Added headers in validateToken method

Author: tanya732

auth0-api-java/src/main/java/com/auth0/AbstractAuthentication.java

@@ -30,7 +30,7 @@ protected AbstractAuthentication(JWTValidator jwtValidator, TokenExtractor extra
      */
     protected DecodedJWT validateBearerToken(Map<String, String> headers, HttpRequestInfo httpRequestInfo) throws BaseAuthException {
         AuthToken authToken = extractor.extractBearer(headers);
-        return jwtValidator.validateToken(authToken.getAccessToken(), httpRequestInfo);
+        return jwtValidator.validateToken(authToken.getAccessToken(), headers, httpRequestInfo);
     }
 
     /**
@@ -42,7 +42,7 @@ protected DecodedJWT validateDpopTokenAndProof(Map<String, String> headers, Http
         AuthValidatorHelper.validateHttpMethodAndHttpUrl(requestInfo);
 
         AuthToken authToken = extractor.extractDPoPProofAndDPoPToken(headers);
-        DecodedJWT decodedJwtToken = jwtValidator.validateToken(authToken.getAccessToken(), requestInfo);
+        DecodedJWT decodedJwtToken = jwtValidator.validateToken(authToken.getAccessToken(), headers, requestInfo);
 
         dpopProofValidator.validate(authToken.getProof(), decodedJwtToken, requestInfo);
 

auth0-api-java/src/main/java/com/auth0/validators/JWTValidator.java

@@ -14,6 +14,7 @@
 import com.auth0.models.HttpRequestInfo;
 
 import java.security.interfaces.RSAPublicKey;
+import java.util.Map;
 
 import static com.auth0.jwt.JWT.require;
 
@@ -66,7 +67,7 @@ public JWTValidator(AuthOptions authOptions, JwkProvider jwkProvider) {
      * @return the decoded and verified JWT
      * @throws BaseAuthException if validation fails
      */
-    public DecodedJWT validateToken(String token, HttpRequestInfo httpRequestInfo) throws BaseAuthException {
+    public DecodedJWT validateToken(String token, Map<String, String> headers, HttpRequestInfo httpRequestInfo) throws BaseAuthException {
 
         if (token == null || token.trim().isEmpty()) {
             throw new MissingRequiredArgumentException("access_token");
@@ -91,9 +92,9 @@ public DecodedJWT validateToken(String token, HttpRequestInfo httpRequestInfo) t
     /**
      * Validates a JWT and ensures all required scopes are present.
      */
-    public DecodedJWT validateTokenWithRequiredScopes(String token, HttpRequestInfo httpRequestInfo, String... requiredScopes)
+    public DecodedJWT validateTokenWithRequiredScopes(String token, Map<String, String> headers, HttpRequestInfo httpRequestInfo, String... requiredScopes)
             throws BaseAuthException {
-        DecodedJWT jwt = validateToken(token, httpRequestInfo);
+        DecodedJWT jwt = validateToken(token, headers, httpRequestInfo);
         try {
             ClaimValidator.checkRequiredScopes(jwt, requiredScopes);
             return jwt;
@@ -105,9 +106,9 @@ public DecodedJWT validateTokenWithRequiredScopes(String token, HttpRequestInfo
     /**
      * Validates a JWT and ensures it has *any* of the provided scopes.
      */
-    public DecodedJWT validateTokenWithAnyScope(String token, HttpRequestInfo httpRequestInfo, String... scopes)
+    public DecodedJWT validateTokenWithAnyScope(String token, Map<String, String> headers, HttpRequestInfo httpRequestInfo, String... scopes)
             throws BaseAuthException {
-        DecodedJWT jwt = validateToken(token, httpRequestInfo);
+        DecodedJWT jwt = validateToken(token, headers, httpRequestInfo);
         try {
             ClaimValidator.checkAnyScope(jwt, scopes);
             return jwt;
@@ -119,9 +120,9 @@ public DecodedJWT validateTokenWithAnyScope(String token, HttpRequestInfo httpRe
     /**
      * Validates a JWT and ensures a claim equals the expected value.
      */
-    public DecodedJWT validateTokenWithClaimEquals(String token, HttpRequestInfo httpRequestInfo,  String claim, Object expected)
+    public DecodedJWT validateTokenWithClaimEquals(String token, Map<String, String> headers, HttpRequestInfo httpRequestInfo,  String claim, Object expected)
             throws BaseAuthException {
-        DecodedJWT jwt = validateToken(token, httpRequestInfo);
+        DecodedJWT jwt = validateToken(token, headers, httpRequestInfo);
         try {
             ClaimValidator.checkClaimEquals(jwt, claim, expected);
             return jwt;
@@ -133,9 +134,9 @@ public DecodedJWT validateTokenWithClaimEquals(String token, HttpRequestInfo htt
     /**
      * Validates a JWT and ensures a claim includes all expected values.
      */
-    public DecodedJWT validateTokenWithClaimIncludes(String token, HttpRequestInfo httpRequestInfo, String claim, Object... expectedValues)
+    public DecodedJWT validateTokenWithClaimIncludes(String token, Map<String, String> headers, HttpRequestInfo httpRequestInfo, String claim, Object... expectedValues)
             throws BaseAuthException {
-        DecodedJWT jwt = validateToken(token, httpRequestInfo);
+        DecodedJWT jwt = validateToken(token, headers, httpRequestInfo);
         try {
             ClaimValidator.checkClaimIncludes(jwt, claim, expectedValues);
             return jwt;
@@ -144,9 +145,9 @@ public DecodedJWT validateTokenWithClaimIncludes(String token, HttpRequestInfo h
         }
     }
 
-    public DecodedJWT validateTokenWithClaimIncludesAny(String token, HttpRequestInfo httpRequestInfo, String claim, Object... expectedValues)
+    public DecodedJWT validateTokenWithClaimIncludesAny(String token, Map<String, String> headers, HttpRequestInfo httpRequestInfo, String claim, Object... expectedValues)
             throws BaseAuthException {
-        DecodedJWT jwt = validateToken(token, httpRequestInfo);
+        DecodedJWT jwt = validateToken(token, headers, httpRequestInfo);
         try {
             ClaimValidator.checkClaimIncludesAny(jwt, claim, expectedValues);
             return jwt;

auth0-api-java/src/test/java/com/auth0/AbstractAuthenticationTest.java

@@ -80,7 +80,7 @@ public void validateBearerToken_shouldExtractAndValidate() throws Exception {
         DecodedJWT jwt = mock(DecodedJWT.class);
 
         when(extractor.extractBearer(anyMap())).thenReturn(token);
-        when(jwtValidator.validateToken("access", null)).thenReturn(jwt);
+        when(jwtValidator.validateToken(eq("access"), anyMap(), any())).thenReturn(jwt);
 
         Map<String, String> headers = new HashMap<>();
         headers.put("authorization", "Bearer access");
@@ -98,7 +98,7 @@ public void validateDpopTokenAndProof_shouldValidateEverything() throws Exceptio
                 new HttpRequestInfo("GET", "https://api.example.com", null);
 
         when(extractor.extractDPoPProofAndDPoPToken(anyMap())).thenReturn(token);
-        when(jwtValidator.validateToken(eq("access"), any())).thenReturn(jwt);
+        when(jwtValidator.validateToken(eq("access"), anyMap(), any())).thenReturn(jwt);
 
         Map<String, String> headers = new HashMap<>();
         headers.put("authorization", "DPoP access");

auth0-api-java/src/test/java/com/auth0/AllowedDPoPAuthenticationTest.java

@@ -47,15 +47,19 @@ public void authenticate_shouldAcceptBearerToken() throws Exception {
         when(extractor.extractBearer(anyMap())).thenReturn(
                 new AuthToken("token", null, null)
         );
-        when(jwtValidator.validateToken("token", null)).thenReturn(jwt);
+
+        Map<String, String> normalizedHeaders = new HashMap<>();
+        normalizedHeaders.put("authorization", "Bearer token");
+
+        when(jwtValidator.validateToken(eq("token"), eq(normalizedHeaders), any())).thenReturn(jwt);
 
         Map<String, String> headers = new HashMap<>();
         headers.put("authorization", "Bearer token");
 
         AuthenticationContext ctx = auth.authenticate(headers, null);
 
         assertThat(ctx).isNotNull();
-        verify(jwtValidator).validateToken("token", null);
+        verify(jwtValidator).validateToken("token", normalizedHeaders, null);
         verifyNoInteractions(dpopProofValidator);
     }
 
@@ -69,7 +73,7 @@ public void authenticate_shouldAcceptDpopToken() throws Exception {
         when(extractor.extractDPoPProofAndDPoPToken(anyMap())).thenReturn(
                 new com.auth0.models.AuthToken("token", "proof", null)
         );
-        when(jwtValidator.validateToken(eq("token"), any())).thenReturn(jwt);
+        when(jwtValidator.validateToken(eq("token"), anyMap(), any())).thenReturn(jwt);
         Map<String, String> headers = new HashMap<>();
         headers.put("authorization", "DPoP token");
         headers.put("dpop", "proof");

auth0-api-java/src/test/java/com/auth0/DisabledDPoPAuthenticationTest.java

@@ -33,7 +33,11 @@ public void authenticate_shouldAcceptBearerToken() throws Exception {
         when(extractor.extractBearer(anyMap())).thenReturn(
                 new com.auth0.models.AuthToken("token", null, null)
         );
-        when(jwtValidator.validateToken("token", null)).thenReturn(jwt);
+
+        Map<String, String> normalizedHeaders = new HashMap<>();
+        normalizedHeaders.put("authorization", "Bearer token");
+
+        when(jwtValidator.validateToken(eq("token"), eq(normalizedHeaders), any())).thenReturn(jwt);
         Map<String, String> headers = new HashMap<>();
         headers.put("authorization", "Bearer token");
 
@@ -43,7 +47,7 @@ public void authenticate_shouldAcceptBearerToken() throws Exception {
 
 
         assertThat(ctx).isNotNull();
-        verify(jwtValidator).validateToken("token", null);
+        verify(jwtValidator).validateToken("token", normalizedHeaders, null);
     }
 
     @Test

auth0-api-java/src/test/java/com/auth0/RequiredDPoPAuthenticationTest.java

@@ -39,7 +39,7 @@ public void authenticate_shouldAcceptDpopToken() throws Exception {
         when(extractor.extractDPoPProofAndDPoPToken(anyMap())).thenReturn(
                 new com.auth0.models.AuthToken("token", "proof", null)
         );
-        when(jwtValidator.validateToken(eq("token"), any())).thenReturn(jwt);
+        when(jwtValidator.validateToken(eq("token"), anyMap(), any())).thenReturn(jwt);
 
         Map<String, String> headers = new HashMap<>();
         headers.put("authorization", "DPoP token");

auth0-api-java/src/test/java/com/auth0/validators/JWTValidatorTest.java

@@ -19,6 +19,7 @@
 import java.security.interfaces.RSAPrivateKey;
 import java.security.interfaces.RSAPublicKey;
 import java.util.Date;
+import java.util.HashMap;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.anyString;
@@ -80,7 +81,7 @@ public void constructor_shouldRejectNullJwkProvider() {
     public void validateToken_success() throws Exception {
         String token = validToken();
 
-        DecodedJWT jwt = validator.validateToken(token, null);
+        DecodedJWT jwt = validator.validateToken(token, null, null);
 
         assertThat(jwt.getIssuer()).isEqualTo(ISSUER);
         assertThat(jwt.getAudience()).contains(AUDIENCE);
@@ -89,7 +90,7 @@ public void validateToken_success() throws Exception {
 
     @Test(expected = MissingRequiredArgumentException.class)
     public void validateToken_shouldRejectNullToken() throws Exception {
-        validator.validateToken(null, null);
+        validator.validateToken(null, null, null);
     }
 
     @Test(expected = VerifyAccessTokenException.class)
@@ -100,14 +101,14 @@ public void validateToken_shouldRejectInvalidSignature() throws Exception {
 
         when(jwk.getPublicKey()).thenReturn(wrongKey);
 
-        validator.validateToken(validToken(), null);
+        validator.validateToken(validToken(), null, null);
     }
 
     @Test
     public void validateTokenWithRequiredScopes_success() throws Exception {
         String token = tokenWithScopes("read write");
 
-        DecodedJWT jwt = validator.validateTokenWithRequiredScopes(token, null, "read");
+        DecodedJWT jwt = validator.validateTokenWithRequiredScopes(token, new HashMap<>(), null, "read");
 
         assertThat(jwt).isNotNull();
     }
@@ -116,14 +117,14 @@ public void validateTokenWithRequiredScopes_success() throws Exception {
     public void validateTokenWithRequiredScopes_failure() throws Exception {
         String token = tokenWithScopes("read");
 
-        validator.validateTokenWithRequiredScopes(token, null, "admin");
+        validator.validateTokenWithRequiredScopes(token, new HashMap<>(), null, "admin");
     }
 
     @Test
     public void validateTokenWithAnyScope_success() throws Exception {
         String token = tokenWithScopes("read write");
 
-        DecodedJWT jwt = validator.validateTokenWithAnyScope(token, null, "admin", "write");
+        DecodedJWT jwt = validator.validateTokenWithAnyScope(token, new HashMap<>(), null, "admin", "write");
 
         assertThat(jwt).isNotNull();
     }
@@ -132,14 +133,14 @@ public void validateTokenWithAnyScope_success() throws Exception {
     public void validateTokenWithAnyScope_failure() throws Exception {
         String token = tokenWithScopes("read");
 
-        validator.validateTokenWithAnyScope(token, null, "admin");
+        validator.validateTokenWithAnyScope(token, new HashMap<>(), null, "admin");
     }
 
     @Test
     public void validateTokenWithClaimEquals_success() throws Exception {
         String token = tokenWithEmail("a@b.com");
 
-        DecodedJWT jwt = validator.validateTokenWithClaimEquals(token, null, "email", "a@b.com");
+        DecodedJWT jwt = validator.validateTokenWithClaimEquals(token, new HashMap<>(), null, "email", "a@b.com");
 
         assertThat(jwt).isNotNull();
     }
@@ -148,14 +149,14 @@ public void validateTokenWithClaimEquals_success() throws Exception {
     public void validateTokenWithClaimEquals_failure() throws Exception {
         String token = tokenWithEmail("a@b.com");
 
-        validator.validateTokenWithClaimEquals(token, null, "email", "x@y.com");
+        validator.validateTokenWithClaimEquals(token, new HashMap<>(), null, "email", "x@y.com");
     }
 
     @Test
     public void validateTokenWithClaimIncludes_success() throws Exception {
         String token = tokenWithScopes("read write");
 
-        DecodedJWT jwt = validator.validateTokenWithClaimIncludes(token, null, "scope", "read");
+        DecodedJWT jwt = validator.validateTokenWithClaimIncludes(token, new HashMap<>(), null, "scope", "read");
 
         assertThat(jwt).isNotNull();
     }
@@ -164,14 +165,14 @@ public void validateTokenWithClaimIncludes_success() throws Exception {
     public void validateTokenWithClaimIncludes_failure() throws Exception {
         String token = tokenWithScopes("read");
 
-        validator.validateTokenWithClaimIncludes(token, null, "scope", "admin");
+        validator.validateTokenWithClaimIncludes(token, new HashMap<>(), null, "scope", "admin");
     }
 
     @Test
     public void validateTokenWithClaimIncludesAny_success() throws Exception {
         String token = tokenWithScopes("read write");
 
-        DecodedJWT jwt = validator.validateTokenWithClaimIncludesAny(token, null, "scope", "admin", "write");
+        DecodedJWT jwt = validator.validateTokenWithClaimIncludesAny(token, new HashMap<>(), null, "scope", "admin", "write");
 
         assertThat(jwt).isNotNull();
     }
@@ -180,7 +181,7 @@ public void validateTokenWithClaimIncludesAny_success() throws Exception {
     public void validateTokenWithClaimIncludesAny_failure() throws Exception {
         String token = tokenWithScopes("read");
 
-        validator.validateTokenWithClaimIncludesAny(token, null, "scope", "admin");
+        validator.validateTokenWithClaimIncludesAny(token, new HashMap<>(), null, "scope", "admin");
     }
 
     @Test