Example 51 with Subject
use of com.nimbusds.oauth2.sdk.id.Subject in project vitam-ui by ProgrammeVitam.
the class CustomTokenValidatorTest method setUp.
@Before
public void setUp() {
configuration = mock(OidcConfiguration.class);
final OIDCProviderMetadata metadata = mock(OIDCProviderMetadata.class);
when(metadata.getIssuer()).thenReturn(new Issuer(ISSUER));
when(configuration.findProviderMetadata()).thenReturn(metadata);
when(configuration.getClientId()).thenReturn(CLIENT_ID);
when(configuration.getSecret()).thenReturn(CLIENT_SECRET);
when(metadata.getIDTokenJWSAlgs()).thenReturn(Arrays.asList(JWSAlgorithm.HS256));
generator = new JwtGenerator(new SecretSignatureConfiguration(CLIENT_SECRET, JWSAlgorithm.HS256));
claims = new HashMap<>();
claims.put("iss", ISSUER);
claims.put("sub", SUBJECT);
claims.put("aud", CLIENT_ID);
final long now = new Date().getTime() / 1000;
claims.put("exp", now + 1000);
claims.put("iat", now);
nonce = new Nonce();
claims.put("nonce", nonce.toString());
validator = new CustomTokenValidator(configuration);
}
Also used :
JwtGenerator(org.pac4j.jwt.profile.JwtGenerator)
Nonce(com.nimbusds.openid.connect.sdk.Nonce)
OidcConfiguration(org.pac4j.oidc.config.OidcConfiguration)
Issuer(com.nimbusds.oauth2.sdk.id.Issuer)
OIDCProviderMetadata(com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata)
SecretSignatureConfiguration(org.pac4j.jwt.config.signature.SecretSignatureConfiguration)
Date(java.util.Date)
Before(org.junit.Before)
Example 52 with Subject
use of com.nimbusds.oauth2.sdk.id.Subject in project product-is by wso2.
the class OIDCAuthzCodeIdTokenValidationTestCase method testAuthCodeGrantSendGetTokensPost.
@Test(groups = "wso2.is", description = "Send get access token request.", dependsOnMethods = "testAuthCodeGrantSendApprovalPost")
public void testAuthCodeGrantSendGetTokensPost() throws Exception {
ClientID clientID = new ClientID(consumerKey);
Secret clientSecret = new Secret(consumerSecret);
ClientSecretBasic clientSecretBasic = new ClientSecretBasic(clientID, clientSecret);
URI callbackURI = new URI(CALLBACK_URL);
AuthorizationCodeGrant authorizationCodeGrant = new AuthorizationCodeGrant(authorizationCode, callbackURI);
TokenRequest tokenReq = new TokenRequest(new URI(OAuth2Constant.ACCESS_TOKEN_ENDPOINT), clientSecretBasic, authorizationCodeGrant);
HTTPResponse tokenHTTPResp = tokenReq.toHTTPRequest().send();
Assert.assertNotNull(tokenHTTPResp, "Access token http response is null.");
TokenResponse tokenResponse = OIDCTokenResponseParser.parse(tokenHTTPResp);
Assert.assertNotNull(tokenResponse, "Access token response is null.");
Assert.assertFalse(tokenResponse instanceof TokenErrorResponse, "Access token response contains errors.");
OIDCTokenResponse oidcTokenResponse = (OIDCTokenResponse) tokenResponse;
OIDCTokens oidcTokens = oidcTokenResponse.getOIDCTokens();
Assert.assertNotNull(oidcTokens, "OIDC Tokens object is null.");
idToken = oidcTokens.getIDTokenString();
Assert.assertNotNull(idToken, "ID token is null");
JWTClaimsSet jwtClaimsSet = SignedJWT.parse(idToken).getJWTClaimsSet();
Assert.assertEquals(jwtClaimsSet.getClaim("nonce"), TEST_NONCE, "Invalid nonce received.");
Assert.assertEquals(jwtClaimsSet.getSubject(), userId, "Invalid subject received.");
Assert.assertEquals(jwtClaimsSet.getIssuer(), "https://localhost:9853/oauth2/token", "Invalid issuer received.");
}
Also used :
Secret(com.nimbusds.oauth2.sdk.auth.Secret)
TokenErrorResponse(com.nimbusds.oauth2.sdk.TokenErrorResponse)
OIDCTokenResponse(com.nimbusds.openid.connect.sdk.OIDCTokenResponse)
TokenResponse(com.nimbusds.oauth2.sdk.TokenResponse)
AuthorizationCodeGrant(com.nimbusds.oauth2.sdk.AuthorizationCodeGrant)
JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet)
HTTPResponse(com.nimbusds.oauth2.sdk.http.HTTPResponse)
OIDCTokenResponse(com.nimbusds.openid.connect.sdk.OIDCTokenResponse)
OIDCTokens(com.nimbusds.openid.connect.sdk.token.OIDCTokens)
TokenRequest(com.nimbusds.oauth2.sdk.TokenRequest)
ClientID(com.nimbusds.oauth2.sdk.id.ClientID)
URI(java.net.URI)
ClientSecretBasic(com.nimbusds.oauth2.sdk.auth.ClientSecretBasic)
Test(org.testng.annotations.Test)
OAuth2ServiceAbstractIntegrationTest(org.wso2.identity.integration.test.oauth2.OAuth2ServiceAbstractIntegrationTest)
Example 53 with Subject
use of com.nimbusds.oauth2.sdk.id.Subject in project Kustvakt by KorAP.
the class OpenIdTokenService method createIdTokenClaims.
private JWTClaimsSet createIdTokenClaims(String client_id, String username, ZonedDateTime authenticationTime, String nonce) throws KustvaktException {
// A locally unique and never reassigned identifier within the
// Issuer for the End-User
Subject sub = new Subject(username);
Issuer iss = new Issuer(config.getIssuerURI());
Audience aud = new Audience(client_id);
ArrayList<Audience> audList = new ArrayList<Audience>(1);
audList.add(aud);
Date iat = TimeUtils.getNow().toDate();
Date exp = TimeUtils.getNow().plusSeconds(config.getTokenTTL()).toDate();
IDTokenClaimsSet claims = new IDTokenClaimsSet(iss, sub, audList, exp, iat);
Date authTime = Date.from(authenticationTime.toInstant());
claims.setAuthenticationTime(authTime);
if (nonce != null && !nonce.isEmpty()) {
claims.setNonce(new Nonce(nonce));
}
try {
return claims.toJWTClaimsSet();
} catch (ParseException e) {
throw new KustvaktException(StatusCodes.ID_TOKEN_CLAIM_ERROR, e.getMessage());
}
}
Also used :
Nonce(com.nimbusds.openid.connect.sdk.Nonce)
KustvaktException(de.ids_mannheim.korap.exceptions.KustvaktException)
Issuer(com.nimbusds.oauth2.sdk.id.Issuer)
Audience(com.nimbusds.oauth2.sdk.id.Audience)
ArrayList(java.util.ArrayList)
IDTokenClaimsSet(com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet)
ParseException(com.nimbusds.oauth2.sdk.ParseException)
Subject(com.nimbusds.oauth2.sdk.id.Subject)
Date(java.util.Date)
Example 54 with Subject
use of com.nimbusds.oauth2.sdk.id.Subject in project OpenConext-oidcng by OpenConext.
the class TokenEndpointTest method clientSecretJWT.
private ClientSecretJWT clientSecretJWT(String issuer, String tokenEndPoint, String secret, Date expiration) throws JOSEException {
// Issuer and subject in client JWT assertion must designate the same client identifier
JWTAssertionDetails jwtAssertionDetails = new JWTAssertionDetails(new Issuer(issuer), new Subject(issuer), Audience.create(tokenEndPoint), expiration, null, null, null, null);
SignedJWT signedJWT = JWTAssertionFactory.create(jwtAssertionDetails, JWSAlgorithm.HS256, new Secret(secret));
return new ClientSecretJWT(signedJWT);
}
Also used :
Secret(com.nimbusds.oauth2.sdk.auth.Secret)
Issuer(com.nimbusds.oauth2.sdk.id.Issuer)
ClientSecretJWT(com.nimbusds.oauth2.sdk.auth.ClientSecretJWT)
SignedJWT(com.nimbusds.jwt.SignedJWT)
JWTAssertionDetails(com.nimbusds.oauth2.sdk.assertions.jwt.JWTAssertionDetails)
Subject(com.nimbusds.oauth2.sdk.id.Subject)
Example 55 with Subject
use of com.nimbusds.oauth2.sdk.id.Subject in project asgardeo-java-oidc-sdk by asgardeo.
the class IDTokenValidatorTest method testAudience.
@Test(dataProvider = "AudienceData")
public void testAudience(List<String> audience, Set<String> trustedAudience, String clientID, String azpValue) throws SSOAgentServerException, JOSEException {
Nonce nonce = new Nonce();
config.setTrustedAudience(trustedAudience);
config.setConsumerKey(new ClientID(clientID));
JWTClaimsSet claims = new JWTClaimsSet.Builder().issuer(config.getIssuer().getValue()).subject("alice").audience(audience).expirationTime(new Date()).issueTime(new Date()).claim("nonce", nonce.getValue()).claim("azp", azpValue).build();
SignedJWT idToken = new SignedJWT(new JWSHeader(JWSAlgorithm.RS256), claims);
JWSSigner signer = new RSASSASigner(key);
idToken.sign(signer);
IDTokenValidator validator = new IDTokenValidator(config, idToken);
IDTokenClaimsSet claimsSet = validator.validate(nonce);
List<Audience> audiences = claimsSet.getAudience();
audiences.forEach(aud -> assertTrue(trustedAudience.contains(aud.getValue())));
}
Also used :
Audience(com.nimbusds.oauth2.sdk.id.Audience)
SignedJWT(com.nimbusds.jwt.SignedJWT)
IDTokenClaimsSet(com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet)
Date(java.util.Date)
Nonce(com.nimbusds.openid.connect.sdk.Nonce)
JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet)
RSASSASigner(com.nimbusds.jose.crypto.RSASSASigner)
ClientID(com.nimbusds.oauth2.sdk.id.ClientID)
JWSSigner(com.nimbusds.jose.JWSSigner)
JWSHeader(com.nimbusds.jose.JWSHeader)
Test(org.testng.annotations.Test)
Aggregations
Subject (com.nimbusds.oauth2.sdk.id.Subject)59
Test (org.junit.jupiter.api.Test)36
SignedJWT (com.nimbusds.jwt.SignedJWT)22
Date (java.util.Date)22
ApiGatewayHandlerIntegrationTest (uk.gov.di.authentication.sharedtest.basetest.ApiGatewayHandlerIntegrationTest)19
UserProfile (uk.gov.di.authentication.shared.entity.UserProfile)18
KeyPair (java.security.KeyPair)16
BearerAccessToken (com.nimbusds.oauth2.sdk.token.BearerAccessToken)15
JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)13
ParseException (com.nimbusds.oauth2.sdk.ParseException)12
Scope (com.nimbusds.oauth2.sdk.Scope)12
APIGatewayProxyRequestEvent (com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent)11
APIGatewayProxyResponseEvent (com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent)11
AccessToken (com.nimbusds.oauth2.sdk.token.AccessToken)10
ECKeyGenerator (com.nimbusds.jose.jwk.gen.ECKeyGenerator)9
ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)9
ECDSASigner (com.nimbusds.jose.crypto.ECDSASigner)8
Issuer (com.nimbusds.oauth2.sdk.id.Issuer)8
IDTokenClaimsSet (com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet)8
LocalDateTime (java.time.LocalDateTime)8
