use of io.jans.as.client.AuthorizationResponse in project jans by JanssenProject.
the class SelectAccountHttpTest method selectAccount.
private AuthorizationResponse selectAccount(final String userId, final String userSecret, final String redirectUri, List<ResponseType> responseTypes, List<String> scopes, String clientId, String nonce) {
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
authorizationRequest.setPrompts(Lists.newArrayList(Prompt.SELECT_ACCOUNT));
String authorizationRequestUrl = authorizationEndpoint + "?" + authorizationRequest.getQueryString();
final SelectPage selectPage = SelectPage.navigate(pageConfig, authorizationRequestUrl);
final String currentUrl = driver.getCurrentUrl();
final LoginPage loginPage = selectPage.clickOnLoginAsAnotherUser();
loginPage.enterUsername(userId);
loginPage.enterPassword(userSecret);
loginPage.getLoginButton().click();
if (ENABLE_REDIRECT_TO_LOGIN_PAGE) {
loginPage.waitForPageSwitch(currentUrl);
}
String authorizationResponseStr = acceptAuthorization(driver, authorizationRequest.getRedirectUri());
AuthorizationResponse authorizationResponse = buildAuthorizationResponse(authorizationRequest, driver, authorizationResponseStr);
assertAuthorizationResponse(authorizationResponse, true);
return authorizationResponse;
}
use of io.jans.as.client.AuthorizationResponse in project jans by JanssenProject.
the class TokenBindingHttpTest method tokenBindingWithImplicitFlow.
@Parameters({ "userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri" })
@Test
public void tokenBindingWithImplicitFlow(final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri) throws Exception {
showTitle("tokenBindingWithImplicitFlow");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
List<GrantType> grantTypes = Arrays.asList(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS);
// 1. Register client
RegisterResponse registerResponse = registerClientInternal(redirectUri, responseTypes, grantTypes, sectorIdentifierUri);
String clientId = registerResponse.getClientId();
// 2. Request authorization
AuthorizationResponse authorizationResponse = requestAuthorization(userId, userSecret, redirectUri, responseTypes, clientId);
Jwt jwt = Jwt.parse(authorizationResponse.getIdToken());
Assert.assertEquals(EXPECTED_ID_HASH, jwt.getClaims().getClaimAsJSON(JwtClaimName.CNF).optString(JwtClaimName.TOKEN_BINDING_HASH));
}
use of io.jans.as.client.AuthorizationResponse in project jans by JanssenProject.
the class TokenBindingHttpTest method requestAuthorization.
private AuthorizationResponse requestAuthorization(final String userId, final String userSecret, final String redirectUri, List<ResponseType> responseTypes, String clientId, List<String> scopes) throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
authorizationRequest.setAuthUsername(userId);
authorizationRequest.setAuthPassword(userSecret);
authorizationRequest.getPrompts().add(Prompt.NONE);
AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
authorizeClient.setExecutor(new ApacheHttpClient43Engine(createHttpClientTrustAll()));
authorizeClient.setRequest(authorizationRequest);
authorizeClient.getHeaders().put("Sec-Token-Binding", ENCODED_TOKEN_BINDING_MESSAGE);
AuthorizationResponse authorizationResponse = authorizeClient.exec();
showClient(authorizeClient);
assertAuthorizationResponse(authorizationResponse, responseTypes, true);
assertNotNull(authorizationResponse.getIdToken(), "The id token must be null");
return authorizationResponse;
}
use of io.jans.as.client.AuthorizationResponse in project jans by JanssenProject.
the class AuthorizationResponseModeJwtResponseTypeTokenIdTokenSignedHttpTest method authorizationRequestObjectES256.
@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "clientJwksUri", "ES256_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
@Test
public void authorizationRequestObjectES256(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String clientJwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
showTitle("requestParameterMethodES256");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
// 1. Dynamic Client Registration
RegisterResponse registerResponse = registerClient(redirectUris, responseTypes, sectorIdentifierUri, clientJwksUri, SignatureAlgorithm.ES256, null, null);
String clientId = registerResponse.getClientId();
// 2. Request authorization
AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest request = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
request.setResponseMode(ResponseMode.JWT);
request.setState(state);
JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(request, SignatureAlgorithm.ES256, cryptoProvider);
jwtAuthorizationRequest.setKeyId(keyId);
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NAME, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NICKNAME, ClaimValue.createEssential(false)));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL_VERIFIED, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.PICTURE, ClaimValue.createEssential(false)));
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createNull()));
jwtAuthorizationRequest.getIdTokenMember().setMaxAge(86400);
String authJwt = jwtAuthorizationRequest.getEncodedJwt();
request.setRequest(authJwt);
AuthorizationResponse authorizationResponse = authorizationRequest(request, ResponseMode.FRAGMENT_JWT, userId, userSecret);
String accessToken = authorizationResponse.getAccessToken();
// 3. Request user info
UserInfoRequest userInfoRequest = new UserInfoRequest(accessToken);
UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
userInfoClient.setRequest(userInfoRequest);
userInfoClient.setJwksUri(jwksUri);
UserInfoResponse userInfoResponse = userInfoClient.exec();
showClient(userInfoClient);
assertUserInfoBasicResponseOk(userInfoResponse, 200);
assertUserInfoPersonalDataNotNull(userInfoResponse);
}
use of io.jans.as.client.AuthorizationResponse in project jans by JanssenProject.
the class AuthorizationResponseModeJwtResponseTypeTokenIdTokenSignedHttpTest method authorizationRequestObjectRS384.
@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "clientJwksUri", "RS384_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
@Test
public void authorizationRequestObjectRS384(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String clientJwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
showTitle("requestParameterMethodRS384");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
// 1. Dynamic Client Registration
RegisterResponse registerResponse = registerClient(redirectUris, responseTypes, sectorIdentifierUri, clientJwksUri, SignatureAlgorithm.RS384, null, null);
String clientId = registerResponse.getClientId();
// 2. Request authorization
AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest request = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
request.setResponseMode(ResponseMode.JWT);
request.setState(state);
JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(request, SignatureAlgorithm.RS384, cryptoProvider);
jwtAuthorizationRequest.setKeyId(keyId);
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NAME, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NICKNAME, ClaimValue.createEssential(false)));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL_VERIFIED, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.PICTURE, ClaimValue.createEssential(false)));
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createNull()));
jwtAuthorizationRequest.getIdTokenMember().setMaxAge(86400);
String authJwt = jwtAuthorizationRequest.getEncodedJwt();
request.setRequest(authJwt);
AuthorizationResponse authorizationResponse = authorizationRequest(request, ResponseMode.FRAGMENT_JWT, userId, userSecret);
String accessToken = authorizationResponse.getAccessToken();
// 3. Request user info
UserInfoRequest userInfoRequest = new UserInfoRequest(accessToken);
UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
userInfoClient.setRequest(userInfoRequest);
userInfoClient.setJwksUri(jwksUri);
UserInfoResponse userInfoResponse = userInfoClient.exec();
showClient(userInfoClient);
assertUserInfoBasicResponseOk(userInfoResponse, 200);
assertUserInfoPersonalDataNotNull(userInfoResponse);
}
Aggregations