Creating an OpenIDConnectApplication using private_key_jwt and JWKS (#…

…568)

New Method added OIdCApplicationBuilder.setJwks()

MIGRATING.md

@@ -54,6 +54,14 @@ Below methods have been added.
 - `JsonWebKey setX5tS256(String x5tS256)`
 - `JsonWebKey setX5u(String x5u)`
 
+### Package `com.okta.sdk.resource.application.OIDCApplicationBuilder`
+
+The interface has been renamed in the interest of naming consistency.
+- From `OIdCApplicationBuilder` to `OIDCApplicationBuilder`
+
+Below method has been added.
+- `OIDCApplicationBuilder setJwks(List<JsonWebKey> jsonWebKeyList)`
+
 ### Package `com.okta.sdk.resource.application.OpenIdConnectApplicationIdpInitiatedLogin`
 
 This is a newly created interface with methods listed below.

api/src/main/java/com/okta/sdk/resource/application/OIDCApplicationBuilder.java

@@ -0,0 +1,61 @@
+/*
+ * Copyright 2020-Present Okta, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.okta.sdk.resource.application;
+
+import com.okta.commons.lang.Classes;
+
+import java.util.List;
+
+public interface OIDCApplicationBuilder extends ApplicationBuilder<OIDCApplicationBuilder> {
+
+    static OIDCApplicationBuilder instance() {
+        return Classes.newInstance("com.okta.sdk.impl.resource.DefaultOIDCApplicationBuilder");
+    }
+
+    OIDCApplicationBuilder setApplicationType(OpenIdConnectApplicationType applicationType);
+
+    OIDCApplicationBuilder setClientUri(String clientUri);
+
+    OIDCApplicationBuilder setConsentMethod(OpenIdConnectApplicationConsentMethod consentMethod);
+
+    OIDCApplicationBuilder setGrantTypes(List<OAuthGrantType> grantTypes);
+
+    OIDCApplicationBuilder addGrantTypes(OAuthGrantType grantType);
+
+    OIDCApplicationBuilder setLogoUri(String logoUri);
+
+    OIDCApplicationBuilder setPolicyUri(String policyUri);
+
+    OIDCApplicationBuilder setRedirectUris(List<String> redirectUris);
+
+    OIDCApplicationBuilder addRedirectUris(String redirectUri);
+
+    OIDCApplicationBuilder setResponseTypes(List<OAuthResponseType> responseTypes);
+
+    OIDCApplicationBuilder addResponseTypes(OAuthResponseType responseType);
+
+    OIDCApplicationBuilder setTosUri(String tosUri);
+
+    OIDCApplicationBuilder setClientId(String clientId);
+
+    OIDCApplicationBuilder setClientSecret(String clientSecret);
+
+    OIDCApplicationBuilder setAutoKeyRotation(Boolean autoKeyRotation);
+
+    OIDCApplicationBuilder setTokenEndpointAuthMethod(OAuthEndpointAuthenticationMethod tokenEndpointAuthMethod);
+
+    OIDCApplicationBuilder setJwks(List<JsonWebKey> jsonWebKeyList);
+}

impl/src/main/java/com/okta/sdk/impl/resource/DefaultOIdCApplicationBuilder.java → impl/src/main/java/com/okta/sdk/impl/resource/DefaultOIDCApplicationBuilder.java

@@ -23,7 +23,7 @@
 import java.util.List;
 import java.util.Objects;
 
-public class DefaultOIdCApplicationBuilder extends DefaultApplicationBuilder<OIdCApplicationBuilder> implements OIdCApplicationBuilder {
+public class DefaultOIDCApplicationBuilder extends DefaultApplicationBuilder<OIDCApplicationBuilder> implements OIDCApplicationBuilder {
 
     private OpenIdConnectApplicationType applicationType;
     private String clientUri;
@@ -38,104 +38,111 @@ public class DefaultOIdCApplicationBuilder extends DefaultApplicationBuilder<OId
     private String clientSecret;
     private Boolean autoKeyRotation;
     private OAuthEndpointAuthenticationMethod tokenEndpointAuthMethod;
+    private List<JsonWebKey> jsonWebKeyList = new ArrayList<>();
 
 
     @Override
-    public OIdCApplicationBuilder setApplicationType(OpenIdConnectApplicationType applicationType) {
+    public OIDCApplicationBuilder setApplicationType(OpenIdConnectApplicationType applicationType) {
         this.applicationType = applicationType;
         return this;
     }
 
     @Override
-    public OIdCApplicationBuilder setClientUri(String clientUri) {
+    public OIDCApplicationBuilder setClientUri(String clientUri) {
         this.clientUri = clientUri;
         return this;
     }
 
     @Override
-    public OIdCApplicationBuilder setConsentMethod(OpenIdConnectApplicationConsentMethod consentMethod) {
+    public OIDCApplicationBuilder setConsentMethod(OpenIdConnectApplicationConsentMethod consentMethod) {
         this.consentMethod = consentMethod;
         return this;
     }
 
     @Override
-    public OIdCApplicationBuilder setGrantTypes(List<OAuthGrantType> grantTypes) {
+    public OIDCApplicationBuilder setGrantTypes(List<OAuthGrantType> grantTypes) {
         this.grantTypes = grantTypes;
         return this;
     }
 
     @Override
-    public OIdCApplicationBuilder addGrantTypes(OAuthGrantType grantType) {
+    public OIDCApplicationBuilder addGrantTypes(OAuthGrantType grantType) {
         this.grantTypes.add(grantType);
         return this;
     }
 
     @Override
-    public OIdCApplicationBuilder setLogoUri(String logoUri) {
+    public OIDCApplicationBuilder setLogoUri(String logoUri) {
         this.logoUri = logoUri;
         return this;
     }
 
     @Override
-    public OIdCApplicationBuilder setPolicyUri(String policyUri) {
+    public OIDCApplicationBuilder setPolicyUri(String policyUri) {
         this.policyUri = policyUri;
         return this;
     }
 
     @Override
-    public OIdCApplicationBuilder setRedirectUris(List<String> redirectUris) {
+    public OIDCApplicationBuilder setRedirectUris(List<String> redirectUris) {
         this.redirectUris = redirectUris;
         return this;
     }
 
     @Override
-    public OIdCApplicationBuilder addRedirectUris(String redirectUri) {
+    public OIDCApplicationBuilder addRedirectUris(String redirectUri) {
         this.redirectUris.add(redirectUri);
         return this;
     }
 
     @Override
-    public OIdCApplicationBuilder setResponseTypes(List<OAuthResponseType> responseTypes) {
+    public OIDCApplicationBuilder setResponseTypes(List<OAuthResponseType> responseTypes) {
         this.responseTypes = responseTypes;
         return this;
     }
 
     @Override
-    public OIdCApplicationBuilder addResponseTypes(OAuthResponseType responseType) {
+    public OIDCApplicationBuilder addResponseTypes(OAuthResponseType responseType) {
         this.responseTypes.add(responseType);
         return this;
     }
 
     @Override
-    public OIdCApplicationBuilder setTosUri(String tosUri) {
+    public OIDCApplicationBuilder setTosUri(String tosUri) {
         this.tosUri = tosUri;
         return this;
     }
 
     @Override
-    public OIdCApplicationBuilder setClientId(String clientId) {
+    public OIDCApplicationBuilder setClientId(String clientId) {
         this.clientId = clientId;
         return this;
     }
 
     @Override
-    public OIdCApplicationBuilder setClientSecret(String clientSecret) {
+    public OIDCApplicationBuilder setClientSecret(String clientSecret) {
         this.clientSecret = clientSecret;
         return this;
     }
 
     @Override
-    public OIdCApplicationBuilder setAutoKeyRotation(Boolean autoKeyRotation) {
+    public OIDCApplicationBuilder setAutoKeyRotation(Boolean autoKeyRotation) {
         this.autoKeyRotation = autoKeyRotation;
         return this;
     }
 
     @Override
-    public OIdCApplicationBuilder setTokenEndpointAuthMethod(OAuthEndpointAuthenticationMethod tokenEndpointAuthMethod) {
+    public OIDCApplicationBuilder setTokenEndpointAuthMethod(OAuthEndpointAuthenticationMethod tokenEndpointAuthMethod) {
         this.tokenEndpointAuthMethod = tokenEndpointAuthMethod;
         return this;
     }
 
+    @Override
+    public OIDCApplicationBuilder setJwks(List<JsonWebKey> jsonWebKeyList) {
+        this.jsonWebKeyList = jsonWebKeyList;
+        return this;
+    }
+
     @Override
     public OpenIdConnectApplication buildAndCreate(Client client){ return (OpenIdConnectApplication) client.createApplication(build(client)); }
 
@@ -210,6 +217,15 @@ private Application build(Client client){
         else
             throw new IllegalArgumentException("Application Type cannot be null, value should be of type OpenIdConnectApplicationType");
 
+        if(jsonWebKeyList.size() > 0) {
+            openIdConnectApplicationSettings
+                .getOAuthClient()
+                .setJwks(
+                    client.instantiate(OpenIdConnectApplicationSettingsClientKeys.class)
+                        .setKeys(this.jsonWebKeyList)
+                );
+        }
+
         // Credentials
         application.setCredentials(client.instantiate(OAuthApplicationCredentials.class));
         OAuthApplicationCredentials oAuthApplicationCredentials = application.getCredentials();

impl/src/test/groovy/com/okta/sdk/impl/resource/DefaultOIdcApplicationBuilderTest.groovy → impl/src/test/groovy/com/okta/sdk/impl/resource/DefaultOIDCApplicationBuilderTest.groovy

@@ -23,7 +23,7 @@ import static com.okta.sdk.impl.Util.expect
 import static org.mockito.ArgumentMatchers.eq
 import static org.mockito.Mockito.*
 
-class DefaultOIdcApplicationBuilderTest {
+class DefaultOIDCApplicationBuilderTest {
 
     @Test
     void basicUsage() {
@@ -49,7 +49,7 @@ class DefaultOIdcApplicationBuilderTest {
         when(application.getSettings()).thenReturn(openIdConnectApplicationSettings)
         when(application.getCredentials())thenReturn(oAuthApplicationCredentials)
 
-        new DefaultOIdCApplicationBuilder()
+        new DefaultOIDCApplicationBuilder()
             .setName("oidc_client")
             .setLabel("test_app")
             .addRedirectUris("http://www.google.com")
@@ -102,7 +102,7 @@ class DefaultOIdcApplicationBuilderTest {
         when(application.getCredentials())thenReturn(oAuthApplicationCredentials)
 
         expect IllegalArgumentException, {
-            new DefaultOIdCApplicationBuilder()
+            new DefaultOIDCApplicationBuilder()
                 .setName("oidc_client")
                 .setLabel("test_app")
                 .addRedirectUris("http://www.google.com")
@@ -147,7 +147,7 @@ class DefaultOIdcApplicationBuilderTest {
         when(application.getCredentials())thenReturn(oAuthApplicationCredentials)
 
         expect IllegalArgumentException, {
-            new DefaultOIdCApplicationBuilder()
+            new DefaultOIDCApplicationBuilder()
                 .setName("oidc_client")
                 .setLabel("test_app")
                 .addRedirectUris("http://www.google.com")
@@ -192,7 +192,7 @@ class DefaultOIdcApplicationBuilderTest {
         when(application.getCredentials())thenReturn(oAuthApplicationCredentials)
 
         expect IllegalArgumentException, {
-            new DefaultOIdCApplicationBuilder()
+            new DefaultOIDCApplicationBuilder()
                 .setName("oidc_client")
                 .setLabel("test_app")
                 .addRedirectUris("http://www.google.com")
@@ -211,4 +211,54 @@ class DefaultOIdcApplicationBuilderTest {
         }
 
     }
+
+    @Test
+    void createOIDCApplicationWithPrivateKeyJwtTest(){
+
+        def client = mock(Client)
+        def application = mock(OpenIdConnectApplication)
+        def applicationVisibilityHide = mock(ApplicationVisibilityHide)
+        def openIdConnectApplicationSettingsClient = mock(OpenIdConnectApplicationSettingsClient)
+        def applicationCredentialsOAuthClient = mock(ApplicationCredentialsOAuthClient)
+        def openIdConnectApplicationSettings = mock(OpenIdConnectApplicationSettings)
+        def clientKeys = mock(OpenIdConnectApplicationSettingsClientKeys)
+        def oAuthApplicationCredentials = mock(OAuthApplicationCredentials)
+        def jsonWebKey = mock(JsonWebKey)
+
+        jsonWebKey.setKid("kid_value")
+        jsonWebKey.setKty("kty_value")
+        jsonWebKey.setE("e_value")
+        jsonWebKey.setN("n_value")
+
+        when(client.instantiate(OpenIdConnectApplication.class)).thenReturn(application);
+        when(client.instantiate(ApplicationVisibilityHide.class)).thenReturn(applicationVisibilityHide)
+        when(client.instantiate(OpenIdConnectApplicationSettingsClient.class))thenReturn(openIdConnectApplicationSettingsClient)
+        when(client.instantiate(ApplicationCredentialsOAuthClient.class))thenReturn(applicationCredentialsOAuthClient)
+        when(application.getSettings()).thenReturn(openIdConnectApplicationSettings)
+        when(application.getSettings().getOAuthClient()).thenReturn(openIdConnectApplicationSettingsClient)
+        when(client.instantiate(OpenIdConnectApplicationSettingsClientKeys.class)).thenReturn(clientKeys)
+        when(application.getCredentials())thenReturn(oAuthApplicationCredentials)
+
+        new DefaultOIDCApplicationBuilder()
+            .setName("oidc_client")
+            .setLabel("test_app")
+            .setSignOnMode(ApplicationSignOnMode.OPENID_CONNECT)
+            .setTokenEndpointAuthMethod(OAuthEndpointAuthenticationMethod.PRIVATE_KEY_JWT)
+            .addRedirectUris("http://www.example.com")
+            .setResponseTypes(Arrays.asList(OAuthResponseType.TOKEN, OAuthResponseType.CODE))
+            .setGrantTypes(Arrays.asList(OAuthGrantType.IMPLICIT, OAuthGrantType.AUTHORIZATION_CODE))
+            .setApplicationType(OpenIdConnectApplicationType.NATIVE)
+            .setJwks(Arrays.asList(jsonWebKey))
+            .buildAndCreate(client)
+
+        verify(client).createApplication(eq(application))
+        verify(application).setLabel("test_app")
+        verify(application).setSignOnMode(ApplicationSignOnMode.OPENID_CONNECT)
+        verify(applicationCredentialsOAuthClient).setTokenEndpointAuthMethod(OAuthEndpointAuthenticationMethod.PRIVATE_KEY_JWT)
+        verify(openIdConnectApplicationSettingsClient).setRedirectUris(Arrays.asList("http://www.example.com"))
+        verify(openIdConnectApplicationSettingsClient).setResponseTypes(Arrays.asList(OAuthResponseType.TOKEN, OAuthResponseType.CODE))
+        verify(openIdConnectApplicationSettingsClient).setGrantTypes(Arrays.asList(OAuthGrantType.IMPLICIT, OAuthGrantType.AUTHORIZATION_CODE))
+        verify(openIdConnectApplicationSettingsClient).setApplicationType(OpenIdConnectApplicationType.NATIVE)
+        verify(clientKeys).setKeys(Arrays.asList(jsonWebKey))
+    }
 }