Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feature: support jwt client configuration #93

Merged
merged 1 commit into from
Oct 17, 2023
Merged

feature: support jwt client configuration #93

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 22 additions & 0 deletions lib/uaa/scim.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -369,6 +369,28 @@ def change_secret(client_id, new_secret, old_secret = nil)
"#{type_info(:client, :path)}/#{Addressable::URI.encode(client_id)}/secret", req, headers))
end

# Change client jwt trust configuration.
# * For a client to change its jwt client trust, the token in @auth_header must contain
# "client.trust" scope.
# * For an admin to set a client secret, the token in @auth_header must contain
# "uaa.admin" scope.
# @see https://docs.cloudfoundry.org/api/uaa/index.html#change-client-jwt
# @param [String] client_id the {Scim} +id+ attribute of the client
# @param [String] jwks_uri the URI to token endpoint
# @param [String] jwks the JSON Web Key Set
# @param [String] kid If changeMode is DELETE provide the id of key
# @param [String] changeMode Change mode, possible is ADD, UPDATE, DELETE
# @return [Hash] success message from server
def change_clientjwt(client_id, jwks_uri = nil, jwks = nil, kid = nil, changeMode = nil)
req = {"client_id" => client_id }
req["jwks_uri"] = jwks_uri if jwks_uri
req["jwks"] = jwks if jwks
req["kid"] = kid if kid
req["changeMode"] = changeMode if changeMode
json_parse_reply(@key_style, *json_put(@target,
"#{type_info(:client, :path)}/#{Addressable::URI.encode(client_id)}/clientjwt", req, headers))
end

def unlock_user(user_id)
req = {"locked" => false}
json_parse_reply(@key_style, *json_patch(@target,
Expand Down
24 changes: 24 additions & 0 deletions spec/scim_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -160,6 +160,30 @@ def check_headers(headers, content, accept, zone)
result['id'].should == 'id12345'
end

it "add a client's jwt trust using jwks_uri" do
subject.set_request_handler do |url, method, body, headers|
url.should == "#{@target}/oauth/clients/id12345/clientjwt"
method.should == :put
check_headers(headers, :json, :json, nil)
body.should include('"jwks_uri":"http://localhost:8080/uaa/token_keys"')
[200, '{"id":"id12345"}', {'content-type' => 'application/json'}]
end
result = subject.change_clientjwt('id12345', 'http://localhost:8080/uaa/token_keys')
result['id'].should == 'id12345'
end

it "add a client's jwt trust using jwks" do
subject.set_request_handler do |url, method, body, headers|
url.should == "#{@target}/oauth/clients/id12345/clientjwt"
method.should == :put
check_headers(headers, :json, :json, nil)
body.should include('"jwks":"keys"')
[200, '{"id":"id12345"}', {'content-type' => 'application/json'}]
end
result = subject.change_clientjwt('id12345', nil, 'keys')
result['id'].should == 'id12345'
end

it 'unlocks a user' do
subject.set_request_handler do |url, method, body, headers|
url.should == "#{@target}/Users/id12345/status"
Expand Down