use of io.jans.as.model.common.GrantType in project jans by JanssenProject.
the class TokenRestWebServiceWithESAlgEmbeddedTest method requestAccessTokenWithClientSecretJwtES512Step1.
@Parameters({ "registerPath", "redirectUris", "clientJwksUri" })
@Test
public void requestAccessTokenWithClientSecretJwtES512Step1(final String registerPath, final String redirectUris, final String jwksUri) throws Exception {
Builder request = ResteasyClientBuilder.newClient().target(url.toString() + registerPath).request();
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setJwksUri(jwksUri);
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
registerRequest.addCustomAttribute("jansTrustedClnt", "true");
List<GrantType> grantTypes = Arrays.asList(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS);
registerRequest.setGrantTypes(grantTypes);
String registerRequestContent = ServerUtil.toPrettyJson(registerRequest.getJSONParameters());
Response response = request.post(Entity.json(registerRequestContent));
String entity = response.readEntity(String.class);
showResponse("requestAccessTokenWithClientSecretJwtES384Step1", response, entity);
assertEquals(response.getStatus(), 201, "Unexpected response code. " + entity);
assertNotNull(entity, "Unexpected result: " + entity);
try {
JSONObject jsonObj = new JSONObject(entity);
assertTrue(jsonObj.has(RegisterResponseParam.CLIENT_ID.toString()));
assertTrue(jsonObj.has(CLIENT_SECRET.toString()));
assertTrue(jsonObj.has(REGISTRATION_ACCESS_TOKEN.toString()));
assertTrue(jsonObj.has(REGISTRATION_CLIENT_URI.toString()));
assertTrue(jsonObj.has(CLIENT_ID_ISSUED_AT.toString()));
assertTrue(jsonObj.has(CLIENT_SECRET_EXPIRES_AT.toString()));
clientId3 = jsonObj.getString(RegisterResponseParam.CLIENT_ID.toString());
clientSecret3 = jsonObj.getString(CLIENT_SECRET.toString());
} catch (JSONException e) {
e.printStackTrace();
fail(e.getMessage() + "\nResponse was: " + entity);
}
}
use of io.jans.as.model.common.GrantType in project jans by JanssenProject.
the class TokenRestWebServiceWithESAlgEmbeddedTest method requestAccessTokenWithClientSecretJwtES384X509CertStep1.
@Parameters({ "registerPath", "redirectUris", "clientJwksUri" })
@Test
public void requestAccessTokenWithClientSecretJwtES384X509CertStep1(final String registerPath, final String redirectUris, final String jwksUri) throws Exception {
Builder request = ResteasyClientBuilder.newClient().target(url.toString() + registerPath).request();
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setJwksUri(jwksUri);
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
registerRequest.addCustomAttribute("jansTrustedClnt", "true");
List<GrantType> grantTypes = Arrays.asList(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS);
registerRequest.setGrantTypes(grantTypes);
String registerRequestContent = ServerUtil.toPrettyJson(registerRequest.getJSONParameters());
Response response = request.post(Entity.json(registerRequestContent));
String entity = response.readEntity(String.class);
showResponse("requestAccessTokenWithClientSecretJwtES384X509CertStep1", response, entity);
assertEquals(response.getStatus(), 201, "Unexpected response code. " + entity);
assertNotNull(entity, "Unexpected result: " + entity);
try {
JSONObject jsonObj = new JSONObject(entity);
assertTrue(jsonObj.has(RegisterResponseParam.CLIENT_ID.toString()));
assertTrue(jsonObj.has(CLIENT_SECRET.toString()));
assertTrue(jsonObj.has(REGISTRATION_ACCESS_TOKEN.toString()));
assertTrue(jsonObj.has(REGISTRATION_CLIENT_URI.toString()));
assertTrue(jsonObj.has(CLIENT_ID_ISSUED_AT.toString()));
assertTrue(jsonObj.has(CLIENT_SECRET_EXPIRES_AT.toString()));
clientId5 = jsonObj.getString(RegisterResponseParam.CLIENT_ID.toString());
clientSecret5 = jsonObj.getString(CLIENT_SECRET.toString());
} catch (JSONException e) {
e.printStackTrace();
fail(e.getMessage() + "\nResponse was: " + entity);
}
}
use of io.jans.as.model.common.GrantType in project jans by JanssenProject.
the class RegisterSiteOperation method createRegisterClientRequest.
private RegisterRequest createRegisterClientRequest(RegisterSiteParams params, String rpId) {
String clientName = "jans_client_api client for rp: " + rpId;
if (!Strings.isNullOrEmpty(params.getClientName())) {
clientName = params.getClientName();
}
final RegisterRequest request = new RegisterRequest(ApplicationType.WEB, clientName, params.getRedirectUris());
request.setResponseTypesStrings(params.getResponseTypes());
request.setJwksUri(params.getClientJwksUri());
request.setClaimsRedirectUris(params.getClaimsRedirectUri() != null ? params.getClaimsRedirectUri() : new ArrayList<String>());
request.setPostLogoutRedirectUris(params.getPostLogoutRedirectUris() != null ? params.getPostLogoutRedirectUris() : Lists.newArrayList());
request.setContacts(params.getContacts());
request.setScope(params.getScope());
request.setDefaultAcrValues(params.getAcrValues());
if (StringUtils.isNotBlank(params.getClientTokenEndpointAuthSigningAlg())) {
SignatureAlgorithm signatureAlgorithms = SignatureAlgorithm.fromString(params.getClientTokenEndpointAuthSigningAlg());
if (signatureAlgorithms == null) {
LOG.error("Received invalid algorithm in `client_token_endpoint_auth_signing_alg` property. Value: " + params.getClientTokenEndpointAuthSigningAlg());
throw new HttpException(ErrorResponseCode.INVALID_SIGNATURE_ALGORITHM);
}
request.setTokenEndpointAuthSigningAlg(signatureAlgorithms);
}
if (StringUtils.isNotBlank(rpId)) {
request.addCustomAttribute("rp_id", rpId);
}
List<GrantType> grantTypes = Lists.newArrayList();
for (String grantType : params.getGrantTypes()) {
grantTypes.add(GrantType.fromString(grantType));
}
request.setGrantTypes(grantTypes);
if (StringUtils.isNotBlank(params.getClientFrontchannelLogoutUri())) {
request.setFrontChannelLogoutUri(params.getClientFrontchannelLogoutUri());
}
if (StringUtils.isNotBlank(params.getClientTokenEndpointAuthMethod())) {
final AuthenticationMethod authenticationMethod = AuthenticationMethod.fromString(params.getClientTokenEndpointAuthMethod());
if (authenticationMethod != null) {
request.setTokenEndpointAuthMethod(authenticationMethod);
}
}
if (params.getClientRequestUris() != null && !params.getClientRequestUris().isEmpty()) {
request.setRequestUris(params.getClientRequestUris());
}
if (!Strings.isNullOrEmpty(params.getClientSectorIdentifierUri())) {
request.setSectorIdentifierUri(params.getClientSectorIdentifierUri());
}
request.setAccessTokenAsJwt(params.getAccessTokenAsJwt());
request.setAccessTokenSigningAlg(SignatureAlgorithm.fromString(params.getAccessTokenSigningAlg()));
request.setRptAsJwt(params.getRptAsJwt());
if (!Strings.isNullOrEmpty(params.getLogoUri())) {
request.setLogoUri(params.getLogoUri());
}
if (!Strings.isNullOrEmpty(params.getClientUri())) {
request.setClientUri(params.getClientUri());
}
if (!Strings.isNullOrEmpty(params.getPolicyUri())) {
request.setPolicyUri(params.getPolicyUri());
}
if (params.getFrontChannelLogoutSessionRequired() != null) {
request.setFrontChannelLogoutSessionRequired(params.getFrontChannelLogoutSessionRequired());
}
if (!Strings.isNullOrEmpty(params.getTosUri())) {
request.setTosUri(params.getTosUri());
}
if (!Strings.isNullOrEmpty(params.getJwks())) {
request.setJwks(params.getJwks());
}
if (!Strings.isNullOrEmpty(params.getIdTokenBindingCnf())) {
request.setIdTokenTokenBindingCnf(params.getIdTokenBindingCnf());
}
if (!Strings.isNullOrEmpty(params.getTlsClientAuthSubjectDn())) {
request.setTlsClientAuthSubjectDn(params.getTlsClientAuthSubjectDn());
}
if (!Strings.isNullOrEmpty(params.getSubjectType())) {
SubjectType subjectType = SubjectType.fromString(params.getSubjectType());
if (subjectType == null) {
LOG.error("Received invalid values in `subject_type` property. Value: " + params.getSubjectType());
throw new HttpException(ErrorResponseCode.INVALID_SUBJECT_TYPE);
}
request.setSubjectType(subjectType);
}
if (params.getRunIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims() != null) {
request.setRunIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims(params.getRunIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims());
}
if (!Strings.isNullOrEmpty(params.getIdTokenSignedResponseAlg())) {
SignatureAlgorithm signatureAlgorithms = SignatureAlgorithm.fromString(params.getIdTokenSignedResponseAlg());
if (signatureAlgorithms == null) {
LOG.error("Received invalid algorithm in `id_token_signed_response_alg` property. Value: " + params.getIdTokenSignedResponseAlg());
throw new HttpException(ErrorResponseCode.INVALID_SIGNATURE_ALGORITHM);
}
if (signatureAlgorithms == SignatureAlgorithm.NONE && !getConfigurationService().getConfiguration().getAcceptIdTokenWithoutSignature()) {
LOG.error("`ID_TOKEN` without signature is not allowed. To allow `ID_TOKEN` without signature set `accept_id_token_without_signature` field to 'true' in client-api-server.yml.");
throw new HttpException(ErrorResponseCode.ID_TOKEN_WITHOUT_SIGNATURE_NOT_ALLOWED);
}
request.setIdTokenSignedResponseAlg(signatureAlgorithms);
}
if (!Strings.isNullOrEmpty(params.getIdTokenEncryptedResponseAlg())) {
KeyEncryptionAlgorithm keyEncryptionAlgorithms = KeyEncryptionAlgorithm.fromName(params.getIdTokenEncryptedResponseAlg());
if (keyEncryptionAlgorithms == null) {
LOG.error("Received invalid algorithm in `id_token_encrypted_response_alg` property. Value: " + params.getIdTokenEncryptedResponseAlg());
throw new HttpException(ErrorResponseCode.INVALID_KEY_ENCRYPTION_ALGORITHM);
}
request.setIdTokenEncryptedResponseAlg(keyEncryptionAlgorithms);
}
if (!Strings.isNullOrEmpty(params.getIdTokenEncryptedResponseEnc())) {
BlockEncryptionAlgorithm blockEncryptionAlgorithms = BlockEncryptionAlgorithm.fromName(params.getIdTokenEncryptedResponseEnc());
if (blockEncryptionAlgorithms == null) {
LOG.error("Received invalid algorithm in `id_token_encrypted_response_enc` property. Value: " + params.getIdTokenEncryptedResponseEnc());
throw new HttpException(ErrorResponseCode.INVALID_BLOCK_ENCRYPTION_ALGORITHM);
}
request.setIdTokenEncryptedResponseEnc(blockEncryptionAlgorithms);
}
if (!Strings.isNullOrEmpty(params.getUserInfoSignedResponseAlg())) {
SignatureAlgorithm signatureAlgorithms = SignatureAlgorithm.fromString(params.getUserInfoSignedResponseAlg());
if (signatureAlgorithms == null) {
LOG.error("Received invalid algorithm in `user_info_signed_response_alg` property. Value: " + params.getUserInfoSignedResponseAlg());
throw new HttpException(ErrorResponseCode.INVALID_SIGNATURE_ALGORITHM);
}
request.setUserInfoSignedResponseAlg(signatureAlgorithms);
}
if (!Strings.isNullOrEmpty(params.getUserInfoEncryptedResponseAlg())) {
KeyEncryptionAlgorithm keyEncryptionAlgorithms = KeyEncryptionAlgorithm.fromName(params.getUserInfoEncryptedResponseAlg());
if (keyEncryptionAlgorithms == null) {
LOG.error("Received invalid algorithm in `user_info_encrypted_response_alg` property. Value: " + params.getUserInfoEncryptedResponseAlg());
throw new HttpException(ErrorResponseCode.INVALID_KEY_ENCRYPTION_ALGORITHM);
}
request.setUserInfoEncryptedResponseAlg(keyEncryptionAlgorithms);
}
if (!Strings.isNullOrEmpty(params.getUserInfoEncryptedResponseEnc())) {
BlockEncryptionAlgorithm blockEncryptionAlgorithms = BlockEncryptionAlgorithm.fromName(params.getUserInfoEncryptedResponseEnc());
if (blockEncryptionAlgorithms == null) {
LOG.error("Received invalid algorithm in `user_info_encrypted_response_enc` property. Value: " + params.getUserInfoEncryptedResponseEnc());
throw new HttpException(ErrorResponseCode.INVALID_BLOCK_ENCRYPTION_ALGORITHM);
}
request.setUserInfoEncryptedResponseEnc(blockEncryptionAlgorithms);
}
if (!Strings.isNullOrEmpty(params.getRequestObjectSigningAlg())) {
SignatureAlgorithm signatureAlgorithms = SignatureAlgorithm.fromString(params.getRequestObjectSigningAlg());
if (signatureAlgorithms == null) {
LOG.error("Received invalid algorithm in `request_object_signing_alg` property. Value: " + params.getRequestObjectSigningAlg());
throw new HttpException(ErrorResponseCode.INVALID_SIGNATURE_ALGORITHM);
}
request.setRequestObjectSigningAlg(signatureAlgorithms);
}
if (!Strings.isNullOrEmpty(params.getRequestObjectEncryptionAlg())) {
KeyEncryptionAlgorithm keyEncryptionAlgorithms = KeyEncryptionAlgorithm.fromName(params.getRequestObjectEncryptionAlg());
if (keyEncryptionAlgorithms == null) {
LOG.error("Received invalid algorithm in `request_object_encryption_alg` property. Value: " + params.getRequestObjectEncryptionAlg());
throw new HttpException(ErrorResponseCode.INVALID_KEY_ENCRYPTION_ALGORITHM);
}
request.setRequestObjectEncryptionAlg(keyEncryptionAlgorithms);
}
if (!Strings.isNullOrEmpty(params.getRequestObjectEncryptionEnc())) {
BlockEncryptionAlgorithm blockEncryptionAlgorithms = BlockEncryptionAlgorithm.fromName(params.getRequestObjectEncryptionEnc());
if (blockEncryptionAlgorithms == null) {
LOG.error("Received invalid algorithm in `request_object_encryption_enc` property. Value: " + params.getRequestObjectEncryptionEnc());
throw new HttpException(ErrorResponseCode.INVALID_BLOCK_ENCRYPTION_ALGORITHM);
}
request.setRequestObjectEncryptionEnc(blockEncryptionAlgorithms);
}
if (params.getDefaultMaxAge() != null && NumberUtils.isNumber(params.getDefaultMaxAge().toString())) {
request.setDefaultMaxAge(params.getDefaultMaxAge());
}
if (params.getRequireAuthTime() != null) {
request.setRequireAuthTime(params.getRequireAuthTime());
}
if (!Strings.isNullOrEmpty(params.getInitiateLoginUri())) {
request.setInitiateLoginUri(params.getInitiateLoginUri());
}
if (params.getAuthorizedOrigins() != null && !params.getAuthorizedOrigins().isEmpty()) {
request.setAuthorizedOrigins(params.getAuthorizedOrigins());
}
if (params.getAccessTokenLifetime() != null && NumberUtils.isNumber(params.getAccessTokenLifetime().toString())) {
request.setAccessTokenLifetime(params.getAccessTokenLifetime());
}
if (!Strings.isNullOrEmpty(params.getSoftwareId())) {
request.setSoftwareId(params.getSoftwareId());
}
if (!Strings.isNullOrEmpty(params.getSoftwareVersion())) {
request.setSoftwareVersion(params.getSoftwareVersion());
}
if (!Strings.isNullOrEmpty(params.getSoftwareStatement())) {
request.setSoftwareStatement(params.getSoftwareStatement());
}
if (params.getAllowSpontaneousScopes() != null) {
request.setAllowSpontaneousScopes(params.getAllowSpontaneousScopes());
}
if (CollectionUtils.isNotEmpty(params.getSpontaneousScopes())) {
request.setSpontaneousScopes(params.getSpontaneousScopes());
}
if (params.getCustomAttributes() != null && !params.getCustomAttributes().isEmpty()) {
params.getCustomAttributes().entrySet().removeIf(entry -> entry.getKey().contains("oxAuthTrustedClient"));
params.getCustomAttributes().entrySet().stream().forEach(e -> {
request.addCustomAttribute(e.getKey(), e.getValue());
});
}
return request;
}
use of io.jans.as.model.common.GrantType in project jans by JanssenProject.
the class AuthorizeParamsValidator method validateGrantType.
public static boolean validateGrantType(List<ResponseType> responseTypes, GrantType[] clientGrantTypesArray, AppConfiguration appConfiguration) {
List<GrantType> clientGrantTypes = Arrays.asList(clientGrantTypesArray);
final Set<GrantType> grantTypesSupported = appConfiguration.getGrantTypesSupported();
if (responseTypes == null || grantTypesSupported == null) {
return false;
}
if (responseTypes.contains(ResponseType.CODE)) {
GrantType requestedGrantType = GrantType.AUTHORIZATION_CODE;
if (!clientGrantTypes.contains(requestedGrantType) || !grantTypesSupported.contains(requestedGrantType)) {
return false;
}
}
if (responseTypes.contains(ResponseType.TOKEN) || (responseTypes.contains(ResponseType.ID_TOKEN) && !appConfiguration.getAllowIdTokenWithoutImplicitGrantType())) {
GrantType requestedGrantType = GrantType.IMPLICIT;
return clientGrantTypes.contains(requestedGrantType) && grantTypesSupported.contains(requestedGrantType);
}
return true;
}
use of io.jans.as.model.common.GrantType in project jans by JanssenProject.
the class TokenRestWebServiceWithRSAlgEmbeddedTest method requestAccessTokenWithClientSecretJwtRS256X509CertStep1.
@Parameters({ "registerPath", "redirectUris", "clientJwksUri" })
@Test
public void requestAccessTokenWithClientSecretJwtRS256X509CertStep1(final String registerPath, final String redirectUris, final String jwksUri) throws Exception {
Builder request = ResteasyClientBuilder.newClient().target(url.toString() + registerPath).request();
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setJwksUri(jwksUri);
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
registerRequest.addCustomAttribute("jansTrustedClnt", "true");
List<GrantType> grantTypes = Arrays.asList(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS);
registerRequest.setGrantTypes(grantTypes);
String registerRequestContent = ServerUtil.toPrettyJson(registerRequest.getJSONParameters());
Response response = request.post(Entity.json(registerRequestContent));
String entity = response.readEntity(String.class);
showResponse("requestAccessTokenWithClientSecretJwtRS256X509CertStep1", response, entity);
assertEquals(response.getStatus(), 201, "Unexpected response code. " + entity);
assertNotNull(entity, "Unexpected result: " + entity);
try {
JSONObject jsonObj = new JSONObject(entity);
assertTrue(jsonObj.has(RegisterResponseParam.CLIENT_ID.toString()));
assertTrue(jsonObj.has(CLIENT_SECRET.toString()));
assertTrue(jsonObj.has(REGISTRATION_ACCESS_TOKEN.toString()));
assertTrue(jsonObj.has(REGISTRATION_CLIENT_URI.toString()));
assertTrue(jsonObj.has(CLIENT_ID_ISSUED_AT.toString()));
assertTrue(jsonObj.has(CLIENT_SECRET_EXPIRES_AT.toString()));
clientId4 = jsonObj.getString(RegisterResponseParam.CLIENT_ID.toString());
clientSecret4 = jsonObj.getString(CLIENT_SECRET.toString());
} catch (JSONException e) {
e.printStackTrace();
fail(e.getMessage() + "\nResponse was: " + entity);
}
}
Aggregations