Example 56 with TokenRequest
use of io.jans.as.client.TokenRequest in project jans by JanssenProject.
the class ClientCredentialsGrantHttpTest method privateKeyJwtAuthenticationMethodES512.
@Parameters({ "redirectUris", "clientJwksUri", "ES512_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
@Test
public void privateKeyJwtAuthenticationMethodES512(final String redirectUris, final String clientJwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
showTitle("privateKeyJwtAuthenticationMethodES512");
List<String> scopes = Arrays.asList("clientinfo");
List<GrantType> grantTypes = Arrays.asList(GrantType.CLIENT_CREDENTIALS);
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setScope(scopes);
registerRequest.setGrantTypes(grantTypes);
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
registerRequest.setJwksUri(clientJwksUri);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertRegisterResponseOk(registerResponse, 201, true);
String clientId = registerResponse.getClientId();
// 2. Request Client Credentials Grant
AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
tokenRequest.setScope("clientinfo");
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
tokenRequest.setAlgorithm(SignatureAlgorithm.ES512);
tokenRequest.setCryptoProvider(cryptoProvider);
tokenRequest.setKeyId(keyId);
tokenRequest.setAudience(tokenEndpoint);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertTokenResponseOk(tokenResponse, false, false);
assertNotNull(tokenResponse.getScope());
assertNull(tokenResponse.getRefreshToken());
String accessToken = tokenResponse.getAccessToken();
// 3. Request client info
ClientInfoClient clientInfoClient = new ClientInfoClient(clientInfoEndpoint);
ClientInfoResponse clientInfoResponse = clientInfoClient.execClientInfo(accessToken);
showClient(clientInfoClient);
assertEquals(clientInfoResponse.getStatus(), 200, "Unexpected response code: " + clientInfoResponse.getStatus());
assertNotNull(clientInfoResponse.getClaim("name"), "Unexpected result: displayName not found");
assertNotNull(clientInfoResponse.getClaim("inum"), "Unexpected result: inum not found");
}
Also used :
RegisterRequest(io.jans.as.client.RegisterRequest)
GrantType(io.jans.as.model.common.GrantType)
ClientInfoResponse(io.jans.as.client.ClientInfoResponse)
RegisterResponse(io.jans.as.client.RegisterResponse)
TokenResponse(io.jans.as.client.TokenResponse)
RegisterClient(io.jans.as.client.RegisterClient)
TokenRequest(io.jans.as.client.TokenRequest)
TokenClient(io.jans.as.client.TokenClient)
ClientInfoClient(io.jans.as.client.ClientInfoClient)
AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider)
Parameters(org.testng.annotations.Parameters)
Test(org.testng.annotations.Test)
BaseTest(io.jans.as.client.BaseTest)
Example 57 with TokenRequest
use of io.jans.as.client.TokenRequest in project jans by JanssenProject.
the class ClientCredentialsGrantHttpTest method clientSecretBasicAuthenticationMethod.
@Parameters({ "redirectUris", "sectorIdentifierUri" })
@Test
public void clientSecretBasicAuthenticationMethod(final String redirectUris, final String sectorIdentifierUri) throws Exception {
showTitle("clientSecretBasicAuthenticationMethod");
List<String> scopes = Arrays.asList("openid", "profile", "address", "email", "clientinfo");
List<GrantType> grantTypes = Arrays.asList(GrantType.CLIENT_CREDENTIALS);
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setScope(scopes);
registerRequest.setGrantTypes(grantTypes);
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.CLIENT_SECRET_BASIC);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertRegisterResponseOk(registerResponse, 201, true);
String clientId = registerResponse.getClientId();
String clientSecret = registerResponse.getClientSecret();
// 2. Request Client Credentials Grant
TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
tokenRequest.setScope("clientinfo");
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword(clientSecret);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_BASIC);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertTokenResponseOk(tokenResponse, false, false);
assertNotNull(tokenResponse.getScope());
assertNull(tokenResponse.getRefreshToken());
String accessToken = tokenResponse.getAccessToken();
// 3. Request client info
ClientInfoClient clientInfoClient = new ClientInfoClient(clientInfoEndpoint);
ClientInfoResponse clientInfoResponse = clientInfoClient.execClientInfo(accessToken);
showClient(clientInfoClient);
assertEquals(clientInfoResponse.getStatus(), 200, "Unexpected response code: " + clientInfoResponse.getStatus());
assertNotNull(clientInfoResponse.getClaim("name"), "Unexpected result: displayName not found");
assertNotNull(clientInfoResponse.getClaim("inum"), "Unexpected result: inum not found");
// 4. Request user info should fail
UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
userInfoClient.setSharedKey(clientSecret);
UserInfoResponse userInfoResponse = userInfoClient.execUserInfo(accessToken);
showClient(userInfoClient);
assertEquals(userInfoResponse.getStatus(), 403);
assertEquals(userInfoResponse.getErrorType(), UserInfoErrorResponseType.INSUFFICIENT_SCOPE);
}
Also used :
RegisterRequest(io.jans.as.client.RegisterRequest)
GrantType(io.jans.as.model.common.GrantType)
UserInfoClient(io.jans.as.client.UserInfoClient)
ClientInfoResponse(io.jans.as.client.ClientInfoResponse)
RegisterResponse(io.jans.as.client.RegisterResponse)
TokenResponse(io.jans.as.client.TokenResponse)
RegisterClient(io.jans.as.client.RegisterClient)
TokenRequest(io.jans.as.client.TokenRequest)
UserInfoResponse(io.jans.as.client.UserInfoResponse)
TokenClient(io.jans.as.client.TokenClient)
ClientInfoClient(io.jans.as.client.ClientInfoClient)
Parameters(org.testng.annotations.Parameters)
Test(org.testng.annotations.Test)
BaseTest(io.jans.as.client.BaseTest)
Example 58 with TokenRequest
use of io.jans.as.client.TokenRequest in project jans by JanssenProject.
the class ClientCredentialsGrantHttpTest method privateKeyJwtAuthenticationMethodPS384Fail.
@Parameters({ "redirectUris", "clientJwksUri", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
@Test
public void privateKeyJwtAuthenticationMethodPS384Fail(final String redirectUris, final String clientJwksUri, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
showTitle("privateKeyJwtAuthenticationMethodPS384Fail");
List<String> scopes = Arrays.asList("clientinfo");
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setScope(scopes);
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
registerRequest.setJwksUri(clientJwksUri);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertRegisterResponseOk(registerResponse, 201, true);
String clientId = registerResponse.getClientId();
// 2. Request Client Credentials Grant
AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
tokenRequest.setScope("clientinfo");
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
tokenRequest.setAlgorithm(SignatureAlgorithm.PS384);
tokenRequest.setCryptoProvider(cryptoProvider);
tokenRequest.setKeyId("PS384SIG_INVALID_KEYID");
tokenRequest.setAudience(tokenEndpoint);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertEquals(tokenResponse.getStatus(), 401, "Unexpected response code: " + tokenResponse.getStatus());
assertNotNull(tokenResponse.getErrorType());
assertEquals(tokenResponse.getErrorType(), TokenErrorResponseType.INVALID_CLIENT);
assertNotNull(tokenResponse.getErrorDescription());
}
Also used :
RegisterRequest(io.jans.as.client.RegisterRequest)
RegisterResponse(io.jans.as.client.RegisterResponse)
TokenResponse(io.jans.as.client.TokenResponse)
RegisterClient(io.jans.as.client.RegisterClient)
TokenRequest(io.jans.as.client.TokenRequest)
TokenClient(io.jans.as.client.TokenClient)
AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider)
Parameters(org.testng.annotations.Parameters)
Test(org.testng.annotations.Test)
BaseTest(io.jans.as.client.BaseTest)
Example 59 with TokenRequest
use of io.jans.as.client.TokenRequest in project jans by JanssenProject.
the class ClientSecretBasicTest method testEncode3.
@Test
public void testEncode3() {
showTitle("testEncode3");
String clientId = "@!12AD!0008!6D30.23D7";
String clientSecret = "P@55W0rd!";
TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword(clientSecret);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_BASIC);
assertEquals(tokenRequest.getEncodedCredentials(), "JTQwJTIxMTJBRCUyMTAwMDglMjE2RDMwLjIzRDc6UCU0MDU1VzByZCUyMQ==");
}
Also used :
TokenRequest(io.jans.as.client.TokenRequest)
Test(org.testng.annotations.Test)
BaseTest(io.jans.as.client.BaseTest)
Example 60 with TokenRequest
use of io.jans.as.client.TokenRequest in project jans by JanssenProject.
the class ClientSecretBasicTest method authorizationCodeFlow.
@Parameters({ "userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri" })
@Test
public void authorizationCodeFlow(final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri) throws Exception {
showTitle("authorizationCodeFlow");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE, ResponseType.ID_TOKEN);
List<String> scopes = Arrays.asList("openid", "profile", "address", "email", "phone", "user_name");
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setScope(scopes);
registerRequest.setSubjectType(SubjectType.PAIRWISE);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertRegisterResponseOk(registerResponse, 201, true);
String clientId = registerResponse.getClientId();
String clientSecret = registerResponse.getClientSecret();
// 2. Request authorization and receive the authorization code.
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
assertAuthorizationResponse(authorizationResponse, true);
String scope = authorizationResponse.getScope();
String authorizationCode = authorizationResponse.getCode();
String idToken = authorizationResponse.getIdToken();
// 3. Request access token using the authorization code.
TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
tokenRequest.setCode(authorizationCode);
tokenRequest.setRedirectUri(redirectUri);
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword(clientSecret);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_BASIC);
String expectedEncodedCredentials = Base64.encodeBase64String(Util.getBytes(URLEncoder.encode(clientId, Util.UTF8_STRING_ENCODING) + ":" + URLEncoder.encode(clientSecret, Util.UTF8_STRING_ENCODING)));
assertEquals(tokenRequest.getEncodedCredentials(), expectedEncodedCredentials);
TokenClient tokenClient1 = new TokenClient(tokenEndpoint);
tokenClient1.setRequest(tokenRequest);
TokenResponse tokenResponse1 = tokenClient1.exec();
showClient(tokenClient1);
assertTokenResponseOk(tokenResponse1, true, false);
String refreshToken = tokenResponse1.getRefreshToken();
// 4. Validate id_token
Jwt jwt = Jwt.parse(idToken);
assertJwtStandarClaimsNotNull(jwt, false);
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.CODE_HASH));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.OX_OPENID_CONNECT_VERSION));
RSAPublicKey publicKey = JwkClient.getRSAPublicKey(jwksUri, jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID));
RSASigner rsaSigner = new RSASigner(SignatureAlgorithm.RS256, publicKey);
assertTrue(rsaSigner.validate(jwt));
// 5. Request new access token using the refresh token.
TokenClient tokenClient2 = new TokenClient(tokenEndpoint);
TokenResponse tokenResponse2 = tokenClient2.execRefreshToken(scope, refreshToken, clientId, clientSecret);
showClient(tokenClient2);
assertTokenResponseOk(tokenResponse2, true, false);
assertNotNull(tokenResponse2.getScope(), "The scope is null");
String accessToken = tokenResponse2.getAccessToken();
// 6. Request user info
UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
UserInfoResponse userInfoResponse = userInfoClient.execUserInfo(accessToken);
showClient(userInfoClient);
assertUserInfoBasicMinimumResponseOk(userInfoResponse, 200);
assertUserInfoPersonalDataNotNull(userInfoResponse);
assertNotNull(userInfoResponse.getClaim(JwtClaimName.EMAIL));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.EMAIL_VERIFIED));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.PHONE_NUMBER_VERIFIED));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.ADDRESS));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.USER_NAME));
assertNull(userInfoResponse.getClaim("org_name"));
assertNull(userInfoResponse.getClaim("work_phone"));
}
Also used :
RegisterRequest(io.jans.as.client.RegisterRequest)
AuthorizationRequest(io.jans.as.client.AuthorizationRequest)
Jwt(io.jans.as.model.jwt.Jwt)
UserInfoClient(io.jans.as.client.UserInfoClient)
ResponseType(io.jans.as.model.common.ResponseType)
AuthorizationResponse(io.jans.as.client.AuthorizationResponse)
RegisterResponse(io.jans.as.client.RegisterResponse)
TokenResponse(io.jans.as.client.TokenResponse)
RSAPublicKey(io.jans.as.model.crypto.signature.RSAPublicKey)
RegisterClient(io.jans.as.client.RegisterClient)
RSASigner(io.jans.as.model.jws.RSASigner)
TokenRequest(io.jans.as.client.TokenRequest)
UserInfoResponse(io.jans.as.client.UserInfoResponse)
TokenClient(io.jans.as.client.TokenClient)
Parameters(org.testng.annotations.Parameters)
Test(org.testng.annotations.Test)
BaseTest(io.jans.as.client.BaseTest)
Aggregations
TokenRequest (io.jans.as.client.TokenRequest)287
Parameters (org.testng.annotations.Parameters)266
Test (org.testng.annotations.Test)265
TokenResponse (io.jans.as.client.TokenResponse)241
TokenClient (io.jans.as.client.TokenClient)240
RegisterResponse (io.jans.as.client.RegisterResponse)230
BaseTest (io.jans.as.client.BaseTest)227
RegisterClient (io.jans.as.client.RegisterClient)212
RegisterRequest (io.jans.as.client.RegisterRequest)212
AuthCryptoProvider (io.jans.as.model.crypto.AuthCryptoProvider)170
AuthorizationResponse (io.jans.as.client.AuthorizationResponse)168
ResponseType (io.jans.as.model.common.ResponseType)165
AuthorizationRequest (io.jans.as.client.AuthorizationRequest)154
GrantType (io.jans.as.model.common.GrantType)46
JSONObject (org.json.JSONObject)42
Builder (javax.ws.rs.client.Invocation.Builder)41
MultivaluedHashMap (javax.ws.rs.core.MultivaluedHashMap)41
Response (javax.ws.rs.core.Response)41
ResteasyClientBuilder (org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder)40
JSONException (org.json.JSONException)40
