Merge pull request #104 from KomanRudden/bugfix/issue-103-refresh-token

Bugfix/issue 103 refresh token

Author: brettchaldecott

kinde-core/src/main/java/com/kinde/authorization/AuthorizationType.java

@@ -1,22 +1,19 @@
 package com.kinde.authorization;
 
-import com.kinde.config.KindeParameters;
+import lombok.Getter;
 
 import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.List;
-import java.util.function.Function;
 
 public enum AuthorizationType {
     CODE("CODE",List.of("authorization_code")),
     IMPLICIT("IMPLICIT"),
     CUSTOM("CUSTOM");
 
-    // Field to store the string value
+    @Getter
     private final String value;
     private final List<String> values = new ArrayList<>();
 
-    // Private constructor to initialize the enum constants
     AuthorizationType(String value) {
         this.value = value;
     }
@@ -26,12 +23,6 @@ public enum AuthorizationType {
         this.values.addAll(values);
     }
 
-    // Getter method to retrieve the string value
-    public String getValue() {
-        return value;
-    }
-
-    // Method to get the enum constant by string value
     public static AuthorizationType fromValue(Object value) {
         if (value instanceof AuthorizationType) {
             return (AuthorizationType)value;
@@ -40,7 +31,7 @@ public static AuthorizationType fromValue(Object value) {
             if (constant.value.equals(value)) {
                 return constant;
             }
-            if (constant.values.stream().filter(entry->entry.equals(value)).findAny().isPresent()) {
+            if (constant.values.stream().anyMatch(entry->entry.equals(value))) {
                 return constant;
             }
         }

kinde-core/src/main/java/com/kinde/token/BaseToken.java

@@ -6,24 +6,32 @@
 import java.util.List;
 import java.util.Map;
 
+import static com.kinde.token.JwtValidator.isJwt;
+
 public class BaseToken implements KindeToken {
 
-    private String token;
-    private boolean valid;
-    private SignedJWT signedJWT;
+    private final String token;
+    private final boolean valid;
+    private final SignedJWT signedJWT;
 
     @SneakyThrows
     protected BaseToken(String token, boolean valid) {
         this.token = token;
         this.valid = valid;
-        signedJWT = SignedJWT.parse(this.token);
+        SignedJWT parsedJwt = JwtValidator.isJwt(this.token);
+        if (parsedJwt != null) {
+            signedJWT = parsedJwt;
+        } else {
+            signedJWT = null;
+        }
     }
 
     @Override
     public boolean valid() {
         return valid;
     }
 
+    @Override
     public String token() {
         return this.token;
     }
@@ -34,16 +42,20 @@ public String getUser() {
         return this.signedJWT.getJWTClaimsSet().getSubject();
     }
 
+    @SuppressWarnings("unchecked")
     @Override
     public List<String> getOrganisations() {
         return (List<String>)this.getClaim("org_codes");
     }
 
     @SneakyThrows
+    @Override
     public Object getClaim(String key) {
         return this.signedJWT.getJWTClaimsSet().getClaim(key);
     }
 
+    @SuppressWarnings("unchecked")
+    @Override
     public List<String> getPermissions() {
         return (List<String>) getClaim("permissions");
     }
@@ -63,10 +75,12 @@ public Boolean getBooleanFlag(String key) {
         return (Boolean) getFlagClaims().get(key);
     }
 
+    @SuppressWarnings("unchecked")
     private Map<String,Object> getFlagClaims() {
         return ((Map<String,Object>)getClaim("feature_flags"));
     }
 
+    @SuppressWarnings("unchecked")
     public Map<String,Object> getFlags() {
         return (Map<String,Object>) getClaim("feature_flags");
     }

kinde-core/src/main/java/com/kinde/token/JwtValidator.java

@@ -0,0 +1,19 @@
+package com.kinde.token;
+
+import com.nimbusds.jwt.SignedJWT;
+
+import java.text.ParseException;
+
+public class JwtValidator {
+    public static SignedJWT isJwt(String token) {
+        if (token == null || token.trim().isEmpty()) {
+            return null;
+        }
+
+        try {
+            return SignedJWT.parse(token);
+        } catch (ParseException e) {
+            return null;
+        }
+    }
+}

kinde-core/src/main/java/com/kinde/token/KindeTokenFactoryImpl.java

@@ -4,7 +4,6 @@
 import com.kinde.KindeTokenFactory;
 import com.kinde.client.OidcMetaData;
 import com.kinde.token.jwk.KindeJwkStore;
-import com.nimbusds.jose.JWSVerifier;
 import com.nimbusds.jose.crypto.RSASSAVerifier;
 import com.nimbusds.jose.jwk.RSAKey;
 import com.nimbusds.jose.jwk.JWK;
@@ -15,50 +14,55 @@
 import com.nimbusds.jose.proc.SecurityContext;
 import com.nimbusds.jwt.JWTClaimsSet;
 import com.nimbusds.jwt.SignedJWT;
+
 import lombok.SneakyThrows;
 import lombok.extern.slf4j.Slf4j;
 
 import java.util.List;
 
+import static com.kinde.token.JwtValidator.isJwt;
+
 @Slf4j
 public class KindeTokenFactoryImpl implements KindeTokenFactory {
 
-    private OidcMetaData oidcMetaData;
-    private KindeJwkStore kindeJwkStore;
+    private final KindeJwkStore kindeJwkStore;
 
     @Inject
-    public KindeTokenFactoryImpl(OidcMetaData oidcMetaData,KindeJwkStore kindeJwkStore) {
-        this.oidcMetaData = oidcMetaData;
+    public KindeTokenFactoryImpl(KindeJwkStore kindeJwkStore) {
         this.kindeJwkStore = kindeJwkStore;
     }
 
-
     @SneakyThrows
     public KindeToken parse(String token) {
+        SignedJWT parsedJwt = JwtValidator.isJwt(token);
+        if (parsedJwt == null) {
+            log.debug("Token is not a JWT, returning as is");
+            return RefreshToken.init(token, true);
+        }
         SignedJWT signedJWT = SignedJWT.parse(token);
 
-        JWKSelector jwkSelector = new JWKSelector(new JWKMatcher.Builder().keyID(signedJWT.getHeader().getKeyID()).build());
+        JWKSelector jwkSelector = new JWKSelector(
+                new JWKMatcher.Builder().keyID(signedJWT.getHeader().getKeyID()).build());
         JWKSource<SecurityContext> jwkSource = new ImmutableJWKSet<>(this.kindeJwkStore.publicKeys());
         List<JWK> jwks = jwkSource.get(jwkSelector, null);
         if (jwks.isEmpty()) {
             throw new IllegalStateException("No matching JWK found");
         }
         JWK jwk = jwks.get(0);
         boolean valid = false;
-        if (jwk instanceof RSAKey) {
-            RSAKey rsaKey = (RSAKey) jwk;
+        if (jwk instanceof RSAKey rsaKey) {
             RSASSAVerifier verifier = new RSASSAVerifier(rsaKey);
             valid = signedJWT.verify(verifier);
         }
 
         JWTClaimsSet claimsSet = signedJWT.getJWTClaimsSet();
 
         if (claimsSet.getClaim("idp") != null || claimsSet.getStringClaim("nonce") != null) {
-            return IDToken.init(token,valid);
+            return IDToken.init(token, valid);
         } else if (claimsSet.getStringClaim("refresh_token") != null) {
-            return RefreshToken.init(token,valid);
+            return RefreshToken.init(token, valid);
         } else {
-            return AccessToken.init(token,valid);
+            return AccessToken.init(token, valid);
         }
     }
 

kinde-core/src/main/java/com/kinde/token/RefreshToken.java

@@ -1,10 +1,5 @@
 package com.kinde.token;
 
-import com.nimbusds.jwt.SignedJWT;
-import lombok.SneakyThrows;
-
-import java.util.List;
-
 public class RefreshToken extends BaseToken {
 
     private RefreshToken(String token, boolean valid) {
@@ -14,6 +9,4 @@ private RefreshToken(String token, boolean valid) {
     public static RefreshToken init(String token,boolean valid) {
         return new RefreshToken(token,valid);
     }
-
-
 }

kinde-core/src/test/java/com/kinde/token/JwtValidatorTest.java

@@ -0,0 +1,37 @@
+package com.kinde.token;
+
+import org.junit.jupiter.api.Test;
+
+import static org.junit.jupiter.api.Assertions.*;
+
+class JwtValidatorTest {
+
+    @Test
+    public void isJwtReturnsTrueForValidJwt() {
+        String validJwt = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c";
+        assertNotNull(JwtValidator.isJwt(validJwt));
+    }
+
+    @Test
+    public void isJwtReturnsFalseForNullToken() {
+        assertNull(JwtValidator.isJwt(null));
+    }
+
+    @Test
+    public void isJwtReturnsFalseForEmptyToken() {
+        assertNull(JwtValidator.isJwt(""));
+    }
+
+    @Test
+    public void isJwtReturnsFalseForTokenWithLessThanThreeParts() {
+        String invalidJwt = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ";
+        assertNull(JwtValidator.isJwt(invalidJwt));
+    }
+
+    @Test
+    public void isJwtReturnsFalseForTokenWithMoreThanThreeParts() {
+        String invalidJwt = "part1.part2.part3.part4";
+        assertNull(JwtValidator.isJwt(invalidJwt));
+    }
+
+}

playground/kinde-core-example/src/test/java/com/kinde/KindeCoreExampleTest.java

@@ -1,44 +1,23 @@
 package com.kinde;
 
-import com.kinde.token.KindeToken;
 import com.kinde.token.KindeTokens;
 import junit.framework.Test;
 import junit.framework.TestCase;
 import junit.framework.TestSuite;
 import org.junit.Ignore;
 
-import java.util.List;
+public class KindeCoreExampleTest extends TestCase {
 
-
-/**
- * Unit test for simple App.
- */
-public class KindeCoreExampleTest
-    extends TestCase
-{
-    /**
-     * Create the test case
-     *
-     * @param testName name of the test case
-     */
-    public KindeCoreExampleTest(String testName )
-    {
-        super( testName );
+    public KindeCoreExampleTest(String testName) {
+        super(testName);
     }
 
-    /**
-     * @return the suite of tests being tested
-     */
-    public static Test suite()
-    {
-        return new TestSuite( KindeCoreExampleTest.class );
+    public static Test suite() {
+        return new TestSuite(KindeCoreExampleTest.class);
     }
 
-    /**
-     * Rigourous Test :-)
-     */
     @Ignore
-    public void testApp() throws Exception {
+    public void testApp() {
         System.out.println("Test the kinde builder");
         KindeClient kindeClient = KindeClientBuilder
                 .builder()

playground/springboot-thymeleaf-full-example/src/main/java/com/kinde/oauth/controller/KindeController.java

@@ -1,6 +1,7 @@
 package com.kinde.oauth.controller;
 
 import com.kinde.oauth.service.KindeService;
+import jakarta.servlet.http.HttpSession;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Controller;
@@ -38,16 +39,25 @@ public String home() {
         return "home";
     }
 
+    /**
+     * Handles requests to the logout page.
+     *
+     * @return the name of the "logout" view.
+     */
+    @RequestMapping(path = {"/sdkLogout"}, method = RequestMethod.GET)
+    public String logout() throws Exception {
+        return kindeService.logout();
+    }
+
     /**
      * Handles requests to the dashboard page, loading the authenticated user's Kinde profile.
      *
      * @param model the {@link Model} used to pass attributes to the view.
      * @return the name of the "dashboard" view.
      */
     @GetMapping(path = "/dashboard")
-    public String dashboard(Model model) {
-        model.addAttribute("kindeUser", kindeService.loadDashboard());
-        return "dashboard";
+    public String dashboard(HttpSession session, Model model) {
+        return kindeService.loadDashboard(session, model);
     }
 
     /**
@@ -82,4 +92,9 @@ public String readEndpoint() {
     public String writeEndpoint() {
         return "write";
     }
+
+    @GetMapping("/callSdkApi")
+    public String callSdkApi(HttpSession session, Model model) {
+        return kindeService.callSdkApi(session, model);
+    }
 }

playground/springboot-thymeleaf-full-example/src/main/java/com/kinde/oauth/model/KindeProfile.java

@@ -11,6 +11,7 @@
 public class KindeProfile {
     private String idToken;
     private String accessToken;
+    private String refreshToken;
     private String fullName;
     private Set<GrantedAuthority> roles;
     private String userProfile;