Example 6 with TokenClient
use of io.jans.as.client.TokenClient in project jans by JanssenProject.
the class SectorIdentifierUrlVerificationHttpTest method requestAuthorizationCodeWithPairwiseSectorIdentifierType.
public String requestAuthorizationCodeWithPairwiseSectorIdentifierType(final String redirectUri, final String userId, final String userSecret, final String clientId, final String clientSecret, final List<ResponseType> responseTypes) throws Exception {
// 1. Request authorization and receive the authorization code.
List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
String state = UUID.randomUUID().toString();
String nonce = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
authorizationRequest.setAuthUsername(userId);
authorizationRequest.setAuthPassword(userSecret);
authorizationRequest.getPrompts().add(Prompt.NONE);
AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
authorizeClient.setRequest(authorizationRequest);
AuthorizationResponse authorizationResponse = authorizeClient.exec();
showClient(authorizeClient);
assertEquals(authorizationResponse.getStatus(), 302, "Unexpected response code: " + authorizationResponse.getStatus());
assertAuthorizationResponse(authorizationResponse, true);
assertEquals(authorizationResponse.getState(), state);
String authorizationCode = authorizationResponse.getCode();
String idToken = authorizationResponse.getIdToken();
// 2. Validate id_token
Jwt jwt = Jwt.parse(idToken);
assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.TYPE));
assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUER));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUDIENCE));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.CODE_HASH));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUTHENTICATION_TIME));
RSAPublicKey publicKey = JwkClient.getRSAPublicKey(jwksUri, jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID));
RSASigner rsaSigner = new RSASigner(SignatureAlgorithm.RS256, publicKey);
assertTrue(rsaSigner.validate(jwt));
String sub = jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER);
// 3. Request access token using the authorization code.
TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
tokenRequest.setCode(authorizationCode);
tokenRequest.setRedirectUri(redirectUri);
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword(clientSecret);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_POST);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertTokenResponseOk(tokenResponse, true);
String accessToken = tokenResponse.getAccessToken();
// 4. Request user info
UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
UserInfoResponse userInfoResponse = userInfoClient.execUserInfo(accessToken);
showClient(userInfoClient);
assertUserInfoBasicMinimumResponseOk(userInfoResponse, 200);
assertUserInfoPersonalDataNotNull(userInfoResponse);
return sub;
}
Also used :
AuthorizationRequest(io.jans.as.client.AuthorizationRequest)
Jwt(io.jans.as.model.jwt.Jwt)
UserInfoClient(io.jans.as.client.UserInfoClient)
AuthorizationResponse(io.jans.as.client.AuthorizationResponse)
RSAPublicKey(io.jans.as.model.crypto.signature.RSAPublicKey)
TokenResponse(io.jans.as.client.TokenResponse)
RSASigner(io.jans.as.model.jws.RSASigner)
TokenRequest(io.jans.as.client.TokenRequest)
UserInfoResponse(io.jans.as.client.UserInfoResponse)
AuthorizeClient(io.jans.as.client.AuthorizeClient)
TokenClient(io.jans.as.client.TokenClient)
Example 7 with TokenClient
use of io.jans.as.client.TokenClient in project jans by JanssenProject.
the class SectorIdentifierUrlVerificationHttpTest method requestAuthorizationCodeWithPublicSectorIdentifierType.
public String requestAuthorizationCodeWithPublicSectorIdentifierType(final String redirectUris, final String redirectUri, final String userId, final String userSecret) throws Exception {
List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE, ResponseType.ID_TOKEN);
// 1. Register client with Sector Identifier URL
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.addCustomAttribute("jansTrustedClnt", "true");
registerRequest.setResponseTypes(responseTypes);
registerRequest.setSubjectType(SubjectType.PUBLIC);
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.CLIENT_SECRET_POST);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertRegisterResponseOk(registerResponse, 201, true);
String clientId = registerResponse.getClientId();
String clientSecret = registerResponse.getClientSecret();
// 2. Request authorization and receive the authorization code.
List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
String state = UUID.randomUUID().toString();
String nonce = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
authorizationRequest.setAuthUsername(userId);
authorizationRequest.setAuthPassword(userSecret);
authorizationRequest.getPrompts().add(Prompt.NONE);
AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
authorizeClient.setRequest(authorizationRequest);
AuthorizationResponse authorizationResponse = authorizeClient.exec();
showClient(authorizeClient);
assertEquals(authorizationResponse.getStatus(), 302, "Unexpected response code: " + authorizationResponse.getStatus());
assertAuthorizationResponse(authorizationResponse, true);
assertEquals(authorizationResponse.getState(), state);
String authorizationCode = authorizationResponse.getCode();
String idToken = authorizationResponse.getIdToken();
// 3. Validate id_token
Jwt jwt = Jwt.parse(idToken);
assertJwtStandarClaimsNotNull(jwt, false);
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.CODE_HASH));
RSAPublicKey publicKey = JwkClient.getRSAPublicKey(jwksUri, jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID));
RSASigner rsaSigner = new RSASigner(SignatureAlgorithm.RS256, publicKey);
assertTrue(rsaSigner.validate(jwt));
String sub = jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER);
// 4. Request access token using the authorization code.
TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
tokenRequest.setCode(authorizationCode);
tokenRequest.setRedirectUri(redirectUri);
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword(clientSecret);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_POST);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertTokenResponseOk(tokenResponse, true);
String accessToken = tokenResponse.getAccessToken();
// 5. Request user info
UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
UserInfoResponse userInfoResponse = userInfoClient.execUserInfo(accessToken);
showClient(userInfoClient);
assertUserInfoBasicMinimumResponseOk(userInfoResponse, 200);
assertUserInfoPersonalDataNotNull(userInfoResponse);
return sub;
}
Also used :
RegisterRequest(io.jans.as.client.RegisterRequest)
AuthorizationRequest(io.jans.as.client.AuthorizationRequest)
Jwt(io.jans.as.model.jwt.Jwt)
UserInfoClient(io.jans.as.client.UserInfoClient)
ResponseType(io.jans.as.model.common.ResponseType)
AuthorizationResponse(io.jans.as.client.AuthorizationResponse)
RegisterResponse(io.jans.as.client.RegisterResponse)
RSAPublicKey(io.jans.as.model.crypto.signature.RSAPublicKey)
TokenResponse(io.jans.as.client.TokenResponse)
RegisterClient(io.jans.as.client.RegisterClient)
RSASigner(io.jans.as.model.jws.RSASigner)
TokenRequest(io.jans.as.client.TokenRequest)
UserInfoResponse(io.jans.as.client.UserInfoResponse)
AuthorizeClient(io.jans.as.client.AuthorizeClient)
TokenClient(io.jans.as.client.TokenClient)
Example 8 with TokenClient
use of io.jans.as.client.TokenClient in project jans by JanssenProject.
the class TokenEncryptionHttpDeprecated method requestIdTokenAlgA256KWEncA256GCM.
@Parameters({ "userId", "userSecret", "redirectUris", "sectorIdentifierUri" })
// @Test // Before run this test, set openidScopeBackwardCompatibility to true
@Deprecated
public void requestIdTokenAlgA256KWEncA256GCM(final String userId, final String userSecret, final String redirectUris, final String sectorIdentifierUri) {
try {
showTitle("requestIdTokenAlgA256KWEncA256GCM");
List<GrantType> grantTypes = Arrays.asList(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS);
// 1. Dynamic Client Registration
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setIdTokenEncryptedResponseAlg(KeyEncryptionAlgorithm.A256KW);
registerRequest.setIdTokenEncryptedResponseEnc(BlockEncryptionAlgorithm.A256GCM);
registerRequest.addCustomAttribute("jansTrustedClnt", "true");
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
registerRequest.setGrantTypes(grantTypes);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse response = registerClient.exec();
showClient(registerClient);
assertRegisterResponseOk(response, 200, false);
String clientId = response.getClientId();
String clientSecret = response.getClientSecret();
// 2. Request authorization
TokenRequest tokenRequest = new TokenRequest(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS);
tokenRequest.setUsername(userId);
tokenRequest.setPassword(userSecret);
tokenRequest.setScope("openid");
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword(clientSecret);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertTokenResponseOk(tokenResponse, true);
assertNotNull(tokenResponse.getScope(), "The scope is null");
assertNotNull(tokenResponse.getIdToken(), "The id token is null");
String idToken = tokenResponse.getIdToken();
// 3. Read Encrypted ID Token
Jwe jwe = Jwe.parse(idToken, null, clientSecret.getBytes(StandardCharsets.UTF_8));
assertJweStandarClaimsNotNull(jwe, false);
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.OX_OPENID_CONNECT_VERSION));
} catch (Exception ex) {
fail(ex.getMessage(), ex);
}
}
Also used :
RegisterRequest(io.jans.as.client.RegisterRequest)
RegisterResponse(io.jans.as.client.RegisterResponse)
TokenResponse(io.jans.as.client.TokenResponse)
RegisterClient(io.jans.as.client.RegisterClient)
TokenRequest(io.jans.as.client.TokenRequest)
Jwe(io.jans.as.model.jwe.Jwe)
GrantType(io.jans.as.model.common.GrantType)
TokenClient(io.jans.as.client.TokenClient)
Parameters(org.testng.annotations.Parameters)
Example 9 with TokenClient
use of io.jans.as.client.TokenClient in project jans by JanssenProject.
the class TokenEncryptionHttpDeprecated method requestIdTokenAlgRSA15EncA128CBCPLUSHS256.
@Parameters({ "userId", "userSecret", "redirectUris", "clientJwksUri", "RS256_enc_keyId", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
// @Test // Before run this test, set openidScopeBackwardCompatibility to true
@Deprecated
public void requestIdTokenAlgRSA15EncA128CBCPLUSHS256(final String userId, final String userSecret, final String redirectUris, final String jwksUri, final String keyId, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) {
try {
showTitle("requestIdTokenAlgRSA15EncA128CBCPLUSHS256");
List<GrantType> grantTypes = Arrays.asList(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS);
// 1. Dynamic Client Registration
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setJwksUri(jwksUri);
registerRequest.setIdTokenEncryptedResponseAlg(KeyEncryptionAlgorithm.RSA1_5);
registerRequest.setIdTokenEncryptedResponseEnc(BlockEncryptionAlgorithm.A128CBC_PLUS_HS256);
registerRequest.addCustomAttribute("jansTrustedClnt", "true");
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
registerRequest.setGrantTypes(grantTypes);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse response = registerClient.exec();
showClient(registerClient);
assertRegisterResponseOk(response, 200, false);
String clientId = response.getClientId();
String clientSecret = response.getClientSecret();
// 2. Request authorization
TokenRequest tokenRequest = new TokenRequest(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS);
tokenRequest.setUsername(userId);
tokenRequest.setPassword(userSecret);
tokenRequest.setScope("openid");
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword(clientSecret);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertTokenResponseOk(tokenResponse, true);
assertNotNull(tokenResponse.getScope(), "The scope is null");
assertNotNull(tokenResponse.getIdToken(), "The id token is null");
String idToken = tokenResponse.getIdToken();
// 3. Read Encrypted ID Token
AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, null);
PrivateKey privateKey = cryptoProvider.getPrivateKey(keyId);
Jwe jwe = Jwe.parse(idToken, privateKey, null);
assertJweStandarClaimsNotNull(jwe, false);
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.OX_OPENID_CONNECT_VERSION));
} catch (Exception ex) {
fail(ex.getMessage(), ex);
}
}
Also used :
RegisterRequest(io.jans.as.client.RegisterRequest)
PrivateKey(java.security.PrivateKey)
GrantType(io.jans.as.model.common.GrantType)
RegisterResponse(io.jans.as.client.RegisterResponse)
TokenResponse(io.jans.as.client.TokenResponse)
RegisterClient(io.jans.as.client.RegisterClient)
TokenRequest(io.jans.as.client.TokenRequest)
Jwe(io.jans.as.model.jwe.Jwe)
TokenClient(io.jans.as.client.TokenClient)
AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider)
Parameters(org.testng.annotations.Parameters)
Example 10 with TokenClient
use of io.jans.as.client.TokenClient in project jans by JanssenProject.
the class ResponseTypesRestrictionHttpTest method omittedResponseTypes.
/**
* Registering without provide the response_types param, should register the Client using only
* the <code>code</code> response type.
*/
@Parameters({ "redirectUris", "userId", "userSecret", "redirectUri", "sectorIdentifierUri" })
@Test
public void omittedResponseTypes(final String redirectUris, final String userId, final String userSecret, final String redirectUri, final String sectorIdentifierUri) throws Exception {
showTitle("omittedResponseTypes");
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.CLIENT_SECRET_POST);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertRegisterResponseOk(registerResponse, 201, true);
String clientId = registerResponse.getClientId();
String clientSecret = registerResponse.getClientSecret();
String registrationAccessToken = registerResponse.getRegistrationAccessToken();
String registrationClientUri = registerResponse.getRegistrationClientUri();
// 2. Client read
RegisterRequest readClientRequest = new RegisterRequest(registrationAccessToken);
RegisterClient readClient = new RegisterClient(registrationClientUri);
readClient.setRequest(readClientRequest);
RegisterResponse readClientResponse = readClient.exec();
showClient(readClient);
assertRegisterResponseOk(readClientResponse, 200, false);
assertRegisterResponseClaimsNotNull(readClientResponse, RESPONSE_TYPES, REDIRECT_URIS.APPLICATION_TYPE, CLIENT_NAME, ID_TOKEN_SIGNED_RESPONSE_ALG, SCOPE);
// 3. Request authorization
List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE);
List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, null);
authorizationRequest.setState(state);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
assertAuthorizationResponse(authorizationResponse, true);
String authorizationCode = authorizationResponse.getCode();
// 4. Get Access Token
TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
tokenRequest.setCode(authorizationCode);
tokenRequest.setRedirectUri(redirectUri);
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword(clientSecret);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_POST);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertTokenResponseOk(tokenResponse, true);
}
Also used :
RegisterRequest(io.jans.as.client.RegisterRequest)
RegisterResponse(io.jans.as.client.RegisterResponse)
AuthorizationRequest(io.jans.as.client.AuthorizationRequest)
TokenResponse(io.jans.as.client.TokenResponse)
RegisterClient(io.jans.as.client.RegisterClient)
TokenRequest(io.jans.as.client.TokenRequest)
TokenClient(io.jans.as.client.TokenClient)
ResponseType(io.jans.as.model.common.ResponseType)
AuthorizationResponse(io.jans.as.client.AuthorizationResponse)
Parameters(org.testng.annotations.Parameters)
Test(org.testng.annotations.Test)
BaseTest(io.jans.as.client.BaseTest)
Aggregations
TokenClient (io.jans.as.client.TokenClient)263
TokenResponse (io.jans.as.client.TokenResponse)263
Parameters (org.testng.annotations.Parameters)245
TokenRequest (io.jans.as.client.TokenRequest)240
RegisterResponse (io.jans.as.client.RegisterResponse)239
Test (org.testng.annotations.Test)239
BaseTest (io.jans.as.client.BaseTest)238
RegisterClient (io.jans.as.client.RegisterClient)223
RegisterRequest (io.jans.as.client.RegisterRequest)223
ResponseType (io.jans.as.model.common.ResponseType)176
AuthorizationResponse (io.jans.as.client.AuthorizationResponse)173
AuthorizationRequest (io.jans.as.client.AuthorizationRequest)159
AuthCryptoProvider (io.jans.as.model.crypto.AuthCryptoProvider)151
GrantType (io.jans.as.model.common.GrantType)53
UserInfoResponse (io.jans.as.client.UserInfoResponse)37
UserInfoClient (io.jans.as.client.UserInfoClient)36
Jwt (io.jans.as.model.jwt.Jwt)30
RSAPublicKey (io.jans.as.model.crypto.signature.RSAPublicKey)24
RSASigner (io.jans.as.model.jws.RSASigner)24
ClientInfoClient (io.jans.as.client.ClientInfoClient)16
