org.gluu.oxauth.model.common.GrantType Java Examples
The following examples show how to use
org.gluu.oxauth.model.common.GrantType.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: SetupClientTest.java From oxd with Apache License 2.0 | 6 votes |
|
public static RegisterSiteResponse setupClient(ClientInterface client, String opHost, String redirectUrls, String postLogoutRedirectUrls, String logoutUri) {
final RegisterSiteParams params = new RegisterSiteParams();
params.setOpHost(opHost);
params.setRedirectUris(Lists.newArrayList(redirectUrls.split(" ")));
params.setPostLogoutRedirectUris(Lists.newArrayList(postLogoutRedirectUrls.split(" ")));
params.setClientFrontchannelLogoutUris(Lists.newArrayList(logoutUri));
params.setScope(Lists.newArrayList("openid", "uma_protection", "profile", "oxd"));
params.setGrantTypes(Lists.newArrayList(
GrantType.AUTHORIZATION_CODE.getValue(),
GrantType.CLIENT_CREDENTIALS.getValue()));
final RegisterSiteResponse resp = client.registerSite(params);
assertResponse(resp);
return resp;
}
Example #2
| Source File: UmaClient.java From oxAuth with MIT License | 6 votes |
|
public static Token request(final String tokenUrl, final TokenRequest tokenRequest) throws Exception {
if (tokenRequest.getGrantType() != GrantType.CLIENT_CREDENTIALS) {
return null;
}
TokenClient tokenClient = new TokenClient(tokenUrl);
tokenClient.setRequest(tokenRequest);
TokenResponse response = tokenClient.exec();
if (response.getStatus() == 200) {
final String patToken = response.getAccessToken();
final Integer expiresIn = response.getExpiresIn();
if (Util.allNotBlank(patToken)) {
return new Token(null, null, patToken, response.getScope(), expiresIn);
}
}
return null;
}
Example #3
| Source File: RegisterSiteTest.java From oxd with Apache License 2.0 | 6 votes |
|
public static RegisterSiteResponse registerSite(
ClientInterface client, String opHost, String redirectUrls, List<String> scopes, List<String> responseTypes,
boolean allowSpontaneousScopes, List<String> spontaneousScopes) {
final RegisterSiteParams params = new RegisterSiteParams();
params.setOpHost(opHost);
params.setRedirectUris(Lists.newArrayList(redirectUrls.split(" ")));
params.setScope(scopes);
params.setResponseTypes(responseTypes);
params.setAllowSpontaneousScopes(true);
params.setSpontaneousScopes(spontaneousScopes);
params.setGrantTypes(Lists.newArrayList(
GrantType.AUTHORIZATION_CODE.getValue(),
GrantType.OXAUTH_UMA_TICKET.getValue(),
GrantType.CLIENT_CREDENTIALS.getValue()));
final RegisterSiteResponse resp = client.registerSite(params);
assertNotNull(resp);
assertTrue(!Strings.isNullOrEmpty(resp.getOxdId()));
return resp;
}
Example #4
| Source File: RegisterSiteTest.java From oxd with Apache License 2.0 | 6 votes |
|
public static RegisterSiteResponse registerSite(ClientInterface client, String opHost, String redirectUrls, String idTokenSignedResponseAlg) {
final RegisterSiteParams params = new RegisterSiteParams();
params.setOpHost(opHost);
params.setRedirectUris(Lists.newArrayList(redirectUrls.split(" ")));
params.setScope(Lists.newArrayList("openid", "uma_protection", "profile", "oxd"));
params.setResponseTypes(Lists.newArrayList("code", "id_token", "token"));
params.setIdTokenSignedResponseAlg(idTokenSignedResponseAlg);
params.setGrantTypes(Lists.newArrayList(
GrantType.AUTHORIZATION_CODE.getValue(),
GrantType.OXAUTH_UMA_TICKET.getValue(),
GrantType.CLIENT_CREDENTIALS.getValue()));
final RegisterSiteResponse resp = client.registerSite(params);
assertNotNull(resp);
assertTrue(!Strings.isNullOrEmpty(resp.getOxdId()));
return resp;
}
Example #5
| Source File: ClientAuthenticationFilterHttpTest.java From oxAuth with MIT License | 6 votes |
|
@Parameters({"userId", "userSecret"})
@Test(dependsOnMethods = "requestClientRegistrationWithCustomAttributes")
public void requestAccessTokenCustomClientAuth2(final String userId, final String userSecret) throws Exception {
showTitle("requestAccessTokenCustomClientAuth2");
String username = userId;
String password = userSecret;
TokenRequest tokenRequest = new TokenRequest(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS);
tokenRequest.setUsername(username);
tokenRequest.setPassword(password);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_POST);
tokenRequest.addCustomParameter("myCustomAttr1", customAttrValue1);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus());
assertNotNull(tokenResponse.getEntity(), "The entity is null");
assertNotNull(tokenResponse.getAccessToken(), "The access token is null");
assertNotNull(tokenResponse.getTokenType(), "The token type is null");
assertNotNull(tokenResponse.getRefreshToken(), "The refresh token is null");
}
Example #6
| Source File: RegistrationTest.java From oxAuth with MIT License | 6 votes |
|
@Parameters({"backchannelClientNotificationEndpoint"})
@Test
public void registrationFail7(final String backchannelClientNotificationEndpoint) {
showTitle("registrationFail7");
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", null);
registerRequest.setJwksUri(null); // Missing jwks_uri
registerRequest.setGrantTypes(Arrays.asList(GrantType.CIBA));
registerRequest.setBackchannelTokenDeliveryMode(BackchannelTokenDeliveryMode.POLL);
registerRequest.setBackchannelClientNotificationEndpoint(backchannelClientNotificationEndpoint);
registerRequest.setBackchannelAuthenticationRequestSigningAlg(AsymmetricSignatureAlgorithm.RS256);
registerRequest.setBackchannelUserCodeParameter(true);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse response = registerClient.exec();
showClient(registerClient);
assertEquals(response.getStatus(), 400, "Unexpected response code: " + response.getEntity());
assertNotNull(response.getEntity(), "The entity is null");
assertNotNull(response.getErrorType(), "The error type is null");
assertNotNull(response.getErrorDescription(), "The error description is null");
}
Example #7
| Source File: RegistrationTest.java From oxAuth with MIT License | 6 votes |
|
@Parameters({"clientJwksUri"})
@Test
public void registrationFail3(final String clientJwksUri) {
showTitle("registration3");
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", null);
registerRequest.setJwksUri(clientJwksUri);
registerRequest.setGrantTypes(Arrays.asList(GrantType.CIBA));
registerRequest.setBackchannelTokenDeliveryMode(BackchannelTokenDeliveryMode.PUSH);
registerRequest.setBackchannelClientNotificationEndpoint(null); // Missing backchannel_client_notification_endpoint
registerRequest.setBackchannelAuthenticationRequestSigningAlg(AsymmetricSignatureAlgorithm.RS256);
registerRequest.setBackchannelUserCodeParameter(true);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse response = registerClient.exec();
showClient(registerClient);
assertEquals(response.getStatus(), 400, "Unexpected response code: " + response.getEntity());
assertNotNull(response.getEntity(), "The entity is null");
assertNotNull(response.getErrorType(), "The error type is null");
assertNotNull(response.getErrorDescription(), "The error description is null");
}
Example #8
| Source File: TokenRestWebServiceEmbeddedTest.java From oxAuth with MIT License | 6 votes |
|
@Parameters({"tokenPath", "userId", "userSecret", "audience"})
@Test
public void requestAccessTokenWithClientSecretJwtFail(final String tokenPath, final String userId,
final String userSecret, final String audience) throws Exception {
Builder request = ResteasyClientBuilder.newClient().target(url.toString() + tokenPath).request();
request.header("Content-Type", MediaType.APPLICATION_FORM_URLENCODED);
TokenRequest tokenRequest = new TokenRequest(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS);
tokenRequest.setUsername(userId);
tokenRequest.setPassword(userSecret);
tokenRequest.setScope("email read_stream manage_pages");
tokenRequest.setAuthPassword("INVALID_SECRET");
tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_JWT);
tokenRequest.setAudience(audience);
Response response = request
.post(Entity.form(new MultivaluedHashMap<String, String>(tokenRequest.getParameters())));
String entity = response.readEntity(String.class);
showResponse("requestAccessTokenWithClientSecretJwt Fail", response, entity);
assertEquals(response.getStatus(), 401, "Unexpected response code.");
assertNotNull(entity, "Unexpected result: " + entity);
try {
JSONObject jsonObj = new JSONObject(entity);
assertTrue(jsonObj.has("error"), "The error type is null");
assertTrue(jsonObj.has("error_description"), "The error description is null");
} catch (JSONException e) {
e.printStackTrace();
fail(e.getMessage() + "\nResponse was: " + entity);
}
}
Example #9
| Source File: RegistrationTest.java From oxAuth with MIT License | 6 votes |
|
@Parameters({"clientJwksUri"})
@Test
public void registrationFail2(final String clientJwksUri) {
showTitle("registrationFail2");
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", null);
registerRequest.setJwksUri(clientJwksUri);
registerRequest.setGrantTypes(Arrays.asList(GrantType.CIBA));
registerRequest.setBackchannelTokenDeliveryMode(BackchannelTokenDeliveryMode.PING);
registerRequest.setBackchannelClientNotificationEndpoint(null); // Missing backchannel_client_notification_endpoint
registerRequest.setBackchannelAuthenticationRequestSigningAlg(AsymmetricSignatureAlgorithm.RS256);
registerRequest.setBackchannelUserCodeParameter(true);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse response = registerClient.exec();
showClient(registerClient);
assertEquals(response.getStatus(), 400, "Unexpected response code: " + response.getEntity());
assertNotNull(response.getEntity(), "The entity is null");
assertNotNull(response.getErrorType(), "The error type is null");
assertNotNull(response.getErrorDescription(), "The error description is null");
}
Example #10
| Source File: TokenRestWebServiceEmbeddedTest.java From oxAuth with MIT License | 5 votes |
|
@Parameters({"tokenPath"})
@Test(dependsOnMethods = "dynamicClientRegistration")
public void requestAccessTokenClientCredentials(final String tokenPath) throws Exception {
// Testing with valid parameters
Builder request = ResteasyClientBuilder.newClient().target(url.toString() + tokenPath).request();
TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
tokenRequest.setScope("email read_stream manage_pages");
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword(clientSecret);
request.header("Authorization", "Basic " + tokenRequest.getEncodedCredentials());
request.header("Content-Type", MediaType.APPLICATION_FORM_URLENCODED);
Response response = request
.post(Entity.form(new MultivaluedHashMap<String, String>(tokenRequest.getParameters())));
String entity = response.readEntity(String.class);
showResponse("requestAccessTokenClientCredentials", response, entity);
assertEquals(response.getStatus(), 200, "Unexpected response code.");
assertTrue(
response.getHeaderString("Cache-Control") != null
&& response.getHeaderString("Cache-Control").equals("no-store"),
"Unexpected result: " + response.getHeaderString("Cache-Control"));
assertTrue(response.getHeaderString("Pragma") != null && response.getHeaderString("Pragma").equals("no-cache"),
"Unexpected result: " + response.getHeaderString("Pragma"));
assertNotNull(entity, "Unexpected result: " + entity);
try {
JSONObject jsonObj = new JSONObject(entity);
assertTrue(jsonObj.has("access_token"), "Unexpected result: access_token not found");
assertTrue(jsonObj.has("token_type"), "Unexpected result: token_type not found");
assertTrue(jsonObj.has("scope"), "Unexpected result: scope not found");
} catch (JSONException e) {
e.printStackTrace();
fail(e.getMessage() + "\nResponse was: " + entity);
}
}
Example #11
| Source File: UmaTestUtil.java From oxAuth with MIT License | 5 votes |
|
public static void assert_(UmaMetadata metadata) {
assertNotNull(metadata, "Metadata is null");
assertTrue(ArrayUtils.contains(metadata.getGrantTypesSupported(), GrantType.OXAUTH_UMA_TICKET.getValue()));
assertNotNull(metadata.getIssuer(), "Issuer isn't correct");
assertNotNull(metadata.getTokenEndpoint(), "Token endpoint isn't correct");
assertNotNull(metadata.getIntrospectionEndpoint(), "Introspection endpoint isn't correct");
assertNotNull(metadata.getResourceRegistrationEndpoint(), "Resource registration endpoint isn't correct");
assertNotNull(metadata.getPermissionEndpoint(), "Permission registration endpoint isn't correct");
assertNotNull(metadata.getAuthorizationEndpoint(), "Authorization request endpoint isn't correct");
}
Example #12
| Source File: ClientSecretBasicTest.java From oxAuth with MIT License | 5 votes |
|
@Test
public void testEncode2() {
showTitle("testEncode2");
String clientId = "a+b";
String clientSecret = "c+d";
TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword(clientSecret);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_BASIC);
assertEquals(tokenRequest.getEncodedCredentials(), "YSUyQmI6YyUyQmQ=");
}
Example #13
| Source File: AuthorizationCodeFlowEmbeddedTest.java From oxAuth with MIT License | 5 votes |
|
@Parameters({"tokenPath"})
@Test(dependsOnMethods = {"dynamicClientRegistration", "revokeTokensStep2n3"})
public void revokeTokensStep4(final String tokenPath) throws Exception {
Builder request = ResteasyClientBuilder.newClient().target(url.toString() + tokenPath).request();
TokenRequest tokenRequest = new TokenRequest(GrantType.REFRESH_TOKEN);
tokenRequest.setRefreshToken(refreshToken1);
tokenRequest.setScope("email read_stream manage_pages");
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword(clientSecret);
request.header("Authorization", "Basic " + tokenRequest.getEncodedCredentials());
Response response = request
.post(Entity.form(new MultivaluedHashMap<String, String>(tokenRequest.getParameters())));
String entity = response.readEntity(String.class);
showResponse("revokeTokensStep4", response, entity);
assertEquals(response.getStatus(), 400, "Unexpected response code.");
assertNotNull(entity, "Unexpected result: " + entity);
try {
JSONObject jsonObj = new JSONObject(entity);
assertTrue(jsonObj.has("error"), "The error type is null");
assertTrue(jsonObj.has("error_description"), "The error description is null");
} catch (JSONException e) {
e.printStackTrace();
fail(e.getMessage() + "\nResponse was: " + entity);
}
}
Example #14
| Source File: TokenEndpointAuthMethodRestrictionEmbeddedTest.java From oxAuth with MIT License | 5 votes |
|
/**
* Fail 1: Call to Token Endpoint with Auth Method
* <code>client_secret_basic</code> should fail.
*/
@Parameters({"tokenPath", "userId", "userSecret"})
@Test(dependsOnMethods = "tokenEndpointAuthMethodPrivateKeyJwtStep2")
public void tokenEndpointAuthMethodPrivateKeyJwtFail1(final String tokenPath, final String userId,
final String userSecret) throws Exception {
Builder request = ResteasyClientBuilder.newClient().target(url.toString() + tokenPath).request();
TokenRequest tokenRequest = new TokenRequest(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_BASIC);
tokenRequest.setUsername(userId);
tokenRequest.setPassword(userSecret);
tokenRequest.setScope("email read_stream manage_pages");
tokenRequest.setAuthUsername(clientId5);
tokenRequest.setAuthPassword(clientSecret5);
request.header("Authorization", "Basic " + tokenRequest.getEncodedCredentials());
request.header("Content-Type", MediaType.APPLICATION_FORM_URLENCODED);
Response response = request
.post(Entity.form(new MultivaluedHashMap<String, String>(tokenRequest.getParameters())));
String entity = response.readEntity(String.class);
showResponse("tokenEndpointAuthMethodPrivateKeyJwtFail1", response, entity);
assertEquals(response.getStatus(), 401, "Unexpected response code.");
assertNotNull(entity, "Unexpected result: " + entity);
try {
JSONObject jsonObj = new JSONObject(entity);
assertTrue(jsonObj.has("error"), "The error type is null");
assertTrue(jsonObj.has("error_description"), "The error description is null");
} catch (JSONException e) {
e.printStackTrace();
fail(e.getMessage() + "\nResponse was: " + entity);
}
}
Example #15
| Source File: AuthorizationCodeFlowEmbeddedTest.java From oxAuth with MIT License | 5 votes |
|
@Parameters({"tokenPath", "redirectUri"})
@Test(dependsOnMethods = {"dynamicClientRegistration", "tokenExpirationStep1"})
public void tokenExpirationStep2(final String tokenPath, final String redirectUri) throws Exception {
// ...Wait until the authorization code expires...
System.out.println("Sleeping for 20 seconds .....");
Thread.sleep(20000);
Builder request = ResteasyClientBuilder.newClient().target(url.toString() + tokenPath).request();
TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
tokenRequest.setCode(authorizationCode3);
tokenRequest.setRedirectUri(redirectUri);
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword(clientSecret);
request.header("Authorization", "Basic " + tokenRequest.getEncodedCredentials());
Response response = request
.post(Entity.form(new MultivaluedHashMap<String, String>(tokenRequest.getParameters())));
String entity = response.readEntity(String.class);
showResponse("tokenExpirationStep2", response, entity);
assertEquals(response.getStatus(), 400, "Unexpected response code.");
assertNotNull(entity, "Unexpected result: " + entity);
try {
JSONObject jsonObj = new JSONObject(entity);
assertTrue(jsonObj.has("error"), "The error type is null");
assertTrue(jsonObj.has("error_description"), "The error description is null");
} catch (JSONException e) {
e.printStackTrace();
fail(e.getMessage() + "\nResponse was: " + entity);
}
}
Example #16
| Source File: UpdateClientAction.java From oxTrust with MIT License | 5 votes |
|
public void searchAvailableGrantTypes() {
if (this.availableGrantTypes != null) {
selectAddedGrantTypes();
return;
}
List<SelectableEntity<GrantType>> tmpAvailableGrantTypes = new ArrayList<SelectableEntity<GrantType>>();
tmpAvailableGrantTypes.add(new SelectableEntity<GrantType>(GrantType.AUTHORIZATION_CODE));
tmpAvailableGrantTypes.add(new SelectableEntity<GrantType>(GrantType.IMPLICIT));
tmpAvailableGrantTypes.add(new SelectableEntity<GrantType>(GrantType.REFRESH_TOKEN));
tmpAvailableGrantTypes.add(new SelectableEntity<GrantType>(GrantType.CLIENT_CREDENTIALS));
tmpAvailableGrantTypes.add(new SelectableEntity<GrantType>(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS));
tmpAvailableGrantTypes.add(new SelectableEntity<GrantType>(GrantType.OXAUTH_UMA_TICKET));
this.availableGrantTypes = tmpAvailableGrantTypes;
selectAddedGrantTypes();
}
Example #17
| Source File: UmaSpontaneousScopeHttpTest.java From oxAuth with MIT License | 5 votes |
|
@Test(dependsOnMethods = {"registerPermissions"})
public void successfulRptRequest() throws Exception {
showTitle("successfulRptRequest");
UmaTokenResponse response = tokenService.requestRpt(
"Basic " + encodeCredentials(clientResponse.getClientId(), clientResponse.getClientSecret()),
GrantType.OXAUTH_UMA_TICKET.getValue(),
permissionFlowTest.ticket,
null, null, null, null, null);
assert_(response);
this.rpt = response.getAccessToken();
}
Example #18
| Source File: ClientCredentialsGrantHttpTest.java From oxAuth with MIT License | 4 votes |
|
@Parameters({"redirectUris", "sectorIdentifierUri"})
@Test
public void clientSecretJwtAuthenticationMethodHS512(final String redirectUris, final String sectorIdentifierUri) throws Exception {
showTitle("clientSecretJwtAuthenticationMethodHS512");
List<String> scopes = Arrays.asList("clientinfo");
List<GrantType> grantTypes = Arrays.asList(
GrantType.CLIENT_CREDENTIALS
);
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setScope(scopes);
registerRequest.setGrantTypes(grantTypes);
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.CLIENT_SECRET_JWT);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
String clientSecret = registerResponse.getClientSecret();
// 2. Request Client Credentials Grant
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider();
TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
tokenRequest.setScope("clientinfo");
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword(clientSecret);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_JWT);
tokenRequest.setAlgorithm(SignatureAlgorithm.HS512);
tokenRequest.setCryptoProvider(cryptoProvider);
tokenRequest.setAudience(tokenEndpoint);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus());
assertNotNull(tokenResponse.getEntity());
assertNotNull(tokenResponse.getAccessToken());
assertNotNull(tokenResponse.getTokenType());
assertNotNull(tokenResponse.getScope());
assertNull(tokenResponse.getRefreshToken());
String accessToken = tokenResponse.getAccessToken();
// 3. Request client info
ClientInfoClient clientInfoClient = new ClientInfoClient(clientInfoEndpoint);
ClientInfoResponse clientInfoResponse = clientInfoClient.execClientInfo(accessToken);
showClient(clientInfoClient);
assertEquals(clientInfoResponse.getStatus(), 200, "Unexpected response code: " + clientInfoResponse.getStatus());
assertNotNull(clientInfoResponse.getClaim("displayName"), "Unexpected result: displayName not found");
assertNotNull(clientInfoResponse.getClaim("inum"), "Unexpected result: inum not found");
}
Example #19
| Source File: CanMakeAccessTokenRequestWithClientSecretPostAuthentication.java From oxAuth with MIT License | 4 votes |
|
@Parameters({"redirectUris", "redirectUri", "userId", "userSecret", "sectorIdentifierUri"})
@Test
public void canMakeAccessTokenRequestWithClientSecretPostAuthentication(
final String redirectUris, final String redirectUri, final String userId, final String userSecret,
final String sectorIdentifierUri) throws Exception {
showTitle("OC5:FeatureTest-Can Make Access Token Request with client secret post Authentication");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE);
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.CLIENT_SECRET_POST);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
String clientSecret = registerResponse.getClientSecret();
// 2. Request authorization
List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, null);
authorizationRequest.setState(state);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(
authorizationEndpoint, authorizationRequest, userId, userSecret);
assertNotNull(authorizationResponse.getLocation());
assertNotNull(authorizationResponse.getCode());
assertNotNull(authorizationResponse.getState());
String authorizationCode = authorizationResponse.getCode();
// 3. Get Access Token
TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
tokenRequest.setCode(authorizationCode);
tokenRequest.setRedirectUri(redirectUri);
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword(clientSecret);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_POST);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus());
assertNotNull(tokenResponse.getEntity(), "The entity is null");
assertNotNull(tokenResponse.getAccessToken(), "The access token is null");
assertNotNull(tokenResponse.getExpiresIn(), "The expires in value is null");
assertNotNull(tokenResponse.getTokenType(), "The token type is null");
assertNotNull(tokenResponse.getRefreshToken(), "The refresh token is null");
}
Example #20
| Source File: SupportAuthenticationToTokenEndpointWithAsymmetricallySignedJWTs.java From oxAuth with MIT License | 4 votes |
|
@Parameters({"redirectUris", "redirectUri", "userId", "userSecret", "sectorIdentifierUri", "clientJwksUri",
"ES384_keyId", "dnName", "keyStoreFile", "keyStoreSecret"})
@Test
public void supportAuthenticationToTokenEndpointWithAsymmetricallySignedJWTsES384(
final String redirectUris, final String redirectUri, final String userId, final String userSecret,
final String sectorIdentifierUri, final String clientJwksUri,
final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws Exception {
showTitle("OC5:FeatureTest-Support Authentication to Token Endpoint with Asymmetrically Signed JWTs (ES384)");
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
registerRequest.setJwksUri(clientJwksUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
// 2. Request authorization
List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE);
List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, null);
authorizationRequest.setState(state);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(
authorizationEndpoint, authorizationRequest, userId, userSecret);
assertNotNull(authorizationResponse.getLocation());
assertNotNull(authorizationResponse.getCode());
assertNotNull(authorizationResponse.getState());
String authorizationCode = authorizationResponse.getCode();
// 3. Get Access Token
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
tokenRequest.setAlgorithm(SignatureAlgorithm.ES384);
tokenRequest.setCryptoProvider(cryptoProvider);
tokenRequest.setKeyId(keyId);
tokenRequest.setAudience(tokenEndpoint);
tokenRequest.setCode(authorizationCode);
tokenRequest.setRedirectUri(redirectUri);
tokenRequest.setAuthUsername(clientId);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus());
assertNotNull(tokenResponse.getEntity(), "The entity is null");
assertNotNull(tokenResponse.getAccessToken(), "The access token is null");
assertNotNull(tokenResponse.getExpiresIn(), "The expires in value is null");
assertNotNull(tokenResponse.getTokenType(), "The token type is null");
assertNotNull(tokenResponse.getRefreshToken(), "The refresh token is null");
}
Example #21
| Source File: ClientCredentialsGrantHttpTest.java From oxAuth with MIT License | 4 votes |
|
@Parameters({"redirectUris", "sectorIdentifierUri"})
@Test
public void clientSecretBasicAuthenticationMethodFail(final String redirectUris, final String sectorIdentifierUri) throws Exception {
showTitle("clientSecretBasicAuthenticationMethodFail");
List<String> scopes = Arrays.asList("clientinfo");
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setScope(scopes);
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.CLIENT_SECRET_BASIC);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
// 2. Request Client Credentials Grant
TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
tokenRequest.setScope("clientinfo");
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword("INVALID_CLIENT_SECRET");
tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_BASIC);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertEquals(tokenResponse.getStatus(), 401, "Unexpected response code: " + tokenResponse.getStatus());
assertNotNull(tokenResponse.getErrorType());
assertEquals(tokenResponse.getErrorType(), TokenErrorResponseType.INVALID_CLIENT);
assertNotNull(tokenResponse.getErrorDescription());
}
Example #22
| Source File: RegistrationTest.java From oxAuth with MIT License | 4 votes |
|
@Parameters({"clientJwksUri", "backchannelClientNotificationEndpoint"})
public void backchannelTokenDeliveryModePing5(final String clientJwksUri,
final String backchannelClientNotificationEndpoint) {
showTitle("backchannelTokenDeliveryModePing5");
// 1. Dynamic Client Registration
JwkClient jwkClient = new JwkClient(clientJwksUri);
JwkResponse jwkResponse = jwkClient.exec();
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", null);
registerRequest.setJwks(jwkResponse.getJwks().toString());
registerRequest.setGrantTypes(Arrays.asList(GrantType.CIBA));
registerRequest.setBackchannelTokenDeliveryMode(BackchannelTokenDeliveryMode.PING);
registerRequest.setBackchannelClientNotificationEndpoint(backchannelClientNotificationEndpoint);
registerRequest.setBackchannelAuthenticationRequestSigningAlg(AsymmetricSignatureAlgorithm.PS256);
registerRequest.setIdTokenSignedResponseAlg(SignatureAlgorithm.PS256);
registerRequest.setBackchannelUserCodeParameter(false);
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
registerRequest.setTokenEndpointAuthSigningAlg(SignatureAlgorithm.PS256);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientSecretExpiresAt());
assertNotNull(registerResponse.getClaims().get(APPLICATION_TYPE.toString()));
assertNotNull(registerResponse.getClaims().get(SUBJECT_TYPE.toString()));
assertNotNull(registerResponse.getClaims().get(ID_TOKEN_SIGNED_RESPONSE_ALG.toString()));
assertNotNull(registerResponse.getClaims().get(JWKS.toString()));
assertNotNull(registerResponse.getClaims().get(CLIENT_NAME.toString()));
assertNotNull(registerResponse.getClaims().get(SCOPE.toString()));
assertTrue(registerResponse.getClaims().containsKey(BACKCHANNEL_TOKEN_DELIVERY_MODE.toString()));
assertTrue(registerResponse.getClaims().containsKey(BACKCHANNEL_AUTHENTICATION_REQUEST_SIGNING_ALG.toString()));
assertTrue(registerResponse.getClaims().containsKey(BACKCHANNEL_USER_CODE_PARAMETER.toString()));
assertTrue(registerResponse.getClaims().containsKey(ID_TOKEN_SIGNED_RESPONSE_ALG.toString()));
assertTrue(registerResponse.getClaims().containsKey(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString()));
assertTrue(registerResponse.getClaims().containsKey(TOKEN_ENDPOINT_AUTH_METHOD.toString()));
assertEquals(registerResponse.getClaims().get(BACKCHANNEL_TOKEN_DELIVERY_MODE.toString()), BackchannelTokenDeliveryMode.PING.getValue());
assertEquals(registerResponse.getClaims().get(BACKCHANNEL_AUTHENTICATION_REQUEST_SIGNING_ALG.toString()), AsymmetricSignatureAlgorithm.PS256.getValue());
assertEquals(registerResponse.getClaims().get(BACKCHANNEL_USER_CODE_PARAMETER.toString()), new Boolean(false).toString());
assertEquals(registerResponse.getClaims().get(ID_TOKEN_SIGNED_RESPONSE_ALG.toString()), SignatureAlgorithm.PS256.getName());
assertEquals(registerResponse.getClaims().get(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString()), SignatureAlgorithm.PS256.getName());
assertEquals(registerResponse.getClaims().get(TOKEN_ENDPOINT_AUTH_METHOD.toString()), AuthenticationMethod.PRIVATE_KEY_JWT.toString());
String registrationAccessToken = registerResponse.getRegistrationAccessToken();
String registrationClientUri = registerResponse.getRegistrationClientUri();
// 2. Client Read
RegisterRequest clientReadRequest = new RegisterRequest(registrationAccessToken);
RegisterClient clientReadClient = new RegisterClient(registrationClientUri);
clientReadClient.setRequest(clientReadRequest);
RegisterResponse clientReadResponse = clientReadClient.exec();
showClient(clientReadClient);
assertEquals(clientReadResponse.getStatus(), 200, "Unexpected response code: " + clientReadResponse.getEntity());
assertNotNull(clientReadResponse.getClientId());
assertNotNull(clientReadResponse.getClientSecret());
assertNotNull(clientReadResponse.getRegistrationAccessToken());
assertNotNull(clientReadResponse.getRegistrationClientUri());
assertNotNull(clientReadResponse.getClientSecretExpiresAt());
assertNotNull(clientReadResponse.getClaims().get(APPLICATION_TYPE.toString()));
assertNotNull(clientReadResponse.getClaims().get(SUBJECT_TYPE.toString()));
assertNotNull(clientReadResponse.getClaims().get(ID_TOKEN_SIGNED_RESPONSE_ALG.toString()));
assertNotNull(clientReadResponse.getClaims().get(JWKS.toString()));
assertNotNull(clientReadResponse.getClaims().get(CLIENT_NAME.toString()));
assertNotNull(clientReadResponse.getClaims().get(SCOPE.toString()));
assertTrue(clientReadResponse.getClaims().containsKey(BACKCHANNEL_TOKEN_DELIVERY_MODE.toString()));
assertTrue(clientReadResponse.getClaims().containsKey(BACKCHANNEL_AUTHENTICATION_REQUEST_SIGNING_ALG.toString()));
assertTrue(clientReadResponse.getClaims().containsKey(BACKCHANNEL_USER_CODE_PARAMETER.toString()));
assertTrue(clientReadResponse.getClaims().containsKey(ID_TOKEN_SIGNED_RESPONSE_ALG.toString()));
assertTrue(clientReadResponse.getClaims().containsKey(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString()));
assertTrue(clientReadResponse.getClaims().containsKey(TOKEN_ENDPOINT_AUTH_METHOD.toString()));
assertEquals(clientReadResponse.getClaims().get(BACKCHANNEL_TOKEN_DELIVERY_MODE.toString()), BackchannelTokenDeliveryMode.PING.getValue());
assertEquals(clientReadResponse.getClaims().get(BACKCHANNEL_AUTHENTICATION_REQUEST_SIGNING_ALG.toString()), AsymmetricSignatureAlgorithm.PS256.getValue());
assertEquals(clientReadResponse.getClaims().get(BACKCHANNEL_USER_CODE_PARAMETER.toString()), new Boolean(false).toString());
assertEquals(clientReadResponse.getClaims().get(ID_TOKEN_SIGNED_RESPONSE_ALG.toString()), SignatureAlgorithm.PS256.getName());
assertEquals(clientReadResponse.getClaims().get(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString()), SignatureAlgorithm.PS256.getName());
assertEquals(clientReadResponse.getClaims().get(TOKEN_ENDPOINT_AUTH_METHOD.toString()), AuthenticationMethod.PRIVATE_KEY_JWT.toString());
}
Example #23
| Source File: TokenEncryptionHttpTest.java From oxAuth with MIT License | 4 votes |
|
@Parameters({"userId", "userSecret", "redirectUris", "clientJwksUri",
"RS256_enc_keyId", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri"})
//@Test // Before run this test, set openidScopeBackwardCompatibility to true
@Deprecated
public void requestIdTokenAlgRSAOAEPEncA256GCM(
final String userId, final String userSecret, final String redirectUris, final String jwksUri,
final String keyId, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) {
try {
showTitle("requestIdTokenAlgRSAOAEPEncA256GCM");
List<GrantType> grantTypes = Arrays.asList(
GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS
);
// 1. Dynamic Client Registration
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setJwksUri(jwksUri);
registerRequest.setIdTokenEncryptedResponseAlg(KeyEncryptionAlgorithm.RSA_OAEP);
registerRequest.setIdTokenEncryptedResponseEnc(BlockEncryptionAlgorithm.A256GCM);
registerRequest.addCustomAttribute("oxAuthTrustedClient", "true");
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
registerRequest.setGrantTypes(grantTypes);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse response = registerClient.exec();
showClient(registerClient);
assertEquals(response.getStatus(), 200, "Unexpected response code: " + response.getEntity());
assertNotNull(response.getClientId());
assertNotNull(response.getClientSecret());
assertNotNull(response.getRegistrationAccessToken());
assertNotNull(response.getClientSecretExpiresAt());
String clientId = response.getClientId();
String clientSecret = response.getClientSecret();
// 2. Request authorization
TokenRequest tokenRequest = new TokenRequest(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS);
tokenRequest.setUsername(userId);
tokenRequest.setPassword(userSecret);
tokenRequest.setScope("openid");
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword(clientSecret);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus());
assertNotNull(tokenResponse.getEntity(), "The entity is null");
assertNotNull(tokenResponse.getAccessToken(), "The access token is null");
assertNotNull(tokenResponse.getTokenType(), "The token type is null");
assertNotNull(tokenResponse.getRefreshToken(), "The refresh token is null");
assertNotNull(tokenResponse.getScope(), "The scope is null");
assertNotNull(tokenResponse.getIdToken(), "The id token is null");
String idToken = tokenResponse.getIdToken();
// 3. Read Encrypted ID Token
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, null);
PrivateKey privateKey = cryptoProvider.getPrivateKey(keyId);
Jwe jwe = Jwe.parse(idToken, privateKey, null);
assertNotNull(jwe.getHeader().getClaimAsString(JwtHeaderName.TYPE));
assertNotNull(jwe.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ISSUER));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.AUDIENCE));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.OX_OPENID_CONNECT_VERSION));
} catch (Exception ex) {
fail(ex.getMessage(), ex);
}
}
Example #24
| Source File: TokenRestWebServiceWithRSAlgEmbeddedTest.java From oxAuth with MIT License | 4 votes |
|
@Parameters({"tokenPath", "userId", "userSecret", "audience", "RS384_keyId", "keyStoreFile", "keyStoreSecret"})
@Test(dependsOnMethods = "requestAccessTokenWithClientSecretJwtRS384Step1")
public void requestAccessTokenWithClientSecretJwtRS384Step2(final String tokenPath, final String userId,
final String userSecret, final String audience, final String keyId, final String keyStoreFile,
final String keyStoreSecret) throws Exception {
Builder request = ResteasyClientBuilder.newClient().target(url.toString() + tokenPath).request();
request.header("Content-Type", MediaType.APPLICATION_FORM_URLENCODED);
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, null);
TokenRequest tokenRequest = new TokenRequest(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS);
tokenRequest.setUsername(userId);
tokenRequest.setPassword(userSecret);
tokenRequest.setScope("email read_stream manage_pages");
tokenRequest.setAuthUsername(clientId2);
tokenRequest.setAuthPassword(clientSecret2);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_JWT);
tokenRequest.setAlgorithm(SignatureAlgorithm.RS384);
tokenRequest.setKeyId(keyId);
tokenRequest.setCryptoProvider(cryptoProvider);
tokenRequest.setAudience(audience);
Response response = request
.post(Entity.form(new MultivaluedHashMap<String, String>(tokenRequest.getParameters())));
String entity = response.readEntity(String.class);
showResponse("requestAccessTokenWithClientSecretJwtRS384Step2", response, entity);
assertEquals(response.getStatus(), 200, "Unexpected response code.");
assertTrue(
response.getHeaderString("Cache-Control") != null
&& response.getHeaderString("Cache-Control").equals("no-store"),
"Unexpected result: " + response.getHeaderString("Cache-Control"));
assertTrue(response.getHeaderString("Pragma") != null && response.getHeaderString("Pragma").equals("no-cache"),
"Unexpected result: " + response.getHeaderString("Pragma"));
assertNotNull(entity, "Unexpected result: " + entity);
try {
JSONObject jsonObj = new JSONObject(entity);
assertTrue(jsonObj.has("access_token"), "Unexpected result: access_token not found");
assertTrue(jsonObj.has("token_type"), "Unexpected result: token_type not found");
assertTrue(jsonObj.has("scope"), "Unexpected result: scope not found");
} catch (JSONException e) {
e.printStackTrace();
fail(e.getMessage() + "\nResponse was: " + entity);
}
}
Example #25
| Source File: RegistrationTest.java From oxAuth with MIT License | 4 votes |
|
@Parameters({"sectorIdentifierUri", "backchannelClientNotificationEndpoint"})
@Test
public void backchannelTokenDeliveryModePush2(final String sectorIdentifierUri, final String backchannelClientNotificationEndpoint) {
showTitle("backchannelTokenDeliveryModePush2");
// 1. Dynamic Client Registration
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", null);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
registerRequest.setGrantTypes(Arrays.asList(GrantType.CIBA));
registerRequest.setBackchannelTokenDeliveryMode(BackchannelTokenDeliveryMode.PUSH);
registerRequest.setBackchannelClientNotificationEndpoint(backchannelClientNotificationEndpoint);
registerRequest.setBackchannelAuthenticationRequestSigningAlg(AsymmetricSignatureAlgorithm.RS256);
registerRequest.setBackchannelUserCodeParameter(true);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientSecretExpiresAt());
assertTrue(registerResponse.getClaims().containsKey(SECTOR_IDENTIFIER_URI.toString()));
assertTrue(registerResponse.getClaims().containsKey(BACKCHANNEL_TOKEN_DELIVERY_MODE.toString()));
assertTrue(registerResponse.getClaims().containsKey(BACKCHANNEL_AUTHENTICATION_REQUEST_SIGNING_ALG.toString()));
assertTrue(registerResponse.getClaims().containsKey(BACKCHANNEL_USER_CODE_PARAMETER.toString()));
assertTrue(registerResponse.getClaims().containsKey(BACKCHANNEL_CLIENT_NOTIFICATION_ENDPOINT.toString()));
assertEquals(registerResponse.getClaims().get(BACKCHANNEL_TOKEN_DELIVERY_MODE.toString()), BackchannelTokenDeliveryMode.PUSH.getValue());
assertEquals(registerResponse.getClaims().get(BACKCHANNEL_AUTHENTICATION_REQUEST_SIGNING_ALG.toString()), AsymmetricSignatureAlgorithm.RS256.getValue());
assertEquals(registerResponse.getClaims().get(BACKCHANNEL_USER_CODE_PARAMETER.toString()), new Boolean(true).toString());
String registrationAccessToken = registerResponse.getRegistrationAccessToken();
String registrationClientUri = registerResponse.getRegistrationClientUri();
// 2. Client Read
RegisterRequest clientReadRequest = new RegisterRequest(registrationAccessToken);
RegisterClient clientReadClient = new RegisterClient(registrationClientUri);
clientReadClient.setRequest(clientReadRequest);
RegisterResponse clientReadResponse = clientReadClient.exec();
showClient(clientReadClient);
assertEquals(clientReadResponse.getStatus(), 200, "Unexpected response code: " + clientReadResponse.getEntity());
assertNotNull(clientReadResponse.getClientId());
assertNotNull(clientReadResponse.getClientSecret());
assertNotNull(clientReadResponse.getRegistrationAccessToken());
assertNotNull(clientReadResponse.getRegistrationClientUri());
assertNotNull(clientReadResponse.getClientSecretExpiresAt());
assertNotNull(clientReadResponse.getClaims().get(APPLICATION_TYPE.toString()));
assertNotNull(clientReadResponse.getClaims().get(SECTOR_IDENTIFIER_URI.toString()));
assertNotNull(clientReadResponse.getClaims().get(SUBJECT_TYPE.toString()));
assertNotNull(clientReadResponse.getClaims().get(ID_TOKEN_SIGNED_RESPONSE_ALG.toString()));
assertNotNull(clientReadResponse.getClaims().get(CLIENT_NAME.toString()));
assertNotNull(clientReadResponse.getClaims().get(SCOPE.toString()));
assertTrue(clientReadResponse.getClaims().containsKey(SECTOR_IDENTIFIER_URI.toString()));
assertTrue(clientReadResponse.getClaims().containsKey(BACKCHANNEL_TOKEN_DELIVERY_MODE.toString()));
assertTrue(clientReadResponse.getClaims().containsKey(BACKCHANNEL_AUTHENTICATION_REQUEST_SIGNING_ALG.toString()));
assertTrue(clientReadResponse.getClaims().containsKey(BACKCHANNEL_USER_CODE_PARAMETER.toString()));
assertTrue(clientReadResponse.getClaims().containsKey(BACKCHANNEL_CLIENT_NOTIFICATION_ENDPOINT.toString()));
assertEquals(clientReadResponse.getClaims().get(BACKCHANNEL_TOKEN_DELIVERY_MODE.toString()), BackchannelTokenDeliveryMode.PUSH.getValue());
assertEquals(clientReadResponse.getClaims().get(BACKCHANNEL_AUTHENTICATION_REQUEST_SIGNING_ALG.toString()), AsymmetricSignatureAlgorithm.RS256.getValue());
assertEquals(clientReadResponse.getClaims().get(BACKCHANNEL_USER_CODE_PARAMETER.toString()), new Boolean(true).toString());
}
Example #26
| Source File: RegistrationTest.java From oxAuth with MIT License | 4 votes |
|
@Parameters({"backchannelClientNotificationEndpoint"})
@Test
public void backchannelTokenDeliveryModePush3(final String backchannelClientNotificationEndpoint) {
showTitle("backchannelTokenDeliveryModePush3");
// 1. Dynamic Client Registration
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", null);
registerRequest.setSubjectType(SubjectType.PUBLIC);
registerRequest.setGrantTypes(Arrays.asList(GrantType.CIBA));
registerRequest.setBackchannelTokenDeliveryMode(BackchannelTokenDeliveryMode.PUSH);
registerRequest.setBackchannelClientNotificationEndpoint(backchannelClientNotificationEndpoint);
registerRequest.setBackchannelAuthenticationRequestSigningAlg(AsymmetricSignatureAlgorithm.RS256);
registerRequest.setBackchannelUserCodeParameter(true);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientSecretExpiresAt());
assertTrue(registerResponse.getClaims().containsKey(BACKCHANNEL_TOKEN_DELIVERY_MODE.toString()));
assertTrue(registerResponse.getClaims().containsKey(BACKCHANNEL_AUTHENTICATION_REQUEST_SIGNING_ALG.toString()));
assertTrue(registerResponse.getClaims().containsKey(BACKCHANNEL_USER_CODE_PARAMETER.toString()));
assertTrue(registerResponse.getClaims().containsKey(BACKCHANNEL_CLIENT_NOTIFICATION_ENDPOINT.toString()));
assertEquals(registerResponse.getClaims().get(BACKCHANNEL_TOKEN_DELIVERY_MODE.toString()), BackchannelTokenDeliveryMode.PUSH.getValue());
assertEquals(registerResponse.getClaims().get(BACKCHANNEL_AUTHENTICATION_REQUEST_SIGNING_ALG.toString()), AsymmetricSignatureAlgorithm.RS256.getValue());
assertEquals(registerResponse.getClaims().get(BACKCHANNEL_USER_CODE_PARAMETER.toString()), new Boolean(true).toString());
String registrationAccessToken = registerResponse.getRegistrationAccessToken();
String registrationClientUri = registerResponse.getRegistrationClientUri();
// 2. Client Read
RegisterRequest clientReadRequest = new RegisterRequest(registrationAccessToken);
RegisterClient clientReadClient = new RegisterClient(registrationClientUri);
clientReadClient.setRequest(clientReadRequest);
RegisterResponse clientReadResponse = clientReadClient.exec();
showClient(clientReadClient);
assertEquals(clientReadResponse.getStatus(), 200, "Unexpected response code: " + clientReadResponse.getEntity());
assertNotNull(clientReadResponse.getClientId());
assertNotNull(clientReadResponse.getClientSecret());
assertNotNull(clientReadResponse.getRegistrationAccessToken());
assertNotNull(clientReadResponse.getRegistrationClientUri());
assertNotNull(clientReadResponse.getClientSecretExpiresAt());
assertNotNull(clientReadResponse.getClaims().get(APPLICATION_TYPE.toString()));
assertNotNull(clientReadResponse.getClaims().get(SUBJECT_TYPE.toString()));
assertNotNull(clientReadResponse.getClaims().get(ID_TOKEN_SIGNED_RESPONSE_ALG.toString()));
assertNotNull(clientReadResponse.getClaims().get(CLIENT_NAME.toString()));
assertNotNull(clientReadResponse.getClaims().get(SCOPE.toString()));
assertTrue(clientReadResponse.getClaims().containsKey(BACKCHANNEL_TOKEN_DELIVERY_MODE.toString()));
assertTrue(clientReadResponse.getClaims().containsKey(BACKCHANNEL_AUTHENTICATION_REQUEST_SIGNING_ALG.toString()));
assertTrue(clientReadResponse.getClaims().containsKey(BACKCHANNEL_USER_CODE_PARAMETER.toString()));
assertTrue(clientReadResponse.getClaims().containsKey(BACKCHANNEL_CLIENT_NOTIFICATION_ENDPOINT.toString()));
assertEquals(clientReadResponse.getClaims().get(BACKCHANNEL_TOKEN_DELIVERY_MODE.toString()), BackchannelTokenDeliveryMode.PUSH.getValue());
assertEquals(clientReadResponse.getClaims().get(BACKCHANNEL_AUTHENTICATION_REQUEST_SIGNING_ALG.toString()), AsymmetricSignatureAlgorithm.RS256.getValue());
assertEquals(clientReadResponse.getClaims().get(BACKCHANNEL_USER_CODE_PARAMETER.toString()), new Boolean(true).toString());
}
Example #27
| Source File: TokenRestWebServiceWithRSAlgEmbeddedTest.java From oxAuth with MIT License | 4 votes |
|
@Parameters({"registerPath", "redirectUris", "clientJwksUri"})
@Test
public void requestAccessTokenWithClientSecretJwtRS512Step1(final String registerPath, final String redirectUris,
final String jwksUri) throws Exception {
Builder request = ResteasyClientBuilder.newClient().target(url.toString() + registerPath).request();
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setJwksUri(jwksUri);
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
registerRequest.addCustomAttribute("oxAuthTrustedClient", "true");
List<GrantType> grantTypes = Arrays.asList(
GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS
);
registerRequest.setGrantTypes(grantTypes);
String registerRequestContent = ServerUtil.toPrettyJson(registerRequest.getJSONParameters());
Response response = request.post(Entity.json(registerRequestContent));
String entity = response.readEntity(String.class);
showResponse("requestAccessTokenWithClientSecretJwtRS512Step1", response, entity);
assertEquals(response.getStatus(), 200, "Unexpected response code. " + entity);
assertNotNull(entity, "Unexpected result: " + entity);
try {
JSONObject jsonObj = new JSONObject(entity);
assertTrue(jsonObj.has(RegisterResponseParam.CLIENT_ID.toString()));
assertTrue(jsonObj.has(CLIENT_SECRET.toString()));
assertTrue(jsonObj.has(REGISTRATION_ACCESS_TOKEN.toString()));
assertTrue(jsonObj.has(REGISTRATION_CLIENT_URI.toString()));
assertTrue(jsonObj.has(CLIENT_ID_ISSUED_AT.toString()));
assertTrue(jsonObj.has(CLIENT_SECRET_EXPIRES_AT.toString()));
clientId3 = jsonObj.getString(RegisterResponseParam.CLIENT_ID.toString());
clientSecret3 = jsonObj.getString(CLIENT_SECRET.toString());
} catch (JSONException e) {
e.printStackTrace();
fail(e.getMessage() + "\nResponse was: " + entity);
}
}
Example #28
| Source File: SupportScopeRequestingAddressClaims.java From oxAuth with MIT License | 4 votes |
|
@Parameters({"userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri"})
@Test
public void supportScopeRequestingAddressClaims(
final String userId, final String userSecret, final String redirectUris, final String redirectUri,
final String sectorIdentifierUri) throws Exception {
showTitle("OC5:FeatureTest-Support scope Requesting address Claims");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE);
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
String clientSecret = registerResponse.getClientSecret();
// 2. Request authorization
List<String> scopes = Arrays.asList("openid", "address");
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(
authorizationEndpoint, authorizationRequest, userId, userSecret);
assertNotNull(authorizationResponse.getLocation());
assertNotNull(authorizationResponse.getCode());
assertNotNull(authorizationResponse.getState());
String authorizationCode = authorizationResponse.getCode();
// 3. Get Access Token
TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
tokenRequest.setCode(authorizationCode);
tokenRequest.setRedirectUri(redirectUri);
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword(clientSecret);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_BASIC);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus());
assertNotNull(tokenResponse.getEntity(), "The entity is null");
assertNotNull(tokenResponse.getAccessToken(), "The access token is null");
assertNotNull(tokenResponse.getExpiresIn(), "The expires in value is null");
assertNotNull(tokenResponse.getTokenType(), "The token type is null");
assertNotNull(tokenResponse.getRefreshToken(), "The refresh token is null");
String accessToken = tokenResponse.getAccessToken();
// 4. Request user info
UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
UserInfoResponse userInfoResponse = userInfoClient.execUserInfo(accessToken);
showClient(userInfoClient);
assertEquals(userInfoResponse.getStatus(), 200, "Unexpected response code: " + userInfoResponse.getStatus());
assertNotNull(userInfoResponse.getClaim(JwtClaimName.SUBJECT_IDENTIFIER));
}
Example #29
| Source File: ResponseTypesRestrictionHttpTest.java From oxAuth with MIT License | 4 votes |
|
/**
* Registering without provide the response_types param, should register the Client using only
* the <code>code</code> response type.
*/
@Parameters({"redirectUris", "userId", "userSecret", "redirectUri", "sectorIdentifierUri"})
@Test
public void omittedResponseTypes(
final String redirectUris, final String userId, final String userSecret, final String redirectUri,
final String sectorIdentifierUri) throws Exception {
showTitle("omittedResponseTypes");
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.CLIENT_SECRET_POST);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
String clientSecret = registerResponse.getClientSecret();
String registrationAccessToken = registerResponse.getRegistrationAccessToken();
String registrationClientUri = registerResponse.getRegistrationClientUri();
// 2. Client read
RegisterRequest readClientRequest = new RegisterRequest(registrationAccessToken);
RegisterClient readClient = new RegisterClient(registrationClientUri);
readClient.setRequest(readClientRequest);
RegisterResponse readClientResponse = readClient.exec();
showClient(readClient);
assertEquals(readClientResponse.getStatus(), 200, "Unexpected response code: " + readClientResponse.getEntity());
assertNotNull(readClientResponse.getClientId());
assertNotNull(readClientResponse.getClientSecret());
assertNotNull(readClientResponse.getClientIdIssuedAt());
assertNotNull(readClientResponse.getClientSecretExpiresAt());
assertNotNull(readClientResponse.getClaims().get(RESPONSE_TYPES.toString()));
assertNotNull(readClientResponse.getClaims().get(REDIRECT_URIS.toString()));
assertNotNull(readClientResponse.getClaims().get(APPLICATION_TYPE.toString()));
assertNotNull(readClientResponse.getClaims().get(CLIENT_NAME.toString()));
assertNotNull(readClientResponse.getClaims().get(ID_TOKEN_SIGNED_RESPONSE_ALG.toString()));
assertNotNull(readClientResponse.getClaims().get(SCOPE.toString()));
// 3. Request authorization
List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE);
List<String> scopes = Arrays.asList(
"openid",
"profile",
"address",
"email");
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, null);
authorizationRequest.setState(state);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(
authorizationEndpoint, authorizationRequest, userId, userSecret);
assertNotNull(authorizationResponse.getLocation(), "The location is null");
assertNotNull(authorizationResponse.getCode(), "The authorization code is null");
assertNotNull(authorizationResponse.getState(), "The state is null");
assertNotNull(authorizationResponse.getScope(), "The scope is null");
String authorizationCode = authorizationResponse.getCode();
// 4. Get Access Token
TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
tokenRequest.setCode(authorizationCode);
tokenRequest.setRedirectUri(redirectUri);
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword(clientSecret);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_POST);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus());
assertNotNull(tokenResponse.getEntity(), "The entity is null");
assertNotNull(tokenResponse.getAccessToken(), "The access token is null");
assertNotNull(tokenResponse.getExpiresIn(), "The expires in value is null");
assertNotNull(tokenResponse.getTokenType(), "The token type is null");
assertNotNull(tokenResponse.getRefreshToken(), "The refresh token is null");
}
Example #30
| Source File: RegistrationRestWebServiceHttpTest.java From oxAuth with MIT License | 4 votes |
|
@Test(dependsOnMethods = "requestClientAssociate3")
public void requestClientUpdate3() throws Exception {
showTitle("requestClientUpdate3");
final String clientName = "Dynamically Registered Client #1 update_1";
final RegisterRequest registerRequest = new RegisterRequest(registrationAccessToken2);
registerRequest.setHttpMethod(HttpMethod.PUT);
registerRequest.setRedirectUris(Arrays.asList("https://localhost:8443/auth"));
registerRequest.setPostLogoutRedirectUris(Arrays.asList("https://localhost:8443/auth"));
registerRequest.setApplicationType(ApplicationType.WEB);
registerRequest.setClientName(clientName);
registerRequest.setSubjectType(SubjectType.PUBLIC);
registerRequest.setGrantTypes(Arrays.asList(GrantType.IMPLICIT));
registerRequest.setResponseTypes(Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN));
registerRequest.setScope(Arrays.asList("openid", "address", "profile", "email", "phone", "clientinfo", "invalid_scope"));
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.CLIENT_SECRET_POST);
registerRequest.setFrontChannelLogoutSessionRequired(true);
registerRequest.addCustomAttribute("oxAuthTrustedClient", "true");
final RegisterClient registerClient = new RegisterClient(registrationClientUri2);
registerClient.setRequest(registerRequest);
registerClient.setExecutor(clientExecutor(true));
final RegisterResponse response = registerClient.exec();
showClient(registerClient);
assertEquals(response.getStatus(), 200, "Unexpected response code: " + response.getEntity());
assertNotNull(response.getClientId());
assertTrue(response.getClaims().containsKey(CLIENT_NAME.toString()));
assertEquals(clientName, response.getClaims().get(CLIENT_NAME.toString()));
JSONArray scopesJsonArray = new JSONArray(StringUtils.spaceSeparatedToList(response.getClaims().get(SCOPE.toString())));
List<String> scopes = new ArrayList<String>();
for (int i = 0; i < scopesJsonArray.length(); i++) {
scopes.add(scopesJsonArray.get(i).toString());
}
assertTrue(scopes.contains("openid"));
assertTrue(scopes.contains("address"));
assertTrue(scopes.contains("email"));
assertTrue(scopes.contains("profile"));
assertTrue(scopes.contains("phone"));
assertTrue(scopes.contains("clientinfo"));
}
