refactor: removed references to bearer token to avoid confusion

* removed unnecessary null check on form parameters
* changed data type for exp, iat, nbf to long

Author: tommytroen

src/main/kotlin/no/nav/security/mock/oauth2/introspect/Introspect.kt

@@ -29,7 +29,7 @@ internal fun Route.Builder.introspect(tokenProvider: OAuth2TokenProvider) =
             throw OAuth2Exception(OAuth2Error.INVALID_CLIENT.setDescription(msg), msg)
         }
 
-        request.verifyBearerToken(tokenProvider)?.let {
+        request.verifyToken(tokenProvider)?.let {
             val claims = it.claims
             json(
                 IntrospectResponse(
@@ -38,9 +38,9 @@ internal fun Route.Builder.introspect(tokenProvider: OAuth2TokenProvider) =
                     claims["client_id"].toString(),
                     claims["username"].toString(),
                     claims["token_type"].toString(),
-                    claims["exp"].toString(),
-                    claims["iat"].toString(),
-                    claims["nbf"].toString(),
+                    claims["exp"] as? Long,
+                    claims["iat"] as? Long,
+                    claims["nbf"] as? Long,
                     claims["sub"].toString(),
                     claims["aud"].toString(),
                     claims["iss"].toString(),
@@ -50,18 +50,14 @@ internal fun Route.Builder.introspect(tokenProvider: OAuth2TokenProvider) =
         } ?: json(IntrospectResponse(false))
     }
 
-private fun OAuth2HttpRequest.verifyBearerToken(tokenProvider: OAuth2TokenProvider): JWTClaimsSet? {
-    val tokenString = this.getToken()
-    if (tokenString.isNullOrEmpty()) {
-        return null
-    }
-
+private fun OAuth2HttpRequest.verifyToken(tokenProvider: OAuth2TokenProvider): JWTClaimsSet? {
+    val tokenString = this.formParameters.get("token")
     val issuer = url.toIssuerUrl()
     val jwkSet = tokenProvider.publicJwkSet(issuer.issuerId())
-
     return try {
         SignedJWT.parse(tokenString).verifySignatureAndIssuer(Issuer(issuer.toString()), jwkSet)
     } catch (e: Exception) {
+        log.debug("token_introspection: failed signature validation")
         return null
     }
 }
@@ -80,14 +76,6 @@ private fun String.auth(method: String): String? {
         ?.last()
 }
 
-private fun OAuth2HttpRequest.getToken(): String? {
-    val tokenParams = this.formParameters
-    if (tokenParams.map.isEmpty()) {
-        return null
-    }
-    return tokenParams.get("token")
-}
-
 @JsonInclude(JsonInclude.Include.NON_NULL)
 data class IntrospectResponse(
     @JsonProperty("active")
@@ -101,11 +89,11 @@ data class IntrospectResponse(
     @JsonProperty("token_type")
     val tokenType: String? = null,
     @JsonProperty("exp")
-    val exp: String? = null,
+    val exp: Long? = null,
     @JsonProperty("iat")
-    val iat: String? = null,
+    val iat: Long? = null,
     @JsonProperty("nbf")
-    val nbf: String? = null,
+    val nbf: Long? = null,
     @JsonProperty("sub")
     val sub: String? = null,
     @JsonProperty("aud")

src/test/kotlin/no/nav/security/mock/oauth2/introspect/IntrospectTest.kt

@@ -4,6 +4,7 @@ import com.fasterxml.jackson.module.kotlin.jacksonObjectMapper
 import com.fasterxml.jackson.module.kotlin.readValue
 import io.kotest.assertions.asClue
 import io.kotest.assertions.throwables.shouldThrow
+import io.kotest.matchers.maps.shouldContain
 import io.kotest.matchers.maps.shouldContainAll
 import io.kotest.matchers.maps.shouldContainExactly
 import io.kotest.matchers.shouldBe
@@ -24,24 +25,25 @@ internal class IntrospectTest {
         val issuerUrl = "http://localhost/default"
         val tokenProvider = OAuth2TokenProvider()
         val claims = mapOf(
-            "active" to true,
             "iss" to issuerUrl,
             "client_id" to "yolo",
             "token_type" to "token",
             "sub" to "foo"
         )
-        val bearerToken = tokenProvider.jwt(claims)
-        val request = request("$issuerUrl$INTROSPECT", bearerToken.serialize())
+        val token = tokenProvider.jwt(claims)
+        println("token: " + token.jwtClaimsSet.toJSONObject())
+        val request = request("$issuerUrl$INTROSPECT", token.serialize())
 
         routes { introspect(tokenProvider) }.invoke(request).asClue {
-            println(it.parse<Map<String, Any>>())
             it.status shouldBe 200
-            it.parse<Map<String, Any>>() shouldContainAll claims
+            val response = it.parse<Map<String, Any>>()
+            response shouldContainAll claims
+            response shouldContain ("active" to true)
         }
     }
 
     @Test
-    fun `introspect should return active false when bearer token is missing`() {
+    fun `introspect should return active false when token is missing`() {
         val url = "http://localhost/default$INTROSPECT"
 
         routes {
@@ -53,7 +55,7 @@ internal class IntrospectTest {
     }
 
     @Test
-    fun `introspect should return active false when bearer token is invalid`() {
+    fun `introspect should return active false when token is invalid`() {
         val url = "http://localhost/default$INTROSPECT"
 
         routes {
@@ -81,7 +83,7 @@ internal class IntrospectTest {
 
     private inline fun <reified T> OAuth2HttpResponse.parse(): T = jacksonObjectMapper().readValue(checkNotNull(body))
 
-    private fun request(url: String, bearerToken: String?, auth: String = "Basic user=password"): OAuth2HttpRequest {
+    private fun request(url: String, token: String?, auth: String = "Basic user=password"): OAuth2HttpRequest {
         return OAuth2HttpRequest(
             Headers.headersOf(
                 "Authorization", auth,
@@ -90,7 +92,7 @@ internal class IntrospectTest {
             ),
             method = "POST",
             url.toHttpUrl(),
-            body = bearerToken?.let { "token=$it&token_type_hint=access_token" }
+            body = token?.let { "token=$it&token_type_hint=access_token" }
         )
     }
 }