Example 61 with TokenClient
use of io.jans.as.client.TokenClient in project jans by JanssenProject.
the class ClientCredentialsGrantHttpTest method privateKeyJwtAuthenticationMethodES512.
@Parameters({ "redirectUris", "clientJwksUri", "ES512_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
@Test
public void privateKeyJwtAuthenticationMethodES512(final String redirectUris, final String clientJwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
showTitle("privateKeyJwtAuthenticationMethodES512");
List<String> scopes = Arrays.asList("clientinfo");
List<GrantType> grantTypes = Arrays.asList(GrantType.CLIENT_CREDENTIALS);
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setScope(scopes);
registerRequest.setGrantTypes(grantTypes);
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
registerRequest.setJwksUri(clientJwksUri);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertRegisterResponseOk(registerResponse, 201, true);
String clientId = registerResponse.getClientId();
// 2. Request Client Credentials Grant
AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
tokenRequest.setScope("clientinfo");
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
tokenRequest.setAlgorithm(SignatureAlgorithm.ES512);
tokenRequest.setCryptoProvider(cryptoProvider);
tokenRequest.setKeyId(keyId);
tokenRequest.setAudience(tokenEndpoint);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertTokenResponseOk(tokenResponse, false, false);
assertNotNull(tokenResponse.getScope());
assertNull(tokenResponse.getRefreshToken());
String accessToken = tokenResponse.getAccessToken();
// 3. Request client info
ClientInfoClient clientInfoClient = new ClientInfoClient(clientInfoEndpoint);
ClientInfoResponse clientInfoResponse = clientInfoClient.execClientInfo(accessToken);
showClient(clientInfoClient);
assertEquals(clientInfoResponse.getStatus(), 200, "Unexpected response code: " + clientInfoResponse.getStatus());
assertNotNull(clientInfoResponse.getClaim("name"), "Unexpected result: displayName not found");
assertNotNull(clientInfoResponse.getClaim("inum"), "Unexpected result: inum not found");
}
Also used :
RegisterRequest(io.jans.as.client.RegisterRequest)
GrantType(io.jans.as.model.common.GrantType)
ClientInfoResponse(io.jans.as.client.ClientInfoResponse)
RegisterResponse(io.jans.as.client.RegisterResponse)
TokenResponse(io.jans.as.client.TokenResponse)
RegisterClient(io.jans.as.client.RegisterClient)
TokenRequest(io.jans.as.client.TokenRequest)
TokenClient(io.jans.as.client.TokenClient)
ClientInfoClient(io.jans.as.client.ClientInfoClient)
AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider)
Parameters(org.testng.annotations.Parameters)
Test(org.testng.annotations.Test)
BaseTest(io.jans.as.client.BaseTest)
Example 62 with TokenClient
use of io.jans.as.client.TokenClient in project jans by JanssenProject.
the class ClientCredentialsGrantHttpTest method clientSecretBasicAuthenticationMethod.
@Parameters({ "redirectUris", "sectorIdentifierUri" })
@Test
public void clientSecretBasicAuthenticationMethod(final String redirectUris, final String sectorIdentifierUri) throws Exception {
showTitle("clientSecretBasicAuthenticationMethod");
List<String> scopes = Arrays.asList("openid", "profile", "address", "email", "clientinfo");
List<GrantType> grantTypes = Arrays.asList(GrantType.CLIENT_CREDENTIALS);
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setScope(scopes);
registerRequest.setGrantTypes(grantTypes);
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.CLIENT_SECRET_BASIC);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertRegisterResponseOk(registerResponse, 201, true);
String clientId = registerResponse.getClientId();
String clientSecret = registerResponse.getClientSecret();
// 2. Request Client Credentials Grant
TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
tokenRequest.setScope("clientinfo");
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword(clientSecret);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_BASIC);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertTokenResponseOk(tokenResponse, false, false);
assertNotNull(tokenResponse.getScope());
assertNull(tokenResponse.getRefreshToken());
String accessToken = tokenResponse.getAccessToken();
// 3. Request client info
ClientInfoClient clientInfoClient = new ClientInfoClient(clientInfoEndpoint);
ClientInfoResponse clientInfoResponse = clientInfoClient.execClientInfo(accessToken);
showClient(clientInfoClient);
assertEquals(clientInfoResponse.getStatus(), 200, "Unexpected response code: " + clientInfoResponse.getStatus());
assertNotNull(clientInfoResponse.getClaim("name"), "Unexpected result: displayName not found");
assertNotNull(clientInfoResponse.getClaim("inum"), "Unexpected result: inum not found");
// 4. Request user info should fail
UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
userInfoClient.setSharedKey(clientSecret);
UserInfoResponse userInfoResponse = userInfoClient.execUserInfo(accessToken);
showClient(userInfoClient);
assertEquals(userInfoResponse.getStatus(), 403);
assertEquals(userInfoResponse.getErrorType(), UserInfoErrorResponseType.INSUFFICIENT_SCOPE);
}
Also used :
RegisterRequest(io.jans.as.client.RegisterRequest)
GrantType(io.jans.as.model.common.GrantType)
UserInfoClient(io.jans.as.client.UserInfoClient)
ClientInfoResponse(io.jans.as.client.ClientInfoResponse)
RegisterResponse(io.jans.as.client.RegisterResponse)
TokenResponse(io.jans.as.client.TokenResponse)
RegisterClient(io.jans.as.client.RegisterClient)
TokenRequest(io.jans.as.client.TokenRequest)
UserInfoResponse(io.jans.as.client.UserInfoResponse)
TokenClient(io.jans.as.client.TokenClient)
ClientInfoClient(io.jans.as.client.ClientInfoClient)
Parameters(org.testng.annotations.Parameters)
Test(org.testng.annotations.Test)
BaseTest(io.jans.as.client.BaseTest)
Example 63 with TokenClient
use of io.jans.as.client.TokenClient in project jans by JanssenProject.
the class ClientCredentialsGrantHttpTest method privateKeyJwtAuthenticationMethodPS384Fail.
@Parameters({ "redirectUris", "clientJwksUri", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
@Test
public void privateKeyJwtAuthenticationMethodPS384Fail(final String redirectUris, final String clientJwksUri, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
showTitle("privateKeyJwtAuthenticationMethodPS384Fail");
List<String> scopes = Arrays.asList("clientinfo");
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setScope(scopes);
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
registerRequest.setJwksUri(clientJwksUri);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertRegisterResponseOk(registerResponse, 201, true);
String clientId = registerResponse.getClientId();
// 2. Request Client Credentials Grant
AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
tokenRequest.setScope("clientinfo");
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
tokenRequest.setAlgorithm(SignatureAlgorithm.PS384);
tokenRequest.setCryptoProvider(cryptoProvider);
tokenRequest.setKeyId("PS384SIG_INVALID_KEYID");
tokenRequest.setAudience(tokenEndpoint);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertEquals(tokenResponse.getStatus(), 401, "Unexpected response code: " + tokenResponse.getStatus());
assertNotNull(tokenResponse.getErrorType());
assertEquals(tokenResponse.getErrorType(), TokenErrorResponseType.INVALID_CLIENT);
assertNotNull(tokenResponse.getErrorDescription());
}
Also used :
RegisterRequest(io.jans.as.client.RegisterRequest)
RegisterResponse(io.jans.as.client.RegisterResponse)
TokenResponse(io.jans.as.client.TokenResponse)
RegisterClient(io.jans.as.client.RegisterClient)
TokenRequest(io.jans.as.client.TokenRequest)
TokenClient(io.jans.as.client.TokenClient)
AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider)
Parameters(org.testng.annotations.Parameters)
Test(org.testng.annotations.Test)
BaseTest(io.jans.as.client.BaseTest)
Example 64 with TokenClient
use of io.jans.as.client.TokenClient in project jans by JanssenProject.
the class ClientSecretBasicTest method authorizationCodeFlow.
@Parameters({ "userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri" })
@Test
public void authorizationCodeFlow(final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri) throws Exception {
showTitle("authorizationCodeFlow");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE, ResponseType.ID_TOKEN);
List<String> scopes = Arrays.asList("openid", "profile", "address", "email", "phone", "user_name");
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setScope(scopes);
registerRequest.setSubjectType(SubjectType.PAIRWISE);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertRegisterResponseOk(registerResponse, 201, true);
String clientId = registerResponse.getClientId();
String clientSecret = registerResponse.getClientSecret();
// 2. Request authorization and receive the authorization code.
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
assertAuthorizationResponse(authorizationResponse, true);
String scope = authorizationResponse.getScope();
String authorizationCode = authorizationResponse.getCode();
String idToken = authorizationResponse.getIdToken();
// 3. Request access token using the authorization code.
TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
tokenRequest.setCode(authorizationCode);
tokenRequest.setRedirectUri(redirectUri);
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword(clientSecret);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_BASIC);
String expectedEncodedCredentials = Base64.encodeBase64String(Util.getBytes(URLEncoder.encode(clientId, Util.UTF8_STRING_ENCODING) + ":" + URLEncoder.encode(clientSecret, Util.UTF8_STRING_ENCODING)));
assertEquals(tokenRequest.getEncodedCredentials(), expectedEncodedCredentials);
TokenClient tokenClient1 = new TokenClient(tokenEndpoint);
tokenClient1.setRequest(tokenRequest);
TokenResponse tokenResponse1 = tokenClient1.exec();
showClient(tokenClient1);
assertTokenResponseOk(tokenResponse1, true, false);
String refreshToken = tokenResponse1.getRefreshToken();
// 4. Validate id_token
Jwt jwt = Jwt.parse(idToken);
assertJwtStandarClaimsNotNull(jwt, false);
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.CODE_HASH));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.OX_OPENID_CONNECT_VERSION));
RSAPublicKey publicKey = JwkClient.getRSAPublicKey(jwksUri, jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID));
RSASigner rsaSigner = new RSASigner(SignatureAlgorithm.RS256, publicKey);
assertTrue(rsaSigner.validate(jwt));
// 5. Request new access token using the refresh token.
TokenClient tokenClient2 = new TokenClient(tokenEndpoint);
TokenResponse tokenResponse2 = tokenClient2.execRefreshToken(scope, refreshToken, clientId, clientSecret);
showClient(tokenClient2);
assertTokenResponseOk(tokenResponse2, true, false);
assertNotNull(tokenResponse2.getScope(), "The scope is null");
String accessToken = tokenResponse2.getAccessToken();
// 6. Request user info
UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
UserInfoResponse userInfoResponse = userInfoClient.execUserInfo(accessToken);
showClient(userInfoClient);
assertUserInfoBasicMinimumResponseOk(userInfoResponse, 200);
assertUserInfoPersonalDataNotNull(userInfoResponse);
assertNotNull(userInfoResponse.getClaim(JwtClaimName.EMAIL));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.EMAIL_VERIFIED));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.PHONE_NUMBER_VERIFIED));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.ADDRESS));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.USER_NAME));
assertNull(userInfoResponse.getClaim("org_name"));
assertNull(userInfoResponse.getClaim("work_phone"));
}
Also used :
RegisterRequest(io.jans.as.client.RegisterRequest)
AuthorizationRequest(io.jans.as.client.AuthorizationRequest)
Jwt(io.jans.as.model.jwt.Jwt)
UserInfoClient(io.jans.as.client.UserInfoClient)
ResponseType(io.jans.as.model.common.ResponseType)
AuthorizationResponse(io.jans.as.client.AuthorizationResponse)
RegisterResponse(io.jans.as.client.RegisterResponse)
TokenResponse(io.jans.as.client.TokenResponse)
RSAPublicKey(io.jans.as.model.crypto.signature.RSAPublicKey)
RegisterClient(io.jans.as.client.RegisterClient)
RSASigner(io.jans.as.model.jws.RSASigner)
TokenRequest(io.jans.as.client.TokenRequest)
UserInfoResponse(io.jans.as.client.UserInfoResponse)
TokenClient(io.jans.as.client.TokenClient)
Parameters(org.testng.annotations.Parameters)
Test(org.testng.annotations.Test)
BaseTest(io.jans.as.client.BaseTest)
Example 65 with TokenClient
use of io.jans.as.client.TokenClient in project jans by JanssenProject.
the class ClientCredentialsGrantHttpTest method privateKeyJwtAuthenticationMethodES384Fail.
@Parameters({ "redirectUris", "clientJwksUri", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
@Test
public void privateKeyJwtAuthenticationMethodES384Fail(final String redirectUris, final String clientJwksUri, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
showTitle("privateKeyJwtAuthenticationMethodES384Fail");
List<String> scopes = Arrays.asList("clientinfo");
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setScope(scopes);
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
registerRequest.setJwksUri(clientJwksUri);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertRegisterResponseOk(registerResponse, 201, true);
String clientId = registerResponse.getClientId();
// 2. Request Client Credentials Grant
AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
tokenRequest.setScope("clientinfo");
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
tokenRequest.setAlgorithm(SignatureAlgorithm.ES384);
tokenRequest.setCryptoProvider(cryptoProvider);
tokenRequest.setKeyId("ES384SIG_INVALID_KEYID");
tokenRequest.setAudience(tokenEndpoint);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertEquals(tokenResponse.getStatus(), 401, "Unexpected response code: " + tokenResponse.getStatus());
assertNotNull(tokenResponse.getErrorType());
assertEquals(tokenResponse.getErrorType(), TokenErrorResponseType.INVALID_CLIENT);
assertNotNull(tokenResponse.getErrorDescription());
}
Also used :
RegisterRequest(io.jans.as.client.RegisterRequest)
RegisterResponse(io.jans.as.client.RegisterResponse)
TokenResponse(io.jans.as.client.TokenResponse)
RegisterClient(io.jans.as.client.RegisterClient)
TokenRequest(io.jans.as.client.TokenRequest)
TokenClient(io.jans.as.client.TokenClient)
AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider)
Parameters(org.testng.annotations.Parameters)
Test(org.testng.annotations.Test)
BaseTest(io.jans.as.client.BaseTest)
Aggregations
TokenClient (io.jans.as.client.TokenClient)263
TokenResponse (io.jans.as.client.TokenResponse)263
Parameters (org.testng.annotations.Parameters)245
TokenRequest (io.jans.as.client.TokenRequest)240
RegisterResponse (io.jans.as.client.RegisterResponse)239
Test (org.testng.annotations.Test)239
BaseTest (io.jans.as.client.BaseTest)238
RegisterClient (io.jans.as.client.RegisterClient)223
RegisterRequest (io.jans.as.client.RegisterRequest)223
ResponseType (io.jans.as.model.common.ResponseType)176
AuthorizationResponse (io.jans.as.client.AuthorizationResponse)173
AuthorizationRequest (io.jans.as.client.AuthorizationRequest)159
AuthCryptoProvider (io.jans.as.model.crypto.AuthCryptoProvider)151
GrantType (io.jans.as.model.common.GrantType)53
UserInfoResponse (io.jans.as.client.UserInfoResponse)37
UserInfoClient (io.jans.as.client.UserInfoClient)36
Jwt (io.jans.as.model.jwt.Jwt)30
RSAPublicKey (io.jans.as.model.crypto.signature.RSAPublicKey)24
RSASigner (io.jans.as.model.jws.RSASigner)24
ClientInfoClient (io.jans.as.client.ClientInfoClient)16
