refactor(introspect): use nimbus utils for converting date claims, minor cleanups

tronghn · tronghn · commit f19c2acd1653 · 2025-09-05T13:57:54.000+02:00
diff --git a/src/main/kotlin/no/nav/security/mock/oauth2/introspect/Introspect.kt b/src/main/kotlin/no/nav/security/mock/oauth2/introspect/Introspect.kt
@@ -4,6 +4,7 @@ import com.fasterxml.jackson.annotation.JsonFormat
 import com.fasterxml.jackson.annotation.JsonInclude
 import com.fasterxml.jackson.annotation.JsonProperty
 import com.nimbusds.jwt.JWTClaimsSet
+import com.nimbusds.jwt.util.DateUtils
 import com.nimbusds.oauth2.sdk.OAuth2Error
 import mu.KotlinLogging
 import no.nav.security.mock.oauth2.OAuth2Exception
@@ -14,6 +15,7 @@ import no.nav.security.mock.oauth2.http.Route
 import no.nav.security.mock.oauth2.http.json
 import no.nav.security.mock.oauth2.token.OAuth2TokenProvider
 import okhttp3.Headers
+import java.util.Date
 
 private val log = KotlinLogging.logger { }
 
@@ -29,18 +31,18 @@ internal fun Route.Builder.introspect(tokenProvider: OAuth2TokenProvider) =
         request.verifyToken(tokenProvider)?.let {
             json(
                 IntrospectResponse(
-                    true,
-                    it.getStringClaim("scope"),
-                    it.getStringClaim("client_id"),
-                    it.getStringClaim("username"),
-                    it.getStringClaim("token_type") ?: "Bearer",
-                    it.expirationTime?.time?.div(1000),
-                    it.issueTime?.time?.div(1000),
-                    it.notBeforeTime?.time?.div(1000),
-                    it.subject,
-                    it.audience,
-                    it.issuer,
-                    it.jwtid,
+                    active = true,
+                    scope = it.getStringClaim("scope"),
+                    clientId = it.getStringClaim("client_id"),
+                    username = it.getStringClaim("username"),
+                    tokenType = it.getStringClaim("token_type") ?: "Bearer",
+                    exp = it.expirationTime.epochSeconds(),
+                    iat = it.issueTime.epochSeconds(),
+                    nbf = it.notBeforeTime.epochSeconds(),
+                    sub = it.subject,
+                    aud = it.audience,
+                    iss = it.issuer,
+                    jti = it.jwtid,
                 ),
             )
         } ?: json(IntrospectResponse(false))
@@ -70,6 +72,8 @@ private fun String.auth(method: String): String? =
         .takeIf { it.size == 2 }
         ?.last()
 
+private fun Date?.epochSeconds(): Long? = this?.let(DateUtils::toSecondsSinceEpoch)
+
 @JsonInclude(JsonInclude.Include.NON_NULL)
 data class IntrospectResponse(
     @JsonProperty("active")
diff --git a/src/test/kotlin/no/nav/security/mock/oauth2/introspect/IntrospectTest.kt b/src/test/kotlin/no/nav/security/mock/oauth2/introspect/IntrospectTest.kt
@@ -92,7 +92,7 @@ internal class IntrospectTest {
     }
 
     @Test
-    fun `introspect should return iat and exp from claims when provider`() {
+    fun `introspect should return iat and exp from claims when present in token`() {
         val issuerUrl = "http://localhost/default"
         val tokenProvider = OAuth2TokenProvider()
         val claims =

Original file line number	Diff line number	Diff line change
`@@ -92,7 +92,7 @@ internal class IntrospectTest {`
`92`	`92`	`}`
`93`	`93`
`94`	`94`	`@Test`
`95`		- fun `introspect should return iat and exp from claims when provider`() {
	`95`	+ fun `introspect should return iat and exp from claims when present in token`() {
`96`	`96`	`val issuerUrl = "http://localhost/default"`
`97`	`97`	`val tokenProvider = OAuth2TokenProvider()`
`98`	`98`	`val claims =`