fix(introspect): exp, iat, nbf claims were always null

Author: Lutonite

src/main/kotlin/no/nav/security/mock/oauth2/introspect/Introspect.kt

@@ -13,6 +13,7 @@ import no.nav.security.mock.oauth2.http.Route
 import no.nav.security.mock.oauth2.http.json
 import no.nav.security.mock.oauth2.token.OAuth2TokenProvider
 import okhttp3.Headers
+import java.util.Date
 
 private val log = KotlinLogging.logger { }
 
@@ -26,21 +27,20 @@ internal fun Route.Builder.introspect(tokenProvider: OAuth2TokenProvider) =
         }
 
         request.verifyToken(tokenProvider)?.let {
-            val claims = it.claims
             json(
                 IntrospectResponse(
                     true,
-                    claims["scope"].toString(),
-                    claims["client_id"].toString(),
-                    claims["username"].toString(),
-                    claims["token_type"].toString(),
-                    claims["exp"] as? Long,
-                    claims["iat"] as? Long,
-                    claims["nbf"] as? Long,
-                    claims["sub"].toString(),
-                    claims["aud"].toString(),
-                    claims["iss"].toString(),
-                    claims["jti"].toString(),
+                    it.getStringClaim("scope"),
+                    it.getStringClaim("client_id"),
+                    it.getStringClaim("username"),
+                    it.getStringClaim("token_type") ?: "Bearer",
+                    it.expirationTime?.time?.div(1000),
+                    it.issueTime?.time?.div(1000),
+                    it.notBeforeTime?.time?.div(1000),
+                    it.subject,
+                    it.audience,
+                    it.issuer,
+                    it.jwtid,
                 ),
             )
         } ?: json(IntrospectResponse(false))
@@ -91,7 +91,7 @@ data class IntrospectResponse(
     @JsonProperty("sub")
     val sub: String? = null,
     @JsonProperty("aud")
-    val aud: String? = null,
+    val aud: List<String>? = null,
     @JsonProperty("iss")
     val iss: String? = null,
     @JsonProperty("jti")

src/test/kotlin/no/nav/security/mock/oauth2/introspect/IntrospectTest.kt

@@ -91,6 +91,31 @@ internal class IntrospectTest {
         }
     }
 
+    @Test
+    fun `introspect should return iat and exp from claims when provider`() {
+        val issuerUrl = "http://localhost/default"
+        val tokenProvider = OAuth2TokenProvider()
+        val claims = mapOf(
+            "iss" to issuerUrl,
+            "client_id" to "yolo",
+            "token_type" to "token",
+            "sub" to "foo",
+            "iat" to Instant.now().epochSecond,
+            "exp" to Instant.now().plus(1, ChronoUnit.DAYS).epochSecond,
+        )
+
+        val token = tokenProvider.jwt(claims)
+        val request = request("$issuerUrl$INTROSPECT", token.serialize())
+
+        routes { introspect(tokenProvider) }.invoke(request).asClue {
+            it.status shouldBe 200
+            val response = it.parse<IntrospectResponse>()
+            response.active shouldBe true
+            response.iat shouldBe claims["iat"]
+            response.exp shouldBe claims["exp"]
+        }
+    }
+
     @Test
     fun `introspect should return active false when token is missing`() {
         val url = "http://localhost/default$INTROSPECT"