feat: support scope as dynamic variable in requestmapping

Co-authored-by: ybelmekk <[email protected]>

Author: tommytroen

src/main/kotlin/no/nav/security/mock/oauth2/token/OAuth2TokenCallback.kt

@@ -89,20 +89,19 @@ data class RequestMappingTokenCallback(
 
     private fun List<RequestMapping>.getClaims(tokenRequest: TokenRequest): Map<String, Any> {
         val claims = firstOrNull { it.isMatch(tokenRequest) }?.claims ?: emptyMap()
-        val customParameters = tokenRequest.customParameters.mapValues { (_, value) -> value.first() }
-        val variables =
-            if (tokenRequest.grantType() == GrantType.CLIENT_CREDENTIALS) {
-                customParameters + ("clientId" to tokenRequest.clientIdAsString())
-            } else {
-                customParameters
-            }
+
+        // TODO: hack choose first element. Rewrite to support multiple elements and custom objects
+        val params = (tokenRequest.toHTTPRequest().bodyAsFormParameters.map {
+            it.key to it.value.first()
+        }).toMap() + mapOf("clientId" to tokenRequest.clientIdAsString())
+
         return claims.mapValues { (_, value) ->
             when (value) {
-                is String -> replaceVariables(value, variables)
+                is String -> replaceVariables(value, params)
                 is List<*> ->
                     value.map { v ->
                         if (v is String) {
-                            replaceVariables(v, variables)
+                            replaceVariables(v, params)
                         } else {
                             v
                         }

src/test/kotlin/no/nav/security/mock/oauth2/token/OAuth2TokenCallbackTest.kt

@@ -17,56 +17,56 @@ internal class OAuth2TokenCallbackTest {
             RequestMappingTokenCallback(
                 issuerId = "issuer1",
                 requestMappings =
-                    listOf(
-                        RequestMapping(
-                            requestParam = "scope",
-                            match = "scope1",
-                            claims =
-                                mapOf(
-                                    "sub" to "subByScope1",
-                                    "aud" to listOf("audByScope1"),
-                                    "custom" to "custom1",
-                                ),
+                listOf(
+                    RequestMapping(
+                        requestParam = "scope",
+                        match = "scope1",
+                        claims =
+                        mapOf(
+                            "sub" to "subByScope1",
+                            "aud" to listOf("audByScope1"),
+                            "custom" to "custom1",
                         ),
-                        RequestMapping(
-                            requestParam = "scope",
-                            match = "scope2",
-                            typeHeader = "JWT2",
-                            claims =
-                                mapOf(
-                                    "sub" to "subByScope2",
-                                    "aud" to listOf("audByScope2"),
-                                    "custom" to "custom2",
-                                ),
+                    ),
+                    RequestMapping(
+                        requestParam = "scope",
+                        match = "scope2",
+                        typeHeader = "JWT2",
+                        claims =
+                        mapOf(
+                            "sub" to "subByScope2",
+                            "aud" to listOf("audByScope2"),
+                            "custom" to "custom2",
                         ),
-                        RequestMapping(
-                            requestParam = "audience",
-                            match = "https://myapp.com/jwt/aud/.*",
-                            claims =
-                                mapOf(
-                                    "sub" to "\${clientId}",
-                                    "aud" to listOf("\${audience}"),
-                                ),
+                    ),
+                    RequestMapping(
+                        requestParam = "audience",
+                        match = "https://myapp.com/jwt/aud/.*",
+                        claims =
+                        mapOf(
+                            "sub" to "\${clientId}",
+                            "aud" to listOf("\${audience}"),
                         ),
-                        RequestMapping(
-                            requestParam = "grant_type",
-                            match = "authorization_code",
-                            claims =
-                                mapOf(
-                                    "sub" to "defaultSub",
-                                    "aud" to listOf("defaultAud"),
-                                ),
+                    ),
+                    RequestMapping(
+                        requestParam = "grant_type",
+                        match = "authorization_code",
+                        claims =
+                        mapOf(
+                            "sub" to "defaultSub",
+                            "aud" to listOf("defaultAud"),
                         ),
-                        RequestMapping(
-                            requestParam = "grant_type",
-                            match = "*",
-                            claims =
-                                mapOf(
-                                    "sub" to "\${clientId}",
-                                    "aud" to listOf("defaultAud"),
-                                ),
+                    ),
+                    RequestMapping(
+                        requestParam = "grant_type",
+                        match = "*",
+                        claims =
+                        mapOf(
+                            "sub" to "\${clientId}",
+                            "aud" to listOf("defaultAud"),
                         ),
                     ),
+                ),
                 tokenExpiry = 120,
             )
 
@@ -124,6 +124,31 @@ internal class OAuth2TokenCallbackTest {
                 issuer1.typeHeader(grantTypeShouldMatch) shouldBe "JWT"
             }
         }
+
+        @Test
+        fun `token request with custom parameters in token request should include claims with placeholder names`() {
+            val request = clientCredentialsRequest(
+                "scope" to "testscope:something",
+                "mock_token_type" to "custom",
+            )
+            RequestMappingTokenCallback(
+                issuerId = "issuer1",
+                requestMappings =
+                listOf(
+                    RequestMapping(
+                        requestParam = "scope",
+                        match = "testscope:.*",
+                        claims = mapOf(
+                            "sub" to "\${clientId}",
+                            "scope" to "\${scope}",
+                            "mock_token_type" to "\${mock_token_type}",
+                        ),
+                    ),
+                )
+            ).addClaims(request).asClue {
+                it shouldContainAll mapOf("sub" to clientId, "scope" to "testscope:something", "mock_token_type" to "custom")
+            }
+        }
     }
 
     @Nested