Merge branch 'master' into exclude_junit4

.github/workflows/test-dp-pr.yaml

@@ -0,0 +1,49 @@
+name: Test PR
+on:
+  pull_request_target:
+    paths-ignore:
+      - '*.md'
+
+permissions:
+  pull-requests: write
+  contents: write
+
+jobs:
+  test_dp_pr:
+    runs-on: ubuntu-latest
+    if: ${{ github.actor == 'dependabot[bot]' }}
+    steps:
+      - name: Checkout latest code
+        uses: actions/checkout@v4
+
+      - name: Set up JDK 17
+        uses: actions/setup-java@v3
+        with:
+          java-version: 17
+          distribution: 'zulu'
+          cache: 'gradle'
+
+      - name: Build with Gradle
+        run: ./gradlew build
+
+  dependabot_pr:
+    runs-on: ubuntu-latest
+    if: ${{ github.actor == 'dependabot[bot]' }}
+    needs: test_dp_pr
+    steps:
+      - name: Dependabot metadata
+        id: dependabot-metadata
+        uses: dependabot/[email protected]
+        with:
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+      - name: Approve a PR
+        run: gh pr review --approve "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Enable auto-merge for Dependabot PRs
+        if: ${{ steps.dependabot-metadata.outputs.update-type != 'version-update:semver-major' }}
+        run: gh pr merge --auto --squash "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/test-pr.yaml

@@ -1,13 +1,9 @@
 name: Test PR
 on:
-  pull_request_target:
+  pull_request:
     paths-ignore:
       - '*.md'
 
-permissions:
-  pull-requests: write
-  contents: write
-
 jobs:
   test_pr:
     runs-on: ubuntu-latest
@@ -24,25 +20,3 @@ jobs:
 
       - name: Build with Gradle
         run: ./gradlew build
-
-  dependabot_pr:
-    runs-on: ubuntu-latest
-    if: ${{ github.actor == 'dependabot[bot]' }}
-    needs: test_pr
-    steps:
-      - name: Dependabot metadata
-        id: dependabot-metadata
-        uses: dependabot/[email protected]
-        with:
-          github-token: "${{ secrets.GITHUB_TOKEN }}"
-      - name: Approve a PR
-        run: gh pr review --approve "$PR_URL"
-        env:
-          PR_URL: ${{ github.event.pull_request.html_url }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      - name: Enable auto-merge for Dependabot PRs
-        if: ${{ steps.dependabot-metadata.outputs.update-type != 'version-update:semver-major' }}
-        run: gh pr merge --auto --squash "$PR_URL"
-        env:
-          PR_URL: ${{ github.event.pull_request.html_url }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

build.gradle.kts

@@ -4,16 +4,16 @@ import com.github.benmanes.gradle.versions.updates.DependencyUpdatesTask
 val assertjVersion = "3.24.2"
 val kotlinLoggingVersion = "3.0.5"
 val logbackVersion = "1.4.11"
-val nimbusSdkVersion = "10.15"
 val mockWebServerVersion = "5.0.0-alpha.11"
-val jacksonVersion = "2.15.2"
+val nimbusSdkVersion = "11.4"
+val jacksonVersion = "2.15.3"
 val nettyVersion = "4.1.100.Final"
 val junitJupiterVersion = "5.10.0"
 val kotlinVersion = "1.9.10"
 val freemarkerVersion = "2.3.32"
 val kotestVersion = "5.7.2"
 val bouncyCastleVersion = "1.70"
-val springBootVersion = "3.1.4"
+val springBootVersion = "3.1.5"
 val reactorTestVersion = "3.5.11"
 val ktorVersion = "2.3.5"
 

src/main/kotlin/no/nav/security/mock/oauth2/http/OAuth2HttpRequest.kt

@@ -52,10 +52,11 @@ data class OAuth2HttpRequest(
 
     @Suppress("MemberVisibilityCanBePrivate")
     fun asNimbusHTTPRequest(): HTTPRequest {
+        val inputBody = body
         return HTTPRequest(HTTPRequest.Method.valueOf(method), url.toUrl())
             .apply {
                 headers.forEach { header -> this.setHeader(header.first, header.second) }
-                query = body
+                body = inputBody
             }
     }
 

src/test/kotlin/no/nav/security/mock/oauth2/e2e/TokenExchangeGrantIntegrationTest.kt

@@ -91,33 +91,38 @@ class TokenExchangeGrantIntegrationTest {
     fun `token request with token exchange grant and client basic auth should exchange subject_token with a new token containing many of the same claims`() {
         withMockOAuth2Server {
             val initialSubject = "yolo"
-            val initialToken = this.issueToken(
-                issuerId = "idprovider",
-                clientId = "initialClient",
-                tokenCallback = DefaultOAuth2TokenCallback(
+            val initialToken =
+                this.issueToken(
                     issuerId = "idprovider",
-                    subject = initialSubject,
-                    claims = mapOf(
-                        "claim1" to "value1",
-                        "claim2" to "value2",
-                    ),
-                ),
-            )
+                    clientId = "initialClient",
+                    tokenCallback =
+                        DefaultOAuth2TokenCallback(
+                            issuerId = "idprovider",
+                            subject = initialSubject,
+                            claims =
+                                mapOf(
+                                    "claim1" to "value1",
+                                    "claim2" to "value2",
+                                ),
+                        ),
+                )
 
             val issuerId = "tokenx"
             val tokenEndpointUrl = this.tokenEndpointUrl(issuerId)
             val targetAudienceForToken = "targetAudience"
 
-            val response: ParsedTokenResponse = client.tokenRequest(
-                url = tokenEndpointUrl,
-                basicAuth = Pair("client", "secret"),
-                parameters = mapOf(
-                    "grant_type" to TOKEN_EXCHANGE.value,
-                    "subject_token_type" to SubjectTokenType.TOKEN_TYPE_JWT,
-                    "subject_token" to initialToken.serialize(),
-                    "audience" to targetAudienceForToken,
-                ),
-            ).toTokenResponse()
+            val response: ParsedTokenResponse =
+                client.tokenRequest(
+                    url = tokenEndpointUrl,
+                    basicAuth = Pair("client", "secret"),
+                    parameters =
+                        mapOf(
+                            "grant_type" to TOKEN_EXCHANGE.value,
+                            "subject_token_type" to SubjectTokenType.TOKEN_TYPE_JWT,
+                            "subject_token" to initialToken.serialize(),
+                            "audience" to targetAudienceForToken,
+                        ),
+                ).toTokenResponse()
 
             response shouldBeValidFor TOKEN_EXCHANGE
             response.scope shouldBe null
@@ -136,17 +141,17 @@ class TokenExchangeGrantIntegrationTest {
     @Test
     fun `token request without client_assertion should fail`() {
         withMockOAuth2Server {
-            val response: Response = 
+            val response: Response =
                 client.tokenRequest(
-                  url = this.tokenEndpointUrl("tokenx"),
-                  parameters = 
-                    mapOf(
-                      "grant_type" to TOKEN_EXCHANGE.value,
-                      "subject_token_type" to SubjectTokenType.TOKEN_TYPE_JWT,
-                      "subject_token" to "yolo",
-                      "audience" to "targetAudienceForToken",
-                  ),
-              )
+                    url = this.tokenEndpointUrl("tokenx"),
+                    parameters =
+                        mapOf(
+                            "grant_type" to TOKEN_EXCHANGE.value,
+                            "subject_token_type" to SubjectTokenType.TOKEN_TYPE_JWT,
+                            "subject_token" to "yolo",
+                            "audience" to "targetAudienceForToken",
+                        ),
+                )
             response.code shouldBe 400
         }
     }