use of io.jans.as.client.RegisterResponse in project jans by JanssenProject.
the class BackchannelAuthenticationPingMode method idTokenHintAlgRSA15EncA256CBCPLUSHS512.
@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "sectorIdentifierUri", "clientJwksUri", "RSA1_5_keyId", "keyStoreFile", "keyStoreSecret" })
@Test
public void idTokenHintAlgRSA15EncA256CBCPLUSHS512(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String sectorIdentifierUri, final String clientJwksUri, final String keyId, final String keyStoreFile, final String keyStoreSecret) throws Exception {
showTitle("idTokenHintAlgRSA15EncA256CBCPLUSHS512");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
registerRequest.setJwksUri(clientJwksUri);
registerRequest.setIdTokenEncryptedResponseAlg(KeyEncryptionAlgorithm.RSA1_5);
registerRequest.setIdTokenEncryptedResponseEnc(BlockEncryptionAlgorithm.A256CBC_PLUS_HS512);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertRegisterResponseOk(registerResponse, 201, true);
String clientId = registerResponse.getClientId();
// 2. Request authorization
List<String> scopes = Collections.singletonList("openid");
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
authorizeClient.setRequest(authorizationRequest);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
assertAuthorizationResponse(authorizationResponse, responseTypes, true);
String idToken = authorizationResponse.getIdToken();
// 3. Validate id_token
AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, null);
PrivateKey privateKey = cryptoProvider.getPrivateKey(keyId);
Jwe jwe = Jwe.parse(idToken, privateKey, null);
assertJweStandarClaimsNotNull(jwe, true);
idTokenHintAlgRSA15EncA256CBCPLUSHS512 = idToken;
}
use of io.jans.as.client.RegisterResponse in project jans by JanssenProject.
the class BackchannelAuthenticationPingMode method backchannelTokenDeliveryModePingIdTokenHintAlgA128KWEncA128GCM.
@Parameters({ "clientJwksUri", "backchannelClientNotificationEndpoint", "backchannelUserCode" })
@Test(dependsOnMethods = "idTokenHintAlgA128KWEncA128GCM")
public void backchannelTokenDeliveryModePingIdTokenHintAlgA128KWEncA128GCM(final String clientJwksUri, final String backchannelClientNotificationEndpoint, final String backchannelUserCode) {
showTitle("backchannelTokenDeliveryModePingIdTokenHintAlgA128KWEncA128GCM");
// 1. Dynamic Client Registration
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", null);
registerRequest.setJwksUri(clientJwksUri);
registerRequest.setGrantTypes(Collections.singletonList(GrantType.CIBA));
registerRequest.setBackchannelTokenDeliveryMode(BackchannelTokenDeliveryMode.PING);
registerRequest.setBackchannelClientNotificationEndpoint(backchannelClientNotificationEndpoint);
registerRequest.setBackchannelAuthenticationRequestSigningAlg(AsymmetricSignatureAlgorithm.RS256);
registerRequest.setBackchannelUserCodeParameter(true);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertRegisterResponseOk(registerResponse, 201, true);
assertRegisterResponseClaimsBackChannel(registerResponse, AsymmetricSignatureAlgorithm.RS256, BackchannelTokenDeliveryMode.PING, true);
String clientId = registerResponse.getClientId();
String clientSecret = registerResponse.getClientSecret();
// 2. Authentication Request
String clientNotificationToken = UUID.randomUUID().toString();
BackchannelAuthenticationRequest backchannelAuthenticationRequest = new BackchannelAuthenticationRequest();
backchannelAuthenticationRequest.setScope(Collections.singletonList("openid"));
backchannelAuthenticationRequest.setIdTokenHint(idTokenHintAlgA128KWEncA128GCM);
backchannelAuthenticationRequest.setClientNotificationToken(clientNotificationToken);
backchannelAuthenticationRequest.setUserCode(backchannelUserCode);
backchannelAuthenticationRequest.setRequestedExpiry(1200);
backchannelAuthenticationRequest.setAuthUsername(clientId);
backchannelAuthenticationRequest.setAuthPassword(clientSecret);
BackchannelAuthenticationClient backchannelAuthenticationClient = new BackchannelAuthenticationClient(backchannelAuthenticationEndpoint);
backchannelAuthenticationClient.setRequest(backchannelAuthenticationRequest);
BackchannelAuthenticationResponse backchannelAuthenticationResponse = backchannelAuthenticationClient.exec();
showClient(backchannelAuthenticationClient);
assertBackchannelAuthentication(backchannelAuthenticationResponse, true);
}
use of io.jans.as.client.RegisterResponse in project jans by JanssenProject.
the class BackchannelAuthenticationPingMode method backchannelTokenDeliveryModePingLoginHintTokenPS256.
@Parameters({ "clientJwksUri", "backchannelClientNotificationEndpoint", "backchannelUserCode" })
@Test(dependsOnMethods = "loginHintTokenPS256")
public void backchannelTokenDeliveryModePingLoginHintTokenPS256(final String clientJwksUri, final String backchannelClientNotificationEndpoint, final String backchannelUserCode) {
showTitle("backchannelTokenDeliveryModePingLoginHintTokenPS256");
// 1. Dynamic Client Registration
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", null);
registerRequest.setJwksUri(clientJwksUri);
registerRequest.setGrantTypes(Collections.singletonList(GrantType.CIBA));
registerRequest.setBackchannelTokenDeliveryMode(BackchannelTokenDeliveryMode.PING);
registerRequest.setBackchannelClientNotificationEndpoint(backchannelClientNotificationEndpoint);
registerRequest.setBackchannelAuthenticationRequestSigningAlg(AsymmetricSignatureAlgorithm.PS256);
registerRequest.setBackchannelUserCodeParameter(true);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertRegisterResponseOk(registerResponse, 201, true);
assertRegisterResponseClaimsBackChannel(registerResponse, AsymmetricSignatureAlgorithm.PS256, BackchannelTokenDeliveryMode.PING, true);
String clientId = registerResponse.getClientId();
String clientSecret = registerResponse.getClientSecret();
// 2. Authentication Request
String clientNotificationToken = UUID.randomUUID().toString();
BackchannelAuthenticationRequest backchannelAuthenticationRequest = new BackchannelAuthenticationRequest();
backchannelAuthenticationRequest.setScope(Collections.singletonList("openid"));
backchannelAuthenticationRequest.setLoginHintToken(loginHintTokenPS256);
backchannelAuthenticationRequest.setClientNotificationToken(clientNotificationToken);
backchannelAuthenticationRequest.setUserCode(backchannelUserCode);
backchannelAuthenticationRequest.setRequestedExpiry(1200);
backchannelAuthenticationRequest.setAuthUsername(clientId);
backchannelAuthenticationRequest.setAuthPassword(clientSecret);
BackchannelAuthenticationClient backchannelAuthenticationClient = new BackchannelAuthenticationClient(backchannelAuthenticationEndpoint);
backchannelAuthenticationClient.setRequest(backchannelAuthenticationRequest);
BackchannelAuthenticationResponse backchannelAuthenticationResponse = backchannelAuthenticationClient.exec();
showClient(backchannelAuthenticationClient);
assertBackchannelAuthentication(backchannelAuthenticationResponse, true);
}
use of io.jans.as.client.RegisterResponse in project jans by JanssenProject.
the class BackchannelAuthenticationPollMode method backchannelTokenDeliveryModePollLoginHint2.
@Parameters({ "clientJwksUri", "userEmail", "backchannelUserCode" })
@Test
public void backchannelTokenDeliveryModePollLoginHint2(final String clientJwksUri, final String userEmail, final String backchannelUserCode) {
showTitle("backchannelTokenDeliveryModePollLoginHint2");
// 1. Dynamic Client Registration
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", null);
registerRequest.setJwksUri(clientJwksUri);
registerRequest.setGrantTypes(Collections.singletonList(GrantType.CIBA));
registerRequest.setBackchannelTokenDeliveryMode(BackchannelTokenDeliveryMode.POLL);
registerRequest.setBackchannelAuthenticationRequestSigningAlg(AsymmetricSignatureAlgorithm.RS256);
registerRequest.setBackchannelUserCodeParameter(true);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertRegisterResponseOk(registerResponse, 201, true);
assertRegisterResponseClaimsBackChannel(registerResponse, AsymmetricSignatureAlgorithm.RS256, BackchannelTokenDeliveryMode.POLL, true);
String clientId = registerResponse.getClientId();
String clientSecret = registerResponse.getClientSecret();
// 2. Authentication Request
String clientNotificationToken = UUID.randomUUID().toString();
BackchannelAuthenticationRequest backchannelAuthenticationRequest = new BackchannelAuthenticationRequest();
backchannelAuthenticationRequest.setScope(Collections.singletonList("openid"));
backchannelAuthenticationRequest.setLoginHint(userEmail);
backchannelAuthenticationRequest.setClientNotificationToken(clientNotificationToken);
backchannelAuthenticationRequest.setUserCode(backchannelUserCode);
backchannelAuthenticationRequest.setRequestedExpiry(1200);
backchannelAuthenticationRequest.setAuthUsername(clientId);
backchannelAuthenticationRequest.setAuthPassword(clientSecret);
BackchannelAuthenticationClient backchannelAuthenticationClient = new BackchannelAuthenticationClient(backchannelAuthenticationEndpoint);
backchannelAuthenticationClient.setRequest(backchannelAuthenticationRequest);
BackchannelAuthenticationResponse backchannelAuthenticationResponse = backchannelAuthenticationClient.exec();
showClient(backchannelAuthenticationClient);
assertBackchannelAuthentication(backchannelAuthenticationResponse, true);
}
use of io.jans.as.client.RegisterResponse in project jans by JanssenProject.
the class BackchannelAuthenticationPollMode method backchannelTokenDeliveryModePollLoginHint4.
@Parameters({ "clientJwksUri", "userId", "backchannelUserCode" })
// Enable it for manual testing
@Test(enabled = false)
public void backchannelTokenDeliveryModePollLoginHint4(final String clientJwksUri, final String userId, final String backchannelUserCode) throws Exception {
showTitle("backchannelTokenDeliveryModePollLoginHint4");
RegisterResponse registerResponse1 = requestClientRegistration(clientJwksUri);
RegisterResponse registerResponse2 = requestClientRegistration(clientJwksUri);
String sub1 = requestBackchannelAuthentication(userId, registerResponse1.getClientId(), registerResponse1.getClientSecret(), backchannelUserCode);
String sub2 = requestBackchannelAuthentication(userId, registerResponse2.getClientId(), registerResponse2.getClientSecret(), backchannelUserCode);
assertEquals(sub1, sub2, "Each client must share the same sub value");
String sub3 = requestBackchannelAuthentication(userId, registerResponse1.getClientId(), registerResponse1.getClientSecret(), backchannelUserCode);
String sub4 = requestBackchannelAuthentication(userId, registerResponse2.getClientId(), registerResponse2.getClientSecret(), backchannelUserCode);
assertEquals(sub1, sub3, "Same client must receive the same sub value");
assertEquals(sub2, sub4, "Same client must receive the same sub value");
}
Aggregations