Search in sources :

Example 91 with JwtAuthorizationRequest

use of io.jans.as.client.model.authorize.JwtAuthorizationRequest in project jans by JanssenProject.

the class AuthorizationResponseModeFormPostJwtResponseTypeTokenSignedHttpTest method authorizationRequestObjectPS512.

@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "clientJwksUri", "PS512_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
@Test
public void authorizationRequestObjectPS512(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String clientJwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
    showTitle("requestParameterMethodPS256");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN);
    // 1. Dynamic Client Registration
    RegisterResponse registerResponse = registerClient(redirectUris, responseTypes, sectorIdentifierUri, clientJwksUri, SignatureAlgorithm.PS512, null, null);
    String clientId = registerResponse.getClientId();
    // 2. Request authorization
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
    String nonce = UUID.randomUUID().toString();
    String state = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    authorizationRequest.setResponseMode(ResponseMode.FORM_POST_JWT);
    authorizationRequest.setState(state);
    JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, SignatureAlgorithm.PS512, cryptoProvider);
    jwtAuthorizationRequest.setKeyId(keyId);
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NAME, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NICKNAME, ClaimValue.createEssential(false)));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL_VERIFIED, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.PICTURE, ClaimValue.createEssential(false)));
    jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createNull()));
    jwtAuthorizationRequest.getIdTokenMember().setMaxAge(86400);
    String authJwt = jwtAuthorizationRequest.getEncodedJwt();
    authorizationRequest.setRequest(authJwt);
    AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
    assertEquals(authorizationResponse.getResponseMode(), ResponseMode.FORM_POST_JWT);
}
Also used : RegisterResponse(io.jans.as.client.RegisterResponse) AuthorizationRequest(io.jans.as.client.AuthorizationRequest) JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest) JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Claim(io.jans.as.client.model.authorize.Claim) ResponseType(io.jans.as.model.common.ResponseType) AuthorizationResponse(io.jans.as.client.AuthorizationResponse) Parameters(org.testng.annotations.Parameters) BaseTest(io.jans.as.client.BaseTest) Test(org.testng.annotations.Test)

Example 92 with JwtAuthorizationRequest

use of io.jans.as.client.model.authorize.JwtAuthorizationRequest in project jans by JanssenProject.

the class AuthorizationResponseModeFormPostJwtResponseTypeTokenSignedHttpTest method authorizationRequestObjectRS256.

@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "clientJwksUri", "RS256_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
@Test
public void authorizationRequestObjectRS256(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String clientJwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
    showTitle("requestParameterMethodRS256");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN);
    // 1. Dynamic Client Registration
    RegisterResponse registerResponse = registerClient(redirectUris, responseTypes, sectorIdentifierUri, clientJwksUri, SignatureAlgorithm.RS256, null, null);
    String clientId = registerResponse.getClientId();
    // 2. Request authorization
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
    String nonce = UUID.randomUUID().toString();
    String state = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    authorizationRequest.setResponseMode(ResponseMode.FORM_POST_JWT);
    authorizationRequest.setState(state);
    JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, SignatureAlgorithm.RS256, cryptoProvider);
    jwtAuthorizationRequest.setKeyId(keyId);
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NAME, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NICKNAME, ClaimValue.createEssential(false)));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL_VERIFIED, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.PICTURE, ClaimValue.createEssential(false)));
    jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createNull()));
    jwtAuthorizationRequest.getIdTokenMember().setMaxAge(86400);
    String authJwt = jwtAuthorizationRequest.getEncodedJwt();
    authorizationRequest.setRequest(authJwt);
    AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
    assertEquals(authorizationResponse.getResponseMode(), ResponseMode.FORM_POST_JWT);
}
Also used : RegisterResponse(io.jans.as.client.RegisterResponse) AuthorizationRequest(io.jans.as.client.AuthorizationRequest) JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest) JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Claim(io.jans.as.client.model.authorize.Claim) ResponseType(io.jans.as.model.common.ResponseType) AuthorizationResponse(io.jans.as.client.AuthorizationResponse) Parameters(org.testng.annotations.Parameters) BaseTest(io.jans.as.client.BaseTest) Test(org.testng.annotations.Test)

Example 93 with JwtAuthorizationRequest

use of io.jans.as.client.model.authorize.JwtAuthorizationRequest in project jans by JanssenProject.

the class AuthorizationResponseModeFragmentJwtResponseTypeCodeIdTokenEncryptedHttpTest method authorizationRequestObjectAlgA128KWEncA128GCM.

@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "sectorIdentifierUri" })
@Test
public void authorizationRequestObjectAlgA128KWEncA128GCM(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String sectorIdentifierUri) throws Exception {
    showTitle("authorizationRequestObjectAlgA128KWEncA128GCM");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE, ResponseType.ID_TOKEN);
    // 1. Dynamic Client Registration
    RegisterResponse registerResponse = registerClient(redirectUris, responseTypes, sectorIdentifierUri, null, null, KeyEncryptionAlgorithm.A128KW, BlockEncryptionAlgorithm.A128GCM);
    String clientId = registerResponse.getClientId();
    sharedKey = registerResponse.getClientSecret();
    // 2. Request authorization
    List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
    String nonce = UUID.randomUUID().toString();
    String state = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    authorizationRequest.setResponseMode(ResponseMode.FRAGMENT_JWT);
    authorizationRequest.setState(state);
    JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, KeyEncryptionAlgorithm.A128KW, BlockEncryptionAlgorithm.A128GCM, sharedKey);
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NAME, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NICKNAME, ClaimValue.createEssential(false)));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL_VERIFIED, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.PICTURE, ClaimValue.createEssential(false)));
    jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createNull()));
    jwtAuthorizationRequest.getIdTokenMember().setMaxAge(86400);
    String authJwt = jwtAuthorizationRequest.getEncodedJwt();
    authorizationRequest.setRequest(authJwt);
    authorizationRequest(authorizationRequest, ResponseMode.FRAGMENT_JWT, userId, userSecret);
}
Also used : RegisterResponse(io.jans.as.client.RegisterResponse) AuthorizationRequest(io.jans.as.client.AuthorizationRequest) JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest) JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest) Claim(io.jans.as.client.model.authorize.Claim) ResponseType(io.jans.as.model.common.ResponseType) Parameters(org.testng.annotations.Parameters) BaseTest(io.jans.as.client.BaseTest) Test(org.testng.annotations.Test)

Example 94 with JwtAuthorizationRequest

use of io.jans.as.client.model.authorize.JwtAuthorizationRequest in project jans by JanssenProject.

the class AuthorizationResponseModeFragmentJwtResponseTypeCodeIdTokenEncryptedHttpTest method authorizationRequestObjectAlgRSAOAEPEncA256GCM.

@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "clientJwksUri", "RSA_OAEP_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
@Test
public void authorizationRequestObjectAlgRSAOAEPEncA256GCM(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String clientJwksUri, final String clientKeyId, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
    showTitle("requestParameterMethodAlgRSAOAEPEncA256GCM");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE, ResponseType.ID_TOKEN);
    // 1. Dynamic Client Registration
    RegisterResponse registerResponse = registerClient(redirectUris, responseTypes, sectorIdentifierUri, clientJwksUri, null, KeyEncryptionAlgorithm.RSA_OAEP, BlockEncryptionAlgorithm.A256GCM);
    String clientId = registerResponse.getClientId();
    // 2. Choose encryption key
    JwkClient jwkClient = new JwkClient(jwksUri);
    JwkResponse jwkResponse = jwkClient.exec();
    String serverKeyId = jwkResponse.getKeyId(Algorithm.RSA_OAEP);
    assertNotNull(serverKeyId);
    // 3. Request authorization
    JSONObject jwks = JwtUtil.getJSONWebKeys(jwksUri);
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    privateKey = cryptoProvider.getPrivateKey(clientKeyId);
    List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
    String nonce = UUID.randomUUID().toString();
    String state = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    authorizationRequest.setResponseMode(ResponseMode.FRAGMENT_JWT);
    authorizationRequest.setState(state);
    JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, KeyEncryptionAlgorithm.RSA_OAEP, BlockEncryptionAlgorithm.A256GCM, cryptoProvider);
    jwtAuthorizationRequest.setKeyId(serverKeyId);
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NAME, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NICKNAME, ClaimValue.createEssential(false)));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL_VERIFIED, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.PICTURE, ClaimValue.createEssential(false)));
    jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createNull()));
    jwtAuthorizationRequest.getIdTokenMember().setMaxAge(86400);
    String authJwt = jwtAuthorizationRequest.getEncodedJwt(jwks);
    authorizationRequest.setRequest(authJwt);
    authorizationRequest(authorizationRequest, ResponseMode.FRAGMENT_JWT, userId, userSecret);
    // Clear private key to do not affect to other tests
    privateKey = null;
}
Also used : RegisterResponse(io.jans.as.client.RegisterResponse) AuthorizationRequest(io.jans.as.client.AuthorizationRequest) JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest) JwkResponse(io.jans.as.client.JwkResponse) JSONObject(org.json.JSONObject) JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Claim(io.jans.as.client.model.authorize.Claim) ResponseType(io.jans.as.model.common.ResponseType) JwkClient(io.jans.as.client.JwkClient) Parameters(org.testng.annotations.Parameters) BaseTest(io.jans.as.client.BaseTest) Test(org.testng.annotations.Test)

Example 95 with JwtAuthorizationRequest

use of io.jans.as.client.model.authorize.JwtAuthorizationRequest in project jans by JanssenProject.

the class AuthorizationResponseModeFormPostJwtResponseTypeCodeTokenSignedHttpTest method authorizationRequestObjectES256.

@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "clientJwksUri", "ES256_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
@Test
public void authorizationRequestObjectES256(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String clientJwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
    showTitle("requestParameterMethodES256");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE, ResponseType.TOKEN);
    // 1. Dynamic Client Registration
    RegisterResponse registerResponse = registerClient(redirectUris, responseTypes, sectorIdentifierUri, clientJwksUri, SignatureAlgorithm.ES256, null, null);
    String clientId = registerResponse.getClientId();
    // 2. Request authorization
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
    String nonce = UUID.randomUUID().toString();
    String state = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    authorizationRequest.setResponseMode(ResponseMode.FORM_POST_JWT);
    authorizationRequest.setState(state);
    JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, SignatureAlgorithm.ES256, cryptoProvider);
    jwtAuthorizationRequest.setKeyId(keyId);
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NAME, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NICKNAME, ClaimValue.createEssential(false)));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL_VERIFIED, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.PICTURE, ClaimValue.createEssential(false)));
    jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createNull()));
    jwtAuthorizationRequest.getIdTokenMember().setMaxAge(86400);
    String authJwt = jwtAuthorizationRequest.getEncodedJwt();
    authorizationRequest.setRequest(authJwt);
    AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
    assertEquals(authorizationResponse.getResponseMode(), ResponseMode.FORM_POST_JWT);
}
Also used : RegisterResponse(io.jans.as.client.RegisterResponse) AuthorizationRequest(io.jans.as.client.AuthorizationRequest) JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest) JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Claim(io.jans.as.client.model.authorize.Claim) ResponseType(io.jans.as.model.common.ResponseType) AuthorizationResponse(io.jans.as.client.AuthorizationResponse) Parameters(org.testng.annotations.Parameters) BaseTest(io.jans.as.client.BaseTest) Test(org.testng.annotations.Test)

Aggregations

JwtAuthorizationRequest (io.jans.as.client.model.authorize.JwtAuthorizationRequest)512 Parameters (org.testng.annotations.Parameters)510 Test (org.testng.annotations.Test)510 ResponseType (io.jans.as.model.common.ResponseType)492 Claim (io.jans.as.client.model.authorize.Claim)472 AuthorizationRequest (io.jans.as.client.AuthorizationRequest)465 BaseTest (io.jans.as.client.BaseTest)453 RegisterResponse (io.jans.as.client.RegisterResponse)435 AuthCryptoProvider (io.jans.as.model.crypto.AuthCryptoProvider)434 AuthorizationResponse (io.jans.as.client.AuthorizationResponse)192 JSONObject (org.json.JSONObject)102 RegisterClient (io.jans.as.client.RegisterClient)99 RegisterRequest (io.jans.as.client.RegisterRequest)99 UserInfoClient (io.jans.as.client.UserInfoClient)95 UserInfoResponse (io.jans.as.client.UserInfoResponse)95 JwkClient (io.jans.as.client.JwkClient)84 JwkResponse (io.jans.as.client.JwkResponse)84 AuthorizeClient (io.jans.as.client.AuthorizeClient)73 Jwt (io.jans.as.model.jwt.Jwt)65 UserInfoRequest (io.jans.as.client.UserInfoRequest)46