fix: use id insted of clientId when generating the token (#666)

wolf4ood · web-flow · commit 12e0f6f6e612 · 2025-03-12T15:15:26.000+01:00
fix: use client#id insted of client#client_id when generating the token
diff --git a/extensions/sts/sts-core/src/main/java/org/eclipse/edc/iam/identitytrust/sts/service/StsClientTokenGeneratorServiceImpl.java b/extensions/sts/sts-core/src/main/java/org/eclipse/edc/iam/identitytrust/sts/service/StsClientTokenGeneratorServiceImpl.java
@@ -60,7 +60,7 @@ public ServiceResult<TokenRepresentation> tokenFor(StsAccount client, StsAccount
                                 .map(enrichClaimsWith(accumulator, entity.getKey()))
                                 .orElse(accumulator), (a, b) -> b);
 
-        var tokenResult = tokenGenerator.createToken(client.getClientId(), claims, additionalParams.getBearerAccessScope())
+        var tokenResult = tokenGenerator.createToken(client.getId(), claims, additionalParams.getBearerAccessScope())
                 .map(this::enrichWithExpiration);
 
         if (tokenResult.failed()) {
diff --git a/extensions/sts/sts-core/src/test/java/org/eclipse/edc/iam/identitytrust/sts/defaults/StsAccountTokenIssuanceIntegrationTest.java b/extensions/sts/sts-core/src/test/java/org/eclipse/edc/iam/identitytrust/sts/defaults/StsAccountTokenIssuanceIntegrationTest.java
@@ -26,6 +26,7 @@
 import org.eclipse.edc.identityhub.sts.accountservice.RandomStringGenerator;
 import org.eclipse.edc.identityhub.sts.accountservice.StsAccountServiceImpl;
 import org.eclipse.edc.junit.annotations.ComponentTest;
+import org.eclipse.edc.junit.assertions.AbstractResultAssert;
 import org.eclipse.edc.jwt.validation.jti.JtiValidationStore;
 import org.eclipse.edc.keys.KeyParserRegistryImpl;
 import org.eclipse.edc.keys.VaultPrivateKeyResolver;
@@ -86,12 +87,13 @@ void setup() {
 
     @Test
     void authenticateAndGenerateToken() throws Exception {
+        var participantId = "participant_id";
         var clientId = "client_id";
         var secretAlias = "client_secret_alias";
         var privateKeyAlias = "client_id";
         var audience = "aud";
         var did = "did:example:subject";
-        var client = createClientBuilder(clientId)
+        var client = createClientBuilder(participantId)
                 .clientId(clientId)
                 .privateKeyAlias(privateKeyAlias)
                 .secretAlias(secretAlias)
@@ -104,7 +106,7 @@ void authenticateAndGenerateToken() throws Exception {
         vault.storeSecret(privateKeyAlias, loadResourceFile("ec-privatekey.pem"));
 
         var createResult = clientService.createAccount(ParticipantManifest.Builder.newInstance()
-                .participantId(clientId)
+                .participantId(participantId)
                 .did(did)
                 .key(KeyDescriptor.Builder.newInstance()
                         .keyId("public-key")
@@ -114,6 +116,9 @@ void authenticateAndGenerateToken() throws Exception {
         assertThat(createResult.succeeded()).isTrue();
 
         var tokenResult = tokenGeneratorService.tokenFor(client, additional);
+
+        AbstractResultAssert.assertThat(tokenResult).isSucceeded();
+
         var jwt = SignedJWT.parse(tokenResult.getContent().getToken());
 
         assertThat(jwt.getJWTClaimsSet().getClaims())
@@ -127,13 +132,14 @@ void authenticateAndGenerateToken() throws Exception {
 
     @Test
     void authenticateAndGenerateToken_withBearerAccessScope() throws Exception {
+        var participantId = "participant_id";
         var clientId = "client_id";
         var secretAlias = "client_secret_alias";
         var privateKeyAlias = "client_id";
         var did = "did:example:subject";
         var audience = "aud";
         var scope = "scope:test";
-        var client = createClientBuilder(clientId)
+        var client = createClientBuilder(participantId)
                 .clientId(clientId)
                 .privateKeyAlias(privateKeyAlias)
                 .secretAlias(secretAlias)
@@ -146,7 +152,7 @@ void authenticateAndGenerateToken_withBearerAccessScope() throws Exception {
         vault.storeSecret(privateKeyAlias, loadResourceFile("ec-privatekey.pem"));
 
         var createResult = clientService.createAccount(ParticipantManifest.Builder.newInstance()
-                .participantId(clientId)
+                .participantId(participantId)
                 .did(did)
                 .key(KeyDescriptor.Builder.newInstance()
                         .keyId("public-key")
@@ -169,14 +175,15 @@ void authenticateAndGenerateToken_withBearerAccessScope() throws Exception {
 
     @Test
     void authenticateAndGenerateToken_withAccessToken() throws Exception {
+        var participantId = "participant_id";
         var clientId = "client_id";
         var secretAlias = "client_secret_alias";
         var privateKeyAlias = "client_id";
         var audience = "aud";
         var accessToken = "tokenTest";
         var did = "did:example:subject";
 
-        var client = createClientBuilder(clientId)
+        var client = createClientBuilder(participantId)
                 .clientId(clientId)
                 .privateKeyAlias(privateKeyAlias)
                 .secretAlias(secretAlias)
@@ -189,7 +196,7 @@ void authenticateAndGenerateToken_withAccessToken() throws Exception {
         vault.storeSecret(privateKeyAlias, loadResourceFile("ec-privatekey.pem"));
 
         var createResult = clientService.createAccount(ParticipantManifest.Builder.newInstance()
-                .participantId(clientId)
+                .participantId(participantId)
                 .did(did)
                 .key(KeyDescriptor.Builder.newInstance()
                         .keyId("public-key")
