test: refactor client OIDC

ci/python/flask-oidc-client/index.py

@@ -1,3 +1,13 @@
+import argparse
+
+# Parser les arguments données sur la ligne de commande
+parser = argparse.ArgumentParser()
+parser.add_argument("--port")
+parser.add_argument("--clientid")
+parser.add_argument("--clientsecret")
+parser.add_argument("--scopes")
+args = parser.parse_args()
+
 import urllib3
 from flask import Flask, redirect, url_for, session, jsonify, request
 from authlib.integrations.flask_client import OAuth
@@ -7,11 +17,11 @@
 urllib3.disable_warnings()
 
 # Constantes à modifier si besoin
-CLIENT_ID = "client-testcas"
-CLIENT_SECRET = "secret-testcas"
+CLIENT_ID = args.clientid
+CLIENT_SECRET = args.clientsecret
 PROVIDER_METADATA_URL = "https://localhost:8443/cas/oidc/.well-known"
-CLIENT_CALLBACK_URL = "http://localhost:8018/oidc/authorize"
-SCOPES = "openid profile test"
+CLIENT_CALLBACK_URL = "http://localhost:"+args.port+"/oidc/authorize"
+SCOPES = args.scopes
 
 # Initialisation de l'app flask
 app = Flask(__name__)
@@ -88,4 +98,4 @@ def logout():
 
 # Démarrer l'application Flask
 if __name__ == '__main__':
-    app.run(host="0.0.0.0", port=8018)
+    app.run(host="0.0.0.0", port=args.port)

puppeteer/scenarios/oidc_protocol.js

@@ -35,12 +35,14 @@ const assert = require("assert");
 
         //Verify that attributes were received
         assert(pageContent.includes("attributes"));
-        assert(pageContent.includes("isMemberOf"));
-        assert(pageContent.includes("\"cn\":\"TEST TEST\""));
-        assert(pageContent.includes("\"nickname\":\"test1\"")); //Mapped attribute from ENTPersonLogin
+        assert(pageContent.includes("isMemberOf")); //Custom claim
+        assert(pageContent.includes("\"nickname\":\"test1\"")); //Mapped claim from ENTPersonLogin
         assert(pageContent.includes("\"uid\":[\"F1abc\"]"));
-        assert(pageContent.includes("\"mail\":[\"[email protected]\"]"));
-
+        assert(pageContent.includes("\"family_name\":\"TEST\"")); //Mapped claim from cn
+        assert(pageContent.includes("\"given_name\":\"Test\""));
+        assert(pageContent.includes("\"usual_name\":\"TEST\"")); //Mapped claim from cn
+        assert(!pageContent.includes("email")); //Not in scopes
+
         process.exit(0)
 
     } catch (e) {

src/main/resources/application-test.yml

@@ -115,9 +115,14 @@ cas.authn.saml-idp.core.entity-id: https://localhost:8443/cas/idp/metadata
 cas.authn.oidc.core.issuer: https://localhost:8443/cas/oidc
 cas.authn.oidc.jwks.file-system.jwks-file: /tmp/oidc/keystore.jwks
 cas.authn.oidc.core.claims-map.nickname: ENTPersonLogin
-cas.authn.oidc.core.user-defined-scopes.test: uid,isMemberOf,cn,sn,givenName,displayName,mail
+cas.authn.oidc.core.claims-map.given_name: givenName
+cas.authn.oidc.core.claims-map.email: mail
+cas.authn.oidc.core.claims-map.family_name: sn
+cas.authn.oidc.core.claims-map.usual_name: sn
+cas.authn.oidc.core.claims-map.name: displayName
+cas.authn.oidc.core.user-defined-scopes.test: uid,isMemberOf,usual_name
 cas.authn.oidc.discovery.scopes: openid,profile,test
-cas.authn.oidc.discovery.claims: sub,name,cn,nickname,family_name,uid,isMemberOf,sn,givenName,displayName,mail
+cas.authn.oidc.discovery.claims: sub,name,nickname,usual_name,uid,isMemberOf,email,given_name,family_name
 cas.authn.oidc.id-token.include-id-token-claims: false
 
 # Attribute definition