use of io.jans.as.client.AuthorizationResponse in project jans by JanssenProject.
the class OpenIDRequestObjectHttpTest method requestParameterMethodRS384X509Cert.
@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "clientJwksUri", "RS384_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
@Test
public void requestParameterMethodRS384X509Cert(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String jwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
showTitle("requestParameterMethodRS384X509Cert");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
// 1. Dynamic Client Registration
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setJwksUri(jwksUri);
registerRequest.setRequestObjectSigningAlg(SignatureAlgorithm.RS384);
registerRequest.addCustomAttribute("jansTrustedClnt", "true");
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse response = registerClient.exec();
showClient(registerClient);
assertRegisterResponseOk(response, 201, true);
String clientId = response.getClientId();
// 2. Request authorization
AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest request = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
request.setState(state);
request.setAuthUsername(userId);
request.setAuthPassword(userSecret);
request.getPrompts().add(Prompt.NONE);
JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(request, SignatureAlgorithm.RS384, cryptoProvider);
jwtAuthorizationRequest.setKeyId(keyId);
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NAME, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NICKNAME, ClaimValue.createEssential(false)));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL_VERIFIED, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.PICTURE, ClaimValue.createEssential(false)));
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createNull()));
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_CONTEXT_CLASS_REFERENCE, ClaimValue.createValueList(new String[] { ACR_VALUE })));
jwtAuthorizationRequest.getIdTokenMember().setMaxAge(86400);
String authJwt = jwtAuthorizationRequest.getEncodedJwt();
request.setRequest(authJwt);
AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
authorizeClient.setRequest(request);
AuthorizationResponse response1 = authorizeClient.exec();
showClient(authorizeClient);
assertEquals(response1.getStatus(), 302, "Unexpected response code: " + response1.getStatus());
assertNotNull(response1.getLocation(), "The location is null");
assertNotNull(response1.getAccessToken(), "The accessToken is null");
assertNotNull(response1.getTokenType(), "The tokenType is null");
assertNotNull(response1.getIdToken(), "The idToken is null");
assertNotNull(response1.getState(), "The state is null");
String accessToken = response1.getAccessToken();
// 3. Request user info
UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
UserInfoResponse response3 = userInfoClient.execUserInfo(accessToken);
showClient(userInfoClient);
assertUserInfoBasicMinimumResponseOk(response3, 200);
assertUserInfoPersonalDataNotNull(response3);
}
use of io.jans.as.client.AuthorizationResponse in project jans by JanssenProject.
the class OpenIDRequestObjectHttpTest method requestParameterMethodAlgA256KWEncA256GCM.
@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "sectorIdentifierUri" })
@Test
public void requestParameterMethodAlgA256KWEncA256GCM(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String sectorIdentifierUri) {
try {
showTitle("requestParameterMethodAlgA256KWEncA256GCM");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
// 1. Dynamic Client Registration
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.addCustomAttribute("jansTrustedClnt", "true");
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse response = registerClient.exec();
showClient(registerClient);
assertRegisterResponseOk(response, 201, true);
String clientId = response.getClientId();
String clientSecret = response.getClientSecret();
// 2. Request authorization
List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest request = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
request.setState(state);
request.setAuthUsername(userId);
request.setAuthPassword(userSecret);
request.getPrompts().add(Prompt.NONE);
JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(request, KeyEncryptionAlgorithm.A256KW, BlockEncryptionAlgorithm.A256GCM, clientSecret);
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NAME, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NICKNAME, ClaimValue.createEssential(false)));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL_VERIFIED, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.PICTURE, ClaimValue.createEssential(false)));
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createNull()));
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_CONTEXT_CLASS_REFERENCE, ClaimValue.createValueList(new String[] { ACR_VALUE })));
jwtAuthorizationRequest.getIdTokenMember().setMaxAge(86400);
String authJwt = jwtAuthorizationRequest.getEncodedJwt();
request.setRequest(authJwt);
AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
authorizeClient.setRequest(request);
AuthorizationResponse response1 = authorizeClient.exec();
showClient(authorizeClient);
assertEquals(response1.getStatus(), 302, "Unexpected response code: " + response1.getStatus());
assertNotNull(response1.getLocation(), "The location is null");
assertNotNull(response1.getAccessToken(), "The accessToken is null");
assertNotNull(response1.getTokenType(), "The tokenType is null");
assertNotNull(response1.getIdToken(), "The idToken is null");
assertNotNull(response1.getState(), "The state is null");
String accessToken = response1.getAccessToken();
// 3. Request user info
UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
UserInfoResponse response3 = userInfoClient.execUserInfo(accessToken);
showClient(userInfoClient);
assertUserInfoBasicMinimumResponseOk(response3, 200);
assertUserInfoPersonalDataNotNull(response3);
assertNotNull(response3.getClaim(JwtClaimName.ADDRESS));
} catch (Exception e) {
fail(e.getMessage(), e);
}
}
use of io.jans.as.client.AuthorizationResponse in project jans by JanssenProject.
the class OpenIDRequestObjectHttpTest method requestParameterMethodPS384.
@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "clientJwksUri", "PS384_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
@Test
public void requestParameterMethodPS384(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String jwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
showTitle("requestParameterMethodPS384");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
// 1. Dynamic Client Registration
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setJwksUri(jwksUri);
registerRequest.setRequestObjectSigningAlg(SignatureAlgorithm.PS384);
registerRequest.addCustomAttribute("jansTrustedClnt", "true");
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse response = registerClient.exec();
showClient(registerClient);
assertRegisterResponseOk(response, 201, true);
String clientId = response.getClientId();
// 2. Request authorization
AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest request = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
request.setState(state);
request.setAuthUsername(userId);
request.setAuthPassword(userSecret);
request.getPrompts().add(Prompt.NONE);
JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(request, SignatureAlgorithm.PS384, cryptoProvider);
jwtAuthorizationRequest.setKeyId(keyId);
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NAME, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NICKNAME, ClaimValue.createEssential(false)));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL_VERIFIED, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.PICTURE, ClaimValue.createEssential(false)));
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createNull()));
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_CONTEXT_CLASS_REFERENCE, ClaimValue.createValueList(new String[] { ACR_VALUE })));
jwtAuthorizationRequest.getIdTokenMember().setMaxAge(86400);
String authJwt = jwtAuthorizationRequest.getEncodedJwt();
request.setRequest(authJwt);
AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
authorizeClient.setRequest(request);
AuthorizationResponse response1 = authorizeClient.exec();
showClient(authorizeClient);
assertEquals(response1.getStatus(), 302, "Unexpected response code: " + response1.getStatus());
assertNotNull(response1.getLocation(), "The location is null");
assertNotNull(response1.getAccessToken(), "The accessToken is null");
assertNotNull(response1.getTokenType(), "The tokenType is null");
assertNotNull(response1.getIdToken(), "The idToken is null");
assertNotNull(response1.getState(), "The state is null");
String accessToken = response1.getAccessToken();
// 3. Request user info
UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
UserInfoResponse response3 = userInfoClient.execUserInfo(accessToken);
showClient(userInfoClient);
assertUserInfoBasicMinimumResponseOk(response3, 200);
assertUserInfoPersonalDataNotNull(response3);
}
use of io.jans.as.client.AuthorizationResponse in project jans by JanssenProject.
the class OpenIDRequestObjectHttpTest method requestParameterMethodES384X509Cert.
@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "clientJwksUri", "ES384_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
@Test
public void requestParameterMethodES384X509Cert(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String jwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
showTitle("requestParameterMethodES384X509Cert");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
// 1. Dynamic Client Registration
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setJwksUri(jwksUri);
registerRequest.setRequestObjectSigningAlg(SignatureAlgorithm.ES384);
registerRequest.addCustomAttribute("jansTrustedClnt", "true");
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse response = registerClient.exec();
showClient(registerClient);
assertRegisterResponseOk(response, 201, true);
String clientId = response.getClientId();
// 2. Request authorization
AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest request = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
request.setState(state);
request.setAuthUsername(userId);
request.setAuthPassword(userSecret);
request.getPrompts().add(Prompt.NONE);
JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(request, SignatureAlgorithm.ES384, cryptoProvider);
jwtAuthorizationRequest.setKeyId(keyId);
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NAME, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NICKNAME, ClaimValue.createEssential(false)));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL_VERIFIED, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.PICTURE, ClaimValue.createEssential(false)));
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createNull()));
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_CONTEXT_CLASS_REFERENCE, ClaimValue.createValueList(new String[] { ACR_VALUE })));
jwtAuthorizationRequest.getIdTokenMember().setMaxAge(86400);
String authJwt = jwtAuthorizationRequest.getEncodedJwt();
request.setRequest(authJwt);
AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
authorizeClient.setRequest(request);
AuthorizationResponse response1 = authorizeClient.exec();
showClient(authorizeClient);
assertEquals(response1.getStatus(), 302, "Unexpected response code: " + response1.getStatus());
assertNotNull(response1.getLocation(), "The location is null");
assertNotNull(response1.getAccessToken(), "The accessToken is null");
assertNotNull(response1.getTokenType(), "The tokenType is null");
assertNotNull(response1.getIdToken(), "The idToken is null");
assertNotNull(response1.getState(), "The state is null");
String accessToken = response1.getAccessToken();
// 3. Request user info
UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
UserInfoResponse response3 = userInfoClient.execUserInfo(accessToken);
showClient(userInfoClient);
assertUserInfoBasicMinimumResponseOk(response3, 200);
assertUserInfoPersonalDataNotNull(response3);
assertNotNull(response3.getClaim(JwtClaimName.ADDRESS));
}
use of io.jans.as.client.AuthorizationResponse in project jans by JanssenProject.
the class ResponseTypesRestrictionHttpTest method responseTypesTokenIdToken.
@Parameters({ "redirectUris", "userId", "userSecret", "redirectUri", "sectorIdentifierUri" })
@Test
public void responseTypesTokenIdToken(final String redirectUris, final String userId, final String userSecret, final String redirectUri, final String sectorIdentifierUri) throws Exception {
showTitle("responseTypesTokenIdToken");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertRegisterResponseOk(registerResponse, 201, true);
String clientId = registerResponse.getClientId();
String registrationAccessToken = registerResponse.getRegistrationAccessToken();
String registrationClientUri = registerResponse.getRegistrationClientUri();
// 2. Client read
RegisterRequest readClientRequest = new RegisterRequest(registrationAccessToken);
RegisterClient readClient = new RegisterClient(registrationClientUri);
readClient.setRequest(readClientRequest);
RegisterResponse readClientResponse = readClient.exec();
showClient(readClient);
assertRegisterResponseOk(readClientResponse, 200, false);
assertRegisterResponseClaimsNotNull(readClientResponse, RESPONSE_TYPES, REDIRECT_URIS.APPLICATION_TYPE, CLIENT_NAME, ID_TOKEN_SIGNED_RESPONSE_ALG, SCOPE);
// 3. Request authorization
List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
assertAuthorizationResponse(authorizationResponse, responseTypes, true);
String accessToken = authorizationResponse.getAccessToken();
String idToken = authorizationResponse.getIdToken();
// 4. Validate code and id_token
Jwt jwt = Jwt.parse(idToken);
assertJwtStandarClaimsNotNull(jwt, true);
RSAPublicKey publicKey = JwkClient.getRSAPublicKey(jwksUri, jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID));
RSASigner rsaSigner = new RSASigner(SignatureAlgorithm.RS256, publicKey);
assertTrue(rsaSigner.validate(jwt));
assertTrue(rsaSigner.validateAccessToken(accessToken, jwt));
}
Aggregations