Examples with EndSessionRequest io.jans.as.client.EndSessionRequest used on opensource projects

Example 1 with EndSessionRequest

use of io.jans.as.client.EndSessionRequest in project jans by JanssenProject.

the class EndSessionRestWebServiceHttpTest method requestEndSessionWithSessionId.

@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "postLogoutRedirectUri", "logoutUri", "sectorIdentifierUri" })
@Test
public void requestEndSessionWithSessionId(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String postLogoutRedirectUri, final String logoutUri, final String sectorIdentifierUri) throws Exception {
    showTitle("requestEndSession by session_id");
    // 1. OpenID Connect Dynamic Registration
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setResponseTypes(Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN));
    registerRequest.setPostLogoutRedirectUris(Arrays.asList(postLogoutRedirectUri));
    registerRequest.setFrontChannelLogoutUri(logoutUri);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse response = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(response, 201, true);
    String clientId = response.getClientId();
    // 2. Request authorization
    List<ResponseType> responseTypes = new ArrayList<ResponseType>();
    responseTypes.add(ResponseType.TOKEN);
    responseTypes.add(ResponseType.ID_TOKEN);
    List<String> scopes = new ArrayList<String>();
    scopes.add("openid");
    scopes.add("profile");
    scopes.add("address");
    scopes.add("email");
    String nonce = UUID.randomUUID().toString();
    String state = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    authorizationRequest.setState(state);
    AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
    assertNotNull(authorizationResponse.getLocation(), "The location is null");
    assertNotNull(authorizationResponse.getAccessToken(), "The access token is null");
    assertEquals(authorizationResponse.getState(), state);
    assertNotNull(authorizationResponse.getTokenType(), "The token type is null");
    assertNotNull(authorizationResponse.getExpiresIn(), "The expires in value is null");
    assertNotNull(authorizationResponse.getScope(), "The scope must be null");
    assertNotNull(authorizationResponse.getSessionId(), "The session_id is null");
    String sid = Jwt.parseOrThrow(authorizationResponse.getIdToken()).getClaims().getClaimAsString("sid");
    // 3. End session
    String endSessionId1 = UUID.randomUUID().toString();
    EndSessionRequest endSessionRequest1 = new EndSessionRequest(null, postLogoutRedirectUri, endSessionId1);
    endSessionRequest1.setSid(sid);
    EndSessionClient endSessionClient = new EndSessionClient(endSessionEndpoint);
    endSessionClient.setRequest(endSessionRequest1);
    EndSessionResponse endSessionResponse1 = endSessionClient.exec();
    showClient(endSessionClient);
    assertEquals(endSessionResponse1.getStatus(), 200);
    assertNotNull(endSessionResponse1.getHtmlPage(), "The HTML page is null");
    // silly validation of html content returned by server but at least it verifies that logout_uri and post_logout_uri are present
    assertTrue(endSessionResponse1.getHtmlPage().contains("<html>"), "The HTML page is null");
    assertTrue(endSessionResponse1.getHtmlPage().contains(logoutUri), "logout_uri is not present on html page");
    assertTrue(endSessionResponse1.getHtmlPage().contains(postLogoutRedirectUri), "postLogoutRedirectUri is not present on html page");
    // assertEquals(endSessionResponse.getState(), endSessionId); // commented out, for http-based logout we get html page
    // 4. End session with an already ended session
    String endSessionId2 = UUID.randomUUID().toString();
    EndSessionRequest endSessionRequest2 = new EndSessionRequest(null, postLogoutRedirectUri, endSessionId2);
    endSessionRequest2.setSid(sid);
    EndSessionClient endSessionClient2 = new EndSessionClient(endSessionEndpoint);
    endSessionClient2.setRequest(endSessionRequest2);
    EndSessionResponse endSessionResponse2 = endSessionClient2.exec();
    showClient(endSessionClient2);
    assertStatusOrRedirect(endSessionResponse2.getStatus(), Status.BAD_REQUEST.getStatusCode());
    assertEquals(endSessionResponse2.getErrorType(), EndSessionErrorResponseType.INVALID_GRANT_AND_SESSION);
}

Example 2 with EndSessionRequest

use of io.jans.as.client.EndSessionRequest in project jans by JanssenProject.

the class EndSessionRestWebServiceEmbeddedTest method requestEndSessionFail1.

// private void validateNonHttpBasedLogout(EnhancedMockHttpServletResponse
// response) {
// if (response.getLocation() != null) {
// try {
// URI uri = new URI(response.getLocation().toString());
// assertNotNull(uri.getQuery(), "The query string is null");
// 
// Map<String, String> params = QueryStringDecoder.decode(uri.getQuery());
// 
// assertNotNull(params.get(EndSessionResponseParam.STATE), "The state is
// null");
// assertEquals(params.get(EndSessionResponseParam.STATE), endSessionId);
// } catch (URISyntaxException e) {
// e.printStackTrace();
// fail("Response URI is not well formed");
// } catch (Exception e) {
// e.printStackTrace();
// fail(e.getMessage());
// }
// }
// }
@Parameters({ "endSessionPath" })
@Test(enabled = true)
public // switched off test : WebApplicationException seems to not translated correctly into response by container and results in 500 error. See EndSessionRestWebServiceImpl.endSession()
void requestEndSessionFail1(final String endSessionPath) throws Exception {
    EndSessionRequest endSessionRequest = new EndSessionRequest(null, null, null);
    Builder request = ResteasyClientBuilder.newClient().target(url.toString() + endSessionPath + "?" + endSessionRequest.getQueryString()).request();
    request.header("Content-Type", MediaType.APPLICATION_FORM_URLENCODED);
    Response response = request.get();
    String entity = response.readEntity(String.class);
    showResponse("requestEndSessionFail1", response, entity);
    assertEquals(response.getStatus(), 400, "Unexpected response code.");
    assertNotNull(entity, "Unexpected result: " + entity);
    try {
        JSONObject jsonObj = new JSONObject(entity);
        assertTrue(jsonObj.has("error"), "The error type is null");
        assertTrue(jsonObj.has("error_description"), "The error description is null");
    } catch (JSONException e) {
        e.printStackTrace();
        fail(e.getMessage() + "\nResponse was: " + entity);
    }
}

Example 3 with EndSessionRequest

use of io.jans.as.client.EndSessionRequest in project jans by JanssenProject.

the class EndSessionRestWebServiceEmbeddedTest method requestEndSessionStep3.

@Parameters({ "endSessionPath", "postLogoutRedirectUri" })
@Test(dependsOnMethods = "requestEndSessionStep2")
public void requestEndSessionStep3(final String endSessionPath, final String postLogoutRedirectUri) throws Exception {
    String state = UUID.randomUUID().toString();
    EndSessionRequest endSessionRequest = new EndSessionRequest(idToken, postLogoutRedirectUri, state);
    endSessionRequest.setSid(sid);
    Builder request = ResteasyClientBuilder.newClient().target(url.toString() + endSessionPath + "?" + endSessionRequest.getQueryString()).request();
    request.header("Content-Type", MediaType.APPLICATION_FORM_URLENCODED);
    Response response = request.get();
    String entity = response.readEntity(String.class);
    showResponse("requestEndSessionStep3", response, entity);
    assertEquals(response.getStatus(), 200, "Unexpected response code.");
    assertNotNull(entity, "Unexpected html.");
    assertTrue(entity.contains(postLogoutRedirectUri));
    assertTrue(entity.contains(postLogoutRedirectUri));
}

Example 4 with EndSessionRequest

use of io.jans.as.client.EndSessionRequest in project jans by JanssenProject.

the class EndSessionBackchannelRestServerTest method requestEndSessionStep3.

@Parameters({ "endSessionPath", "postLogoutRedirectUri" })
@Test(dependsOnMethods = "requestEndSessionStep2")
public void requestEndSessionStep3(final String endSessionPath, final String postLogoutRedirectUri) throws Exception {
    String state = UUID.randomUUID().toString();
    EndSessionRequest endSessionRequest = new EndSessionRequest(idToken, postLogoutRedirectUri, state);
    endSessionRequest.setSid(sid);
    Invocation.Builder request = ResteasyClientBuilder.newClient().target(url.toString() + endSessionPath + "?" + endSessionRequest.getQueryString()).request();
    request.header("Content-Type", MediaType.APPLICATION_FORM_URLENCODED);
    Response response = request.get();
    String entity = response.readEntity(String.class);
    showResponse("requestEndSessionStep3", response, entity);
    assertEquals(response.getStatus(), 302, "Unexpected response code.");
    assertNotNull(response.getLocation());
    assertTrue(response.getLocation().toString().contains(postLogoutRedirectUri));
    assertTrue(response.getLocation().toString().contains("state=" + state));
}

Example 5 with EndSessionRequest

use of io.jans.as.client.EndSessionRequest in project jans by JanssenProject.

the class EndSessionRestWebServiceHttpTest method requestEndSession.

@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "postLogoutRedirectUri", "logoutUri", "sectorIdentifierUri" })
@Test
public void requestEndSession(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String postLogoutRedirectUri, final String logoutUri, final String sectorIdentifierUri) throws Exception {
    showTitle("requestEndSession by id_token");
    // 1. OpenID Connect Dynamic Registration
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setResponseTypes(Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN));
    registerRequest.setPostLogoutRedirectUris(Arrays.asList(postLogoutRedirectUri));
    registerRequest.setFrontChannelLogoutUri(logoutUri);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse response = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(response, 201, true);
    String clientId = response.getClientId();
    // 2. Request authorization
    List<ResponseType> responseTypes = new ArrayList<ResponseType>();
    responseTypes.add(ResponseType.TOKEN);
    responseTypes.add(ResponseType.ID_TOKEN);
    List<String> scopes = new ArrayList<String>();
    scopes.add("openid");
    scopes.add("profile");
    scopes.add("address");
    scopes.add("email");
    String nonce = UUID.randomUUID().toString();
    String state = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    authorizationRequest.setState(state);
    AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
    assertNotNull(authorizationResponse.getLocation(), "The location is null");
    assertNotNull(authorizationResponse.getAccessToken(), "The access token is null");
    assertEquals(authorizationResponse.getState(), state);
    assertNotNull(authorizationResponse.getTokenType(), "The token type is null");
    assertNotNull(authorizationResponse.getExpiresIn(), "The expires in value is null");
    assertNotNull(authorizationResponse.getScope(), "The scope must be null");
    assertNotNull(authorizationResponse.getSessionId(), "The session_id is null");
    String idToken = authorizationResponse.getIdToken();
    String sid = Jwt.parse(idToken).getClaims().getClaimAsString("sid");
    assertNotNull(sid, "The sid is null");
    // 3. End session
    String state1 = UUID.randomUUID().toString();
    EndSessionRequest endSessionRequest1 = new EndSessionRequest(idToken, postLogoutRedirectUri, state1);
    endSessionRequest1.setSid(sid);
    EndSessionClient endSessionClient = new EndSessionClient(endSessionEndpoint);
    endSessionClient.setRequest(endSessionRequest1);
    EndSessionResponse endSessionResponse1 = endSessionClient.exec();
    showClient(endSessionClient);
    assertEquals(endSessionResponse1.getStatus(), 200);
    assertNotNull(endSessionResponse1.getHtmlPage(), "The HTML page is null");
    // silly validation of html content returned by server but at least it verifies that logout_uri and post_logout_uri are present
    assertTrue(endSessionResponse1.getHtmlPage().contains("<html>"), "The HTML page is null");
    assertTrue(endSessionResponse1.getHtmlPage().contains(logoutUri), "logout_uri is not present on html page");
    assertTrue(endSessionResponse1.getHtmlPage().contains(postLogoutRedirectUri), "postLogoutRedirectUri is not present on html page");
    // assertEquals(endSessionResponse.getState(), endSessionId); // commented out, for http-based logout we get html page
    // 4. End session with an already ended session
    String endSessionId2 = UUID.randomUUID().toString();
    EndSessionRequest endSessionRequest2 = new EndSessionRequest(idToken, postLogoutRedirectUri, endSessionId2);
    endSessionRequest2.setSid(sid);
    EndSessionClient endSessionClient2 = new EndSessionClient(endSessionEndpoint);
    endSessionClient2.setRequest(endSessionRequest2);
    EndSessionResponse endSessionResponse2 = endSessionClient2.exec();
    showClient(endSessionClient2);
    assertStatusOrRedirect(endSessionResponse2.getStatus(), Status.BAD_REQUEST.getStatusCode());
    assertEquals(endSessionResponse2.getErrorType(), EndSessionErrorResponseType.INVALID_GRANT_AND_SESSION);
}