From 90e8ddc433d6c3695d34cd1bf4a8e92fba499d8b Mon Sep 17 00:00:00 2001 From: gtaban Date: Thu, 4 Apr 2019 19:27:31 -0500 Subject: [PATCH] master <-- Development (#175) * update login widget section in readme * changing initializer to public (#171) * Point to v4 (#173) * Update to point to v4 + iss and aud validation Adds azp and issuer validation for V4 * Issue 2439 (#174) Removed azp validation and updated tokens to v4 for tests * bump up version to 6.0.0 --- IBMCloudAppID.podspec | 2 +- IBMCloudAppID.xcodeproj/project.pbxproj | 12 -- IBMCloudAppIDTests/AppIDTestConstants.swift | 54 ++++-- .../AuthorizationManagerTests.swift | 20 +-- IBMCloudAppIDTests/ConfigTests.swift | 33 ++-- IBMCloudAppIDTests/OAuthClientTests.swift | 48 ------ .../RegistrationManagerTests.swift | 4 +- IBMCloudAppIDTests/TokenManagerTests.swift | 26 ++- IBMCloudAppIDTests/TokenTests.swift | 40 ++--- IBMCloudAppIDTests/UserProfileTests.swift | 2 +- Source/IBMCloudAppID/api/IdentityToken.swift | 2 - .../api/Tokens/OAuthClient.swift | 23 --- .../internal/AppIDConstants.swift | 2 +- Source/IBMCloudAppID/internal/Config.swift | 74 ++++---- .../IBMCloudAppID/internal/TokenManager.swift | 16 +- .../internal/tokens/AbstractToken.swift | 162 +++++++++--------- .../internal/tokens/IdentityTokenImpl.swift | 4 - .../internal/tokens/OAuthClientImpl.swift | 47 ----- .../AppIcon.appiconset/Contents.json | 15 ++ 19 files changed, 236 insertions(+), 350 deletions(-) delete mode 100644 IBMCloudAppIDTests/OAuthClientTests.swift delete mode 100644 Source/IBMCloudAppID/api/Tokens/OAuthClient.swift delete mode 100644 Source/IBMCloudAppID/internal/tokens/OAuthClientImpl.swift diff --git a/IBMCloudAppID.podspec b/IBMCloudAppID.podspec index bd68d93..c20410d 100755 --- a/IBMCloudAppID.podspec +++ b/IBMCloudAppID.podspec @@ -1,6 +1,6 @@ Pod::Spec.new do |s| s.name = "IBMCloudAppID" - s.version = '5.0.0' + s.version = '6.0.0' s.summary = "AppID Swift SDK" s.homepage = "https://github.com/ibm-cloud-security/appid-clientsdk-swift" s.license = 'Apache License, Version 2.0' diff --git a/IBMCloudAppID.xcodeproj/project.pbxproj b/IBMCloudAppID.xcodeproj/project.pbxproj index adf9df6..8c8dfea 100644 --- a/IBMCloudAppID.xcodeproj/project.pbxproj +++ b/IBMCloudAppID.xcodeproj/project.pbxproj @@ -34,7 +34,6 @@ EF49948A1E55F7BE008ACC27 /* RegistrationManagerTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = EF77D5371E52085800C4B87F /* RegistrationManagerTests.swift */; }; EF49948B1E55F7BE008ACC27 /* AuthorizationManagerTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = EFB7F3B11E5307F20099BEDC /* AuthorizationManagerTests.swift */; }; EF49948C1E55F7BE008ACC27 /* ConfigTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = EFB876361E533E9400E017FA /* ConfigTests.swift */; }; - EF49948D1E55F7BE008ACC27 /* OAuthClientTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = EFB876381E53434800E017FA /* OAuthClientTests.swift */; }; EF49948E1E55F7BE008ACC27 /* AuthorizationUIManagerTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = EF37F8B91E534C2D0020E998 /* AuthorizationUIManagerTests.swift */; }; EF49948F1E55F7BE008ACC27 /* TestHelpers.swift in Sources */ = {isa = PBXBuildFile; fileRef = EF37F8BB1E5487C40020E998 /* TestHelpers.swift */; }; EFBA201E1E51F7D9000EB3F5 /* AppIDTestConstants.swift in Sources */ = {isa = PBXBuildFile; fileRef = EFBA1FE91E51F7D9000EB3F5 /* AppIDTestConstants.swift */; }; @@ -45,7 +44,6 @@ EFBA20361E51F7D9000EB3F5 /* IdentityToken.swift in Sources */ = {isa = PBXBuildFile; fileRef = EFBA1FF81E51F7D9000EB3F5 /* IdentityToken.swift */; }; EFBA20381E51F7D9000EB3F5 /* LoginWidget.swift in Sources */ = {isa = PBXBuildFile; fileRef = EFBA1FF91E51F7D9000EB3F5 /* LoginWidget.swift */; }; EFBA203A1E51F7D9000EB3F5 /* AccessToken.swift in Sources */ = {isa = PBXBuildFile; fileRef = EFBA1FFB1E51F7D9000EB3F5 /* AccessToken.swift */; }; - EFBA203C1E51F7D9000EB3F5 /* OAuthClient.swift in Sources */ = {isa = PBXBuildFile; fileRef = EFBA1FFC1E51F7D9000EB3F5 /* OAuthClient.swift */; }; EFBA20401E51F7D9000EB3F5 /* UserProfileError.swift in Sources */ = {isa = PBXBuildFile; fileRef = EFBA1FFE1E51F7D9000EB3F5 /* UserProfileError.swift */; }; EFBA20421E51F7D9000EB3F5 /* UserProfileManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = EFBA1FFF1E51F7D9000EB3F5 /* UserProfileManager.swift */; }; EFBA20441E51F7D9000EB3F5 /* AppIDConstants.swift in Sources */ = {isa = PBXBuildFile; fileRef = EFBA20011E51F7D9000EB3F5 /* AppIDConstants.swift */; }; @@ -65,7 +63,6 @@ EFBA20621E51F7D9000EB3F5 /* AbstractToken.swift in Sources */ = {isa = PBXBuildFile; fileRef = EFBA20111E51F7D9000EB3F5 /* AbstractToken.swift */; }; EFBA20641E51F7D9000EB3F5 /* AccessTokenImpl.swift in Sources */ = {isa = PBXBuildFile; fileRef = EFBA20121E51F7D9000EB3F5 /* AccessTokenImpl.swift */; }; EFBA20661E51F7D9000EB3F5 /* IdentityTokenImpl.swift in Sources */ = {isa = PBXBuildFile; fileRef = EFBA20131E51F7D9000EB3F5 /* IdentityTokenImpl.swift */; }; - EFBA20681E51F7D9000EB3F5 /* OAuthClientImpl.swift in Sources */ = {isa = PBXBuildFile; fileRef = EFBA20141E51F7D9000EB3F5 /* OAuthClientImpl.swift */; }; EFBA206A1E51F7D9000EB3F5 /* Utils.swift in Sources */ = {isa = PBXBuildFile; fileRef = EFBA20151E51F7D9000EB3F5 /* Utils.swift */; }; EFBBC76B1DF99BF6000CE39A /* IBMCloudAppID.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = EFBBC7541DF99AFA000CE39A /* IBMCloudAppID.framework */; }; EFD0251B1E55FC8D00AE1803 /* IBMCloudAppID.h in Headers */ = {isa = PBXBuildFile; fileRef = EFD0251A1E55FC8D00AE1803 /* IBMCloudAppID.h */; settings = {ATTRIBUTES = (Public, ); }; }; @@ -115,7 +112,6 @@ EF77D5371E52085800C4B87F /* RegistrationManagerTests.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = RegistrationManagerTests.swift; sourceTree = ""; }; EFB7F3B11E5307F20099BEDC /* AuthorizationManagerTests.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = AuthorizationManagerTests.swift; sourceTree = ""; }; EFB876361E533E9400E017FA /* ConfigTests.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = ConfigTests.swift; sourceTree = ""; }; - EFB876381E53434800E017FA /* OAuthClientTests.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = OAuthClientTests.swift; sourceTree = ""; }; EFBA1FE71E51F7D9000EB3F5 /* AppIDAuthorizationManagerTests.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = AppIDAuthorizationManagerTests.swift; sourceTree = ""; }; EFBA1FE81E51F7D9000EB3F5 /* SecurityUtilsTests.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = SecurityUtilsTests.swift; sourceTree = ""; }; EFBA1FE91E51F7D9000EB3F5 /* AppIDTestConstants.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = AppIDTestConstants.swift; sourceTree = ""; }; @@ -133,7 +129,6 @@ EFBA1FF81E51F7D9000EB3F5 /* IdentityToken.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = IdentityToken.swift; sourceTree = ""; }; EFBA1FF91E51F7D9000EB3F5 /* LoginWidget.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = LoginWidget.swift; sourceTree = ""; }; EFBA1FFB1E51F7D9000EB3F5 /* AccessToken.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = AccessToken.swift; sourceTree = ""; }; - EFBA1FFC1E51F7D9000EB3F5 /* OAuthClient.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = OAuthClient.swift; sourceTree = ""; }; EFBA1FFE1E51F7D9000EB3F5 /* UserProfileError.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = UserProfileError.swift; sourceTree = ""; }; EFBA1FFF1E51F7D9000EB3F5 /* UserProfileManager.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = UserProfileManager.swift; sourceTree = ""; }; EFBA20011E51F7D9000EB3F5 /* AppIDConstants.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = AppIDConstants.swift; sourceTree = ""; }; @@ -154,7 +149,6 @@ EFBA20111E51F7D9000EB3F5 /* AbstractToken.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = AbstractToken.swift; sourceTree = ""; }; EFBA20121E51F7D9000EB3F5 /* AccessTokenImpl.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = AccessTokenImpl.swift; sourceTree = ""; }; EFBA20131E51F7D9000EB3F5 /* IdentityTokenImpl.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = IdentityTokenImpl.swift; sourceTree = ""; }; - EFBA20141E51F7D9000EB3F5 /* OAuthClientImpl.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = OAuthClientImpl.swift; sourceTree = ""; }; EFBA20151E51F7D9000EB3F5 /* Utils.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = Utils.swift; sourceTree = ""; }; EFBA20161E51F7D9000EB3F5 /* Info.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = ""; }; EFBBC7541DF99AFA000CE39A /* IBMCloudAppID.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; includeInIndex = 0; path = IBMCloudAppID.framework; sourceTree = BUILT_PRODUCTS_DIR; }; @@ -235,7 +229,6 @@ EF77D5371E52085800C4B87F /* RegistrationManagerTests.swift */, EFB7F3B11E5307F20099BEDC /* AuthorizationManagerTests.swift */, EFB876361E533E9400E017FA /* ConfigTests.swift */, - EFB876381E53434800E017FA /* OAuthClientTests.swift */, EF37F8B91E534C2D0020E998 /* AuthorizationUIManagerTests.swift */, BDF5878E1E66C55A00393C0C /* UserProfileTests.swift */, EF37F8BB1E5487C40020E998 /* TestHelpers.swift */, @@ -285,7 +278,6 @@ children = ( 4D42CF8920173BD200EF40B6 /* RefreshToken.swift */, EFBA1FFB1E51F7D9000EB3F5 /* AccessToken.swift */, - EFBA1FFC1E51F7D9000EB3F5 /* OAuthClient.swift */, ); path = Tokens; sourceTree = ""; @@ -322,7 +314,6 @@ EFBA20111E51F7D9000EB3F5 /* AbstractToken.swift */, EFBA20121E51F7D9000EB3F5 /* AccessTokenImpl.swift */, EFBA20131E51F7D9000EB3F5 /* IdentityTokenImpl.swift */, - EFBA20141E51F7D9000EB3F5 /* OAuthClientImpl.swift */, ); path = tokens; sourceTree = ""; @@ -608,7 +599,6 @@ EFBA20561E51F7D9000EB3F5 /* PreferenceManager.swift in Sources */, EFBA206A1E51F7D9000EB3F5 /* Utils.swift in Sources */, EFBA20501E51F7D9000EB3F5 /* JSONPreference.swift in Sources */, - EFBA20681E51F7D9000EB3F5 /* OAuthClientImpl.swift in Sources */, 4D42CF8C20173BDD00EF40B6 /* RefreshTokenImpl.swift in Sources */, EFBA20301E51F7D9000EB3F5 /* AppIDAuthorizationManager.swift in Sources */, EFBA20381E51F7D9000EB3F5 /* LoginWidget.swift in Sources */, @@ -626,7 +616,6 @@ EFBA20321E51F7D9000EB3F5 /* AuthorizationDelegate.swift in Sources */, BDC0D53F1E5EF68300444F9E /* UserProfileManagerImpl.swift in Sources */, EFBA20601E51F7D9000EB3F5 /* TokenManager.swift in Sources */, - EFBA203C1E51F7D9000EB3F5 /* OAuthClient.swift in Sources */, EFBA20481E51F7D9000EB3F5 /* AuthorizationHeaderHelper.swift in Sources */, EFBA205A1E51F7D9000EB3F5 /* safariView.swift in Sources */, 4D42CF8A20173BD200EF40B6 /* RefreshToken.swift in Sources */, @@ -652,7 +641,6 @@ EF49948A1E55F7BE008ACC27 /* RegistrationManagerTests.swift in Sources */, EF49948B1E55F7BE008ACC27 /* AuthorizationManagerTests.swift in Sources */, EF49948C1E55F7BE008ACC27 /* ConfigTests.swift in Sources */, - EF49948D1E55F7BE008ACC27 /* OAuthClientTests.swift in Sources */, BDF5878F1E66C55A00393C0C /* UserProfileTests.swift in Sources */, EF49948E1E55F7BE008ACC27 /* AuthorizationUIManagerTests.swift in Sources */, EF49948F1E55F7BE008ACC27 /* TestHelpers.swift in Sources */, diff --git a/IBMCloudAppIDTests/AppIDTestConstants.swift b/IBMCloudAppIDTests/AppIDTestConstants.swift index 4f54a4d..2b6fb9d 100644 --- a/IBMCloudAppIDTests/AppIDTestConstants.swift +++ b/IBMCloudAppIDTests/AppIDTestConstants.swift @@ -9,28 +9,44 @@ import Foundation public class AppIDTestConstants { - - + + public static var publicKeyData:Data = Data(base64Encoded: "MEgCQQDh/pwAlN3AqKQM+v0sybg7VMjeJx4Z5PcnxfQxYhj3LVz28DF6H2b3fVnGEKrcPsN1lf8obovT6zlX1QYZOgpjAgMBAAE=", options: NSData.Base64DecodingOptions(rawValue:0))! - + public static var privateKeyData:Data = Data(base64Encoded: "MIIBOgIBAAJBAOH+nACU3cCopAz6/SzJuDtUyN4nHhnk9yfF9DFiGPctXPbwMXofZvd9WcYQqtw+w3WV/yhui9PrOVfVBhk6CmMCAwEAAQJAJ4H8QbnEnoacz0wdcHP/ShgDWZrbD0nQz1oy22M73BHidwDvy1rIeM6PgkK1tyHNWrqyo1kAnp7DuNVmfGbJ0QIhAc3gVBJCrVbiO23OasUuYTN2y2KrZ2DUcjLp5ZOID1/LAiB9Qo1mx3yz4HT4wJvddb9AqSTlmSrrdXcNGNhWFRT8yQIhAbepkD3lrL2lEy8+q9JRiQOFVKvzP7Aj6yVeE0Sx4virAiAk2ITbrOajyuzdl1rCBDbkAF1YJHwZkw4YDizk9YKc8QIhAV0VZFoZidVBTsoi7xeufS0GSDqPxskq7gJGY70p4dco", options: NSData.Base64DecodingOptions(rawValue:0))! - - public static var ACCESS_TOKEN = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpPU0UifQ.eyJpc3MiOiJtb2JpbGVjbGllbnRhY2Nlc3Muc3RhZ2UxLm5nLmJsdWVtaXgubmV0IiwiZXhwIjoxNDg3MDg0ODc4LCJhdWQiOiIyNmNiMDEyZWIzMjdjNjEyZDkwYTY4MTkxNjNiNmJjYmQ0ODQ5Y2JiIiwiaWF0IjoxNDg3MDgxMjc4LCJhdXRoX2J5IjoiZmFjZWJvb2siLCJ0ZW5hbnQiOiI0ZGJhOTQzMC01NGU2LTRjZjItYTUxNi02ZjczZmViNzAyYmIiLCJzY29wZSI6ImFwcGlkX2RlZmF1bHQgYXBwaWRfcmVhZHByb2ZpbGUgYXBwaWRfcmVhZHVzZXJhdHRyIGFwcGlkX3dyaXRldXNlcmF0dHIifQ.RDUrrVlMMrhBHxMpKEzQwwQZ5i4hHLSloFVQHwo2SyDYlU83oDgAUXBsCqehXr19PEFPOL5kjXrEeU6V5W8nyRiz3iOBQX7z004-ddf_heY2HEuvAAjqwox9kMlhpYMlMGpwuYwtKYAEcC28qHvg5UKN4CPfzUmP6bSqK2X4A5J11d4oEYNzcHCJpiQgMqbJ_it6UFGXkiQU26SVUq74_gW0_AUHuPmQxCU3-abW1F_PenRE9mJhdcOG2iWYKv5qzP7-DUx0j02ar4ylXjcMmwK0xK3iigoD-ZN_MJs6tUGg2X5ZSk_6rNmtWUlpWZkQNQw4XOBL3K9OAu5pmE-YNg" - - public static var ID_TOKEN = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpPU0UifQ.eyJpc3MiOiJtb2JpbGVjbGllbnRhY2Nlc3Muc3RhZ2UxLm5nLmJsdWVtaXgubmV0IiwiYXVkIjoiMjZjYjAxMmViMzI3YzYxMmQ5MGE2ODE5MTYzYjZiY2JkNDg0OWNiYiIsImV4cCI6MTQ4NzA4NDg3OCwiYXV0aF9ieSI6ImZhY2Vib29rIiwidGVuYW50IjoiNGRiYTk0MzAtNTRlNi00Y2YyLWE1MTYtNmY3M2ZlYjcwMmJiIiwiaWF0IjoxNDg3MDgxMjc4LCJuYW1lIjoiRG9uIExvbiIsImVtYWlsIjoiZG9ubG9ucXdlcnR5QGdtYWlsLmNvbSIsImdlbmRlciI6Im1hbGUiLCJsb2NhbGUiOiJlbl9VUyIsInBpY3R1cmUiOiJodHRwczovL3Njb250ZW50Lnh4LmZiY2RuLm5ldC92L3QxLjAtMS9wNTB4NTAvMTM1MDE1NTFfMjg2NDA3ODM4Mzc4ODkyXzE3ODU3NjYyMTE3NjY3MzA2OTdfbi5qcGc_b2g9MjQyYmMyZmI1MDU2MDliNDQyODc0ZmRlM2U5ODY1YTkmb2U9NTkwN0IxQkMiLCJpZGVudGl0aWVzIjpbeyJwcm92aWRlciI6ImZhY2Vib29rIiwiaWQiOiIzNzc0NDAxNTkyNzU2NTkifV0sIm9hdXRoX2NsaWVudCI6eyJuYW1lIjoidGVzdEFwcERpc3BsYXlOYW1lIiwidHlwZSI6Im1vYmlsZWFwcCIsInNvZnR3YXJlX2lkIjoidGVzdEFwcCIsInNvZnR3YXJlX3ZlcnNpb24iOiIxLjAiLCJkZXZpY2VfaWQiOiI5NjAwRTAxRS1FNUYxLTRGREQtQjlDOS1EMjRDNDE4REE5NDciLCJkZXZpY2VfbW9kZWwiOiJpUGhvbmUiLCJkZXZpY2Vfb3MiOiJpUGhvbmUgT1MifX0.ejXqFMGKtZ3qQo-Uq6xLR9ZgfM2gNUwd_XwELHwd8bpgzSTYmfunM_rdzvEGaA4thH78gMK9vsSIEROkmiOpyB40sOmMexyWVPscNnaU3LNZu-ePpJbTkvurwhtscsnB-Vexua5m5ls-nVS3-i0y7J28TAf653UO0Xf8I04kXeFxYS7VbaQd0TttxtDqmYNokjCC22_MACPIxfOukDQY8PjPGysgugYHMfyERDTgi1RmgZMEc4XzZkMQjhfw30i3EATP2iTUWREjlJdyQXKTH3UqewEuPGFduUGPq9Jk1sHNhHB9U28PkFs_Gc5jVu3MnFbT5pSvJ7AwEhusl4G70Q" - - public static let jwk = "{\"keys\":[{\"kty\":\"RSA\",\"use\":\"sig\",\"n\":\"AJ-E8O4KJT6So_lUkCIkU0QKW7QjMp9vG7S7vZx0M399idZ4mP7iWWW6OTvjLHpDTx7uapiwRQktDNx3GHigJDmbbu8_VtS5K6J6be1gVrvu6pxmZtrz8PazlH5WYxkuUIfUYpzyfUubZzqzuVWqQO0W9kOhFN7HILAxb1WsQREX-iLg14MGGafrQnJgXHBAwSH0OOJr7v-nRz8AFCAicN8v0uIar9lRA7JRHQCZtpI_lkSGKKBQT1Zae9-9YlWbZlfXErQS1uYoAb3j3uaLbJVO7SNjQqEsRTjYxfpBsTtkvJmwcwA0wV2gBO3JR6K6ep0Y_KyMR8w9Fd_lvJqdltU\",\"e\":\"AQAB\",\"kid\":\"appId-1504685961000-c2d3da94-c901-4392-8f27-d90efd28b5b7\"}]}" - - public static let kid = "appId-1504685961000-c2d3da94-c901-4392-8f27-d90efd28b5b7" - + + public static var ACCESS_TOKEN = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImFwcElkLWRiOGEyN2M0LWI4ODctNGY4ZC1hODlmLWYxMmZiNzc1YjMxMS0yMDE4LTA4LTAyVDEyOjA0OjA5LjcyOCIsInZlciI6NH0.eyJpc3MiOiJodHRwczovL2V1LWdiLmFwcGlkLnRlc3QuY2xvdWQuaWJtLmNvbS9vYXV0aC92NC9kYjhhMjdjNC1iODg3LTRmOGQtYTg5Zi1mMTJmYjc3NWIzMTEiLCJleHAiOjE1NTI1MDI0MjQsImF1ZCI6WyIyMWU4YjUyMy1lYjQyLTRhMzQtYTA1Ny0wNGNhOTQ0NWY2ZmYiXSwic3ViIjoiMGU4NzRhZDEtMzJiZS00NWI5LWExNmEtZmEyOGIyZjMyZmNkIiwiYW1yIjpbImdvb2dsZSJdLCJpYXQiOjE1NTI1MDI0MjIsInRlbmFudCI6ImRiOGEyN2M0LWI4ODctNGY4ZC1hODlmLWYxMmZiNzc1YjMxMSIsInNjb3BlIjoib3BlbmlkIGFwcGlkX2RlZmF1bHQgYXBwaWRfcmVhZHByb2ZpbGUgYXBwaWRfcmVhZHVzZXJhdHRyIGFwcGlkX3dyaXRldXNlcmF0dHIgYXBwaWRfYXV0aGVudGljYXRlZCJ9.QZ1uz8ywb8A_KQrovTosNUqTXWi1-aZnBZ9QKmYY99UM-S8MdzpbTcZBh1gdP1NaxRlB_xNlLOp22tKLA5tdiHGW1y9BDjRqUR04rCUDMVgwRUU2j7X6v1wHpA05op0goWwOPzlX3oEfbTYjBsBpvtqHvXlbTdQg0rToMmbKne_F8bnQjKLHRWv2eJ5UND7UZ0Wcv2jJyNkbiAqziDtcuEYCy955D1pJka9eW9b5yFNvjh31zqL8Cd5gOoIez1V4PFlWL2IDAG27F5-hrAet1meqWwrO-rmm6kUXT6jgtUJpk48zngmwknbr5JUr93aSjlFnkVRzPiI1_KetRbdsxQ" + + public static var ID_TOKEN = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImFwcElkLWRiOGEyN2M0LWI4ODctNGY4ZC1hODlmLWYxMmZiNzc1YjMxMS0yMDE4LTA4LTAyVDEyOjA0OjA5LjcyOCIsInZlciI6NH0.eyJpc3MiOiJodHRwczovL2V1LWdiLmFwcGlkLnRlc3QuY2xvdWQuaWJtLmNvbS9vYXV0aC92NC9kYjhhMjdjNC1iODg3LTRmOGQtYTg5Zi1mMTJmYjc3NWIzMTEiLCJhdWQiOlsiMjFlOGI1MjMtZWI0Mi00YTM0LWEwNTctMDRjYTk0NDVmNmZmIl0sImV4cCI6MTU1MjUwMjQyNCwidGVuYW50IjoiZGI4YTI3YzQtYjg4Ny00ZjhkLWE4OWYtZjEyZmI3NzViMzExIiwiaWF0IjoxNTUyNTAyNDIyLCJlbWFpbCI6ImRvbmxvbnF3ZXJ0eUBnbWFpbC5jb20iLCJuYW1lIjoiTG9uIERvbiIsImxvY2FsZSI6ImVuIiwicGljdHVyZSI6Imh0dHBzOi8vbGg2Lmdvb2dsZXVzZXJjb250ZW50LmNvbS8tTHlLSFo5UFdoaWMvQUFBQUFBQUFBQUkvQUFBQUFBQUFBQ2svQW1TamU0SEVpMUEvcGhvdG8uanBnIiwic3ViIjoiMGU4NzRhZDEtMzJiZS00NWI5LWExNmEtZmEyOGIyZjMyZmNkIiwiaWRlbnRpdGllcyI6W3sicHJvdmlkZXIiOiJnb29nbGUiLCJpZCI6IjEwNTc0NzcyNTA2ODYwNTA4NDY1NyJ9XSwiYW1yIjpbImdvb2dsZSJdfQ.QSD6li3Lo2zFG_Iy-IWdh0wJ4tWauc0Mj5IekP5ai3puLocuk6ucQnwKgqOt5lxALSosmXLb8fQsrZixmDWmthkdmY523t6rRIJvRO9-dJXc8fCkdYJdG6AuOwb_e9eHgg41U-E3AeIoc4n0JKkXkQKDTz8I6gfPQua7UPfzsODMjqCp95JevjLJbxHm2lLq-aT2zR0YDG4P-hJb335fxFGlQNldLvYtN8hQfHo_8xeriIH3zYjTqYiXMgSoM6xsU3WwFOD_IShqR2CEXD9sxEXfpdt4SJeJ79--0kTQ958CCb0nnbOjrjqzSSh-U52DWFLgU2jdkQg0nfB29lcGnQ" + + public static var malformedIdTokenNoSubject = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImFwcElkLWJkOWZiOGM4LWU4ZDctNDY3MS1hN2JiLTQ4ZTJlZDVmY2I3Ny0yMDE5LTAxLTIzVDIyOjQyOjM0LjI4NCJ9.eyJpc3MiOiJodHRwczovL2FwcGlkLW9hdXRoLnN0YWdlMS5ldS1nYi5ibHVlbWl4Lm5ldCIsImF1ZCI6WyJlMjY0NjYwNWY1YjQzZTQ0YzUzYzcwMjhiYWM2NTlmMjNmZmI1ZTM5Il0sImV4cCI6MTU1MDQ1NjU3MCwidGVuYW50IjoiYmQ5ZmI4YzgtZThkNy00NjcxLWE3YmItNDhlMmVkNWZjYjc3IiwiaWF0IjoxNTUwNDU2MjcwLCJ2ZXJzaW9uIjoidjQiLCJhbXIiOlsiZmFjZWJvb2siXSwiYXpwIjoiZTI2NDY2MDVmNWI0M2U0NGM1M2M3MDI4YmFjNjU5ZjIzZmZiNWUzOSJ9.gYwk5ZL4xUjN-aEUDcTytMm5GIac7DQunO4LVJmlFqk_jiRqjZp_oXVJn_1GfVjJ2rmiF65wcZIG2CJ6Xb45uUQHqWiIsOfB82g9HoS25BquVpZT_90-bHAuZDsWz7BTiU5FxQErnv_RuymWGSkEwusagibE3HGwnmOBliX2AbAXUPVjzSesfs4Axiy_bU0O-ALfftJDIyzfh8lymSssTy-fL7rBDmEMyLt95LB0YzYT7I4c6Tu46N59wRtG3HYAPSgGRuy-hoFK-M9TNFtf55_UVhws9tG4AffjRajemVZV8pyqEai2T_E80Zj-OIfBhqkTkc72dno8u9E7-krnPg" + + public static var malformedAccessTokenMissingKid = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpPU0UifQ.eyJpc3MiOiJhcHBpZC1vYXV0aC5uZy5ibHVlbWl4Lm5ldCIsImV4cCI6MTUyOTY5NjQyNSwiYXVkIjpbIjA2YTQyMDQ2OWM0YmVhMmE2OTRhYTdlOTcxZDE1NjgwYmI2OTc5NGEiXSwic3ViIjoiOTY5ZGViZmUtMWE3Mi00OTk0LWJlMTQtY2Y4MzJhNzFiNTllIiwiYW1yIjpbImFwcGlkX2Fub24iXSwiaWF0IjoxNTI3MTA0NDI1LCJ0ZW5hbnQiOiJjMmQzZGE5NC1jOTAxLTQzOTItOGYyNy1kOTBlZmQyOGI1YjciLCJzY29wZSI6Im9wZW5pZCBhcHBpZF9kZWZhdWx0IGFwcGlkX3JlYWRwcm9maWxlIGFwcGlkX3JlYWR1c2VyYXR0ciBhcHBpZF93cml0ZXVzZXJhdHRyIn0.YTVq0j6ApiN-DAQH0wHetk4NWml52alid5OjMjzUUVywl5LYuiNPBEAtbgRUQ9un7M7IyTTkUZhZUpIjm1Hh5rbpxecau-3X84CzzMU98shZYoMtjHdwl-zF_cRvu0jnL4AEuV9oF5pEwFzFmBOboZYxeNRTZwFKCIekkfBhvw4" + + public static let jwks = "{\"keys\":[{\"kty\":\"RSA\",\"use\":\"sig\",\"n\":\"AJvyFiaRrL1IiQyV8Uy-xjmvvjB7Zsaz3VqeUhFMuvRNudKx5F4o8Etd3xYHCd_aGuOR2GbDSGcoVsXrc00rs-vpj1IWhP5QTofParfRScZsi4i0tyihD6uzaHGe9Bc3__iGwzZFSFTVadCxsmEwJ176ExfYHptY1Dv3TCmVZ-6LE0KghhY2PnaR9zua88TToOES7w2UN2EhMm3490eFV3llnKG02dX5x0QSBuP_7PITMHUTxy1MCmqso4KhwwD_qrCUuepcKc1u9S2DWPV6-gqApvKHn8DTqrdNXqbIyfNTGy3SVo1JFeJpWwLH31IKmZHWQ6A4tdyoHK7GrtcokfM\",\"e\":\"AQAB\",\"kid\":\"appId-bd9fb8c8-e8d7-4671-a7bb-48e2ed5fcb77-2019-01-23T22:42:34.284\"}]}" + + public static let jwk = "{\r\n \"keys\": [\r\n {\r\n \"kty\": \"RSA\",\r\n \"use\": \"sig\",\r\n \"n\": \"ALePj2tZTsUDtGlBKMPU1GjbdpVdKPITqDyLM4YhktHzrB2tt690Sdkr5g8wTFflhMEsNARxQnDr7ZywIgsCvpAqv8JSzuoIu-N8hp3FJeGvMJ_4Fh7mlrxh_KVE7Xv1zbqCGSrmsiWsA-Y0Fxt4QEcPlPd_BDh1W7_vm5WuP0sCNsclziq9t7UIrIrvHXFRA9nuxMsM2OfaisU0T9PczfO16EuJW6jflmP6J3ewoJ1AT1SbX7e98ecyD2Ke5I0ta33yk7AVCLtzubJz2NCDGPTWRivqFC0J1OkV90jzme4Eo7zs-CDK-ItVCkV4mgX6Caknd_j2hucGN4fMUDviWwE\",\r\n \"e\": \"AQAB\",\r\n \"kid\": \"appId-1533805626000-71b34890-a94f-4ef2-a4b6-ce094aa68092\"\r\n },\r\n {\r\n \"kty\": \"RSA\",\r\n \"use\": \"sig\",\r\n \"n\": \"AMniJfma7obdg2AMkucEo5QV4ohy6rHPnuYl7gOGTKLdkQ2cpPx4a5viHaKiny3KpqfR2ny7OvsmB3UAYk3_rfCaNrtB5_zz2H-GxxDPYEPniYztU9aRyw5NlWUtpcAAkaXPRkzfKndUFg74W8h_HHm0DL-5KySiAPcfNnyT6fvf0ycNtYbngh0CSNzJQq7vZDZboZMaVkASgR11uOGV-RGnQ4shRc4z3qv7f4_jnDW4WsB0RzrgPGRJ9fSNrQS78LAfIbdzigfgR4_TxifhemwzYwpJ5PYV2pxHs6DuLUODbvIhWahZR_iJWoxpZZdxNDirycJ2CP_On1T3-urz4SM\",\r\n \"e\": \"AQAB\",\r\n \"kid\": \"appId-71b34890-a94f-4ef2-a4b6-ce094aa68092-2018-08-02T11:53:36.497\"\r\n }\r\n ]\r\n}" + + public static let kid = "appId-71b34890-a94f-4ef2-a4b6-ce094aa68092-2018-08-02T11:53:36.497" + public static let malformedAccessTokenInvalidAlg = "eyJraWQiOiJraWQiLCJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJpc3MiOiJtb2JpbGVjbGllbnRhY2Nlc3Muc3RhZ2UxLm5nLmJsdWVtaXgubmV0IiwiZXhwIjoxNDg3MDg0ODc4LCJhdWQiOiIyNmNiMDEyZWIzMjdjNjEyZDkwYTY4MTkxNjNiNmJjYmQ0ODQ5Y2JiIiwiaWF0IjoxNDg3MDgxMjc4LCJhdXRoX2J5IjoiZmFjZWJvb2siLCJ0ZW5hbnQiOiI0ZGJhOTQzMC01NGU2LTRjZjItYTUxNi02ZjczZmViNzAyYmIiLCJzY29wZSI6ImFwcGlkX2RlZmF1bHQgYXBwaWRfcmVhZHByb2ZpbGUgYXBwaWRfcmVhZHVzZXJhdHRyIGFwcGlkX3dyaXRldXNlcmF0dHIifQ.HHterec250JSDY1965cM2DadBznl2wTKmzKNSnfjpdTAqax9VZvV3EwuFbEnGp9-i6AC-OlsVj7xvbALkdjwG2lZvpQx0M_gRc_3E0NiYuOGVolcm0wEXtbtDUFFqZQAf9BYYOPZ8OintdBiwUGETbH1ZRVtUvt3nalIko1OPE1Q12LvuRlhz5MClNHmvxJcXc7kucxCx4s4UFFy_HJA1gow7HWFqc9-PZf4JMWA-siYqPrdw_zYeBTBzE5co92F6JBEtGLLCjhJVz9eYgLLECXbak3z6hOaY9352Weuj7AgMOWxzw56jKKsiixMtvzrCzLVIcRUG96UJszwPHtPlA" - + public static let expAcessToken = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpPU0UifQ.eyJpc3MiOiJpbWYtYXV0aHNlcnZlci5zdGFnZTEubXlibHVlbWl4Lm5ldCIsImV4cCI6MTQ4OTk1NzQ1OSwiYXVkIjoiNDA4ZWIzNmEyYTA2OWFkODljZDE5Yzc4OWE5NmI3Y2YzNmI1NTBlYyIsInN1YiI6IjA5YjdmZWE1LTJlNGUtNDBiOC05ZDgxLWRmNTAwNzFhMzA1MyIsImFtciI6WyJmYWNlYm9vayJdLCJpYXQiOjE0ODczNjU0NTksInRlbmFudCI6IjUwZDBiZWVkLWFkZDctNDhkZC04YjBhLWM4MThjYjQ1NmJiNCIsInNjb3BlIjoiYXBwaWRfZGVmYXVsdCBhcHBpZF9yZWFkcHJvZmlsZSBhcHBpZF9yZWFkdXNlcmF0dHIgYXBwaWRfd3JpdGV1c2VyYXR0ciJ9.gQq4_IxbkPg1FsVZiiTqsejURL4E_Ijr8U1vDob-06GcsorVijS7HHf0kgWD84cDNa6z4Lp7HkmvI8vmiUIfV6ch-xJS_LSJphKy5nZxXqVHchRDJAMUNMiAYqC5ohZ4MXmjuGFIrVl1iZdTyP5Oz-5e6UzDccdAGkPokNs_IyXwiSmGWF5fOKSgfqANYwRBaC-JeXlzEcVZ697q92kiErBNl3ziuSFWxss86ZHHiKdLoHUpkDRKgPHwSQmE_Kwzj8v8Td9WuIVwXCF-D4koTuPJSe2aPqCLuV28PE9wRh5j3sFraKbQIcjuHuiAd5KBhzwaeVT20_0zrgyr3QG0Vg" - - public static let appAnonAccessToken = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpPU0UiLCJraWQiOiJhcHBJZC0xNTA0Njg1OTYxMDAwLWMyZDNkYTk0LWM5MDEtNDM5Mi04ZjI3LWQ5MGVmZDI4YjViNyJ9.eyJpc3MiOiJhcHBpZC1vYXV0aC5uZy5ibHVlbWl4Lm5ldCIsImV4cCI6MTUyOTY5NjQyNSwiYXVkIjoiMDZhNDIwNDY5YzRiZWEyYTY5NGFhN2U5NzFkMTU2ODBiYjY5Nzk0YSIsInN1YiI6Ijk2OWRlYmZlLTFhNzItNDk5NC1iZTE0LWNmODMyYTcxYjU5ZSIsImFtciI6WyJhcHBpZF9hbm9uIl0sImlhdCI6MTUyNzEwNDQyNSwidGVuYW50IjoiYzJkM2RhOTQtYzkwMS00MzkyLThmMjctZDkwZWZkMjhiNWI3Iiwic2NvcGUiOiJvcGVuaWQgYXBwaWRfZGVmYXVsdCBhcHBpZF9yZWFkcHJvZmlsZSBhcHBpZF9yZWFkdXNlcmF0dHIgYXBwaWRfd3JpdGV1c2VyYXR0ciJ9.WGnEmW7RstkIAkjXswJgwuwQauprUP808nE9pkKP_NpImc0vh6AsrVmmGuAh5tzGZ_8Y9_4vBR4LpRUzBWI3lRgWW6fX3hJqQdHv8zJpkIcg7FkpXmF_0TSll3_KeRes7ks5jEQ55MvOly6I3-PaKcX--cxNXnMBkjIRl3DQdSecxaIAWrov9efrrtee93eo6r8VGKVAgUEyj88WJQYSac9odhIx8PgA0NgdriGDqHp1oewDjpiM6Hxxv4Ph3LmnY46XdI2fg6pSTT6f9OGTAMoDWyDOEkVr0zUlhcEDYtofhCpO6mSJyvRzLQDVKhwHNeCYqhwh0xGuyXaCXKqvdA" - - public static let clientId = "06a420469c4bea2a694aa7e971d15680bb69794a" - + + public static var ACCESS_TOKEN_INVALID_AUD = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImFwcElkLTcxYjM0ODkwLWE5NGYtNGVmMi1hNGI2LWNlMDk0YWE2ODA5Mi0yMDE4LTA4LTAyVDExOjUzOjM2LjQ5NyIsInZlcnNpb24iOjR9.eyJpc3MiOiJodHRwczovL2V1LWdiLmFwcGlkLnRlc3QuY2xvdWQuaWJtLmNvbS9vYXV0aC92NC83MWIzNDg5MC1hOTRmLTRlZjItYTRiNi1jZTA5NGFhNjgwOTIiLCJleHAiOjE1NTA4NzMwNzQsImF1ZCI6WyIzYjljNDE0ZTIzYjU3ZWY1Y2I3NDFjMGQ3ZjZkNzM3MmQyMTI2NzYzIl0sImF6cCI6IjNiOWM0MTRlMjNiNTdlZjVjYjc0MWMwZDdmNmQ3MzcyZDIxMjY3NjMiLCJzdWIiOiJmNGJiNzczMy02ZTRlLTRhNTMtOWE0YS04YzVkMmNlZTA2ZWEiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiYW1yIjpbImNsb3VkX2RpcmVjdG9yeSJdLCJpYXQiOjE1NTA4Njk0NzQsInRlbmFudCI6IjcxYjM0ODkwLWE5NGYtNGVmMi1hNGI2LWNlMDk0YWE2ODA5MiIsInNjb3BlIjoib3BlbmlkIGFwcGlkX2RlZmF1bHQgYXBwaWRfcmVhZHByb2ZpbGUgYXBwaWRfcmVhZHVzZXJhdHRyIGFwcGlkX3dyaXRldXNlcmF0dHIgYXBwaWRfYXV0aGVudGljYXRlZCJ9.Yg_13wauGdw13jtLNyG0KZqQhHJvRvCZB4aRvsCE7vyLmTS1qb4Yz7UasxvMdNOPvtk74KFVtg-gup2ptbCpJB7sH6QgQAWxp4eNVRbjAPgP-q1gZ-_5P-uxU2Sr5YwiMUin_bnIRImqaoRayqbkRV30BbB9enAt-VIONDAO002d8yOLr5ReWPcFCCfPLnVnIne2gv3-S8grbTHV7AwQ7TYrQbmC9VgAy678qttIg7shGxSKWyNAlybzPl7wN6YlXclilog5yhhDL9gGemDlez_SAQyyDi1dFpoNuv_xQRBfdXaLpmB9bFQ-zCx2xlDWHiPv5AON8stDwEXkwsfBaA" + + public static var ID_TOKEN_INVALID_AUD = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImFwcElkLTcxYjM0ODkwLWE5NGYtNGVmMi1hNGI2LWNlMDk0YWE2ODA5Mi0yMDE4LTA4LTAyVDExOjUzOjM2LjQ5NyIsInZlcnNpb24iOjR9.eyJpc3MiOiJodHRwczovL2V1LWdiLmFwcGlkLnRlc3QuY2xvdWQuaWJtLmNvbS9vYXV0aC92NC83MWIzNDg5MC1hOTRmLTRlZjItYTRiNi1jZTA5NGFhNjgwOTIiLCJhdWQiOlsiM2I5YzQxNGUyM2I1N2VmNWNiNzQxYzBkN2Y2ZDczNzJkMjEyNjc2MyJdLCJleHAiOjE1NTA4NzMwNzQsInRlbmFudCI6IjcxYjM0ODkwLWE5NGYtNGVmMi1hNGI2LWNlMDk0YWE2ODA5MiIsImlhdCI6MTU1MDg2OTQ3NCwiZW1haWwiOiJ0ZXN0dXNlckBpYm0uY29tIiwibmFtZSI6InRlc3R1c2VyIiwic3ViIjoiZjRiYjc3MzMtNmU0ZS00YTUzLTlhNGEtOGM1ZDJjZWUwNmVhIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsInByZWZlcnJlZF91c2VybmFtZSI6InRlc3R1c2VyIiwiaWRlbnRpdGllcyI6W3sicHJvdmlkZXIiOiJjbG91ZF9kaXJlY3RvcnkiLCJpZCI6IjAwYWE2OTE2LTlhYmUtNDUyNy04ZmU5LTk3ZTk4ZjQ4ZWRhNyJ9XSwiYW1yIjpbImNsb3VkX2RpcmVjdG9yeSJdLCJhenAiOiIzYjljNDE0ZTIzYjU3ZWY1Y2I3NDFjMGQ3ZjZkNzM3MmQyMTI2NzYzIn0.uRdv7XhU8EwAWJx1FiAIKj9pDEC8dQWSWUArj84exTBGpoUMSiDDbKWR6yBDUeKrtFlWoHoS0PJOXeJZd4bU3a3o-wsIf5pF4aXHkpfCvzmCOFYNgyYQF-VqrCxzbrAc-L1UmmE7b65Xx_h4LCQirkfkXkrfZcQ9scv8Jk-V5GdUlmFC-1cqgEYY4q6KJoqf_8QX5_WR4_wpBRA8Vjwtk6jvQEZe5e2SNrfz17AfKyX9YIaezPzO7ss3JoRQUKrggXotlr7yjTCPAeQ-23cSYofkTXVTctSPhb7QlVP7_811ltNSFGlcH2djQUPZQpph2edEcw5zV6jwx2lVZgNXaQ" + + public static let invalidAudClientId = "3b9c414e23b57ef5cb741c0d7f6d7372d2126763" + public static let invalidAudtenantId = "71b34890-a94f-4ef2-a4b6-ce094aa68092" + + public static let appAnonAccessToken = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImFwcElkLTcxYjM0ODkwLWE5NGYtNGVmMi1hNGI2LWNlMDk0YWE2ODA5Mi0yMDE4LTA4LTAyVDExOjUzOjM2LjQ5NyIsInZlcnNpb24iOjR9.eyJpc3MiOiJodHRwczovL2V1LWdiLmFwcGlkLnRlc3QuY2xvdWQuaWJtLmNvbS9vYXV0aC92NC83MWIzNDg5MC1hOTRmLTRlZjItYTRiNi1jZTA5NGFhNjgwOTIiLCJleHAiOjE1NTM0NjMzMTEsImF1ZCI6WyJiN2FjMWU1NGM3OWIzNzNkYTMzOWY3NTdlMzEwMzFjNTA4ZmNmMTU5Il0sImF6cCI6ImI3YWMxZTU0Yzc5YjM3M2RhMzM5Zjc1N2UzMTAzMWM1MDhmY2YxNTkiLCJzdWIiOiIzZDZiNDU0Zi03MGNmLTRhYTktOTcxYi1hOTQwMjJkNjE2MTMiLCJhbXIiOlsiYXBwaWRfYW5vbiJdLCJpYXQiOjE1NTA4NzEzMTEsInRlbmFudCI6IjcxYjM0ODkwLWE5NGYtNGVmMi1hNGI2LWNlMDk0YWE2ODA5MiIsInNjb3BlIjoib3BlbmlkIGFwcGlkX2RlZmF1bHQgYXBwaWRfcmVhZHByb2ZpbGUgYXBwaWRfcmVhZHVzZXJhdHRyIGFwcGlkX3dyaXRldXNlcmF0dHIifQ.JiMrascZ8kkcCMGmsB1KL4mX2dRq5VrhXeRCWtxzBR8p-SF70xg1mKqRhU1At9YS0ew66zN7r7IxhTOxHEnvsKD_IJdbWQe9PBzAcdXxz_yHyRnbWU1Vd1GI46x3-_CG3kNuTAJ2LXCwZlUcJDLe-v2V2Xz6Sx7Ckj-WTcj1PIt8Tc3lh7KoHnFgjw3hzg07qORnh1HC5QM672nvH-O5hMTMK9cLO0t6PtMWUs1AiH13budDGdi-TlcZ2qrn2c0KJYjpOuYHb7XuEtFJNmumfRSbrqs_XLQ9U-Qm0XdhKk_pKIFx1WtkFOc1_DKrZ1PmFA_uoo2fqpIT4Awg4hnw2g" + + public static let clientId = "21e8b523-eb42-4a34-a057-04ca9445f6ff" + public static let tenantId = "db8a27c4-b887-4f8d-a89f-f12fb775b311" + public static let region = "https://eu-gb.appid.test.cloud.ibm.com" + public static let subject = "0e874ad1-32be-45b9-a16a-fa28b2f32fcd" + public static var ID_TOKEN_WITH_SUBJECT = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpPU0UifQ.eyJzdWIiOiIxMjMifQ.enbXHtja8BJd9_hlIbCgwyMXl8o9s74yDlqH4_11h7xLVasDO8Yy4jNyhVmIIb8jpl4fQfjWjqaOJoD2TqgfhqwQ-tGRjzYYR-f0qAMb99pNDtLS9IFf1yHYM2y65UerZ8qTD4g2s-ZWPk7yvxPMQx-Nrvu-X2uUwvdBCBr02rXpsHdMbeLYA6iwUs58p5hMxOxf3yKrBcTpTJ4EE164BhruEU5HyHhqSM9DTVLvliuapFFIK4CGV3FjvrKnT38yWdxSWtd9ETC79bfBwWTsE0ykMzb7Nq3vA2O0C_pv5IUixkLtTCiT3s5m55WZaqxdFCvOe4BjAt6AWH7slwgZdg" - + } diff --git a/IBMCloudAppIDTests/AuthorizationManagerTests.swift b/IBMCloudAppIDTests/AuthorizationManagerTests.swift index e8b933e..4156895 100644 --- a/IBMCloudAppIDTests/AuthorizationManagerTests.swift +++ b/IBMCloudAppIDTests/AuthorizationManagerTests.swift @@ -244,7 +244,7 @@ public class AuthorizationManagerTests : XCTestCase { func testLaunchChangePassword_success() { let oAuthManager = OAuthManager(appId: AppID.sharedInstance) - AppID.sharedInstance.initialize(tenantId: "tenant1", region: "https://region2") + AppID.sharedInstance.initialize(tenantId: "tenant1", region: AppID.REGION_UK) let authManager = IBMCloudAppID.AuthorizationManager(oAuthManager: oAuthManager) class delegate: AuthorizationDelegate { @@ -292,14 +292,14 @@ public class AuthorizationManagerTests : XCTestCase { tokenManager.extractTokens(response: response, tokenResponseDelegate: delegate(res:"success", expectedErr: "")) oAuthManager.tokenManager = tokenManager authManager.launchChangePasswordUI(authorizationDelegate:delegate(res:"", expectedErr:"")) - XCTAssertEqual(authManager.authorizationUIManager?.redirectUri as String!, "redirect") - let expectedUrl: String! = "https://region2/oauth/v3/tenant1/cloud_directory/change_password?user_id=bd98e7a8-6035-4e07-9d94-04c04c9fd7ab&client_id=someclient&redirect_uri=redirect&language=" + Locale.current.identifier - XCTAssertEqual(authManager.authorizationUIManager?.authorizationUrl as String!, expectedUrl) + XCTAssertEqual(authManager.authorizationUIManager?.redirectUri, "redirect") + let expectedUrl: String = AppID.REGION_UK + "/oauth/v4/tenant1/cloud_directory/change_password?user_id=bd98e7a8-6035-4e07-9d94-04c04c9fd7ab&client_id=someclient&redirect_uri=redirect&language=" + Locale.current.identifier + XCTAssertEqual(authManager.authorizationUIManager?.authorizationUrl, expectedUrl) } func tests_launchDetails() { let oAuthManager = OAuthManager(appId: AppID.sharedInstance) - AppID.sharedInstance.initialize(tenantId: "tenant1", region: "https://region2") + AppID.sharedInstance.initialize(tenantId: "tenant1", region: AppID.REGION_UK) let authManager = MockAuthorizationManagerWithGoodResponse(oAuthManager: oAuthManager) let authManagerNoCode = MockAuthorizationManager(oAuthManager: oAuthManager) let authManagerRequestError = MockAuthorizationManagerWithRequestError(oAuthManager: oAuthManager) @@ -356,9 +356,9 @@ public class AuthorizationManagerTests : XCTestCase { func testLaunchChangeDetails_success(authManager: IBMCloudAppID.AuthorizationManager, delegate: AuthorizationDelegate) { authManager.launchChangeDetailsUI(authorizationDelegate:delegate) - XCTAssertEqual(authManager.authorizationUIManager?.redirectUri as String!, "redirect") - let expectedUrl: String! = "https://region2/oauth/v3/tenant1/cloud_directory/change_details?code=1234&client_id=someclient&redirect_uri=redirect&language=" + Locale.current.identifier - XCTAssertEqual(authManager.authorizationUIManager?.authorizationUrl as String!, expectedUrl) + XCTAssertEqual(authManager.authorizationUIManager?.redirectUri, "redirect") + let expectedUrl: String = AppID.REGION_UK + "/oauth/v4/tenant1/cloud_directory/change_details?code=1234&client_id=someclient&redirect_uri=redirect&language=" + Locale.current.identifier + XCTAssertEqual(authManager.authorizationUIManager?.authorizationUrl, expectedUrl) } func testLaunchChangeDetails_no_code(authManager: IBMCloudAppID.AuthorizationManager, delegate: AuthorizationDelegate) { @@ -516,12 +516,12 @@ public class AuthorizationManagerTests : XCTestCase { } - AppID.sharedInstance.initialize(tenantId: "tenant1", region: "https://region2") + AppID.sharedInstance.initialize(tenantId: "tenant1", region: AppID.REGION_UK) MockRegistrationManager.shouldFail = false authManager.registrationManager = MockRegistrationManager(oauthManager:OAuthManager(appId:AppID.sharedInstance)) authManager.launchForgotPasswordUI(authorizationDelegate: delegate(res: "failure", expectedErr: "")) - let expectedUrl: String! = "https://region2/oauth/v3/tenant1/cloud_directory/forgot_password?client_id=someclient&redirect_uri=redirect&language=" + Locale.current.identifier + let expectedUrl: String! = AppID.REGION_UK + "/oauth/v4/tenant1/cloud_directory/forgot_password?client_id=someclient&redirect_uri=redirect&language=" + Locale.current.identifier XCTAssertEqual(authManager.authorizationUIManager?.authorizationUrl as String!, expectedUrl) } diff --git a/IBMCloudAppIDTests/ConfigTests.swift b/IBMCloudAppIDTests/ConfigTests.swift index e914279..4095d38 100644 --- a/IBMCloudAppIDTests/ConfigTests.swift +++ b/IBMCloudAppIDTests/ConfigTests.swift @@ -30,34 +30,35 @@ public class ConfigTests: XCTestCase { // no region and tenant let appid = AppID.sharedInstance XCTAssertEqual("https://appid-oauth", Config.getServerUrl(appId: appid)) - XCTAssertEqual("appid-oauth", Config.getIssuer(appId: appid)) + XCTAssertEqual("https://appid-oauth", Config.getIssuer(appId: appid)) // with region and tenant appid.initialize(tenantId: "sometenant", region: newRegion) - XCTAssertEqual( newRegion + "/oauth/v3/sometenant", Config.getServerUrl(appId: appid)) + XCTAssertEqual(newRegion + "/oauth/v4/sometenant", Config.getServerUrl(appId: appid)) + + XCTAssertEqual(newRegion + "/oauth/v4/sometenant/publickeys", Config.getPublicKeyEndpoint(appId: appid)) + XCTAssertEqual(newRegion + "/api/v1/", Config.getAttributesUrl(appId: appid)) + XCTAssertEqual(newRegion + "/oauth/v4/sometenant", Config.getIssuer(appId: appid)) - XCTAssertEqual( newRegion + "/oauth/v3/sometenant/publickeys", Config.getPublicKeyEndpoint(appId: appid)) - XCTAssertEqual( newRegion + "/api/v1/", Config.getAttributesUrl(appId: appid)) - XCTAssertEqual("appid-oauth.ng.bluemix.net", Config.getIssuer(appId: appid)) - // with OLD .region and tenant appid.initialize(tenantId: "sometenant", region: oldRegion) - XCTAssertEqual("https://appid-oauth" + oldRegion + "/oauth/v3/sometenant", Config.getServerUrl(appId: appid)) - XCTAssertEqual("https://appid-oauth" + oldRegion + "/oauth/v3/sometenant/publickeys", Config.getPublicKeyEndpoint(appId: appid)) - XCTAssertEqual("https://appid-profiles" + oldRegion + "/api/v1/", Config.getAttributesUrl(appId: appid)) - XCTAssertEqual("appid-oauth" + oldRegion, Config.getIssuer(appId: appid)) + XCTAssertEqual(newRegion + "/oauth/v4/sometenant", Config.getServerUrl(appId: appid)) + XCTAssertEqual(newRegion + "/oauth/v4/sometenant/publickeys", Config.getPublicKeyEndpoint(appId: appid)) + XCTAssertEqual(newRegion + "/api/v1/", Config.getAttributesUrl(appId: appid)) + XCTAssertEqual(newRegion + "/oauth/v4/sometenant", Config.getIssuer(appId: appid)) //with custom region appid.initialize(tenantId: "sometenant", region: customRegion) - XCTAssertEqual("https://appid-oauth" + customRegion + "/oauth/v3/sometenant", Config.getServerUrl(appId: appid)) - XCTAssertEqual("https://appid-oauth" + customRegion + "/oauth/v3/sometenant/publickeys", Config.getPublicKeyEndpoint(appId: appid)) - XCTAssertEqual("https://appid-profiles" + customRegion + "/api/v1/", Config.getAttributesUrl(appId: appid)) - XCTAssertEqual("appid-oauth" + customRegion, Config.getIssuer(appId: appid)) + XCTAssertEqual("https://appid-oauth", Config.getServerUrl(appId: appid)) + XCTAssertEqual("https://appid-oauth/publickeys", Config.getPublicKeyEndpoint(appId: appid)) + XCTAssertEqual("https://appid-profiles", Config.getAttributesUrl(appId: appid)) + XCTAssertEqual("https://appid-oauth", Config.getIssuer(appId: appid)) // with overrideserverhost - AppID.overrideServerHost = "somehost/" + AppID.overrideServerHost = "somehost" + appid.initialize(tenantId: "sometenant", region: newRegion) XCTAssertEqual("somehost/sometenant", Config.getServerUrl(appId: appid)) - XCTAssertEqual("somehost/", Config.getIssuer(appId: appid)) + XCTAssertEqual("somehost/sometenant", Config.getIssuer(appId: appid)) } diff --git a/IBMCloudAppIDTests/OAuthClientTests.swift b/IBMCloudAppIDTests/OAuthClientTests.swift deleted file mode 100644 index 5f78102..0000000 --- a/IBMCloudAppIDTests/OAuthClientTests.swift +++ /dev/null @@ -1,48 +0,0 @@ -/* * Copyright 2016, 2017 IBM Corp. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * http://www.apache.org/licenses/LICENSE-2.0 - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -import Foundation - -import XCTest -import BMSCore -@testable import IBMCloudAppID - -public class OAuthClientTests: XCTestCase { - - func testOAuthClient() { - let idToken = IdentityTokenImpl(with: AppIDTestConstants.ID_TOKEN) - let client = OAuthClientImpl(with: idToken!) - - XCTAssertEqual(client?.type, "mobileapp") - XCTAssertEqual(client?.name, "testAppDisplayName") - XCTAssertEqual(client?.softwareId, "testApp") - XCTAssertEqual(client?.softwareVersion, "1.0") - XCTAssertEqual(client?.deviceId, "9600E01E-E5F1-4FDD-B9C9-D24C418DA947") - XCTAssertEqual(client?.deviceModel, "iPhone") - XCTAssertEqual(client?.deviceOS, "iPhone OS") - client?.oauthClient?["type"] = [:] - XCTAssertNil(client?.type) - client?.oauthClient?["name"] = [:] - XCTAssertNil(client?.name) - client?.oauthClient?["software_id"] = [:] - XCTAssertNil(client?.softwareId) - client?.oauthClient?["software_version"] = [:] - XCTAssertNil(client?.softwareVersion) - client?.oauthClient?["device_id"] = [:] - XCTAssertNil(client?.deviceId) - client?.oauthClient?["device_model"] = [:] - XCTAssertNil(client?.deviceModel) - client?.oauthClient?["device_os"] = [:] - XCTAssertNil(client?.deviceOS) - - } - -} diff --git a/IBMCloudAppIDTests/RegistrationManagerTests.swift b/IBMCloudAppIDTests/RegistrationManagerTests.swift index 8f8f827..2fea222 100644 --- a/IBMCloudAppIDTests/RegistrationManagerTests.swift +++ b/IBMCloudAppIDTests/RegistrationManagerTests.swift @@ -61,7 +61,9 @@ public class RegistrationManagerTests: XCTestCase { XCTAssertEqual(request.httpMethod, HttpMethod.POST) XCTAssertEqual(request.headers, [Request.contentType : "application/json"]) XCTAssertEqual(request.timeout, BMSClient.sharedInstance.requestTimeout) - let expectedString = "{\"token_endpoint_auth_method\":\"client_secret_basic\",\"device_model\":\"iPhone\",\"software_version\":\"1.0\",\"client_type\":\"mobileapp\",\"device_os\":\"iOS\",\"software_id\":\"oded.dummyAppForKeyChain\",\"grant_types\":[\"authorization_code\",\"password\"],\"jwks\":{\"keys\":[{\"e\":\"AQAB\",\"kty\":\"RSA\",\"n\":\"AOH-nACU3cCopAz6_SzJuDtUyN4nHhnk9yfF9DFiGPctXPbwMXofZvd9WcYQqtw-w3WV_yhui9PrOVfVBhk6CmM=\"}]},\"redirect_uris\":[\"oded.dummyAppForKeyChain:\\/\\/mobile\\/callback\"],\"device_id\":\"" + (UIDevice.current.identifierForVendor?.uuidString)! + "\",\"response_types\":[\"code\"],\"device_os_version\":\"" + UIDevice.current.systemVersion + "\"}" + let expectedString = + "{\"grant_types\":[\"authorization_code\",\"password\"],\"device_os\":\"iOS\",\"device_os_version\":\"" + UIDevice.current.systemVersion + "\",\"client_type\":\"mobileapp\",\"device_id\":\"" + (UIDevice.current.identifierForVendor?.uuidString)! + "\",\"device_model\":\"iPhone\",\"jwks\":{\"keys\":[{\"n\":\"AOH-nACU3cCopAz6_SzJuDtUyN4nHhnk9yfF9DFiGPctXPbwMXofZvd9WcYQqtw-w3WV_yhui9PrOVfVBhk6CmM=\",\"kty\":\"RSA\",\"e\":\"AQAB\"}]},\"software_version\":\"1.0\",\"token_endpoint_auth_method\":\"client_secret_basic\",\"response_types\":[\"code\"],\"redirect_uris\":[\"oded.dummyAppForKeyChain:\\/\\/mobile\\/callback\"],\"software_id\":\"oded.dummyAppForKeyChain\"}" + let actualString = String(data: registrationParamsAsData!, encoding: .utf8) let actual = try! Utils.parseJsonStringtoDictionary(String(data: registrationParamsAsData!, encoding: .utf8)!) let expected = try! Utils.parseJsonStringtoDictionary(expectedString) XCTAssertTrue(NSDictionary(dictionary: actual).isEqual(to: expected)) diff --git a/IBMCloudAppIDTests/TokenManagerTests.swift b/IBMCloudAppIDTests/TokenManagerTests.swift index 2472d83..a9525e5 100644 --- a/IBMCloudAppIDTests/TokenManagerTests.swift +++ b/IBMCloudAppIDTests/TokenManagerTests.swift @@ -648,7 +648,7 @@ class TokenManagerTests: XCTestCase { } func testExtractTokensFailsMissingKid() { - let data = "{\"access_token\":\"\(AppIDTestConstants.ACCESS_TOKEN)\",\"id_token\":\"\(AppIDTestConstants.ID_TOKEN)\",\"expires_in\":3600}".data(using: .utf8) + let data = "{\"access_token\":\"\(AppIDTestConstants.malformedAccessTokenMissingKid)\",\"id_token\":\"\(AppIDTestConstants.ID_TOKEN)\",\"expires_in\":3600}".data(using: .utf8) let response = Response(responseData: data, httpResponse: nil, isRedirect: false) let tokenRespDelegate = ExtractTokensDelegate(res:"failure", expectedErr: "Invalid token : Missing kid") tokenManager.extractTokens(response: response, tokenResponseDelegate: tokenRespDelegate) @@ -708,7 +708,7 @@ class TokenManagerTests: XCTestCase { oauthManager.registrationManager?.preferenceManager.getJSONPreference(name: AppIDConstants.registrationDataPref).set([AppIDConstants.client_id_String : AppIDTestConstants.clientId]) let manager:TokenManager = TokenManager(oAuthManager: OAuthManager(appId: mockAppId)) - MockAppId.overrideServerHost = "https://us-south.appid.cloud.ibm.com/oauth/v3/" + MockAppId.overrideServerHost = "https://us-south.appid.cloud.ibm.com/oauth/v4/" manager.validateToken(token: validToken, key: key, tokenResponseDelegate: tokenRespDelegatIssuer) {tokenRespDelegatIssuer.onAuthorizationSuccess(accessToken: validToken,identityToken: nil,refreshToken: nil,response:response)} XCTAssertEqual(tokenRespDelegatIssuer.success, 0) @@ -717,7 +717,7 @@ class TokenManagerTests: XCTestCase { } func testValidateTokenFailsInvalidAud() { - let respData = "{\"access_token\":\"\(AppIDTestConstants.appAnonAccessToken)\",\"id_token\":\"\(AppIDTestConstants.ID_TOKEN)\",\"expires_in\":3600}".data(using: .utf8) + let respData = "{\"access_token\":\"\(AppIDTestConstants.ACCESS_TOKEN_INVALID_AUD)\",\"id_token\":\"\(AppIDTestConstants.ID_TOKEN_INVALID_AUD)\",\"expires_in\":3600}".data(using: .utf8) let response = Response(responseData: respData, httpResponse: nil, isRedirect: false) let tokenRespDelegate = ExtractTokensDelegate(res:"failure", expectedErr: "Token verification failed : invalid audience") let publicKeys = getPublicKeys() @@ -726,30 +726,28 @@ class TokenManagerTests: XCTestCase { return } - guard let validToken = AccessTokenImpl(with: AppIDTestConstants.appAnonAccessToken) else { + guard let validToken = AccessTokenImpl(with: AppIDTestConstants.ACCESS_TOKEN_INVALID_AUD) else { tokenRespDelegate.onAuthorizationFailure(error: .authorizationFailure("Error in token creation")) return } let mockAppId = MockAppId.sharedInstance - mockAppId.initialize(tenantId: "4dba9430-54e6-4cf2-a516", region: "https://us-south.appid.cloud.ibm.com") + mockAppId.initialize(tenantId: AppIDTestConstants.invalidAudtenantId, region: AppIDTestConstants.region) let oauthManager = OAuthManager(appId: mockAppId) oauthManager.registrationManager?.preferenceManager.getJSONPreference(name: AppIDConstants.registrationDataPref).set([AppIDConstants.client_id_String : "clientId"]) let manager:TokenManager = TokenManager(oAuthManager: oauthManager) - MockAppId.overrideServerHost = "https://appid-oauth.ng.bluemix.net/" - + MockAppId.overrideServerHost = nil + manager.validateToken(token: validToken, key: key, tokenResponseDelegate: tokenRespDelegate) {tokenRespDelegate.onAuthorizationSuccess(accessToken: validToken,identityToken: nil,refreshToken: nil,response:response)} XCTAssertEqual(tokenRespDelegate.success, 0) XCTAssertEqual(tokenRespDelegate.fails, 1) XCTAssertEqual(tokenRespDelegate.cancel, 0) } - - - func testValidateTokenFailsInvalidTenant() { + func testValidateTokenFailsInvalidIssuerDifferentTenant() { let respData = "{\"access_token\":\"\(AppIDTestConstants.appAnonAccessToken)\",\"id_token\":\"\(AppIDTestConstants.ID_TOKEN)\",\"expires_in\":3600}".data(using: .utf8) let response = Response(responseData: respData, httpResponse: nil, isRedirect: false) - let tokenRespDelegateTenant = ExtractTokensDelegate(res:"failure", expectedErr: "Token verification failed : invalid tenant") + let tokenRespDelegateTenant = ExtractTokensDelegate(res:"failure", expectedErr: "Token verification failed : invalid issuer") let publicKeys = getPublicKeys() guard let key = publicKeys[AppIDTestConstants.kid] else { tokenRespDelegateTenant.onAuthorizationFailure(error: .authorizationFailure("Failed to get public key")) @@ -762,12 +760,12 @@ class TokenManagerTests: XCTestCase { } let mockAppId = MockAppId.sharedInstance - mockAppId.initialize(tenantId: "4dba9430-54e6-4cf2-a516", region: "https://appid-oauth.ng.bluemix.net") + mockAppId.initialize(tenantId: "4dba9430-54e6-4cf2-a516", region: "https://eu-gb.appid.test.cloud.ibm.com") let oauthManager = OAuthManager(appId: mockAppId) oauthManager.registrationManager?.preferenceManager.getJSONPreference(name: AppIDConstants.registrationDataPref).set([AppIDConstants.client_id_String : AppIDTestConstants.clientId]) let manager:TokenManager = TokenManager(oAuthManager: OAuthManager(appId: mockAppId)) - MockAppId.overrideServerHost = "https://appid-oauth.ng.bluemix.net/" - + MockAppId.overrideServerHost = "https://eu-gb.appid.test.cloud.ibm.com" + manager.validateToken(token: validToken, key: key, tokenResponseDelegate: tokenRespDelegateTenant) {tokenRespDelegateTenant.onAuthorizationSuccess(accessToken: validToken,identityToken: nil,refreshToken: nil,response:response)} XCTAssertEqual(tokenRespDelegateTenant.success, 0) XCTAssertEqual(tokenRespDelegateTenant.fails, 1) diff --git a/IBMCloudAppIDTests/TokenTests.swift b/IBMCloudAppIDTests/TokenTests.swift index f671b5f..29db375 100644 --- a/IBMCloudAppIDTests/TokenTests.swift +++ b/IBMCloudAppIDTests/TokenTests.swift @@ -18,21 +18,21 @@ class TokenTests: XCTestCase { func testValidAccessToken() { let token = AccessTokenImpl(with: AppIDTestConstants.ACCESS_TOKEN) XCTAssertNotNil(token) - XCTAssertEqual(token?.scope, "appid_default appid_readprofile appid_readuserattr appid_writeuserattr") + XCTAssertEqual(token?.scope, "openid appid_default appid_readprofile appid_readuserattr appid_writeuserattr appid_authenticated") XCTAssertEqual(token?.raw, AppIDTestConstants.ACCESS_TOKEN) XCTAssertNotNil(token?.header) XCTAssertNotNil(token?.payload) XCTAssertNotNil(token?.signature) - XCTAssertEqual(token?.issuer, "mobileclientaccess.stage1.ng.bluemix.net") - - XCTAssertNil(token?.subject) - XCTAssertEqual(token?.audience, "26cb012eb327c612d90a6819163b6bcbd4849cbb") - XCTAssertTrue(token?.issuedAt == Date(timeIntervalSince1970: 1487081278 as Double)) - XCTAssertEqual(token?.tenant, "4dba9430-54e6-4cf2-a516-6f73feb702bb") - XCTAssertEqual(token?.authenticationMethods?[0], nil) + XCTAssertEqual(token?.issuer, AppIDTestConstants.region + "/oauth/v4/" + AppIDTestConstants.tenantId) + + XCTAssertEqual(token?.subject, AppIDTestConstants.subject) + XCTAssertEqual(token?.audience, [AppIDTestConstants.clientId]) + XCTAssertTrue(token?.issuedAt == Date(timeIntervalSince1970: 1552502422 as Double)) + XCTAssertEqual(token?.tenant, AppIDTestConstants.tenantId) + XCTAssertEqual(token?.authenticationMethods?[0], "google") XCTAssertTrue(token!.isExpired) XCTAssertFalse(token!.isAnonymous) - XCTAssertTrue(token?.expiration == Date(timeIntervalSince1970: 1487084878 as Double)) + XCTAssertTrue(token?.expiration == Date(timeIntervalSince1970: 1552502424 as Double)) } @@ -41,24 +41,22 @@ class TokenTests: XCTestCase { let token = IdentityTokenImpl(with: AppIDTestConstants.ID_TOKEN) XCTAssertEqual(token?.email, "donlonqwerty@gmail.com") - XCTAssertEqual(token?.gender, "male") - XCTAssertEqual(token?.locale, "en_US") - XCTAssertEqual(token?.name, "Don Lon") - XCTAssertEqual(token?.picture, "https://scontent.xx.fbcdn.net/v/t1.0-1/p50x50/13501551_286407838378892_1785766211766730697_n.jpg?oh=242bc2fb505609b442874fde3e9865a9&oe=5907B1BC") - XCTAssertEqual(token?.identities?.count,1) + XCTAssertNil(token?.gender) + XCTAssertEqual(token?.locale, "en") + XCTAssertEqual(token?.name, "Lon Don") XCTAssertEqual(token?.raw, AppIDTestConstants.ID_TOKEN) XCTAssertNotNil(token?.header) XCTAssertNotNil(token?.payload) XCTAssertNotNil(token?.signature) - XCTAssertEqual(token?.issuer, "mobileclientaccess.stage1.ng.bluemix.net") + XCTAssertEqual(token?.issuer, AppIDTestConstants.region + "/oauth/v4/" + AppIDTestConstants.tenantId) - XCTAssertNil(token?.subject) - XCTAssertEqual(token?.audience, "26cb012eb327c612d90a6819163b6bcbd4849cbb") - XCTAssertTrue(token?.issuedAt == Date(timeIntervalSince1970: 1487081278 as Double)) - XCTAssertEqual(token?.tenant, "4dba9430-54e6-4cf2-a516-6f73feb702bb") - XCTAssertEqual(token?.authenticationMethods?[0], nil) + XCTAssertEqual(token?.subject, AppIDTestConstants.subject) + XCTAssertEqual(token?.audience, [AppIDTestConstants.clientId]) + XCTAssertTrue(token?.issuedAt == Date(timeIntervalSince1970: 1552502422 as Double)) + XCTAssertEqual(token?.tenant, AppIDTestConstants.tenantId) + XCTAssertEqual(token?.authenticationMethods?[0], "google") XCTAssertTrue(token!.isExpired) - XCTAssertTrue(token?.expiration == Date(timeIntervalSince1970: 1487084878 as Double)) + XCTAssertTrue(token?.expiration == Date(timeIntervalSince1970: 1552502424 as Double)) } diff --git a/IBMCloudAppIDTests/UserProfileTests.swift b/IBMCloudAppIDTests/UserProfileTests.swift index 5127517..ff69465 100644 --- a/IBMCloudAppIDTests/UserProfileTests.swift +++ b/IBMCloudAppIDTests/UserProfileTests.swift @@ -416,7 +416,7 @@ public class UserProfileTests: XCTestCase { userProfileManager.data = "{\"sub\" : \"1234\"}".data(using: .utf8) userProfileManager.expectedPath = UserProfileTests.expectedProfilePath userProfileManager.getUserInfo(accessTokenString: AppIDTestConstants.ACCESS_TOKEN, - identityTokenString: AppIDTestConstants.ID_TOKEN) { (err, res) in + identityTokenString: AppIDTestConstants.malformedIdTokenNoSubject) { (err, res) in if err != nil { return XCTFail() } diff --git a/Source/IBMCloudAppID/api/IdentityToken.swift b/Source/IBMCloudAppID/api/IdentityToken.swift index 83089e0..3b804c8 100644 --- a/Source/IBMCloudAppID/api/IdentityToken.swift +++ b/Source/IBMCloudAppID/api/IdentityToken.swift @@ -16,9 +16,7 @@ import Foundation public protocol IdentityToken: Token { var name: String? {get} var email: String? {get} - var gender: String? {get} var locale: String? {get} var picture: String? {get} var identities: Array>? {get} - var oauthClient: OAuthClient? {get} } diff --git a/Source/IBMCloudAppID/api/Tokens/OAuthClient.swift b/Source/IBMCloudAppID/api/Tokens/OAuthClient.swift deleted file mode 100644 index 5901122..0000000 --- a/Source/IBMCloudAppID/api/Tokens/OAuthClient.swift +++ /dev/null @@ -1,23 +0,0 @@ -/* * Copyright 2016, 2017 IBM Corp. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * http://www.apache.org/licenses/LICENSE-2.0 - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -import Foundation - -public protocol OAuthClient { - var type: String? {get} - var name: String? {get} - var softwareId: String? {get} - var softwareVersion: String? {get} - var deviceId: String? {get} - var deviceModel: String? {get} - var deviceOS: String? {get} -} diff --git a/Source/IBMCloudAppID/internal/AppIDConstants.swift b/Source/IBMCloudAppID/internal/AppIDConstants.swift index 9f5d7e1..69cbe16 100644 --- a/Source/IBMCloudAppID/internal/AppIDConstants.swift +++ b/Source/IBMCloudAppID/internal/AppIDConstants.swift @@ -135,7 +135,7 @@ internal class AppIDConstants { * Parts of the path to authorization endpoint. */ internal static let AUTH_SERVER_NAME = "imf-authserver" - internal static let V3_AUTH_PATH = "oauth/v3/" + internal static let V4_AUTH_PATH = "oauth/v4/" internal static let OAUTH_AUTHORIZATION_PATH = "/authorization" diff --git a/Source/IBMCloudAppID/internal/Config.swift b/Source/IBMCloudAppID/internal/Config.swift index 241bcfa..0607d36 100644 --- a/Source/IBMCloudAppID/internal/Config.swift +++ b/Source/IBMCloudAppID/internal/Config.swift @@ -16,12 +16,12 @@ import BMSCore internal class Config { - private static var oauthEndpoint = "/oauth/v3/" + private static var oauthEndpoint = "/oauth/v4/" private static var attributesEndpoint = "/api/v1/" private static var serverUrlPrefix = "https://appid-oauth" private static var attributesUrlPrefix = "https://appid-profiles" private static var publicKeysEndpoint = "/publickeys" - private static var urlProtocol = "http" + private static var urlProtocol = "https" private static var REGION_US_SOUTH_OLD = ".ng.bluemix.net"; @@ -33,74 +33,62 @@ internal class Config { internal static let logger = Logger.logger(name: AppIDConstants.ConfigLoggerName) - internal static func getServerUrl(appId:AppID) -> String { + internal static func getServerUrl(appId: AppID) -> String { - guard let region = appId.region, let tenant = appId.tenantId else { + guard var serverUrl = convertOldRegionToNewURL(region: appId.region), let tenant = appId.tenantId else { logger.error(message: "Could not set server url properly, no tenantId or no region set") return serverUrlPrefix } - var serverUrl = region.starts(with: urlProtocol) ? region + oauthEndpoint : serverUrlPrefix + region + oauthEndpoint + serverUrl = serverUrl + oauthEndpoint if let overrideServerHost = AppID.overrideServerHost { - serverUrl = overrideServerHost + serverUrl = overrideServerHost + "/" } - serverUrl = serverUrl + tenant - return serverUrl + return serverUrl + tenant } - internal static func getAttributesUrl(appId:AppID) -> String { + internal static func getAttributesUrl(appId: AppID) -> String { - guard let region = appId.region else { + guard var attributesUrl = convertOldRegionToNewURL(region: appId.region) else { logger.error(message: "Could not set server url properly, no region set") - return serverUrlPrefix + return attributesUrlPrefix } - var attributesUrl = region.starts(with: urlProtocol) ? region + attributesEndpoint : attributesUrlPrefix + region + attributesEndpoint if let overrideHost = AppID.overrideAttributesHost { attributesUrl = overrideHost } - return attributesUrl + return attributesUrl + attributesEndpoint } internal static func getPublicKeyEndpoint(appId: AppID) -> String { - return getServerUrl(appId:appId) + publicKeysEndpoint + return getServerUrl(appId: appId) + publicKeysEndpoint } internal static func getIssuer(appId: AppID) -> String? { - - if let overrideServerHost = AppID.overrideServerHost { - return URL(string: overrideServerHost)?.host ?? AppID.overrideServerHost - } - - let region = appId.region ?? "" - let issuer = region.range(of:"cloud.ibm.com") == nil ? getServerUrl(appId:appId) : serverUrlPrefix + suffixFromRegion(region: region) - - return URL(string: issuer)?.host ?? issuer + return getServerUrl(appId: appId) + } - internal static func suffixFromRegion(region: String) -> String { + internal static func convertOldRegionToNewURL(region: String?) -> String? { switch region { - case AppID.REGION_UK_STAGE1: - return ".stage1" + REGION_UK_OLD; - case AppID.REGION_US_SOUTH_STAGE1: - return ".stage1" + REGION_US_SOUTH_OLD; - case AppID.REGION_US_SOUTH: - return REGION_US_SOUTH_OLD; - case AppID.REGION_UK: - return REGION_UK_OLD; - case AppID.REGION_SYDNEY: - return REGION_SYDNEY_OLD; - case AppID.REGION_GERMANY: - return REGION_GERMANY_OLD; - case AppID.REGION_US_EAST: - return REGION_US_EAST_OLD; - case AppID.REGION_TOKYO: - return REGION_TOKYO_OLD; - default: - return region; + case REGION_US_SOUTH_OLD: return AppID.REGION_US_SOUTH + case REGION_US_EAST_OLD: return AppID.REGION_US_EAST + case REGION_UK_OLD: return AppID.REGION_UK + case REGION_SYDNEY_OLD: return AppID.REGION_SYDNEY + case REGION_GERMANY_OLD: return AppID.REGION_GERMANY + case REGION_TOKYO_OLD: return AppID.REGION_TOKYO + case AppID.REGION_US_SOUTH: return AppID.REGION_US_SOUTH + case AppID.REGION_US_EAST: return AppID.REGION_US_EAST + case AppID.REGION_UK: return AppID.REGION_UK + case AppID.REGION_UK_STAGE1: return AppID.REGION_UK_STAGE1 + case AppID.REGION_US_SOUTH_STAGE1: return AppID.REGION_US_SOUTH_STAGE1 + case AppID.REGION_SYDNEY: return AppID.REGION_SYDNEY + case AppID.REGION_GERMANY: return AppID.REGION_GERMANY + case AppID.REGION_TOKYO: return AppID.REGION_TOKYO + default: return nil; } - } + } diff --git a/Source/IBMCloudAppID/internal/TokenManager.swift b/Source/IBMCloudAppID/internal/TokenManager.swift index def053a..e8eb59c 100644 --- a/Source/IBMCloudAppID/internal/TokenManager.swift +++ b/Source/IBMCloudAppID/internal/TokenManager.swift @@ -230,22 +230,26 @@ internal class TokenManager { tokenResponseDelegate.onAuthorizationFailure(error: .authorizationFailure("Token verification failed")) return } - + + // Issuer must be cloud.ibm if token.issuer != Config.getIssuer(appId: appid) { tokenResponseDelegate.onAuthorizationFailure(error: .authorizationFailure("Token verification failed : invalid issuer")) return } - if token.audience != clientId { - tokenResponseDelegate.onAuthorizationFailure(error: .authorizationFailure("Token verification failed : invalid audience")) - return - } - + // Tenants should match if token.tenant != appid.tenantId { tokenResponseDelegate.onAuthorizationFailure(error: .authorizationFailure("Token verification failed : invalid tenant")) return } + // The client ID must be the audience array + if token.audience?.contains(clientId) == false { + tokenResponseDelegate.onAuthorizationFailure(error: .authorizationFailure("Token verification failed : invalid audience")) + return + } + + // Token must be valid if token.isExpired { tokenResponseDelegate.onAuthorizationFailure(error: .authorizationFailure("Token verification failed : expired")) return diff --git a/Source/IBMCloudAppID/internal/tokens/AbstractToken.swift b/Source/IBMCloudAppID/internal/tokens/AbstractToken.swift index 4f9cfd5..25d7650 100644 --- a/Source/IBMCloudAppID/internal/tokens/AbstractToken.swift +++ b/Source/IBMCloudAppID/internal/tokens/AbstractToken.swift @@ -1,86 +1,86 @@ import Foundation public protocol Token { - - var raw: String {get} - var header: Dictionary {get} - var payload: Dictionary {get} - var signature: String {get} - - var issuer: String? {get} - var subject: String? {get} - var audience: String? {get} - var expiration: Date? {get} - var issuedAt: Date? {get} - var tenant: String? {get} + + var raw: String {get} + var header: Dictionary {get} + var payload: Dictionary {get} + var signature: String {get} + + var issuer: String? {get} + var subject: String? {get} + var audience: [String]? {get} + var expiration: Date? {get} + var issuedAt: Date? {get} + var tenant: String? {get} var authenticationMethods: [String]? {get} - var isExpired: Bool {get} + var isExpired: Bool {get} var isAnonymous: Bool {get} } internal class AbstractToken: Token { - - private static let ISSUER = "iss" - private static let SUBJECT = "sub" - private static let AUDIENCE = "aud" - private static let EXPIRATION = "exp" - private static let ISSUED_AT = "iat" - private static let TENANT = "tenant" - private static let AUTH_METHODS = "amr" - - var raw: String - var header: Dictionary - var payload: Dictionary - var signature: String - - internal init? (with raw: String) { - self.raw = raw - let tokenComponents = self.raw.components(separatedBy: ".") - guard tokenComponents.count==3 else { - return nil - } - - let headerComponent = tokenComponents[0] - let payloadComponent = tokenComponents[1] - self.signature = tokenComponents[2] - - guard - let headerDecodedData = Utils.decodeBase64WithString(headerComponent, isSafeUrl: true), - let payloadDecodedData = Utils.decodeBase64WithString(payloadComponent, isSafeUrl: true) - else { - return nil - } - - guard - let headerDecodedString = String(data: headerDecodedData, encoding: String.Encoding.utf8), - let payloadDecodedString = String(data: payloadDecodedData, encoding: String.Encoding.utf8) - else { - return nil - } - - guard - let headerDictionary = try? Utils.parseJsonStringtoDictionary(headerDecodedString), - let payloadDictionary = try? Utils.parseJsonStringtoDictionary(payloadDecodedString) - else { - return nil - } - - self.header = headerDictionary - self.payload = payloadDictionary - } - - var issuer: String? { - return payload[AbstractToken.ISSUER] as? String - } - - var subject: String? { - return payload[AbstractToken.SUBJECT] as? String - } - - var audience: String? { - return payload[AbstractToken.AUDIENCE] as? String - } - + + private static let ISSUER = "iss" + private static let SUBJECT = "sub" + private static let AUDIENCE = "aud" + private static let EXPIRATION = "exp" + private static let ISSUED_AT = "iat" + private static let TENANT = "tenant" + private static let AUTH_METHODS = "amr" + + var raw: String + var header: Dictionary + var payload: Dictionary + var signature: String + + internal init? (with raw: String) { + self.raw = raw + let tokenComponents = self.raw.components(separatedBy: ".") + guard tokenComponents.count==3 else { + return nil + } + + let headerComponent = tokenComponents[0] + let payloadComponent = tokenComponents[1] + self.signature = tokenComponents[2] + + guard + let headerDecodedData = Utils.decodeBase64WithString(headerComponent, isSafeUrl: true), + let payloadDecodedData = Utils.decodeBase64WithString(payloadComponent, isSafeUrl: true) + else { + return nil + } + + guard + let headerDecodedString = String(data: headerDecodedData, encoding: String.Encoding.utf8), + let payloadDecodedString = String(data: payloadDecodedData, encoding: String.Encoding.utf8) + else { + return nil + } + + guard + let headerDictionary = try? Utils.parseJsonStringtoDictionary(headerDecodedString), + let payloadDictionary = try? Utils.parseJsonStringtoDictionary(payloadDecodedString) + else { + return nil + } + + self.header = headerDictionary + self.payload = payloadDictionary + } + + var issuer: String? { + return payload[AbstractToken.ISSUER] as? String + } + + var subject: String? { + return payload[AbstractToken.SUBJECT] as? String + } + + var audience: [String]? { + return payload[AbstractToken.AUDIENCE] as? [String] + } + var expiration: Date? { guard let exp = payload[AbstractToken.EXPIRATION] as? Double else { return nil @@ -94,14 +94,14 @@ internal class AbstractToken: Token { } return Date(timeIntervalSince1970: iat) } - var tenant: String? { - return payload[AbstractToken.TENANT] as? String - } - + var tenant: String? { + return payload[AbstractToken.TENANT] as? String + } + var authenticationMethods: [String]? { return payload[AbstractToken.AUTH_METHODS] as? [String] } - + var isExpired: Bool { guard let exp = self.expiration else { return true @@ -116,5 +116,5 @@ internal class AbstractToken: Token { } return amr.contains("appid_anon") } - + } diff --git a/Source/IBMCloudAppID/internal/tokens/IdentityTokenImpl.swift b/Source/IBMCloudAppID/internal/tokens/IdentityTokenImpl.swift index 927d5eb..a80ff1a 100644 --- a/Source/IBMCloudAppID/internal/tokens/IdentityTokenImpl.swift +++ b/Source/IBMCloudAppID/internal/tokens/IdentityTokenImpl.swift @@ -32,8 +32,4 @@ internal class IdentityTokenImpl: AbstractToken, IdentityToken { var identities: Array>? { return payload[IdentityTokenImpl.IDENTITIES] as? Array> } - - var oauthClient: OAuthClient? { - return OAuthClientImpl(with: self) - } } diff --git a/Source/IBMCloudAppID/internal/tokens/OAuthClientImpl.swift b/Source/IBMCloudAppID/internal/tokens/OAuthClientImpl.swift deleted file mode 100644 index bec2e29..0000000 --- a/Source/IBMCloudAppID/internal/tokens/OAuthClientImpl.swift +++ /dev/null @@ -1,47 +0,0 @@ -import Foundation - -internal class OAuthClientImpl: OAuthClient { - - private static let OAUTH_CLIENT = "oauth_client" - private static let TYPE = "type" - private static let NAME = "name" - private static let SOFTWARE_ID = "software_id" - private static let SOFTWARE_VERSION = "software_version" - private static let DEVICE_ID = "device_id" - private static let DEVICE_MODEL = "device_model" - private static let DEVICE_OS = "device_os" - - internal var oauthClient: Dictionary? - - internal init?(with identityToken: IdentityToken) { - self.oauthClient = identityToken.payload[OAuthClientImpl.OAUTH_CLIENT] as? Dictionary - } - - var type: String? { - return oauthClient?[OAuthClientImpl.TYPE] as? String - } - - var name: String? { - return oauthClient?[OAuthClientImpl.NAME] as? String - } - - var softwareId: String? { - return oauthClient?[OAuthClientImpl.SOFTWARE_ID] as? String - } - - var softwareVersion: String? { - return oauthClient?[OAuthClientImpl.SOFTWARE_VERSION] as? String - } - - var deviceId: String? { - return oauthClient?[OAuthClientImpl.DEVICE_ID] as? String - } - - var deviceModel: String? { - return oauthClient?[OAuthClientImpl.DEVICE_MODEL] as? String - } - - var deviceOS: String? { - return oauthClient?[OAuthClientImpl.DEVICE_OS] as? String - } -} diff --git a/dummyAppForKeyChain/Assets.xcassets/AppIcon.appiconset/Contents.json b/dummyAppForKeyChain/Assets.xcassets/AppIcon.appiconset/Contents.json index 118c98f..19882d5 100644 --- a/dummyAppForKeyChain/Assets.xcassets/AppIcon.appiconset/Contents.json +++ b/dummyAppForKeyChain/Assets.xcassets/AppIcon.appiconset/Contents.json @@ -1,5 +1,15 @@ { "images" : [ + { + "idiom" : "iphone", + "size" : "20x20", + "scale" : "2x" + }, + { + "idiom" : "iphone", + "size" : "20x20", + "scale" : "3x" + }, { "idiom" : "iphone", "size" : "29x29", @@ -29,6 +39,11 @@ "idiom" : "iphone", "size" : "60x60", "scale" : "3x" + }, + { + "idiom" : "ios-marketing", + "size" : "1024x1024", + "scale" : "1x" } ], "info" : {