
+        when(service.performTokenPollRequest(
+            any(TokenRequest.class),
+            any(ClientAuthentication.class),
+            anyLong(),
+            anyLong(),
+            any(AuthorizationService.TokenResponseCallback.class)
+        )).thenReturn(cancelRunnable);
+
+        state.performTokenPollRequest(service, callback);
+        state.cancelTokenPoll();
+
+        verify(cancelRunnable, times(1)).run();
+    }
+
     @Test
     public void testJsonSerialization() throws Exception {
         AuthorizationRequest authReq = getMinimalAuthRequestBuilder("id_token token code")
@@ -597,8 +773,10 @@ public void testJsonSerialization() throws Exception {
 
         TokenResponse tokenResp = getTestAuthCodeExchangeResponse();
         RegistrationResponse regResp = getTestRegistrationResponse();
+        DeviceAuthorizationResponse deviceAuthResp = getTestDeviceAuthorizationResponse();
         AuthState state = new AuthState(authResp, tokenResp, null);
         state.update(regResp);
+        state.update(deviceAuthResp, null);
 
         String json = state.jsonSerializeString();
         AuthState restoredState = AuthState.jsonDeserialize(json);
@@ -610,6 +788,11 @@ public void testJsonSerialization() throws Exception {
                 .isEqualTo(state.getAccessTokenExpirationTime());
         assertThat(restoredState.getIdToken()).isEqualTo(state.getIdToken());
         assertThat(restoredState.getRefreshToken()).isEqualTo(state.getRefreshToken());
+        assertThat(restoredState.getUserCode()).isEqualTo(state.getUserCode());
+        assertThat(restoredState.getCodeExpirationTime()).isEqualTo(state.getCodeExpirationTime());
+        assertThat(restoredState.getVerificationUri()).isEqualTo(state.getVerificationUri());
+        assertThat(restoredState.getVerificationUriComplete())
+                .isEqualTo(state.getVerificationUriComplete());
         assertThat(restoredState.getScope()).isEqualTo(state.getScope());
         assertThat(restoredState.getNeedsTokenRefresh(mClock))
                 .isEqualTo(state.getNeedsTokenRefresh(mClock));
@@ -635,8 +818,10 @@ public void testJsonSerialization_doesNotChange() throws Exception {
 
         TokenResponse tokenResp = getTestAuthCodeExchangeResponse();
         RegistrationResponse regResp = getTestRegistrationResponse();
+        DeviceAuthorizationResponse deviceAuthResp = getTestDeviceAuthorizationResponse();
         AuthState state = new AuthState(authResp, tokenResp, null);
         state.update(regResp);
+        state.update(deviceAuthResp, null);
 
         String firstOutput = state.jsonSerializeString();
         String secondOutput = AuthState.jsonDeserialize(firstOutput).jsonSerializeString();
@@ -647,7 +832,7 @@ public void testJsonSerialization_doesNotChange() throws Exception {
     @Test
     public void testJsonSerialization_withException() throws Exception {
         AuthState state = new AuthState(
-                null,
+                (AuthorizationResponse) null,
                 AuthorizationException.AuthorizationRequestErrors.INVALID_REQUEST);
 
         AuthState restored = AuthState.jsonDeserialize(state.jsonSerializeString());

library/javatests/net/openid/appauth/AuthorizationServiceConfigurationTest.java

@@ -60,6 +60,7 @@ public class AuthorizationServiceConfigurationTest {
     private static final String TEST_TOKEN_ENDPOINT = "https://test.openid.com/o/oauth/token";
     private static final String TEST_END_SESSION_ENDPOINT = "https://test.openid.com/o/oauth/logout";
     private static final String TEST_REGISTRATION_ENDPOINT = "https://test.openid.com/o/oauth/registration";
+    private static final String TEST_DEVICE_AUTH_ENDPOINT = "https://test.openid.com/o/oauth/device";
     private static final String TEST_USERINFO_ENDPOINT = "https://test.openid.com/o/oauth/userinfo";
     private static final String TEST_JWKS_URI = "https://test.openid.com/o/oauth/jwks";
     private static final List<String> TEST_RESPONSE_TYPE_SUPPORTED = Arrays.asList("code", "token");
@@ -77,6 +78,7 @@ public class AuthorizationServiceConfigurationTest {
             + " \"token_endpoint\": \"" + TEST_TOKEN_ENDPOINT + "\",\n"
             + " \"registration_endpoint\": \"" + TEST_REGISTRATION_ENDPOINT + "\",\n"
             + " \"end_session_endpoint\": \"" + TEST_END_SESSION_ENDPOINT + "\",\n"
+            + " \"device_authorization_endpoint\": \"" + TEST_DEVICE_AUTH_ENDPOINT + "\",\n"
             + " \"userinfo_endpoint\": \"" + TEST_USERINFO_ENDPOINT + "\",\n"
             + " \"jwks_uri\": \"" + TEST_JWKS_URI + "\",\n"
             + " \"response_types_supported\": " + toJson(TEST_RESPONSE_TYPE_SUPPORTED) + ",\n"
@@ -127,7 +129,8 @@ public void setUp() throws Exception {
                 Uri.parse(TEST_AUTH_ENDPOINT),
                 Uri.parse(TEST_TOKEN_ENDPOINT),
                 Uri.parse(TEST_REGISTRATION_ENDPOINT),
-                Uri.parse(TEST_END_SESSION_ENDPOINT));
+                Uri.parse(TEST_END_SESSION_ENDPOINT),
+                Uri.parse(TEST_DEVICE_AUTH_ENDPOINT));
         when(mConnectionBuilder.openConnection(any(Uri.class))).thenReturn(mHttpConnection);
 
         mPausedExecutorService = new PausedExecutorService();
@@ -201,6 +204,7 @@ private void assertMembers(AuthorizationServiceConfiguration config) {
         assertEquals(TEST_AUTH_ENDPOINT, config.authorizationEndpoint.toString());
         assertEquals(TEST_TOKEN_ENDPOINT, config.tokenEndpoint.toString());
         assertEquals(TEST_REGISTRATION_ENDPOINT, config.registrationEndpoint.toString());
+        assertEquals(TEST_DEVICE_AUTH_ENDPOINT, config.deviceAuthorizationEndpoint.toString());
         assertEquals(TEST_END_SESSION_ENDPOINT, config.endSessionEndpoint.toString());
     }
 

library/javatests/net/openid/appauth/AuthorizationServiceDiscoveryTest.java

@@ -38,6 +38,7 @@ public class AuthorizationServiceDiscoveryTest {
     static final String TEST_TOKEN_ENDPOINT = "http://test.openid.com/o/oauth/token";
     static final String TEST_USERINFO_ENDPOINT = "http://test.openid.com/o/oauth/userinfo";
     static final String TEST_REGISTRATION_ENDPOINT = "http://test.openid.com/o/oauth/register";
+    static final String TEST_DEVICE_AUTHORIZATION_ENDPOINT = "http://test.openid.com/o/oauth/device";
     static final String TEST_END_SESSION_ENDPOINT = "http://test.openid.com/o/oauth/logout";
     static final String TEST_JWKS_URI = "http://test.openid.com/o/oauth/jwks";
     static final List<String> TEST_RESPONSE_TYPES_SUPPORTED = Arrays.asList("code", "token");
@@ -54,6 +55,7 @@ public class AuthorizationServiceDiscoveryTest {
         TEST_TOKEN_ENDPOINT,
         TEST_USERINFO_ENDPOINT,
         TEST_REGISTRATION_ENDPOINT,
+        TEST_DEVICE_AUTHORIZATION_ENDPOINT,
         TEST_END_SESSION_ENDPOINT,
         TEST_JWKS_URI,
         TEST_RESPONSE_TYPES_SUPPORTED,