use of io.jans.as.client.EndSessionRequest in project jans by JanssenProject.
the class EndSessionRestWebServiceHttpTest method requestEndSessionWithSessionId.
@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "postLogoutRedirectUri", "logoutUri", "sectorIdentifierUri" })
@Test
public void requestEndSessionWithSessionId(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String postLogoutRedirectUri, final String logoutUri, final String sectorIdentifierUri) throws Exception {
showTitle("requestEndSession by session_id");
// 1. OpenID Connect Dynamic Registration
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN));
registerRequest.setPostLogoutRedirectUris(Arrays.asList(postLogoutRedirectUri));
registerRequest.setFrontChannelLogoutUri(logoutUri);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse response = registerClient.exec();
showClient(registerClient);
assertRegisterResponseOk(response, 201, true);
String clientId = response.getClientId();
// 2. Request authorization
List<ResponseType> responseTypes = new ArrayList<ResponseType>();
responseTypes.add(ResponseType.TOKEN);
responseTypes.add(ResponseType.ID_TOKEN);
List<String> scopes = new ArrayList<String>();
scopes.add("openid");
scopes.add("profile");
scopes.add("address");
scopes.add("email");
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
assertNotNull(authorizationResponse.getLocation(), "The location is null");
assertNotNull(authorizationResponse.getAccessToken(), "The access token is null");
assertEquals(authorizationResponse.getState(), state);
assertNotNull(authorizationResponse.getTokenType(), "The token type is null");
assertNotNull(authorizationResponse.getExpiresIn(), "The expires in value is null");
assertNotNull(authorizationResponse.getScope(), "The scope must be null");
assertNotNull(authorizationResponse.getSessionId(), "The session_id is null");
String sid = Jwt.parseOrThrow(authorizationResponse.getIdToken()).getClaims().getClaimAsString("sid");
// 3. End session
String endSessionId1 = UUID.randomUUID().toString();
EndSessionRequest endSessionRequest1 = new EndSessionRequest(null, postLogoutRedirectUri, endSessionId1);
endSessionRequest1.setSid(sid);
EndSessionClient endSessionClient = new EndSessionClient(endSessionEndpoint);
endSessionClient.setRequest(endSessionRequest1);
EndSessionResponse endSessionResponse1 = endSessionClient.exec();
showClient(endSessionClient);
assertEquals(endSessionResponse1.getStatus(), 200);
assertNotNull(endSessionResponse1.getHtmlPage(), "The HTML page is null");
// silly validation of html content returned by server but at least it verifies that logout_uri and post_logout_uri are present
assertTrue(endSessionResponse1.getHtmlPage().contains("<html>"), "The HTML page is null");
assertTrue(endSessionResponse1.getHtmlPage().contains(logoutUri), "logout_uri is not present on html page");
assertTrue(endSessionResponse1.getHtmlPage().contains(postLogoutRedirectUri), "postLogoutRedirectUri is not present on html page");
// assertEquals(endSessionResponse.getState(), endSessionId); // commented out, for http-based logout we get html page
// 4. End session with an already ended session
String endSessionId2 = UUID.randomUUID().toString();
EndSessionRequest endSessionRequest2 = new EndSessionRequest(null, postLogoutRedirectUri, endSessionId2);
endSessionRequest2.setSid(sid);
EndSessionClient endSessionClient2 = new EndSessionClient(endSessionEndpoint);
endSessionClient2.setRequest(endSessionRequest2);
EndSessionResponse endSessionResponse2 = endSessionClient2.exec();
showClient(endSessionClient2);
assertStatusOrRedirect(endSessionResponse2.getStatus(), Status.BAD_REQUEST.getStatusCode());
assertEquals(endSessionResponse2.getErrorType(), EndSessionErrorResponseType.INVALID_GRANT_AND_SESSION);
}
use of io.jans.as.client.EndSessionRequest in project jans by JanssenProject.
the class EndSessionRestWebServiceEmbeddedTest method requestEndSessionFail1.
// private void validateNonHttpBasedLogout(EnhancedMockHttpServletResponse
// response) {
// if (response.getLocation() != null) {
// try {
// URI uri = new URI(response.getLocation().toString());
// assertNotNull(uri.getQuery(), "The query string is null");
//
// Map<String, String> params = QueryStringDecoder.decode(uri.getQuery());
//
// assertNotNull(params.get(EndSessionResponseParam.STATE), "The state is
// null");
// assertEquals(params.get(EndSessionResponseParam.STATE), endSessionId);
// } catch (URISyntaxException e) {
// e.printStackTrace();
// fail("Response URI is not well formed");
// } catch (Exception e) {
// e.printStackTrace();
// fail(e.getMessage());
// }
// }
// }
@Parameters({ "endSessionPath" })
@Test(enabled = true)
public // switched off test : WebApplicationException seems to not translated correctly into response by container and results in 500 error. See EndSessionRestWebServiceImpl.endSession()
void requestEndSessionFail1(final String endSessionPath) throws Exception {
EndSessionRequest endSessionRequest = new EndSessionRequest(null, null, null);
Builder request = ResteasyClientBuilder.newClient().target(url.toString() + endSessionPath + "?" + endSessionRequest.getQueryString()).request();
request.header("Content-Type", MediaType.APPLICATION_FORM_URLENCODED);
Response response = request.get();
String entity = response.readEntity(String.class);
showResponse("requestEndSessionFail1", response, entity);
assertEquals(response.getStatus(), 400, "Unexpected response code.");
assertNotNull(entity, "Unexpected result: " + entity);
try {
JSONObject jsonObj = new JSONObject(entity);
assertTrue(jsonObj.has("error"), "The error type is null");
assertTrue(jsonObj.has("error_description"), "The error description is null");
} catch (JSONException e) {
e.printStackTrace();
fail(e.getMessage() + "\nResponse was: " + entity);
}
}
use of io.jans.as.client.EndSessionRequest in project jans by JanssenProject.
the class EndSessionRestWebServiceEmbeddedTest method requestEndSessionStep3.
@Parameters({ "endSessionPath", "postLogoutRedirectUri" })
@Test(dependsOnMethods = "requestEndSessionStep2")
public void requestEndSessionStep3(final String endSessionPath, final String postLogoutRedirectUri) throws Exception {
String state = UUID.randomUUID().toString();
EndSessionRequest endSessionRequest = new EndSessionRequest(idToken, postLogoutRedirectUri, state);
endSessionRequest.setSid(sid);
Builder request = ResteasyClientBuilder.newClient().target(url.toString() + endSessionPath + "?" + endSessionRequest.getQueryString()).request();
request.header("Content-Type", MediaType.APPLICATION_FORM_URLENCODED);
Response response = request.get();
String entity = response.readEntity(String.class);
showResponse("requestEndSessionStep3", response, entity);
assertEquals(response.getStatus(), 200, "Unexpected response code.");
assertNotNull(entity, "Unexpected html.");
assertTrue(entity.contains(postLogoutRedirectUri));
assertTrue(entity.contains(postLogoutRedirectUri));
}
use of io.jans.as.client.EndSessionRequest in project jans by JanssenProject.
the class EndSessionBackchannelRestServerTest method requestEndSessionStep3.
@Parameters({ "endSessionPath", "postLogoutRedirectUri" })
@Test(dependsOnMethods = "requestEndSessionStep2")
public void requestEndSessionStep3(final String endSessionPath, final String postLogoutRedirectUri) throws Exception {
String state = UUID.randomUUID().toString();
EndSessionRequest endSessionRequest = new EndSessionRequest(idToken, postLogoutRedirectUri, state);
endSessionRequest.setSid(sid);
Invocation.Builder request = ResteasyClientBuilder.newClient().target(url.toString() + endSessionPath + "?" + endSessionRequest.getQueryString()).request();
request.header("Content-Type", MediaType.APPLICATION_FORM_URLENCODED);
Response response = request.get();
String entity = response.readEntity(String.class);
showResponse("requestEndSessionStep3", response, entity);
assertEquals(response.getStatus(), 302, "Unexpected response code.");
assertNotNull(response.getLocation());
assertTrue(response.getLocation().toString().contains(postLogoutRedirectUri));
assertTrue(response.getLocation().toString().contains("state=" + state));
}
use of io.jans.as.client.EndSessionRequest in project jans by JanssenProject.
the class EndSessionRestWebServiceHttpTest method requestEndSession.
@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "postLogoutRedirectUri", "logoutUri", "sectorIdentifierUri" })
@Test
public void requestEndSession(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String postLogoutRedirectUri, final String logoutUri, final String sectorIdentifierUri) throws Exception {
showTitle("requestEndSession by id_token");
// 1. OpenID Connect Dynamic Registration
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN));
registerRequest.setPostLogoutRedirectUris(Arrays.asList(postLogoutRedirectUri));
registerRequest.setFrontChannelLogoutUri(logoutUri);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse response = registerClient.exec();
showClient(registerClient);
assertRegisterResponseOk(response, 201, true);
String clientId = response.getClientId();
// 2. Request authorization
List<ResponseType> responseTypes = new ArrayList<ResponseType>();
responseTypes.add(ResponseType.TOKEN);
responseTypes.add(ResponseType.ID_TOKEN);
List<String> scopes = new ArrayList<String>();
scopes.add("openid");
scopes.add("profile");
scopes.add("address");
scopes.add("email");
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
assertNotNull(authorizationResponse.getLocation(), "The location is null");
assertNotNull(authorizationResponse.getAccessToken(), "The access token is null");
assertEquals(authorizationResponse.getState(), state);
assertNotNull(authorizationResponse.getTokenType(), "The token type is null");
assertNotNull(authorizationResponse.getExpiresIn(), "The expires in value is null");
assertNotNull(authorizationResponse.getScope(), "The scope must be null");
assertNotNull(authorizationResponse.getSessionId(), "The session_id is null");
String idToken = authorizationResponse.getIdToken();
String sid = Jwt.parse(idToken).getClaims().getClaimAsString("sid");
assertNotNull(sid, "The sid is null");
// 3. End session
String state1 = UUID.randomUUID().toString();
EndSessionRequest endSessionRequest1 = new EndSessionRequest(idToken, postLogoutRedirectUri, state1);
endSessionRequest1.setSid(sid);
EndSessionClient endSessionClient = new EndSessionClient(endSessionEndpoint);
endSessionClient.setRequest(endSessionRequest1);
EndSessionResponse endSessionResponse1 = endSessionClient.exec();
showClient(endSessionClient);
assertEquals(endSessionResponse1.getStatus(), 200);
assertNotNull(endSessionResponse1.getHtmlPage(), "The HTML page is null");
// silly validation of html content returned by server but at least it verifies that logout_uri and post_logout_uri are present
assertTrue(endSessionResponse1.getHtmlPage().contains("<html>"), "The HTML page is null");
assertTrue(endSessionResponse1.getHtmlPage().contains(logoutUri), "logout_uri is not present on html page");
assertTrue(endSessionResponse1.getHtmlPage().contains(postLogoutRedirectUri), "postLogoutRedirectUri is not present on html page");
// assertEquals(endSessionResponse.getState(), endSessionId); // commented out, for http-based logout we get html page
// 4. End session with an already ended session
String endSessionId2 = UUID.randomUUID().toString();
EndSessionRequest endSessionRequest2 = new EndSessionRequest(idToken, postLogoutRedirectUri, endSessionId2);
endSessionRequest2.setSid(sid);
EndSessionClient endSessionClient2 = new EndSessionClient(endSessionEndpoint);
endSessionClient2.setRequest(endSessionRequest2);
EndSessionResponse endSessionResponse2 = endSessionClient2.exec();
showClient(endSessionClient2);
assertStatusOrRedirect(endSessionResponse2.getStatus(), Status.BAD_REQUEST.getStatusCode());
assertEquals(endSessionResponse2.getErrorType(), EndSessionErrorResponseType.INVALID_GRANT_AND_SESSION);
}
Aggregations