cloudfoundry · ghost · Mar 1, 2019
diff --git a/cloudfoundry-client-reactor/src/main/java/org/cloudfoundry/reactor/TokenProvider.java b/cloudfoundry-client-reactor/src/main/java/org/cloudfoundry/reactor/TokenProvider.java
@@ -40,4 +40,12 @@ public interface TokenProvider {
     default void invalidate(ConnectionContext connectionContext) {
     }
 
+    /**
+     * Provides the name of the property in jwt which is effective for user identity (i.e. client_id for ClientCredentialsTokenProvider and user_name for PasswordGrantTokenProvider)
+     * 
+     * @return
+     */
+    default String getUserIdentityProperty(){
+    	return "user_name";
+    }
 }
diff --git a/...ain/java/org/cloudfoundry/reactor/tokenprovider/_ClientCredentialsGrantTokenProvider.java b/...ain/java/org/cloudfoundry/reactor/tokenprovider/_ClientCredentialsGrantTokenProvider.java
@@ -40,4 +40,8 @@ Mono<Void> tokenRequestTransformer(Mono<HttpClientRequest> outbound) {
                 .then());
     }
 
+	@Override
+	String getIdentityZoneSubdomain() {
+		return "client_id";
+	}
 }
diff --git a/...r/src/main/java/org/cloudfoundry/reactor/tokenprovider/_OneTimePasscodeTokenProvider.java b/...r/src/main/java/org/cloudfoundry/reactor/tokenprovider/_OneTimePasscodeTokenProvider.java
@@ -45,4 +45,8 @@ Mono<Void> tokenRequestTransformer(Mono<HttpClientRequest> outbound) {
                 .then());
     }
 
+	@Override
+	String getIdentityZoneSubdomain() {
+		return "client_id";
+	}
 }
diff --git a/...tor/src/main/java/org/cloudfoundry/reactor/tokenprovider/_PasswordGrantTokenProvider.java b/...tor/src/main/java/org/cloudfoundry/reactor/tokenprovider/_PasswordGrantTokenProvider.java
@@ -59,4 +59,8 @@ Mono<Void> tokenRequestTransformer(Mono<HttpClientRequest> outbound) {
                 .then());
     }
 
+	@Override
+	String getIdentityZoneSubdomain() {
+		return "user_name";
+	}
 }
diff --git a/...src/main/java/org/cloudfoundry/reactor/tokenprovider/_RefreshTokenGrantTokenProvider.java b/...src/main/java/org/cloudfoundry/reactor/tokenprovider/_RefreshTokenGrantTokenProvider.java
@@ -45,4 +45,8 @@ Mono<Void> tokenRequestTransformer(Mono<HttpClientRequest> outbound) {
                 .then());
     }
 
+	@Override
+	String getIdentityZoneSubdomain() {
+		return "client_id";
+	}
 }
diff --git a/cloudfoundry-client-reactor/src/main/java/org/cloudfoundry/reactor/uaa/UsernameProvider.java b/cloudfoundry-client-reactor/src/main/java/org/cloudfoundry/reactor/uaa/UsernameProvider.java
@@ -73,7 +73,7 @@ private String getUsername(String token) {
             .parseClaimsJws(token);
 
         return Optional
-            .ofNullable(jws.getBody().get("user_name", String.class))
+            .ofNullable(jws.getBody().get(this.tokenProvider.getUserIdentityProperty(), String.class))
             .orElseThrow(() -> new IllegalStateException("Unable to retrieve username from token"));
     }
 

diff --git a/...undry-client-reactor/src/test/java/org/cloudfoundry/reactor/uaa/UsernameProviderTest.java b/...undry-client-reactor/src/test/java/org/cloudfoundry/reactor/uaa/UsernameProviderTest.java
@@ -61,7 +61,8 @@ public void getInvalidToken() throws NoSuchAlgorithmException {
         String invalidToken = String.format("bearer %s", getToken(keyPair.getPrivate(), Instant.now().minus(Duration.ofHours(1))));
         String validToken = String.format("bearer %s", getToken(keyPair.getPrivate(), Instant.now().plus(Duration.ofHours(1))));
         when(this.tokenProvider.getToken(this.connectionContext)).thenReturn(Mono.just(invalidToken), Mono.just(validToken));
-
+        when(this.tokenProvider.getUserIdentityProperty()).thenReturn("user_name");
+
         this.usernameProvider
             .get()
             .as(StepVerifier::create)
@@ -79,21 +80,40 @@ public void getValidToken() throws NoSuchAlgorithmException {
 
         String token = String.format("bearer %s", getToken(keyPair.getPrivate(), Instant.now().plus(Duration.ofHours(1))));
         when(this.tokenProvider.getToken(this.connectionContext)).thenReturn(Mono.just(token));
-
+        when(this.tokenProvider.getUserIdentityProperty()).thenReturn("user_name");
+
         this.usernameProvider
             .get()
             .as(StepVerifier::create)
             .expectNext("test-username")
             .expectComplete()
             .verify(Duration.ofSeconds(1));
     }
+
+    @Test
+    public void getValidTokenWithClient() throws NoSuchAlgorithmException {
+        KeyPair keyPair = getKeyPair();
+        when(this.signingKeyResolver.resolveSigningKey(any(JwsHeader.class), any(Claims.class))).thenReturn(keyPair.getPublic());
+
+        String token = String.format("bearer %s", getToken(keyPair.getPrivate(), Instant.now().plus(Duration.ofHours(1))));
+        when(this.tokenProvider.getToken(this.connectionContext)).thenReturn(Mono.just(token));
+        when(this.tokenProvider.getUserIdentityProperty()).thenReturn("client_id");
+
+        this.usernameProvider
+            .get()
+            .as(StepVerifier::create)
+            .expectNext("test-client")
+            .expectComplete()
+            .verify(Duration.ofSeconds(1));
+    }
 
     @SuppressWarnings("unchecked")
     private static String getToken(PrivateKey privateKey, Instant expiration) {
         return Jwts.builder()
             .setHeader((Map<String, Object>) new DefaultJwsHeader().setKeyId("test-key"))
             .signWith(SignatureAlgorithm.RS256, privateKey)
             .claim("user_name", "test-username")
+            .claim("client_id", "test-client")
             .setExpiration(Date.from(expiration))
             .compact();
     }