Java Code Examples for org.gluu.oxauth.model.common.GrantType#CLIENT_CREDENTIALS

public static Token request(final String tokenUrl, final TokenRequest tokenRequest) throws Exception {
	if (tokenRequest.getGrantType() != GrantType.CLIENT_CREDENTIALS) {
		return null;
	}

    TokenClient tokenClient = new TokenClient(tokenUrl);

    tokenClient.setRequest(tokenRequest);

    TokenResponse response = tokenClient.exec();

    if (response.getStatus() == 200) {
        final String patToken = response.getAccessToken();
        final Integer expiresIn = response.getExpiresIn();
        if (Util.allNotBlank(patToken)) {
            return new Token(null, null, patToken, response.getScope(), expiresIn);
        }
    }

    return null;
}
 

public static Token requestWithClientSecretJwt(final String tokenUrl,
                                               final String umaClientId,
                                               final String umaClientSecret,
                                               AuthenticationMethod authenticationMethod,
                                               SignatureAlgorithm signatureAlgorithm,
                                               String audience,
                                               UmaScopeType scopeType,
                                               String... scopeArray) throws Exception {

    String scope = scopeType.getValue();
    if (scopeArray != null && scopeArray.length > 0) {
        for (String s : scopeArray) {
            scope = scope + " " + s;
        }
    }

    TokenRequest request = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
    request.setAuthUsername(umaClientId);
    request.setAuthPassword(umaClientSecret);
    request.setScope(scope);
    request.setAuthenticationMethod(authenticationMethod);
    request.setAlgorithm(signatureAlgorithm);
    request.setAudience(audience);

    return request(tokenUrl, request);
}
 

@Parameters({"redirectUris", "clientJwksUri", "RS512_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri"})
@Test
public void privateKeyJwtAuthenticationMethodRS512(
        final String redirectUris, final String clientJwksUri, final String keyId, final String dnName,
        final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
    showTitle("privateKeyJwtAuthenticationMethodRS512");

    List<String> scopes = Arrays.asList("clientinfo");
    List<GrantType> grantTypes = Arrays.asList(
            GrantType.CLIENT_CREDENTIALS
    );

    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
            StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setScope(scopes);
    registerRequest.setGrantTypes(grantTypes);
    registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    registerRequest.setJwksUri(clientJwksUri);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);

    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();

    showClient(registerClient);
    assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
    assertNotNull(registerResponse.getClientId());
    assertNotNull(registerResponse.getClientSecret());
    assertNotNull(registerResponse.getRegistrationAccessToken());
    assertNotNull(registerResponse.getClientIdIssuedAt());
    assertNotNull(registerResponse.getClientSecretExpiresAt());

    String clientId = registerResponse.getClientId();

    // 2. Request Client Credentials Grant
    OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);

    TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
    tokenRequest.setScope("clientinfo");
    tokenRequest.setAuthUsername(clientId);
    tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    tokenRequest.setAlgorithm(SignatureAlgorithm.RS512);
    tokenRequest.setCryptoProvider(cryptoProvider);
    tokenRequest.setKeyId(keyId);
    tokenRequest.setAudience(tokenEndpoint);

    TokenClient tokenClient = new TokenClient(tokenEndpoint);
    tokenClient.setRequest(tokenRequest);
    TokenResponse tokenResponse = tokenClient.exec();

    showClient(tokenClient);
    assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus());
    assertNotNull(tokenResponse.getEntity());
    assertNotNull(tokenResponse.getAccessToken());
    assertNotNull(tokenResponse.getTokenType());
    assertNotNull(tokenResponse.getScope());
    assertNull(tokenResponse.getRefreshToken());

    String accessToken = tokenResponse.getAccessToken();

    // 3. Request client info
    ClientInfoClient clientInfoClient = new ClientInfoClient(clientInfoEndpoint);
    ClientInfoResponse clientInfoResponse = clientInfoClient.execClientInfo(accessToken);

    showClient(clientInfoClient);
    assertEquals(clientInfoResponse.getStatus(), 200, "Unexpected response code: " + clientInfoResponse.getStatus());
    assertNotNull(clientInfoResponse.getClaim("displayName"), "Unexpected result: displayName not found");
    assertNotNull(clientInfoResponse.getClaim("inum"), "Unexpected result: inum not found");
}
 

@Parameters({"redirectUris", "clientJwksUri", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri"})
@Test
public void privateKeyJwtAuthenticationMethodPS512Fail(
        final String redirectUris, final String clientJwksUri, final String dnName, final String keyStoreFile,
        final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
    showTitle("privateKeyJwtAuthenticationMethodPS512Fail");

    List<String> scopes = Arrays.asList("clientinfo");

    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
            StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setScope(scopes);
    registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    registerRequest.setJwksUri(clientJwksUri);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);

    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();

    showClient(registerClient);
    assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
    assertNotNull(registerResponse.getClientId());
    assertNotNull(registerResponse.getClientSecret());
    assertNotNull(registerResponse.getRegistrationAccessToken());
    assertNotNull(registerResponse.getClientIdIssuedAt());
    assertNotNull(registerResponse.getClientSecretExpiresAt());

    String clientId = registerResponse.getClientId();

    // 2. Request Client Credentials Grant
    OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);

    TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
    tokenRequest.setScope("clientinfo");
    tokenRequest.setAuthUsername(clientId);
    tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    tokenRequest.setAlgorithm(SignatureAlgorithm.PS512);
    tokenRequest.setCryptoProvider(cryptoProvider);
    tokenRequest.setKeyId("PS512SIG_INVALID_KEYID");
    tokenRequest.setAudience(tokenEndpoint);

    TokenClient tokenClient = new TokenClient(tokenEndpoint);
    tokenClient.setRequest(tokenRequest);
    TokenResponse tokenResponse = tokenClient.exec();

    showClient(tokenClient);
    assertEquals(tokenResponse.getStatus(), 401, "Unexpected response code: " + tokenResponse.getStatus());
    assertNotNull(tokenResponse.getErrorType());
    assertEquals(tokenResponse.getErrorType(), TokenErrorResponseType.INVALID_CLIENT);
    assertNotNull(tokenResponse.getErrorDescription());
}
 

@Parameters({"redirectUris", "clientJwksUri", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri"})
@Test
public void privateKeyJwtAuthenticationMethodRS256Fail(
        final String redirectUris, final String clientJwksUri, final String dnName, final String keyStoreFile,
        final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
    showTitle("privateKeyJwtAuthenticationMethodRS256Fail");

    List<String> scopes = Arrays.asList("clientinfo");

    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
            StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setScope(scopes);
    registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    registerRequest.setJwksUri(clientJwksUri);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);

    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();

    showClient(registerClient);
    assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
    assertNotNull(registerResponse.getClientId());
    assertNotNull(registerResponse.getClientSecret());
    assertNotNull(registerResponse.getRegistrationAccessToken());
    assertNotNull(registerResponse.getClientIdIssuedAt());
    assertNotNull(registerResponse.getClientSecretExpiresAt());

    String clientId = registerResponse.getClientId();

    // 2. Request Client Credentials Grant
    OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);

    TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
    tokenRequest.setScope("clientinfo");
    tokenRequest.setAuthUsername(clientId);
    tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    tokenRequest.setAlgorithm(SignatureAlgorithm.RS256);
    tokenRequest.setCryptoProvider(cryptoProvider);
    tokenRequest.setKeyId("RS256SIG_INVALID_KEYID");
    tokenRequest.setAudience(tokenEndpoint);

    TokenClient tokenClient = new TokenClient(tokenEndpoint);
    tokenClient.setRequest(tokenRequest);
    TokenResponse tokenResponse = tokenClient.exec();

    showClient(tokenClient);
    assertEquals(tokenResponse.getStatus(), 401, "Unexpected response code: " + tokenResponse.getStatus());
    assertNotNull(tokenResponse.getErrorType());
    assertEquals(tokenResponse.getErrorType(), TokenErrorResponseType.INVALID_CLIENT);
    assertNotNull(tokenResponse.getErrorDescription());
}
 

@Parameters({"redirectUris", "clientJwksUri", "RS256_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri"})
@Test
public void privateKeyJwtAuthenticationMethodRS256(
        final String redirectUris, final String clientJwksUri, final String keyId, final String dnName,
        final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
    showTitle("privateKeyJwtAuthenticationMethodRS256");

    List<String> scopes = Arrays.asList("clientinfo");
    List<GrantType> grantTypes = Arrays.asList(
            GrantType.CLIENT_CREDENTIALS
    );

    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
            StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setScope(scopes);
    registerRequest.setGrantTypes(grantTypes);
    registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    registerRequest.setJwksUri(clientJwksUri);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);

    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();

    showClient(registerClient);
    assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
    assertNotNull(registerResponse.getClientId());
    assertNotNull(registerResponse.getClientSecret());
    assertNotNull(registerResponse.getRegistrationAccessToken());
    assertNotNull(registerResponse.getClientIdIssuedAt());
    assertNotNull(registerResponse.getClientSecretExpiresAt());

    String clientId = registerResponse.getClientId();

    // 2. Request Client Credentials Grant
    OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);

    TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
    tokenRequest.setScope("clientinfo");
    tokenRequest.setAuthUsername(clientId);
    tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    tokenRequest.setAlgorithm(SignatureAlgorithm.RS256);
    tokenRequest.setCryptoProvider(cryptoProvider);
    tokenRequest.setKeyId(keyId);
    tokenRequest.setAudience(tokenEndpoint);

    TokenClient tokenClient = new TokenClient(tokenEndpoint);
    tokenClient.setRequest(tokenRequest);
    TokenResponse tokenResponse = tokenClient.exec();

    showClient(tokenClient);
    assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus());
    assertNotNull(tokenResponse.getEntity());
    assertNotNull(tokenResponse.getAccessToken());
    assertNotNull(tokenResponse.getTokenType());
    assertNotNull(tokenResponse.getScope());
    assertNull(tokenResponse.getRefreshToken());

    String accessToken = tokenResponse.getAccessToken();

    // 3. Request client info
    ClientInfoClient clientInfoClient = new ClientInfoClient(clientInfoEndpoint);
    ClientInfoResponse clientInfoResponse = clientInfoClient.execClientInfo(accessToken);

    showClient(clientInfoClient);
    assertEquals(clientInfoResponse.getStatus(), 200, "Unexpected response code: " + clientInfoResponse.getStatus());
    assertNotNull(clientInfoResponse.getClaim("displayName"), "Unexpected result: displayName not found");
    assertNotNull(clientInfoResponse.getClaim("inum"), "Unexpected result: inum not found");
}
 

@Parameters({"redirectUris", "sectorIdentifierUri"})
@Test
public void clientSecretJwtAuthenticationMethodHS512Fail(final String redirectUris, final String sectorIdentifierUri) throws Exception {
    showTitle("clientSecretJwtAuthenticationMethodHS512Fail");

    List<String> scopes = Arrays.asList("clientinfo");

    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
            StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setScope(scopes);
    registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.CLIENT_SECRET_JWT);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);

    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();

    showClient(registerClient);
    assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
    assertNotNull(registerResponse.getClientId());
    assertNotNull(registerResponse.getClientSecret());
    assertNotNull(registerResponse.getRegistrationAccessToken());
    assertNotNull(registerResponse.getClientIdIssuedAt());
    assertNotNull(registerResponse.getClientSecretExpiresAt());

    String clientId = registerResponse.getClientId();
    String clientSecret = registerResponse.getClientSecret();

    // 2. Request Client Credentials Grant
    OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider();

    TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
    tokenRequest.setScope("clientinfo");
    tokenRequest.setAuthUsername(clientId);
    tokenRequest.setAuthPassword("INVALID_CLIENT_SECRET");
    tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_JWT);
    tokenRequest.setAlgorithm(SignatureAlgorithm.HS512);
    tokenRequest.setCryptoProvider(cryptoProvider);
    tokenRequest.setAudience(tokenEndpoint);

    TokenClient tokenClient = new TokenClient(tokenEndpoint);
    tokenClient.setRequest(tokenRequest);
    TokenResponse tokenResponse = tokenClient.exec();

    showClient(tokenClient);
    assertEquals(tokenResponse.getStatus(), 401, "Unexpected response code: " + tokenResponse.getStatus());
    assertNotNull(tokenResponse.getErrorType());
    assertEquals(tokenResponse.getErrorType(), TokenErrorResponseType.INVALID_CLIENT);
    assertNotNull(tokenResponse.getErrorDescription());
}
 

@Parameters({"redirectUris", "sectorIdentifierUri"})
@Test
public void clientSecretJwtAuthenticationMethodHS512(final String redirectUris, final String sectorIdentifierUri) throws Exception {
    showTitle("clientSecretJwtAuthenticationMethodHS512");

    List<String> scopes = Arrays.asList("clientinfo");
    List<GrantType> grantTypes = Arrays.asList(
            GrantType.CLIENT_CREDENTIALS
    );

    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
            StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setScope(scopes);
    registerRequest.setGrantTypes(grantTypes);
    registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.CLIENT_SECRET_JWT);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);

    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();

    showClient(registerClient);
    assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
    assertNotNull(registerResponse.getClientId());
    assertNotNull(registerResponse.getClientSecret());
    assertNotNull(registerResponse.getRegistrationAccessToken());
    assertNotNull(registerResponse.getClientIdIssuedAt());
    assertNotNull(registerResponse.getClientSecretExpiresAt());

    String clientId = registerResponse.getClientId();
    String clientSecret = registerResponse.getClientSecret();

    // 2. Request Client Credentials Grant
    OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider();

    TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
    tokenRequest.setScope("clientinfo");
    tokenRequest.setAuthUsername(clientId);
    tokenRequest.setAuthPassword(clientSecret);
    tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_JWT);
    tokenRequest.setAlgorithm(SignatureAlgorithm.HS512);
    tokenRequest.setCryptoProvider(cryptoProvider);
    tokenRequest.setAudience(tokenEndpoint);

    TokenClient tokenClient = new TokenClient(tokenEndpoint);
    tokenClient.setRequest(tokenRequest);
    TokenResponse tokenResponse = tokenClient.exec();

    showClient(tokenClient);
    assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus());
    assertNotNull(tokenResponse.getEntity());
    assertNotNull(tokenResponse.getAccessToken());
    assertNotNull(tokenResponse.getTokenType());
    assertNotNull(tokenResponse.getScope());
    assertNull(tokenResponse.getRefreshToken());

    String accessToken = tokenResponse.getAccessToken();

    // 3. Request client info
    ClientInfoClient clientInfoClient = new ClientInfoClient(clientInfoEndpoint);
    ClientInfoResponse clientInfoResponse = clientInfoClient.execClientInfo(accessToken);

    showClient(clientInfoClient);
    assertEquals(clientInfoResponse.getStatus(), 200, "Unexpected response code: " + clientInfoResponse.getStatus());
    assertNotNull(clientInfoResponse.getClaim("displayName"), "Unexpected result: displayName not found");
    assertNotNull(clientInfoResponse.getClaim("inum"), "Unexpected result: inum not found");
}
 

@Parameters({"redirectUris", "clientJwksUri", "ES256_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri"})
@Test
public void privateKeyJwtAuthenticationMethodES256(
        final String redirectUris, final String clientJwksUri, final String keyId, final String dnName,
        final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
    showTitle("privateKeyJwtAuthenticationMethodES256");

    List<String> scopes = Arrays.asList("clientinfo");
    List<GrantType> grantTypes = Arrays.asList(
            GrantType.CLIENT_CREDENTIALS
    );

    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
            StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setScope(scopes);
    registerRequest.setGrantTypes(grantTypes);
    registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    registerRequest.setJwksUri(clientJwksUri);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);

    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();

    showClient(registerClient);
    assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
    assertNotNull(registerResponse.getClientId());
    assertNotNull(registerResponse.getClientSecret());
    assertNotNull(registerResponse.getRegistrationAccessToken());
    assertNotNull(registerResponse.getClientIdIssuedAt());
    assertNotNull(registerResponse.getClientSecretExpiresAt());

    String clientId = registerResponse.getClientId();

    // 2. Request Client Credentials Grant
    OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);

    TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
    tokenRequest.setScope("clientinfo");
    tokenRequest.setAuthUsername(clientId);
    tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    tokenRequest.setAlgorithm(SignatureAlgorithm.ES256);
    tokenRequest.setCryptoProvider(cryptoProvider);
    tokenRequest.setKeyId(keyId);
    tokenRequest.setAudience(tokenEndpoint);

    TokenClient tokenClient = new TokenClient(tokenEndpoint);
    tokenClient.setRequest(tokenRequest);
    TokenResponse tokenResponse = tokenClient.exec();

    showClient(tokenClient);
    assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus());
    assertNotNull(tokenResponse.getEntity());
    assertNotNull(tokenResponse.getAccessToken());
    assertNotNull(tokenResponse.getTokenType());
    assertNotNull(tokenResponse.getScope());
    assertNull(tokenResponse.getRefreshToken());

    String accessToken = tokenResponse.getAccessToken();

    // 3. Request client info
    ClientInfoClient clientInfoClient = new ClientInfoClient(clientInfoEndpoint);
    ClientInfoResponse clientInfoResponse = clientInfoClient.execClientInfo(accessToken);

    showClient(clientInfoClient);
    assertEquals(clientInfoResponse.getStatus(), 200, "Unexpected response code: " + clientInfoResponse.getStatus());
    assertNotNull(clientInfoResponse.getClaim("displayName"), "Unexpected result: displayName not found");
    assertNotNull(clientInfoResponse.getClaim("inum"), "Unexpected result: inum not found");
}
 

@Parameters({"redirectUris", "clientJwksUri", "ES384_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri"})
@Test
public void privateKeyJwtAuthenticationMethodES384(
        final String redirectUris, final String clientJwksUri, final String keyId, final String dnName,
        final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
    showTitle("privateKeyJwtAuthenticationMethodES384");

    List<String> scopes = Arrays.asList("clientinfo");
    List<GrantType> grantTypes = Arrays.asList(
            GrantType.CLIENT_CREDENTIALS
    );

    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
            StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setScope(scopes);
    registerRequest.setGrantTypes(grantTypes);
    registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    registerRequest.setJwksUri(clientJwksUri);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);

    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();

    showClient(registerClient);
    assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
    assertNotNull(registerResponse.getClientId());
    assertNotNull(registerResponse.getClientSecret());
    assertNotNull(registerResponse.getRegistrationAccessToken());
    assertNotNull(registerResponse.getClientIdIssuedAt());
    assertNotNull(registerResponse.getClientSecretExpiresAt());

    String clientId = registerResponse.getClientId();

    // 2. Request Client Credentials Grant
    OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);

    TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
    tokenRequest.setScope("clientinfo");
    tokenRequest.setAuthUsername(clientId);
    tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    tokenRequest.setAlgorithm(SignatureAlgorithm.ES384);
    tokenRequest.setCryptoProvider(cryptoProvider);
    tokenRequest.setKeyId(keyId);
    tokenRequest.setAudience(tokenEndpoint);

    TokenClient tokenClient = new TokenClient(tokenEndpoint);
    tokenClient.setRequest(tokenRequest);
    TokenResponse tokenResponse = tokenClient.exec();

    showClient(tokenClient);
    assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus());
    assertNotNull(tokenResponse.getEntity());
    assertNotNull(tokenResponse.getAccessToken());
    assertNotNull(tokenResponse.getTokenType());
    assertNotNull(tokenResponse.getScope());
    assertNull(tokenResponse.getRefreshToken());

    String accessToken = tokenResponse.getAccessToken();

    // 3. Request client info
    ClientInfoClient clientInfoClient = new ClientInfoClient(clientInfoEndpoint);
    ClientInfoResponse clientInfoResponse = clientInfoClient.execClientInfo(accessToken);

    showClient(clientInfoClient);
    assertEquals(clientInfoResponse.getStatus(), 200, "Unexpected response code: " + clientInfoResponse.getStatus());
    assertNotNull(clientInfoResponse.getClaim("displayName"), "Unexpected result: displayName not found");
    assertNotNull(clientInfoResponse.getClaim("inum"), "Unexpected result: inum not found");
}
 

@Parameters({"redirectUris", "clientJwksUri", "PS384_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri"})
@Test
public void privateKeyJwtAuthenticationMethodPS384(
        final String redirectUris, final String clientJwksUri, final String keyId, final String dnName,
        final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
    showTitle("privateKeyJwtAuthenticationMethodPS384");

    List<String> scopes = Arrays.asList("clientinfo");
    List<GrantType> grantTypes = Arrays.asList(
            GrantType.CLIENT_CREDENTIALS
    );

    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
            StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setScope(scopes);
    registerRequest.setGrantTypes(grantTypes);
    registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    registerRequest.setJwksUri(clientJwksUri);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);

    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();

    showClient(registerClient);
    assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
    assertNotNull(registerResponse.getClientId());
    assertNotNull(registerResponse.getClientSecret());
    assertNotNull(registerResponse.getRegistrationAccessToken());
    assertNotNull(registerResponse.getClientIdIssuedAt());
    assertNotNull(registerResponse.getClientSecretExpiresAt());

    String clientId = registerResponse.getClientId();

    // 2. Request Client Credentials Grant
    OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);

    TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
    tokenRequest.setScope("clientinfo");
    tokenRequest.setAuthUsername(clientId);
    tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    tokenRequest.setAlgorithm(SignatureAlgorithm.PS384);
    tokenRequest.setCryptoProvider(cryptoProvider);
    tokenRequest.setKeyId(keyId);
    tokenRequest.setAudience(tokenEndpoint);

    TokenClient tokenClient = new TokenClient(tokenEndpoint);
    tokenClient.setRequest(tokenRequest);
    TokenResponse tokenResponse = tokenClient.exec();

    showClient(tokenClient);
    assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus());
    assertNotNull(tokenResponse.getEntity());
    assertNotNull(tokenResponse.getAccessToken());
    assertNotNull(tokenResponse.getTokenType());
    assertNotNull(tokenResponse.getScope());
    assertNull(tokenResponse.getRefreshToken());

    String accessToken = tokenResponse.getAccessToken();

    // 3. Request client info
    ClientInfoClient clientInfoClient = new ClientInfoClient(clientInfoEndpoint);
    ClientInfoResponse clientInfoResponse = clientInfoClient.execClientInfo(accessToken);

    showClient(clientInfoClient);
    assertEquals(clientInfoResponse.getStatus(), 200, "Unexpected response code: " + clientInfoResponse.getStatus());
    assertNotNull(clientInfoResponse.getClaim("displayName"), "Unexpected result: displayName not found");
    assertNotNull(clientInfoResponse.getClaim("inum"), "Unexpected result: inum not found");
}
 

@Parameters({"redirectUris", "sectorIdentifierUri"})
@Test
public void clientSecretJwtAuthenticationMethodHS256(final String redirectUris, final String sectorIdentifierUri) throws Exception {
    showTitle("clientSecretJwtAuthenticationMethodHS256");

    List<String> scopes = Arrays.asList("clientinfo");
    List<GrantType> grantTypes = Arrays.asList(
            GrantType.CLIENT_CREDENTIALS
    );

    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
            StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setScope(scopes);
    registerRequest.setGrantTypes(grantTypes);
    registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.CLIENT_SECRET_JWT);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);

    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();

    showClient(registerClient);
    assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
    assertNotNull(registerResponse.getClientId());
    assertNotNull(registerResponse.getClientSecret());
    assertNotNull(registerResponse.getRegistrationAccessToken());
    assertNotNull(registerResponse.getClientIdIssuedAt());
    assertNotNull(registerResponse.getClientSecretExpiresAt());

    String clientId = registerResponse.getClientId();
    String clientSecret = registerResponse.getClientSecret();

    // 2. Request Client Credentials Grant
    OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider();

    TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
    tokenRequest.setScope("clientinfo");
    tokenRequest.setAuthUsername(clientId);
    tokenRequest.setAuthPassword(clientSecret);
    tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_JWT);
    tokenRequest.setAlgorithm(SignatureAlgorithm.HS256);
    tokenRequest.setCryptoProvider(cryptoProvider);
    tokenRequest.setAudience(tokenEndpoint);

    TokenClient tokenClient = new TokenClient(tokenEndpoint);
    tokenClient.setRequest(tokenRequest);
    TokenResponse tokenResponse = tokenClient.exec();

    showClient(tokenClient);
    assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus());
    assertNotNull(tokenResponse.getEntity());
    assertNotNull(tokenResponse.getAccessToken());
    assertNotNull(tokenResponse.getTokenType());
    assertNotNull(tokenResponse.getScope());
    assertNull(tokenResponse.getRefreshToken());

    String accessToken = tokenResponse.getAccessToken();

    // 3. Request client info
    ClientInfoClient clientInfoClient = new ClientInfoClient(clientInfoEndpoint);
    ClientInfoResponse clientInfoResponse = clientInfoClient.execClientInfo(accessToken);

    showClient(clientInfoClient);
    assertEquals(clientInfoResponse.getStatus(), 200, "Unexpected response code: " + clientInfoResponse.getStatus());
    assertNotNull(clientInfoResponse.getClaim("displayName"), "Unexpected result: displayName not found");
    assertNotNull(clientInfoResponse.getClaim("inum"), "Unexpected result: inum not found");
}
 

@Parameters({"redirectUris", "clientJwksUri", "PS256_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri"})
@Test
public void privateKeyJwtAuthenticationMethodPS256(
        final String redirectUris, final String clientJwksUri, final String keyId, final String dnName,
        final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
    showTitle("privateKeyJwtAuthenticationMethodPS256");

    List<String> scopes = Arrays.asList("clientinfo");
    List<GrantType> grantTypes = Arrays.asList(
            GrantType.CLIENT_CREDENTIALS
    );

    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
            StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setScope(scopes);
    registerRequest.setGrantTypes(grantTypes);
    registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    registerRequest.setJwksUri(clientJwksUri);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);

    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();

    showClient(registerClient);
    assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
    assertNotNull(registerResponse.getClientId());
    assertNotNull(registerResponse.getClientSecret());
    assertNotNull(registerResponse.getRegistrationAccessToken());
    assertNotNull(registerResponse.getClientIdIssuedAt());
    assertNotNull(registerResponse.getClientSecretExpiresAt());

    String clientId = registerResponse.getClientId();

    // 2. Request Client Credentials Grant
    OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);

    TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
    tokenRequest.setScope("clientinfo");
    tokenRequest.setAuthUsername(clientId);
    tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    tokenRequest.setAlgorithm(SignatureAlgorithm.PS256);
    tokenRequest.setCryptoProvider(cryptoProvider);
    tokenRequest.setKeyId(keyId);
    tokenRequest.setAudience(tokenEndpoint);

    TokenClient tokenClient = new TokenClient(tokenEndpoint);
    tokenClient.setRequest(tokenRequest);
    TokenResponse tokenResponse = tokenClient.exec();

    showClient(tokenClient);
    assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus());
    assertNotNull(tokenResponse.getEntity());
    assertNotNull(tokenResponse.getAccessToken());
    assertNotNull(tokenResponse.getTokenType());
    assertNotNull(tokenResponse.getScope());
    assertNull(tokenResponse.getRefreshToken());

    String accessToken = tokenResponse.getAccessToken();

    // 3. Request client info
    ClientInfoClient clientInfoClient = new ClientInfoClient(clientInfoEndpoint);
    ClientInfoResponse clientInfoResponse = clientInfoClient.execClientInfo(accessToken);

    showClient(clientInfoClient);
    assertEquals(clientInfoResponse.getStatus(), 200, "Unexpected response code: " + clientInfoResponse.getStatus());
    assertNotNull(clientInfoResponse.getClaim("displayName"), "Unexpected result: displayName not found");
    assertNotNull(clientInfoResponse.getClaim("inum"), "Unexpected result: inum not found");
}
 

@Parameters({"redirectUris", "clientJwksUri", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri"})
@Test
public void privateKeyJwtAuthenticationMethodES256Fail(
        final String redirectUris, final String clientJwksUri, final String dnName, final String keyStoreFile,
        final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
    showTitle("privateKeyJwtAuthenticationMethodES256Fail");

    List<String> scopes = Arrays.asList("clientinfo");

    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
            StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setScope(scopes);
    registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    registerRequest.setJwksUri(clientJwksUri);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);

    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();

    showClient(registerClient);
    assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
    assertNotNull(registerResponse.getClientId());
    assertNotNull(registerResponse.getClientSecret());
    assertNotNull(registerResponse.getRegistrationAccessToken());
    assertNotNull(registerResponse.getClientIdIssuedAt());
    assertNotNull(registerResponse.getClientSecretExpiresAt());

    String clientId = registerResponse.getClientId();

    // 2. Request Client Credentials Grant
    OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);

    TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
    tokenRequest.setScope("clientinfo");
    tokenRequest.setAuthUsername(clientId);
    tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    tokenRequest.setAlgorithm(SignatureAlgorithm.ES256);
    tokenRequest.setCryptoProvider(cryptoProvider);
    tokenRequest.setKeyId("ES256SIG_INVALID_KEYID");
    tokenRequest.setAudience(tokenEndpoint);

    TokenClient tokenClient = new TokenClient(tokenEndpoint);
    tokenClient.setRequest(tokenRequest);
    TokenResponse tokenResponse = tokenClient.exec();

    showClient(tokenClient);
    assertEquals(tokenResponse.getStatus(), 401, "Unexpected response code: " + tokenResponse.getStatus());
    assertNotNull(tokenResponse.getErrorType());
    assertEquals(tokenResponse.getErrorType(), TokenErrorResponseType.INVALID_CLIENT);
    assertNotNull(tokenResponse.getErrorDescription());
}
 

@Parameters({"redirectUris", "clientJwksUri", "ES512_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri"})
@Test
public void privateKeyJwtAuthenticationMethodES512(
        final String redirectUris, final String clientJwksUri, final String keyId, final String dnName,
        final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
    showTitle("privateKeyJwtAuthenticationMethodES512");

    List<String> scopes = Arrays.asList("clientinfo");
    List<GrantType> grantTypes = Arrays.asList(
            GrantType.CLIENT_CREDENTIALS
    );

    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
            StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setScope(scopes);
    registerRequest.setGrantTypes(grantTypes);
    registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    registerRequest.setJwksUri(clientJwksUri);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);

    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();

    showClient(registerClient);
    assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
    assertNotNull(registerResponse.getClientId());
    assertNotNull(registerResponse.getClientSecret());
    assertNotNull(registerResponse.getRegistrationAccessToken());
    assertNotNull(registerResponse.getClientIdIssuedAt());
    assertNotNull(registerResponse.getClientSecretExpiresAt());

    String clientId = registerResponse.getClientId();

    // 2. Request Client Credentials Grant
    OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);

    TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
    tokenRequest.setScope("clientinfo");
    tokenRequest.setAuthUsername(clientId);
    tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    tokenRequest.setAlgorithm(SignatureAlgorithm.ES512);
    tokenRequest.setCryptoProvider(cryptoProvider);
    tokenRequest.setKeyId(keyId);
    tokenRequest.setAudience(tokenEndpoint);

    TokenClient tokenClient = new TokenClient(tokenEndpoint);
    tokenClient.setRequest(tokenRequest);
    TokenResponse tokenResponse = tokenClient.exec();

    showClient(tokenClient);
    assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus());
    assertNotNull(tokenResponse.getEntity());
    assertNotNull(tokenResponse.getAccessToken());
    assertNotNull(tokenResponse.getTokenType());
    assertNotNull(tokenResponse.getScope());
    assertNull(tokenResponse.getRefreshToken());

    String accessToken = tokenResponse.getAccessToken();

    // 3. Request client info
    ClientInfoClient clientInfoClient = new ClientInfoClient(clientInfoEndpoint);
    ClientInfoResponse clientInfoResponse = clientInfoClient.execClientInfo(accessToken);

    showClient(clientInfoClient);
    assertEquals(clientInfoResponse.getStatus(), 200, "Unexpected response code: " + clientInfoResponse.getStatus());
    assertNotNull(clientInfoResponse.getClaim("displayName"), "Unexpected result: displayName not found");
    assertNotNull(clientInfoResponse.getClaim("inum"), "Unexpected result: inum not found");
}
 

@Parameters({"redirectUris", "sectorIdentifierUri"})
@Test
public void clientSecretPostAuthenticationMethod(final String redirectUris, final String sectorIdentifierUri) throws Exception {
    showTitle("clientSecretPostAuthenticationMethod");

    List<String> scopes = Arrays.asList("clientinfo");
    List<GrantType> grantTypes = Arrays.asList(
            GrantType.CLIENT_CREDENTIALS
    );

    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
            StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setScope(scopes);
    registerRequest.setGrantTypes(grantTypes);
    registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.CLIENT_SECRET_POST);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);

    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();

    showClient(registerClient);
    assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
    assertNotNull(registerResponse.getClientId());
    assertNotNull(registerResponse.getClientSecret());
    assertNotNull(registerResponse.getRegistrationAccessToken());
    assertNotNull(registerResponse.getClientIdIssuedAt());
    assertNotNull(registerResponse.getClientSecretExpiresAt());

    String clientId = registerResponse.getClientId();
    String clientSecret = registerResponse.getClientSecret();

    // 2. Request Client Credentials Grant
    TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
    tokenRequest.setScope("clientinfo");
    tokenRequest.setAuthUsername(clientId);
    tokenRequest.setAuthPassword(clientSecret);
    tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_POST);

    TokenClient tokenClient = new TokenClient(tokenEndpoint);
    tokenClient.setRequest(tokenRequest);
    TokenResponse tokenResponse = tokenClient.exec();

    showClient(tokenClient);
    assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus());
    assertNotNull(tokenResponse.getEntity());
    assertNotNull(tokenResponse.getAccessToken());
    assertNotNull(tokenResponse.getTokenType());
    assertNotNull(tokenResponse.getScope());
    assertNull(tokenResponse.getRefreshToken());

    String accessToken = tokenResponse.getAccessToken();

    // 3. Request client info
    ClientInfoClient clientInfoClient = new ClientInfoClient(clientInfoEndpoint);
    ClientInfoResponse clientInfoResponse = clientInfoClient.execClientInfo(accessToken);

    showClient(clientInfoClient);
    assertEquals(clientInfoResponse.getStatus(), 200, "Unexpected response code: " + clientInfoResponse.getStatus());
    assertNotNull(clientInfoResponse.getClaim("displayName"), "Unexpected result: displayName not found");
    assertNotNull(clientInfoResponse.getClaim("inum"), "Unexpected result: inum not found");
}
 

@Parameters({"redirectUris", "sectorIdentifierUri"})
@Test
public void clientSecretBasicAuthenticationMethodFail(final String redirectUris, final String sectorIdentifierUri) throws Exception {
    showTitle("clientSecretBasicAuthenticationMethodFail");

    List<String> scopes = Arrays.asList("clientinfo");

    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
            StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setScope(scopes);
    registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.CLIENT_SECRET_BASIC);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);

    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();

    showClient(registerClient);
    assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
    assertNotNull(registerResponse.getClientId());
    assertNotNull(registerResponse.getClientSecret());
    assertNotNull(registerResponse.getRegistrationAccessToken());
    assertNotNull(registerResponse.getClientIdIssuedAt());
    assertNotNull(registerResponse.getClientSecretExpiresAt());

    String clientId = registerResponse.getClientId();

    // 2. Request Client Credentials Grant
    TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
    tokenRequest.setScope("clientinfo");
    tokenRequest.setAuthUsername(clientId);
    tokenRequest.setAuthPassword("INVALID_CLIENT_SECRET");
    tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_BASIC);

    TokenClient tokenClient = new TokenClient(tokenEndpoint);
    tokenClient.setRequest(tokenRequest);
    TokenResponse tokenResponse = tokenClient.exec();

    showClient(tokenClient);
    assertEquals(tokenResponse.getStatus(), 401, "Unexpected response code: " + tokenResponse.getStatus());
    assertNotNull(tokenResponse.getErrorType());
    assertEquals(tokenResponse.getErrorType(), TokenErrorResponseType.INVALID_CLIENT);
    assertNotNull(tokenResponse.getErrorDescription());
}
 

@Parameters({"redirectUris", "clientJwksUri", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri"})
@Test
public void privateKeyJwtAuthenticationMethodRS512Fail(
        final String redirectUris, final String clientJwksUri, final String dnName, final String keyStoreFile,
        final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
    showTitle("privateKeyJwtAuthenticationMethodRS512Fail");

    List<String> scopes = Arrays.asList("clientinfo");

    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
            StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setScope(scopes);
    registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    registerRequest.setJwksUri(clientJwksUri);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);

    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();

    showClient(registerClient);
    assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
    assertNotNull(registerResponse.getClientId());
    assertNotNull(registerResponse.getClientSecret());
    assertNotNull(registerResponse.getRegistrationAccessToken());
    assertNotNull(registerResponse.getClientIdIssuedAt());
    assertNotNull(registerResponse.getClientSecretExpiresAt());

    String clientId = registerResponse.getClientId();

    // 2. Request Client Credentials Grant
    OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);

    TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
    tokenRequest.setScope("clientinfo");
    tokenRequest.setAuthUsername(clientId);
    tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    tokenRequest.setAlgorithm(SignatureAlgorithm.RS512);
    tokenRequest.setCryptoProvider(cryptoProvider);
    tokenRequest.setKeyId("RS512SIG_INVALID_KEYID");
    tokenRequest.setAudience(tokenEndpoint);

    TokenClient tokenClient = new TokenClient(tokenEndpoint);
    tokenClient.setRequest(tokenRequest);
    TokenResponse tokenResponse = tokenClient.exec();

    showClient(tokenClient);
    assertEquals(tokenResponse.getStatus(), 401, "Unexpected response code: " + tokenResponse.getStatus());
    assertNotNull(tokenResponse.getErrorType());
    assertEquals(tokenResponse.getErrorType(), TokenErrorResponseType.INVALID_CLIENT);
    assertNotNull(tokenResponse.getErrorDescription());
}
 

@Parameters({"redirectUris", "clientJwksUri", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri"})
@Test
public void privateKeyJwtAuthenticationMethodPS384Fail(
        final String redirectUris, final String clientJwksUri, final String dnName, final String keyStoreFile,
        final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
    showTitle("privateKeyJwtAuthenticationMethodPS384Fail");

    List<String> scopes = Arrays.asList("clientinfo");

    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
            StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setScope(scopes);
    registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    registerRequest.setJwksUri(clientJwksUri);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);

    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();

    showClient(registerClient);
    assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
    assertNotNull(registerResponse.getClientId());
    assertNotNull(registerResponse.getClientSecret());
    assertNotNull(registerResponse.getRegistrationAccessToken());
    assertNotNull(registerResponse.getClientIdIssuedAt());
    assertNotNull(registerResponse.getClientSecretExpiresAt());

    String clientId = registerResponse.getClientId();

    // 2. Request Client Credentials Grant
    OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);

    TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
    tokenRequest.setScope("clientinfo");
    tokenRequest.setAuthUsername(clientId);
    tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    tokenRequest.setAlgorithm(SignatureAlgorithm.PS384);
    tokenRequest.setCryptoProvider(cryptoProvider);
    tokenRequest.setKeyId("PS384SIG_INVALID_KEYID");
    tokenRequest.setAudience(tokenEndpoint);

    TokenClient tokenClient = new TokenClient(tokenEndpoint);
    tokenClient.setRequest(tokenRequest);
    TokenResponse tokenResponse = tokenClient.exec();

    showClient(tokenClient);
    assertEquals(tokenResponse.getStatus(), 401, "Unexpected response code: " + tokenResponse.getStatus());
    assertNotNull(tokenResponse.getErrorType());
    assertEquals(tokenResponse.getErrorType(), TokenErrorResponseType.INVALID_CLIENT);
    assertNotNull(tokenResponse.getErrorDescription());
}
 

@Parameters({"redirectUris", "sectorIdentifierUri"})
@Test
public void defaultAuthenticationMethod(final String redirectUris, final String sectorIdentifierUri) throws Exception {
    showTitle("defaultAuthenticationMethod");

    List<String> scopes = Arrays.asList("clientinfo");
    List<GrantType> grantTypes = Arrays.asList(
            GrantType.CLIENT_CREDENTIALS
    );

    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
            StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setScope(scopes);
    registerRequest.setGrantTypes(grantTypes);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);

    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();

    showClient(registerClient);
    assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
    assertNotNull(registerResponse.getClientId());
    assertNotNull(registerResponse.getClientSecret());
    assertNotNull(registerResponse.getRegistrationAccessToken());
    assertNotNull(registerResponse.getClientIdIssuedAt());
    assertNotNull(registerResponse.getClientSecretExpiresAt());

    String clientId = registerResponse.getClientId();
    String clientSecret = registerResponse.getClientSecret();

    // 2. Request Client Credentials Grant
    TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
    tokenRequest.setScope("clientinfo");
    tokenRequest.setAuthUsername(clientId);
    tokenRequest.setAuthPassword(clientSecret);

    TokenClient tokenClient = new TokenClient(tokenEndpoint);
    tokenClient.setRequest(tokenRequest);
    TokenResponse tokenResponse = tokenClient.exec();

    showClient(tokenClient);
    assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus());
    assertNotNull(tokenResponse.getEntity());
    assertNotNull(tokenResponse.getAccessToken());
    assertNotNull(tokenResponse.getTokenType());
    assertNotNull(tokenResponse.getScope());
    assertNull(tokenResponse.getRefreshToken());

    String accessToken = tokenResponse.getAccessToken();

    // 3. Request client info
    ClientInfoClient clientInfoClient = new ClientInfoClient(clientInfoEndpoint);
    ClientInfoResponse clientInfoResponse = clientInfoClient.execClientInfo(accessToken);

    showClient(clientInfoClient);
    assertEquals(clientInfoResponse.getStatus(), 200, "Unexpected response code: " + clientInfoResponse.getStatus());
    assertNotNull(clientInfoResponse.getClaim("displayName"), "Unexpected result: displayName not found");
    assertNotNull(clientInfoResponse.getClaim("inum"), "Unexpected result: inum not found");
}