Search in sources :

Example 86 with TokenClient

use of io.jans.as.client.TokenClient in project jans by JanssenProject.

the class CanMakeAccessTokenRequestWithClientSecretPostAuthentication method canMakeAccessTokenRequestWithClientSecretPostAuthentication.

@Parameters({ "redirectUris", "redirectUri", "userId", "userSecret", "sectorIdentifierUri" })
@Test
public void canMakeAccessTokenRequestWithClientSecretPostAuthentication(final String redirectUris, final String redirectUri, final String userId, final String userSecret, final String sectorIdentifierUri) throws Exception {
    showTitle("OC5:FeatureTest-Can Make Access Token Request with client secret post Authentication");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE);
    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.CLIENT_SECRET_POST);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(registerResponse, 201, true);
    String clientId = registerResponse.getClientId();
    String clientSecret = registerResponse.getClientSecret();
    // 2. Request authorization
    List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
    String state = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, null);
    authorizationRequest.setState(state);
    AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
    assertAuthorizationResponse(authorizationResponse, responseTypes, true);
    String authorizationCode = authorizationResponse.getCode();
    // 3. Get Access Token
    TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
    tokenRequest.setCode(authorizationCode);
    tokenRequest.setRedirectUri(redirectUri);
    tokenRequest.setAuthUsername(clientId);
    tokenRequest.setAuthPassword(clientSecret);
    tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_POST);
    TokenClient tokenClient = new TokenClient(tokenEndpoint);
    tokenClient.setRequest(tokenRequest);
    TokenResponse tokenResponse = tokenClient.exec();
    showClient(tokenClient);
    assertTokenResponseOk(tokenResponse, true);
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) RegisterResponse(io.jans.as.client.RegisterResponse) AuthorizationRequest(io.jans.as.client.AuthorizationRequest) TokenResponse(io.jans.as.client.TokenResponse) RegisterClient(io.jans.as.client.RegisterClient) TokenRequest(io.jans.as.client.TokenRequest) TokenClient(io.jans.as.client.TokenClient) ResponseType(io.jans.as.model.common.ResponseType) AuthorizationResponse(io.jans.as.client.AuthorizationResponse) Parameters(org.testng.annotations.Parameters) BaseTest(io.jans.as.client.BaseTest) Test(org.testng.annotations.Test)

Example 87 with TokenClient

use of io.jans.as.client.TokenClient in project jans by JanssenProject.

the class ProvidingIdTokenWithMaxAgeRestriction method providingIdTokenWithMaxAgeRestrictionJwtAuthorizationRequest.

@Parameters({ "userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri" })
@Test
public void providingIdTokenWithMaxAgeRestrictionJwtAuthorizationRequest(final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri) throws Exception {
    showTitle("OC5:FeatureTest-Providing ID Token with max age Restriction (JWT Authorization Request)");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE, ResponseType.ID_TOKEN);
    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setResponseTypes(responseTypes);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(registerResponse, 201, true);
    String clientId = registerResponse.getClientId();
    String clientSecret = registerResponse.getClientSecret();
    String sessionId;
    {
        // 2. Request authorization
        List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
        String nonce = UUID.randomUUID().toString();
        String state = UUID.randomUUID().toString();
        AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
        authorizationRequest.setState(state);
        AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
        assertAuthorizationResponse(authorizationResponse, responseTypes, true);
        String authorizationCode = authorizationResponse.getCode();
        sessionId = authorizationResponse.getSessionId();
        // 3. Get Access Token
        TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
        tokenRequest.setCode(authorizationCode);
        tokenRequest.setRedirectUri(redirectUri);
        tokenRequest.setAuthUsername(clientId);
        tokenRequest.setAuthPassword(clientSecret);
        tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_BASIC);
        TokenClient tokenClient = new TokenClient(tokenEndpoint);
        tokenClient.setRequest(tokenRequest);
        TokenResponse tokenResponse = tokenClient.exec();
        showClient(tokenClient);
        assertTokenResponseOk(tokenResponse, true);
    }
    Thread.sleep(60000);
    {
        // 4. Request authorization
        AuthCryptoProvider cryptoProvider = new AuthCryptoProvider();
        List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
        String nonce = UUID.randomUUID().toString();
        String state = UUID.randomUUID().toString();
        AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
        authorizationRequest.setState(state);
        authorizationRequest.setSessionId(sessionId);
        JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, SignatureAlgorithm.HS256, clientSecret, cryptoProvider);
        jwtAuthorizationRequest.getIdTokenMember().setMaxAge(30);
        String authJwt = jwtAuthorizationRequest.getEncodedJwt();
        authorizationRequest.setRequest(authJwt);
        AuthorizationResponse authorizationResponse = authenticateResourceOwner(authorizationEndpoint, authorizationRequest, userId, userSecret, false);
        assertAuthorizationResponse(authorizationResponse, responseTypes, true);
        String authorizationCode = authorizationResponse.getCode();
        // 5. Get Access Token
        TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
        tokenRequest.setCode(authorizationCode);
        tokenRequest.setRedirectUri(redirectUri);
        tokenRequest.setAuthUsername(clientId);
        tokenRequest.setAuthPassword(clientSecret);
        tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_BASIC);
        TokenClient tokenClient = new TokenClient(tokenEndpoint);
        tokenClient.setRequest(tokenRequest);
        TokenResponse tokenResponse = tokenClient.exec();
        showClient(tokenClient);
        assertTokenResponseOk(tokenResponse, true);
    }
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) AuthorizationRequest(io.jans.as.client.AuthorizationRequest) JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest) ResponseType(io.jans.as.model.common.ResponseType) AuthorizationResponse(io.jans.as.client.AuthorizationResponse) RegisterResponse(io.jans.as.client.RegisterResponse) TokenResponse(io.jans.as.client.TokenResponse) RegisterClient(io.jans.as.client.RegisterClient) TokenRequest(io.jans.as.client.TokenRequest) JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest) List(java.util.List) TokenClient(io.jans.as.client.TokenClient) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Example 88 with TokenClient

use of io.jans.as.client.TokenClient in project jans by JanssenProject.

the class RejectsSecondUseOfAccessCode method rejectsSecondUseOfAccessCode.

@Parameters({ "userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri" })
@Test
public void rejectsSecondUseOfAccessCode(final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri) throws Exception {
    showTitle("OC5:FeatureTest-Rejects Second Use of Access Code");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE, ResponseType.ID_TOKEN);
    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setResponseTypes(responseTypes);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(registerResponse, 201, true);
    String clientId = registerResponse.getClientId();
    String clientSecret = registerResponse.getClientSecret();
    // 2. Request authorization and receive the authorization code.
    List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
    String state = UUID.randomUUID().toString();
    String nonce = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    authorizationRequest.setState(state);
    AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
    assertAuthorizationResponse(authorizationResponse, true);
    assertNotNull(authorizationResponse.getIdToken(), "The id token is null");
    String scope = authorizationResponse.getScope();
    String authorizationCode = authorizationResponse.getCode();
    // 3. Request access token using the authorization code.
    String accessToken;
    String refreshToken;
    {
        TokenClient tokenClient = new TokenClient(tokenEndpoint);
        TokenResponse tokenResponse = tokenClient.execAuthorizationCode(authorizationCode, redirectUri, clientId, clientSecret);
        showClient(tokenClient);
        assertTokenResponseOk(tokenResponse, true);
        accessToken = tokenResponse.getAccessToken();
        refreshToken = tokenResponse.getRefreshToken();
    }
    // 4. Request user info
    {
        UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
        UserInfoResponse userInfoResponse = userInfoClient.execUserInfo(accessToken);
        showClient(userInfoClient);
        assertUserInfoBasicMinimumResponseOk(userInfoResponse, 200);
        assertUserInfoPersonalDataNotNull(userInfoResponse);
    }
    // 5. Request access token using the same authorization code one more time. This call must fail.
    {
        TokenClient tokenClient = new TokenClient(tokenEndpoint);
        TokenResponse tokenResponse = tokenClient.execAuthorizationCode(authorizationCode, redirectUri, clientId, clientSecret);
        showClient(tokenClient);
        assertEquals(tokenResponse.getStatus(), 400, "Unexpected response code: " + tokenResponse.getStatus());
        assertNotNull(tokenResponse.getEntity(), "The entity is null");
        assertNotNull(tokenResponse.getErrorType(), "The error type is null");
        assertNotNull(tokenResponse.getErrorDescription(), "The error description is null");
    }
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) AuthorizationRequest(io.jans.as.client.AuthorizationRequest) UserInfoClient(io.jans.as.client.UserInfoClient) ResponseType(io.jans.as.model.common.ResponseType) AuthorizationResponse(io.jans.as.client.AuthorizationResponse) RegisterResponse(io.jans.as.client.RegisterResponse) TokenResponse(io.jans.as.client.TokenResponse) RegisterClient(io.jans.as.client.RegisterClient) UserInfoResponse(io.jans.as.client.UserInfoResponse) TokenClient(io.jans.as.client.TokenClient) Parameters(org.testng.annotations.Parameters) BaseTest(io.jans.as.client.BaseTest) Test(org.testng.annotations.Test)

Example 89 with TokenClient

use of io.jans.as.client.TokenClient in project jans by JanssenProject.

the class SecondUseOfAccessCodeRevokesPreviouslyIssuedAccessToken method secondUseOfAccessCodeRevokesPreviouslyIssuedAccessToken.

@Parameters({ "userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri" })
@Test
public void secondUseOfAccessCodeRevokesPreviouslyIssuedAccessToken(final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri) throws Exception {
    showTitle("OC5:FeatureTest-Second Use of Access Code Revokes Previously Issued Access Token");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE, ResponseType.ID_TOKEN);
    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setResponseTypes(responseTypes);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(registerResponse, 201, true);
    String clientId = registerResponse.getClientId();
    String clientSecret = registerResponse.getClientSecret();
    // 2. Request authorization and receive the authorization code.
    List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
    String state = UUID.randomUUID().toString();
    String nonce = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    authorizationRequest.setState(state);
    AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
    assertAuthorizationResponse(authorizationResponse, true);
    assertNotNull(authorizationResponse.getIdToken(), "The id token is null");
    String scope = authorizationResponse.getScope();
    String authorizationCode = authorizationResponse.getCode();
    // 3. Request access token using the authorization code.
    String accessToken;
    String refreshToken;
    {
        TokenClient tokenClient = new TokenClient(tokenEndpoint);
        TokenResponse tokenResponse = tokenClient.execAuthorizationCode(authorizationCode, redirectUri, clientId, clientSecret);
        showClient(tokenClient);
        assertTokenResponseOk(tokenResponse, true);
        accessToken = tokenResponse.getAccessToken();
        refreshToken = tokenResponse.getRefreshToken();
    }
    // 4. Request user info
    {
        UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
        UserInfoResponse userInfoResponse = userInfoClient.execUserInfo(accessToken);
        showClient(userInfoClient);
        assertUserInfoBasicMinimumResponseOk(userInfoResponse, 200);
        assertUserInfoPersonalDataNotNull(userInfoResponse);
    }
    // 5. Request access token using the same authorization code one more time. This call must fail.
    {
        TokenClient tokenClient = new TokenClient(tokenEndpoint);
        TokenResponse tokenResponse = tokenClient.execAuthorizationCode(authorizationCode, redirectUri, clientId, clientSecret);
        showClient(tokenClient);
        assertEquals(tokenResponse.getStatus(), 400, "Unexpected response code: " + tokenResponse.getStatus());
        assertNotNull(tokenResponse.getEntity(), "The entity is null");
        assertNotNull(tokenResponse.getErrorType(), "The error type is null");
        assertNotNull(tokenResponse.getErrorDescription(), "The error description is null");
    }
    // 6. Request user info. This call must fail.
    {
        UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
        UserInfoResponse userInfoResponse = userInfoClient.execUserInfo(accessToken);
        showClient(userInfoClient);
        assertEquals(userInfoResponse.getStatus(), 401, "Unexpected response code: " + userInfoResponse.getStatus());
        assertNotNull(userInfoResponse.getErrorType(), "Unexpected result: errorType not found");
        assertNotNull(userInfoResponse.getErrorDescription(), "Unexpected result: errorDescription not found");
    }
    // 7. Request new access token using the refresh token. This call must fail too.
    {
        TokenClient tokenClient = new TokenClient(tokenEndpoint);
        TokenResponse tokenResponse = tokenClient.execRefreshToken(scope, refreshToken, clientId, clientSecret);
        showClient(tokenClient);
        assertEquals(tokenResponse.getStatus(), 400, "Unexpected response code: " + tokenResponse.getStatus());
        assertNotNull(tokenResponse.getEntity(), "The entity is null");
        assertNotNull(tokenResponse.getErrorType(), "The error type is null");
        assertNotNull(tokenResponse.getErrorDescription(), "The error description is null");
    }
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) AuthorizationRequest(io.jans.as.client.AuthorizationRequest) UserInfoClient(io.jans.as.client.UserInfoClient) ResponseType(io.jans.as.model.common.ResponseType) AuthorizationResponse(io.jans.as.client.AuthorizationResponse) RegisterResponse(io.jans.as.client.RegisterResponse) TokenResponse(io.jans.as.client.TokenResponse) RegisterClient(io.jans.as.client.RegisterClient) UserInfoResponse(io.jans.as.client.UserInfoResponse) TokenClient(io.jans.as.client.TokenClient) Parameters(org.testng.annotations.Parameters) BaseTest(io.jans.as.client.BaseTest) Test(org.testng.annotations.Test)

Example 90 with TokenClient

use of io.jans.as.client.TokenClient in project jans by JanssenProject.

the class SupportAuthenticationToTokenEndpointUsingHttpBasicWithPost method supportAuthenticationToTokenEndpointUsingHttpBasicWithPost.

@Parameters({ "redirectUris", "redirectUri", "userId", "userSecret", "sectorIdentifierUri" })
@Test
public void supportAuthenticationToTokenEndpointUsingHttpBasicWithPost(final String redirectUris, final String redirectUri, final String userId, final String userSecret, final String sectorIdentifierUri) throws Exception {
    showTitle("OC5:FeatureTest-Support Authentication to Token Endpoint using HTTP Basic with POST");
    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.CLIENT_SECRET_BASIC);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(registerResponse, 201, true);
    String clientId = registerResponse.getClientId();
    String clientSecret = registerResponse.getClientSecret();
    // 2. Request authorization
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE);
    List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
    String state = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, null);
    authorizationRequest.setState(state);
    AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
    assertAuthorizationResponse(authorizationResponse, true);
    String authorizationCode = authorizationResponse.getCode();
    // 3. Get Access Token
    TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
    tokenRequest.setCode(authorizationCode);
    tokenRequest.setRedirectUri(redirectUri);
    tokenRequest.setAuthUsername(clientId);
    tokenRequest.setAuthPassword(clientSecret);
    tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_BASIC);
    TokenClient tokenClient = new TokenClient(tokenEndpoint);
    tokenClient.setRequest(tokenRequest);
    TokenResponse tokenResponse = tokenClient.exec();
    showClient(tokenClient);
    assertTokenResponseOk(tokenResponse, true);
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) RegisterResponse(io.jans.as.client.RegisterResponse) AuthorizationRequest(io.jans.as.client.AuthorizationRequest) TokenResponse(io.jans.as.client.TokenResponse) RegisterClient(io.jans.as.client.RegisterClient) TokenRequest(io.jans.as.client.TokenRequest) TokenClient(io.jans.as.client.TokenClient) ResponseType(io.jans.as.model.common.ResponseType) AuthorizationResponse(io.jans.as.client.AuthorizationResponse) Parameters(org.testng.annotations.Parameters) BaseTest(io.jans.as.client.BaseTest) Test(org.testng.annotations.Test)

Aggregations

TokenClient (io.jans.as.client.TokenClient)263 TokenResponse (io.jans.as.client.TokenResponse)263 Parameters (org.testng.annotations.Parameters)245 TokenRequest (io.jans.as.client.TokenRequest)240 RegisterResponse (io.jans.as.client.RegisterResponse)239 Test (org.testng.annotations.Test)239 BaseTest (io.jans.as.client.BaseTest)238 RegisterClient (io.jans.as.client.RegisterClient)223 RegisterRequest (io.jans.as.client.RegisterRequest)223 ResponseType (io.jans.as.model.common.ResponseType)176 AuthorizationResponse (io.jans.as.client.AuthorizationResponse)173 AuthorizationRequest (io.jans.as.client.AuthorizationRequest)159 AuthCryptoProvider (io.jans.as.model.crypto.AuthCryptoProvider)151 GrantType (io.jans.as.model.common.GrantType)53 UserInfoResponse (io.jans.as.client.UserInfoResponse)37 UserInfoClient (io.jans.as.client.UserInfoClient)36 Jwt (io.jans.as.model.jwt.Jwt)30 RSAPublicKey (io.jans.as.model.crypto.signature.RSAPublicKey)24 RSASigner (io.jans.as.model.jws.RSASigner)24 ClientInfoClient (io.jans.as.client.ClientInfoClient)16