Search in sources :

Example 11 with TokenClient

use of io.jans.as.client.TokenClient in project jans by JanssenProject.

the class SSOWithMultipleBackendServicesHttpTest method sessionWorkFlow1.

@Parameters({ "redirectUris", "userId", "userSecret", "redirectUri", "sectorIdentifierUri" })
@Test
public void sessionWorkFlow1(final String redirectUris, final String userId, final String userSecret, final String redirectUri, final String sectorIdentifierUri) throws Exception {
    showTitle("sessionWorkFlow1");
    // Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.CLIENT_SECRET_BASIC);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(registerResponse, 201, true);
    String clientId = registerResponse.getClientId();
    String clientSecret = registerResponse.getClientSecret();
    String state1 = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest1 = new AuthorizationRequest(Arrays.asList(ResponseType.CODE), clientId, Arrays.asList("openid", "profile", "email"), redirectUri, null);
    authorizationRequest1.setState(state1);
    authorizationRequest1.setRequestSessionId(true);
    AuthorizationResponse authorizationResponse1 = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest1, userId, userSecret);
    assertAuthorizationResponse(authorizationResponse1);
    assertNotNull(authorizationResponse1.getSessionId(), "The session id is null");
    assertEquals(authorizationResponse1.getState(), state1);
    String code1 = authorizationResponse1.getCode();
    String sessionId = authorizationResponse1.getSessionId();
    // TV sends the code to the Backend
    // We don't use httpClient and cookieStore during this call
    // //////////////////////////////////////////////
    // Backend  1 side. Code 1        //
    // //////////////////////////////////////////////
    // Get the access token
    TokenClient tokenClient1 = new TokenClient(tokenEndpoint);
    TokenResponse tokenResponse1 = tokenClient1.execAuthorizationCode(code1, redirectUri, clientId, clientSecret);
    showClient(tokenClient1);
    assertTokenResponseOk(tokenResponse1, true);
    String accessToken1 = tokenResponse1.getAccessToken();
    // Get the user's claims
    UserInfoClient userInfoClient1 = new UserInfoClient(userInfoEndpoint);
    UserInfoResponse userInfoResponse1 = userInfoClient1.execUserInfo(accessToken1);
    showClient(userInfoClient1);
    assertEquals(userInfoResponse1.getStatus(), 200, "Unexpected response code: " + userInfoResponse1.getStatus());
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.SUBJECT_IDENTIFIER), "Unexpected result: subject not found");
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.NAME), "Unexpected result: name not found");
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.GIVEN_NAME), "Unexpected result: given_name not found");
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.FAMILY_NAME), "Unexpected result: family_name not found");
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.EMAIL), "Unexpected result: email not found");
    // //////////////////////////////////////////////
    // TV side. Code 2                //
    // //////////////////////////////////////////////
    String state2 = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest2 = new AuthorizationRequest(Arrays.asList(ResponseType.CODE), clientId, Arrays.asList("openid", "profile", "email"), redirectUri, null);
    authorizationRequest2.getPrompts().add(Prompt.NONE);
    authorizationRequest2.setState(state2);
    authorizationRequest2.setSessionId(sessionId);
    AuthorizeClient authorizeClient2 = new AuthorizeClient(authorizationEndpoint);
    authorizeClient2.setRequest(authorizationRequest2);
    AuthorizationResponse authorizationResponse2 = authorizeClient2.exec();
    showClient(authorizeClient2);
    assertEquals(authorizationResponse2.getStatus(), 302, "Unexpected response code: " + authorizationResponse2.getStatus());
    assertNotNull(authorizationResponse2.getLocation(), "The location is null");
    assertNotNull(authorizationResponse2.getCode(), "The authorization code is null");
    assertNotNull(authorizationResponse2.getScope(), "The scope is null");
    assertNotNull(authorizationResponse2.getState(), "The state is null");
    assertEquals(authorizationResponse2.getState(), state2);
    String code2 = authorizationResponse2.getCode();
    // TV sends the code to the Backend
    // We don't use httpClient and cookieStore during this call
    // //////////////////////////////////////////////
    // Backend  2 side. Code 2        //
    // //////////////////////////////////////////////
    // Get the access token
    TokenClient tokenClient2 = new TokenClient(tokenEndpoint);
    TokenResponse tokenResponse2 = tokenClient2.execAuthorizationCode(code2, redirectUri, clientId, clientSecret);
    showClient(tokenClient2);
    assertEquals(tokenResponse2.getStatus(), 200, "Unexpected response code: " + tokenResponse2.getStatus());
    assertNotNull(tokenResponse2.getEntity(), "The entity is null");
    assertNotNull(tokenResponse2.getAccessToken(), "The access token is null");
    assertNotNull(tokenResponse2.getExpiresIn(), "The expires in value is null");
    assertNotNull(tokenResponse2.getTokenType(), "The token type is null");
    assertNotNull(tokenResponse2.getRefreshToken(), "The refresh token is null");
    String accessToken2 = tokenResponse2.getAccessToken();
    // Get the user's claims
    UserInfoClient userInfoClient2 = new UserInfoClient(userInfoEndpoint);
    UserInfoResponse userInfoResponse2 = userInfoClient2.execUserInfo(accessToken2);
    showClient(userInfoClient2);
    assertEquals(userInfoResponse2.getStatus(), 200, "Unexpected response code: " + userInfoResponse2.getStatus());
    assertNotNull(userInfoResponse2.getClaim(JwtClaimName.SUBJECT_IDENTIFIER), "Unexpected result: subject not found");
    assertNotNull(userInfoResponse2.getClaim(JwtClaimName.NAME), "Unexpected result: name not found");
    assertNotNull(userInfoResponse2.getClaim(JwtClaimName.GIVEN_NAME), "Unexpected result: given_name not found");
    assertNotNull(userInfoResponse2.getClaim(JwtClaimName.FAMILY_NAME), "Unexpected result: family_name not found");
    assertNotNull(userInfoResponse2.getClaim(JwtClaimName.EMAIL), "Unexpected result: email not found");
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) RegisterResponse(io.jans.as.client.RegisterResponse) AuthorizationRequest(io.jans.as.client.AuthorizationRequest) TokenResponse(io.jans.as.client.TokenResponse) RegisterClient(io.jans.as.client.RegisterClient) UserInfoResponse(io.jans.as.client.UserInfoResponse) TokenClient(io.jans.as.client.TokenClient) AuthorizeClient(io.jans.as.client.AuthorizeClient) UserInfoClient(io.jans.as.client.UserInfoClient) AuthorizationResponse(io.jans.as.client.AuthorizationResponse) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Example 12 with TokenClient

use of io.jans.as.client.TokenClient in project jans by JanssenProject.

the class SSOWithMultipleBackendServicesHttpTest method sessionWorkFlow2.

@Parameters({ "redirectUris", "redirectUri", "userInum", "userEmail", "sectorIdentifierUri" })
@Test
public void sessionWorkFlow2(final String redirectUris, final String redirectUri, final String userInum, final String userEmail, final String sectorIdentifierUri) throws Exception {
    showTitle("sessionWorkFlow2");
    // Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.CLIENT_SECRET_POST);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(registerResponse, 201, true);
    String clientId = registerResponse.getClientId();
    String clientSecret = registerResponse.getClientSecret();
    // Authorization code flow to authenticate on B1
    String state1 = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest1 = new AuthorizationRequest(Arrays.asList(ResponseType.CODE), clientId, Arrays.asList("openid", "profile", "email"), redirectUri, null);
    authorizationRequest1.addCustomParameter("mail", userEmail);
    authorizationRequest1.addCustomParameter("inum", userInum);
    authorizationRequest1.getPrompts().add(Prompt.NONE);
    authorizationRequest1.setState(state1);
    authorizationRequest1.setAuthorizationMethod(AuthorizationMethod.FORM_ENCODED_BODY_PARAMETER);
    authorizationRequest1.setRequestSessionId(true);
    AuthorizationResponse authorizationResponse1 = authorizationRequestAndGrantAccess(authorizationEndpoint, authorizationRequest1);
    assertAuthorizationResponse(authorizationResponse1);
    assertNotNull(authorizationResponse1.getSessionId(), "The session id is null");
    assertEquals(authorizationRequest1.getState(), state1);
    String authorizationCode1 = authorizationResponse1.getCode();
    String sessionId = authorizationResponse1.getSessionId();
    TokenRequest tokenRequest1 = new TokenRequest(GrantType.AUTHORIZATION_CODE);
    tokenRequest1.setCode(authorizationCode1);
    tokenRequest1.setRedirectUri(redirectUri);
    tokenRequest1.setAuthUsername(clientId);
    tokenRequest1.setAuthPassword(clientSecret);
    tokenRequest1.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_POST);
    TokenClient tokenClient1 = new TokenClient(tokenEndpoint);
    tokenClient1.setRequest(tokenRequest1);
    TokenResponse tokenResponse1 = tokenClient1.exec();
    showClient(tokenClient1);
    assertTokenResponseOk(tokenResponse1, true);
    // User wants to authenticate on B2 (without sending its credentials)
    String state2 = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest2 = new AuthorizationRequest(Arrays.asList(ResponseType.CODE), clientId, Arrays.asList("openid", "profile", "email"), redirectUri, null);
    authorizationRequest2.getPrompts().add(Prompt.NONE);
    authorizationRequest2.setState(state2);
    authorizationRequest2.setSessionId(sessionId);
    AuthorizeClient authorizeClient2 = new AuthorizeClient(authorizationEndpoint);
    authorizeClient2.setRequest(authorizationRequest2);
    AuthorizationResponse authorizationResponse2 = authorizeClient2.exec();
    showClient(authorizeClient2);
    assertEquals(authorizationResponse2.getStatus(), 302, "Unexpected response code: " + authorizationResponse2.getStatus());
    assertNotNull(authorizationResponse2.getLocation(), "The location is null");
    assertNotNull(authorizationResponse2.getCode(), "The authorization code is null");
    assertNotNull(authorizationResponse2.getScope(), "The scope is null");
    assertNotNull(authorizationResponse2.getState(), "The state is null");
    assertEquals(authorizationResponse2.getState(), state2);
    String authorizationCode2 = authorizationResponse2.getCode();
    TokenRequest tokenRequest2 = new TokenRequest(GrantType.AUTHORIZATION_CODE);
    tokenRequest2.setCode(authorizationCode2);
    tokenRequest2.setRedirectUri(redirectUri);
    tokenRequest2.setAuthUsername(clientId);
    tokenRequest2.setAuthPassword(clientSecret);
    tokenRequest2.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_POST);
    TokenClient tokenClient2 = new TokenClient(tokenEndpoint);
    tokenClient2.setRequest(tokenRequest2);
    TokenResponse tokenResponse2 = tokenClient2.exec();
    showClient(tokenClient2);
    assertEquals(tokenResponse2.getStatus(), 200, "Unexpected response code: " + tokenResponse2.getStatus());
    assertNotNull(tokenResponse2.getEntity(), "The entity is null");
    assertNotNull(tokenResponse2.getAccessToken(), "The access token is null");
    assertNotNull(tokenResponse2.getExpiresIn(), "The expires in value is null");
    assertNotNull(tokenResponse2.getTokenType(), "The token type is null");
    assertNotNull(tokenResponse2.getRefreshToken(), "The refresh token is null");
    // User wants to authenticate on B3 (without sending its credentials)
    String state3 = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest3 = new AuthorizationRequest(Arrays.asList(ResponseType.CODE), clientId, Arrays.asList("openid", "profile", "email"), redirectUri, null);
    authorizationRequest3.getPrompts().add(Prompt.NONE);
    authorizationRequest3.setState(state3);
    authorizationRequest3.setSessionId(sessionId);
    AuthorizeClient authorizeClient3 = new AuthorizeClient(authorizationEndpoint);
    authorizeClient3.setRequest(authorizationRequest3);
    AuthorizationResponse authorizationResponse3 = authorizeClient3.exec();
    showClient(authorizeClient3);
    assertEquals(authorizationResponse3.getStatus(), 302, "Unexpected response code: " + authorizationResponse3.getStatus());
    assertNotNull(authorizationResponse3.getLocation(), "The location is null");
    assertNotNull(authorizationResponse3.getCode(), "The authorization code is null");
    assertNotNull(authorizationResponse3.getScope(), "The scope is null");
    assertNotNull(authorizationResponse3.getState(), "The state is null");
    assertEquals(authorizationResponse3.getState(), state3);
    String authorizationCode3 = authorizationResponse3.getCode();
    TokenRequest tokenRequest3 = new TokenRequest(GrantType.AUTHORIZATION_CODE);
    tokenRequest3.setCode(authorizationCode3);
    tokenRequest3.setRedirectUri(redirectUri);
    tokenRequest3.setAuthUsername(clientId);
    tokenRequest3.setAuthPassword(clientSecret);
    tokenRequest3.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_POST);
    TokenClient tokenClient3 = new TokenClient(tokenEndpoint);
    tokenClient3.setRequest(tokenRequest3);
    TokenResponse tokenResponse3 = tokenClient3.exec();
    showClient(tokenClient3);
    assertTokenResponseOk(tokenResponse3, true);
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) RegisterResponse(io.jans.as.client.RegisterResponse) AuthorizationRequest(io.jans.as.client.AuthorizationRequest) TokenResponse(io.jans.as.client.TokenResponse) RegisterClient(io.jans.as.client.RegisterClient) TokenRequest(io.jans.as.client.TokenRequest) TokenClient(io.jans.as.client.TokenClient) AuthorizeClient(io.jans.as.client.AuthorizeClient) AuthorizationResponse(io.jans.as.client.AuthorizationResponse) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Example 13 with TokenClient

use of io.jans.as.client.TokenClient in project jans by JanssenProject.

the class TokenEndpointAuthMethodRestrictionHttpTest method tokenEndpointAuthMethodPrivateKeyJwtSigningAlgES512Fail1.

@Parameters({ "redirectUris", "redirectUri", "userId", "userSecret", "clientJwksUri", "RS256_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
@Test
public void tokenEndpointAuthMethodPrivateKeyJwtSigningAlgES512Fail1(final String redirectUris, final String redirectUri, final String userId, final String userSecret, final String clientJwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
    showTitle("tokenEndpointAuthMethodPrivateKeyJwtSigningAlgES512Fail1");
    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    registerRequest.setTokenEndpointAuthSigningAlg(SignatureAlgorithm.ES512);
    registerRequest.setJwksUri(clientJwksUri);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(registerResponse, 201, true);
    String clientId = registerResponse.getClientId();
    String registrationAccessToken = registerResponse.getRegistrationAccessToken();
    String registrationClientUri = registerResponse.getRegistrationClientUri();
    // 2. Client read
    RegisterRequest readClientRequest = new RegisterRequest(registrationAccessToken);
    RegisterClient readClient = new RegisterClient(registrationClientUri);
    readClient.setRequest(readClientRequest);
    RegisterResponse readClientResponse = readClient.exec();
    showClient(readClient);
    assertRegisterResponseOk(readClientResponse, 200, false);
    assertTrue(readClientResponse.getClaims().containsKey(TOKEN_ENDPOINT_AUTH_METHOD.toString()));
    assertEquals(readClientResponse.getClaims().get(TOKEN_ENDPOINT_AUTH_METHOD.toString()), AuthenticationMethod.PRIVATE_KEY_JWT.toString());
    assertTrue(readClientResponse.getClaims().containsKey(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString()));
    assertEquals(readClientResponse.getClaims().get(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString()), SignatureAlgorithm.ES512.toString());
    assertRegisterResponseClaimsNotNull(readClientResponse, RESPONSE_TYPES, REDIRECT_URIS.APPLICATION_TYPE, CLIENT_NAME, ID_TOKEN_SIGNED_RESPONSE_ALG, SCOPE);
    // 3. Request authorization
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE);
    List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
    String state = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, null);
    authorizationRequest.setState(state);
    AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
    assertAuthorizationResponse(authorizationResponse, true);
    assertNull(authorizationResponse.getIdToken(), "The id token is not null");
    String authorizationCode = authorizationResponse.getCode();
    // 4. Get Access Token
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
    tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    tokenRequest.setAlgorithm(SignatureAlgorithm.RS256);
    tokenRequest.setCryptoProvider(cryptoProvider);
    tokenRequest.setKeyId(keyId);
    tokenRequest.setAudience(tokenEndpoint);
    tokenRequest.setCode(authorizationCode);
    tokenRequest.setRedirectUri(redirectUri);
    tokenRequest.setAuthUsername(clientId);
    TokenClient tokenClient = new TokenClient(tokenEndpoint);
    tokenClient.setRequest(tokenRequest);
    TokenResponse tokenResponse = tokenClient.exec();
    showClient(tokenClient);
    assertEquals(tokenResponse.getStatus(), 401, "Unexpected response code: " + tokenResponse.getStatus());
    assertNotNull(tokenResponse.getErrorType(), "The error type is null");
    assertNotNull(tokenResponse.getErrorDescription(), "The error description is null");
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) AuthorizationRequest(io.jans.as.client.AuthorizationRequest) ResponseType(io.jans.as.model.common.ResponseType) AuthorizationResponse(io.jans.as.client.AuthorizationResponse) RegisterResponse(io.jans.as.client.RegisterResponse) TokenResponse(io.jans.as.client.TokenResponse) RegisterClient(io.jans.as.client.RegisterClient) TokenRequest(io.jans.as.client.TokenRequest) TokenClient(io.jans.as.client.TokenClient) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Example 14 with TokenClient

use of io.jans.as.client.TokenClient in project jans by JanssenProject.

the class TokenEndpointAuthMethodRestrictionHttpTest method tokenEndpointAuthMethodClientSecretPostFail2.

/**
 * Fail 2: Call to Token Endpoint with Auth Method <code>client_secret_jwt</code> should fail.
 */
@Parameters({ "redirectUris", "redirectUri", "userId", "userSecret", "sectorIdentifierUri" })
@Test
public void tokenEndpointAuthMethodClientSecretPostFail2(final String redirectUris, final String redirectUri, final String userId, final String userSecret, final String sectorIdentifierUri) throws Exception {
    showTitle("tokenEndpointAuthMethodClientSecretPostFail2");
    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.CLIENT_SECRET_POST);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(registerResponse, 201, true);
    String clientId = registerResponse.getClientId();
    String clientSecret = registerResponse.getClientSecret();
    String registrationAccessToken = registerResponse.getRegistrationAccessToken();
    String registrationClientUri = registerResponse.getRegistrationClientUri();
    // 2. Client read
    RegisterRequest readClientRequest = new RegisterRequest(registrationAccessToken);
    RegisterClient readClient = new RegisterClient(registrationClientUri);
    readClient.setRequest(readClientRequest);
    RegisterResponse readClientResponse = readClient.exec();
    showClient(readClient);
    assertRegisterResponseOk(readClientResponse, 200, false);
    assertTrue(readClientResponse.getClaims().containsKey(TOKEN_ENDPOINT_AUTH_METHOD.toString()));
    assertEquals(readClientResponse.getClaims().get(TOKEN_ENDPOINT_AUTH_METHOD.toString()), AuthenticationMethod.CLIENT_SECRET_POST.toString());
    assertRegisterResponseClaimsNotNull(readClientResponse, RESPONSE_TYPES, REDIRECT_URIS.APPLICATION_TYPE, CLIENT_NAME, ID_TOKEN_SIGNED_RESPONSE_ALG, SCOPE);
    // 3. Request authorization
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE);
    List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
    String state = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, null);
    authorizationRequest.setState(state);
    AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
    assertAuthorizationResponse(authorizationResponse, true);
    assertNull(authorizationResponse.getIdToken(), "The id token is not null");
    String authorizationCode = authorizationResponse.getCode();
    // 4. Get Access Token
    TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
    tokenRequest.setAudience(tokenEndpoint);
    tokenRequest.setCode(authorizationCode);
    tokenRequest.setRedirectUri(redirectUri);
    tokenRequest.setAuthUsername(clientId);
    tokenRequest.setAuthPassword(clientSecret);
    tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_JWT);
    TokenClient tokenClient = new TokenClient(tokenEndpoint);
    tokenClient.setRequest(tokenRequest);
    TokenResponse tokenResponse = tokenClient.exec();
    showClient(tokenClient);
    assertEquals(tokenResponse.getStatus(), 401, "Unexpected response code: " + tokenResponse.getStatus());
    assertNotNull(tokenResponse.getErrorType(), "The error type is null");
    assertNotNull(tokenResponse.getErrorDescription(), "The error description is null");
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) RegisterResponse(io.jans.as.client.RegisterResponse) AuthorizationRequest(io.jans.as.client.AuthorizationRequest) TokenResponse(io.jans.as.client.TokenResponse) RegisterClient(io.jans.as.client.RegisterClient) TokenRequest(io.jans.as.client.TokenRequest) TokenClient(io.jans.as.client.TokenClient) ResponseType(io.jans.as.model.common.ResponseType) AuthorizationResponse(io.jans.as.client.AuthorizationResponse) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Example 15 with TokenClient

use of io.jans.as.client.TokenClient in project jans by JanssenProject.

the class TokenEndpointAuthMethodRestrictionHttpTest method tokenEndpointAuthMethodPrivateKeyJwtFail2.

/**
 * Fail 2: Call to Token Endpoint with Auth Method <code>client_secret_post</code> should fail.
 */
@Parameters({ "redirectUris", "redirectUri", "userId", "userSecret", "sectorIdentifierUri" })
@Test
public void tokenEndpointAuthMethodPrivateKeyJwtFail2(final String redirectUris, final String redirectUri, final String userId, final String userSecret, final String sectorIdentifierUri) throws Exception {
    showTitle("tokenEndpointAuthMethodPrivateKeyJwtFail2");
    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setJwksUri(jwksUri);
    registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(registerResponse, 201, true);
    String clientId = registerResponse.getClientId();
    String clientSecret = registerResponse.getClientSecret();
    String registrationAccessToken = registerResponse.getRegistrationAccessToken();
    String registrationClientUri = registerResponse.getRegistrationClientUri();
    // 2. Client read
    RegisterRequest readClientRequest = new RegisterRequest(registrationAccessToken);
    RegisterClient readClient = new RegisterClient(registrationClientUri);
    readClient.setRequest(readClientRequest);
    RegisterResponse readClientResponse = readClient.exec();
    showClient(readClient);
    assertRegisterResponseOk(readClientResponse, 200, false);
    assertTrue(readClientResponse.getClaims().containsKey(TOKEN_ENDPOINT_AUTH_METHOD.toString()));
    assertEquals(readClientResponse.getClaims().get(TOKEN_ENDPOINT_AUTH_METHOD.toString()), AuthenticationMethod.PRIVATE_KEY_JWT.toString());
    assertRegisterResponseClaimsNotNull(readClientResponse, RESPONSE_TYPES, REDIRECT_URIS.APPLICATION_TYPE, CLIENT_NAME, ID_TOKEN_SIGNED_RESPONSE_ALG, SCOPE);
    // 3. Request authorization
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE);
    List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
    String state = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, null);
    authorizationRequest.setState(state);
    AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
    assertAuthorizationResponse(authorizationResponse, true);
    assertNull(authorizationResponse.getIdToken(), "The id token is not null");
    String authorizationCode = authorizationResponse.getCode();
    // 4. Get Access Token
    TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
    tokenRequest.setCode(authorizationCode);
    tokenRequest.setRedirectUri(redirectUri);
    tokenRequest.setAuthUsername(clientId);
    tokenRequest.setAuthPassword(clientSecret);
    tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_POST);
    TokenClient tokenClient = new TokenClient(tokenEndpoint);
    tokenClient.setRequest(tokenRequest);
    TokenResponse tokenResponse = tokenClient.exec();
    showClient(tokenClient);
    assertEquals(tokenResponse.getStatus(), 401, "Unexpected response code: " + tokenResponse.getStatus());
    assertNotNull(tokenResponse.getErrorType(), "The error type is null");
    assertNotNull(tokenResponse.getErrorDescription(), "The error description is null");
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) RegisterResponse(io.jans.as.client.RegisterResponse) AuthorizationRequest(io.jans.as.client.AuthorizationRequest) TokenResponse(io.jans.as.client.TokenResponse) RegisterClient(io.jans.as.client.RegisterClient) TokenRequest(io.jans.as.client.TokenRequest) TokenClient(io.jans.as.client.TokenClient) ResponseType(io.jans.as.model.common.ResponseType) AuthorizationResponse(io.jans.as.client.AuthorizationResponse) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Aggregations

TokenClient (io.jans.as.client.TokenClient)263 TokenResponse (io.jans.as.client.TokenResponse)263 Parameters (org.testng.annotations.Parameters)245 TokenRequest (io.jans.as.client.TokenRequest)240 RegisterResponse (io.jans.as.client.RegisterResponse)239 Test (org.testng.annotations.Test)239 BaseTest (io.jans.as.client.BaseTest)238 RegisterClient (io.jans.as.client.RegisterClient)223 RegisterRequest (io.jans.as.client.RegisterRequest)223 ResponseType (io.jans.as.model.common.ResponseType)176 AuthorizationResponse (io.jans.as.client.AuthorizationResponse)173 AuthorizationRequest (io.jans.as.client.AuthorizationRequest)159 AuthCryptoProvider (io.jans.as.model.crypto.AuthCryptoProvider)151 GrantType (io.jans.as.model.common.GrantType)53 UserInfoResponse (io.jans.as.client.UserInfoResponse)37 UserInfoClient (io.jans.as.client.UserInfoClient)36 Jwt (io.jans.as.model.jwt.Jwt)30 RSAPublicKey (io.jans.as.model.crypto.signature.RSAPublicKey)24 RSASigner (io.jans.as.model.jws.RSASigner)24 ClientInfoClient (io.jans.as.client.ClientInfoClient)16