Writing Okta Integration tests for JWT and Opaque token validation

So I have been following this blog article here:

The stuff that I got working were:

  • ExampleWebSecurityConfigurerAdapter - I am routing between JWT and Opaque introspection techniques based on the request methods
  • RequestMatchingAuthenticationManagerResolver

And I have made some creative adjustments like, placing the ActiveProfiles annotation at the top of these beans so that it only is spun up when the Okta profile is active.

However I am running into all sorts of issues with the testing, like for example when trying to follow this blog post: The Hitchhiker's Guide to Testing Spring Boot APIs and Angular Components with WireMock, Jest, Protractor, and Travis CI | Okta Developer

I am running into some interesting errors such as:

o.s.w.c.s.GenericWebApplicationContext   : Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration': Unsatisfied dependency expressed through method 'setFilterChains' parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'oauth2SecurityFilterChain' defined in class path resource [com/okta/spring/boot/oauth/OktaOAuth2AutoConfig$OAuth2SecurityFilterChainConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.security.web.SecurityFilterChain]: Factory method 'oauth2SecurityFilterChain' threw exception; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'clientRegistrationRepository' defined in class path resource [org/springframework/boot/autoconfigure/security/oauth2/client/servlet/OAuth2ClientRegistrationRepositoryConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository]: Factory method 'clientRegistrationRepository' threw exception; nested exception is java.lang.IllegalArgumentException: Unable to resolve Configuration with the provided Issuer of "http://localhost:59066/oauth2/some_random_hash"
...
Caused by: org.springframework.web.client.ResourceAccessException: I/O error on GET request for "http://localhost:59066/oauth2/some_random_hash/.well-known/openid-configuration": Connection refused (Connection refused); nested exception is java.net.ConnectException: Connection refused (Connection refused)

I am thinking that I am missing something super fundamental here.

I was hoping to restrict the number of MockWebServer libraries as well, so instead of WireMock to use the okhttp3 webserver instead, but it seems that I am not able to initialise the beans correctly to even begin to serve that content back out. Or does WireMock does something specialise during the initialisation of the test?

Any advice would be good here.

The goal that I am trying to achieve here is, when a given request comes in, how can I test that it gets routed to the correct request validator? If I submit a GET request, how can I check that it will fall under the JWT decoder and NOT the opaque introspection? And likewise for a POST request, it should get routed to the opaque introspection rather than the JWT decoder.

It seems like after reading a bunch of stuff I might have to mock the actual JSON endpoints that an Okta service would provide back to the application, but I am having a tough time in just getting the beans to start up correctly.

Or is this a lost cause and I should just do a unit test of the Configurer and Adapter and make sure that they are being initialised correctly? That at least would be simpler to do.

No bites eh? Guess I will need to cook up something custom then.

EDIT:
I swear I am doing something incorrectly, if you clone the repo down and try and run the tests, they all fail: GitHub - oktadev/okta-ionic-crypto-java-sdk-example: Josh Morony's cryptoPWA with Okta Authentication + Holdings API that stores holdings in Okta

Citing things like:

java.lang.IllegalStateException: Failed to load ApplicationContext
org.mockito.exceptions.base.MockitoException: 
Mockito cannot mock this class: interface com.okta.sdk.client.Client.

Mockito can only mock non-private & non-final classes.
If you're not sure why you're getting this error, please report to the mailing list.

I’m on vacation this week. I’ll be happy to take a look when I get back next week.