KEYCLOAK-9182

2019-01-02 11:49:28 +01:00 · 2019-01-02 11:49:28 +01:00 · 07ccbdc3db
commit 07ccbdc3db
parent 83b2642c4e
2 changed files with 30 additions and 2 deletions
--- a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/UserInfoEndpoint.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/UserInfoEndpoint.java
@ -132,7 +132,7 @@ public class UserInfoEndpoint {

        AccessToken token;
        try {
-            TokenVerifier<AccessToken> verifier = TokenVerifier.create(tokenString, AccessToken.class)
+            TokenVerifier<AccessToken> verifier = TokenVerifier.create(tokenString, AccessToken.class).withDefaultChecks()
                    .realmUrl(Urls.realmIssuer(session.getContext().getUri().getBaseUri(), realm.getName()));

            SignatureVerifierContext verifierContext = session.getProvider(SignatureProvider.class, verifier.getHeader().getAlgorithm().name()).verifier(verifier.getHeader().getKeyId());
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/UserInfoTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/UserInfoTest.java
@ -25,6 +25,7 @@ import org.keycloak.admin.client.resource.ClientResource;
 import org.keycloak.admin.client.resource.RealmResource;
 import org.keycloak.admin.client.resource.UserResource;
 import org.keycloak.common.util.PemUtils;
+import org.keycloak.common.util.Time;
 import org.keycloak.events.Details;
 import org.keycloak.events.Errors;
 import org.keycloak.events.EventType;
@ -338,7 +339,7 @@ public class UserInfoTest extends AbstractKeycloakTest {
    }

    @Test
-    public void testSessionExpired() throws Exception {
+    public void testSessionExpired() {
        Client client = ClientBuilder.newClient();

        try {
@ -364,6 +365,33 @@ public class UserInfoTest extends AbstractKeycloakTest {
        }
    }

+    @Test
+    public void testAccessTokenExpired() {
+        Client client = ClientBuilder.newClient();
+
+        try {
+            AccessTokenResponse accessTokenResponse = executeGrantAccessTokenRequest(client);
+
+            setTimeOffset(600);
+
+            Response response = UserInfoClientUtil.executeUserInfoRequest_getMethod(client, accessTokenResponse.getToken());
+
+            assertEquals(Status.UNAUTHORIZED.getStatusCode(), response.getStatus());
+
+            response.close();
+
+            events.expect(EventType.USER_INFO_REQUEST_ERROR)
+                    .error(Errors.INVALID_TOKEN)
+                    .user(Matchers.nullValue(String.class))
+                    .session(Matchers.nullValue(String.class))
+                    .detail(Details.AUTH_METHOD, Details.VALIDATE_ACCESS_TOKEN)
+                    .client((String) null)
+                    .assertEvent();
+        } finally {
+            client.close();
+        }
+    }
+
    @Test
    public void testSessionExpiredOfflineAccess() throws Exception {
        Client client = ClientBuilder.newClient();