Example 21 with BackchannelAuthenticationResponse
use of io.jans.as.client.BackchannelAuthenticationResponse in project jans by JanssenProject.
the class BackchannelAuthenticationPollMode method backchannelTokenDeliveryModePollIdTokenHintES384.
@Parameters({ "clientJwksUri", "backchannelUserCode", "ES384_keyId", "dnName", "keyStoreFile", "keyStoreSecret" })
@Test(dependsOnMethods = "idTokenHintES384")
public void backchannelTokenDeliveryModePollIdTokenHintES384(final String clientJwksUri, final String backchannelUserCode, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws Exception {
showTitle("backchannelTokenDeliveryModePollIdTokenHintES384");
// 1. Dynamic Client Registration
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", null);
registerRequest.setJwksUri(clientJwksUri);
registerRequest.setGrantTypes(Collections.singletonList(GrantType.CIBA));
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
registerRequest.setTokenEndpointAuthSigningAlg(SignatureAlgorithm.ES384);
registerRequest.setBackchannelTokenDeliveryMode(BackchannelTokenDeliveryMode.POLL);
registerRequest.setBackchannelAuthenticationRequestSigningAlg(AsymmetricSignatureAlgorithm.ES384);
registerRequest.setBackchannelUserCodeParameter(true);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertRegisterResponseOk(registerResponse, 201, true);
assertRegisterResponseClaimsBackChannel(registerResponse, AsymmetricSignatureAlgorithm.ES384, BackchannelTokenDeliveryMode.POLL, true);
String clientId = registerResponse.getClientId();
// 2. Authentication Request
AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
String clientNotificationToken = UUID.randomUUID().toString();
BackchannelAuthenticationRequest backchannelAuthenticationRequest = new BackchannelAuthenticationRequest();
backchannelAuthenticationRequest.setScope(Collections.singletonList("openid"));
backchannelAuthenticationRequest.setIdTokenHint(idTokenHintES384);
backchannelAuthenticationRequest.setClientNotificationToken(clientNotificationToken);
backchannelAuthenticationRequest.setUserCode(backchannelUserCode);
backchannelAuthenticationRequest.setRequestedExpiry(1200);
backchannelAuthenticationRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
backchannelAuthenticationRequest.setAlgorithm(SignatureAlgorithm.ES384);
backchannelAuthenticationRequest.setCryptoProvider(cryptoProvider);
backchannelAuthenticationRequest.setKeyId(keyId);
backchannelAuthenticationRequest.setAudience(tokenEndpoint);
backchannelAuthenticationRequest.setAuthUsername(clientId);
BackchannelAuthenticationClient backchannelAuthenticationClient = new BackchannelAuthenticationClient(backchannelAuthenticationEndpoint);
backchannelAuthenticationClient.setRequest(backchannelAuthenticationRequest);
BackchannelAuthenticationResponse backchannelAuthenticationResponse = backchannelAuthenticationClient.exec();
showClient(backchannelAuthenticationClient);
assertBackchannelAuthentication(backchannelAuthenticationResponse, true);
}
Also used :
RegisterRequest(io.jans.as.client.RegisterRequest)
RegisterResponse(io.jans.as.client.RegisterResponse)
BackchannelAuthenticationResponse(io.jans.as.client.BackchannelAuthenticationResponse)
RegisterClient(io.jans.as.client.RegisterClient)
BackchannelAuthenticationClient(io.jans.as.client.BackchannelAuthenticationClient)
BackchannelAuthenticationRequest(io.jans.as.client.BackchannelAuthenticationRequest)
AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider)
Parameters(org.testng.annotations.Parameters)
Test(org.testng.annotations.Test)
BaseTest(io.jans.as.client.BaseTest)
Example 22 with BackchannelAuthenticationResponse
use of io.jans.as.client.BackchannelAuthenticationResponse in project jans by JanssenProject.
the class BackchannelAuthenticationPollMode method backchannelTokenDeliveryModePollLoginHintTokenRS384.
@Parameters({ "clientJwksUri", "backchannelUserCode" })
@Test(dependsOnMethods = "loginHintTokenRS384")
public void backchannelTokenDeliveryModePollLoginHintTokenRS384(final String clientJwksUri, final String backchannelUserCode) {
showTitle("backchannelTokenDeliveryModePollLoginHintTokenRS384");
// 1. Dynamic Client Registration
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", null);
registerRequest.setJwksUri(clientJwksUri);
registerRequest.setGrantTypes(Collections.singletonList(GrantType.CIBA));
registerRequest.setBackchannelTokenDeliveryMode(BackchannelTokenDeliveryMode.POLL);
registerRequest.setBackchannelAuthenticationRequestSigningAlg(AsymmetricSignatureAlgorithm.RS384);
registerRequest.setBackchannelUserCodeParameter(true);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertRegisterResponseOk(registerResponse, 201, true);
assertRegisterResponseClaimsBackChannel(registerResponse, AsymmetricSignatureAlgorithm.RS384, BackchannelTokenDeliveryMode.POLL, true);
String clientId = registerResponse.getClientId();
String clientSecret = registerResponse.getClientSecret();
// 2. Authentication Request
String clientNotificationToken = UUID.randomUUID().toString();
BackchannelAuthenticationRequest backchannelAuthenticationRequest = new BackchannelAuthenticationRequest();
backchannelAuthenticationRequest.setScope(Collections.singletonList("openid"));
backchannelAuthenticationRequest.setLoginHintToken(loginHintTokenRS384);
backchannelAuthenticationRequest.setClientNotificationToken(clientNotificationToken);
backchannelAuthenticationRequest.setUserCode(backchannelUserCode);
backchannelAuthenticationRequest.setRequestedExpiry(1200);
backchannelAuthenticationRequest.setAuthUsername(clientId);
backchannelAuthenticationRequest.setAuthPassword(clientSecret);
BackchannelAuthenticationClient backchannelAuthenticationClient = new BackchannelAuthenticationClient(backchannelAuthenticationEndpoint);
backchannelAuthenticationClient.setRequest(backchannelAuthenticationRequest);
BackchannelAuthenticationResponse backchannelAuthenticationResponse = backchannelAuthenticationClient.exec();
showClient(backchannelAuthenticationClient);
assertBackchannelAuthentication(backchannelAuthenticationResponse, true);
}
Also used :
RegisterRequest(io.jans.as.client.RegisterRequest)
RegisterResponse(io.jans.as.client.RegisterResponse)
BackchannelAuthenticationResponse(io.jans.as.client.BackchannelAuthenticationResponse)
RegisterClient(io.jans.as.client.RegisterClient)
BackchannelAuthenticationClient(io.jans.as.client.BackchannelAuthenticationClient)
BackchannelAuthenticationRequest(io.jans.as.client.BackchannelAuthenticationRequest)
Parameters(org.testng.annotations.Parameters)
Test(org.testng.annotations.Test)
BaseTest(io.jans.as.client.BaseTest)
Example 23 with BackchannelAuthenticationResponse
use of io.jans.as.client.BackchannelAuthenticationResponse in project jans by JanssenProject.
the class BackchannelAuthenticationPollMode method backchannelTokenDeliveryModePollFail1.
@Parameters({ "clientJwksUri" })
@Test
public void backchannelTokenDeliveryModePollFail1(final String clientJwksUri) {
showTitle("backchannelTokenDeliveryModePollFail1");
// 1. Dynamic Client Registration
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", null);
registerRequest.setJwksUri(clientJwksUri);
registerRequest.setGrantTypes(Collections.singletonList(GrantType.CIBA));
registerRequest.setBackchannelTokenDeliveryMode(BackchannelTokenDeliveryMode.POLL);
registerRequest.setBackchannelAuthenticationRequestSigningAlg(AsymmetricSignatureAlgorithm.RS256);
registerRequest.setBackchannelUserCodeParameter(true);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertRegisterResponseOk(registerResponse, 201, true);
assertRegisterResponseClaimsBackChannel(registerResponse, AsymmetricSignatureAlgorithm.RS256, BackchannelTokenDeliveryMode.POLL, true);
// 2. Authentication Request
BackchannelAuthenticationRequest backchannelAuthenticationRequest = new BackchannelAuthenticationRequest();
BackchannelAuthenticationClient backchannelAuthenticationClient = new BackchannelAuthenticationClient(backchannelAuthenticationEndpoint);
backchannelAuthenticationClient.setRequest(backchannelAuthenticationRequest);
BackchannelAuthenticationResponse backchannelAuthenticationResponse = backchannelAuthenticationClient.exec();
showClient(backchannelAuthenticationClient);
assertBackchannelAuthenticationFail(backchannelAuthenticationResponse, 400, BackchannelAuthenticationErrorResponseType.INVALID_REQUEST);
}
Also used :
RegisterRequest(io.jans.as.client.RegisterRequest)
RegisterResponse(io.jans.as.client.RegisterResponse)
BackchannelAuthenticationResponse(io.jans.as.client.BackchannelAuthenticationResponse)
RegisterClient(io.jans.as.client.RegisterClient)
BackchannelAuthenticationClient(io.jans.as.client.BackchannelAuthenticationClient)
BackchannelAuthenticationRequest(io.jans.as.client.BackchannelAuthenticationRequest)
Parameters(org.testng.annotations.Parameters)
Test(org.testng.annotations.Test)
BaseTest(io.jans.as.client.BaseTest)
Example 24 with BackchannelAuthenticationResponse
use of io.jans.as.client.BackchannelAuthenticationResponse in project jans by JanssenProject.
the class BackchannelAuthenticationPollMode method backchannelTokenDeliveryModePollIdTokenHintRS512.
@Parameters({ "clientJwksUri", "backchannelUserCode", "RS512_keyId", "dnName", "keyStoreFile", "keyStoreSecret" })
@Test(dependsOnMethods = "idTokenHintRS512")
public void backchannelTokenDeliveryModePollIdTokenHintRS512(final String clientJwksUri, final String backchannelUserCode, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws Exception {
showTitle("backchannelTokenDeliveryModePollIdTokenHintRS512");
// 1. Dynamic Client Registration
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", null);
registerRequest.setJwksUri(clientJwksUri);
registerRequest.setGrantTypes(Collections.singletonList(GrantType.CIBA));
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
registerRequest.setTokenEndpointAuthSigningAlg(SignatureAlgorithm.RS512);
registerRequest.setBackchannelTokenDeliveryMode(BackchannelTokenDeliveryMode.POLL);
registerRequest.setBackchannelAuthenticationRequestSigningAlg(AsymmetricSignatureAlgorithm.RS512);
registerRequest.setBackchannelUserCodeParameter(true);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertRegisterResponseOk(registerResponse, 201, true);
assertRegisterResponseClaimsBackChannel(registerResponse, AsymmetricSignatureAlgorithm.RS512, BackchannelTokenDeliveryMode.POLL, true);
String clientId = registerResponse.getClientId();
// 2. Authentication Request
AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
String clientNotificationToken = UUID.randomUUID().toString();
BackchannelAuthenticationRequest backchannelAuthenticationRequest = new BackchannelAuthenticationRequest();
backchannelAuthenticationRequest.setScope(Collections.singletonList("openid"));
backchannelAuthenticationRequest.setIdTokenHint(idTokenHintRS512);
backchannelAuthenticationRequest.setClientNotificationToken(clientNotificationToken);
backchannelAuthenticationRequest.setUserCode(backchannelUserCode);
backchannelAuthenticationRequest.setRequestedExpiry(1200);
backchannelAuthenticationRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
backchannelAuthenticationRequest.setAlgorithm(SignatureAlgorithm.RS512);
backchannelAuthenticationRequest.setCryptoProvider(cryptoProvider);
backchannelAuthenticationRequest.setKeyId(keyId);
backchannelAuthenticationRequest.setAudience(tokenEndpoint);
backchannelAuthenticationRequest.setAuthUsername(clientId);
BackchannelAuthenticationClient backchannelAuthenticationClient = new BackchannelAuthenticationClient(backchannelAuthenticationEndpoint);
backchannelAuthenticationClient.setRequest(backchannelAuthenticationRequest);
BackchannelAuthenticationResponse backchannelAuthenticationResponse = backchannelAuthenticationClient.exec();
showClient(backchannelAuthenticationClient);
assertBackchannelAuthentication(backchannelAuthenticationResponse, true);
}
Also used :
RegisterRequest(io.jans.as.client.RegisterRequest)
RegisterResponse(io.jans.as.client.RegisterResponse)
BackchannelAuthenticationResponse(io.jans.as.client.BackchannelAuthenticationResponse)
RegisterClient(io.jans.as.client.RegisterClient)
BackchannelAuthenticationClient(io.jans.as.client.BackchannelAuthenticationClient)
BackchannelAuthenticationRequest(io.jans.as.client.BackchannelAuthenticationRequest)
AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider)
Parameters(org.testng.annotations.Parameters)
Test(org.testng.annotations.Test)
BaseTest(io.jans.as.client.BaseTest)
Example 25 with BackchannelAuthenticationResponse
use of io.jans.as.client.BackchannelAuthenticationResponse in project jans by JanssenProject.
the class BackchannelAuthenticationPollMode method backchannelTokenDeliveryModePollFail7.
@Parameters({ "clientJwksUri", "userId", "backchannelUserCode" })
@Test
public void backchannelTokenDeliveryModePollFail7(final String clientJwksUri, final String userId, final String backchannelUserCode) throws InterruptedException {
showTitle("backchannelTokenDeliveryModePollFail7");
// 1. Dynamic Client Registration
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", null);
registerRequest.setJwksUri(clientJwksUri);
registerRequest.setGrantTypes(Collections.singletonList(GrantType.CIBA));
registerRequest.setBackchannelTokenDeliveryMode(BackchannelTokenDeliveryMode.POLL);
registerRequest.setBackchannelAuthenticationRequestSigningAlg(AsymmetricSignatureAlgorithm.RS256);
registerRequest.setBackchannelUserCodeParameter(true);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertRegisterResponseOk(registerResponse, 201, true);
assertRegisterResponseClaimsBackChannel(registerResponse, AsymmetricSignatureAlgorithm.RS256, BackchannelTokenDeliveryMode.POLL, true);
String clientId = registerResponse.getClientId();
String clientSecret = registerResponse.getClientSecret();
// 2. Authentication Request
String clientNotificationToken = UUID.randomUUID().toString();
BackchannelAuthenticationRequest backchannelAuthenticationRequest = new BackchannelAuthenticationRequest();
backchannelAuthenticationRequest.setScope(Arrays.asList("openid", "profile", "email", "address", "phone"));
backchannelAuthenticationRequest.setLoginHint(userId);
backchannelAuthenticationRequest.setClientNotificationToken(clientNotificationToken);
backchannelAuthenticationRequest.setUserCode(backchannelUserCode);
backchannelAuthenticationRequest.setRequestedExpiry(1200);
backchannelAuthenticationRequest.setAcrValues(Arrays.asList("auth_ldap_server", "basic"));
// Invalid binding message
backchannelAuthenticationRequest.setBindingMessage("####");
backchannelAuthenticationRequest.setAuthUsername(clientId);
backchannelAuthenticationRequest.setAuthPassword(clientSecret);
BackchannelAuthenticationClient backchannelAuthenticationClient = new BackchannelAuthenticationClient(backchannelAuthenticationEndpoint);
backchannelAuthenticationClient.setRequest(backchannelAuthenticationRequest);
BackchannelAuthenticationResponse backchannelAuthenticationResponse = backchannelAuthenticationClient.exec();
showClient(backchannelAuthenticationClient);
assertBackchannelAuthenticationFail(backchannelAuthenticationResponse, 400, BackchannelAuthenticationErrorResponseType.INVALID_BINDING_MESSAGE);
}
Also used :
RegisterRequest(io.jans.as.client.RegisterRequest)
RegisterResponse(io.jans.as.client.RegisterResponse)
BackchannelAuthenticationResponse(io.jans.as.client.BackchannelAuthenticationResponse)
RegisterClient(io.jans.as.client.RegisterClient)
BackchannelAuthenticationClient(io.jans.as.client.BackchannelAuthenticationClient)
BackchannelAuthenticationRequest(io.jans.as.client.BackchannelAuthenticationRequest)
Parameters(org.testng.annotations.Parameters)
Test(org.testng.annotations.Test)
BaseTest(io.jans.as.client.BaseTest)
Aggregations
BackchannelAuthenticationClient (io.jans.as.client.BackchannelAuthenticationClient)111
BackchannelAuthenticationRequest (io.jans.as.client.BackchannelAuthenticationRequest)111
BackchannelAuthenticationResponse (io.jans.as.client.BackchannelAuthenticationResponse)111
BaseTest (io.jans.as.client.BaseTest)105
RegisterClient (io.jans.as.client.RegisterClient)105
RegisterRequest (io.jans.as.client.RegisterRequest)105
RegisterResponse (io.jans.as.client.RegisterResponse)105
Parameters (org.testng.annotations.Parameters)105
Test (org.testng.annotations.Test)105
AuthCryptoProvider (io.jans.as.model.crypto.AuthCryptoProvider)27
TokenClient (io.jans.as.client.TokenClient)4
TokenRequest (io.jans.as.client.TokenRequest)4
TokenResponse (io.jans.as.client.TokenResponse)4
UserInfoClient (io.jans.as.client.UserInfoClient)2
UserInfoResponse (io.jans.as.client.UserInfoResponse)2
RSAPublicKey (io.jans.as.model.crypto.signature.RSAPublicKey)2
RSASigner (io.jans.as.model.jws.RSASigner)2
Jwt (io.jans.as.model.jwt.Jwt)2
