Examples with Jwt io.jans.as.model.jwt.Jwt used on opensource projects

Search in sources :

Example 1 with Jwt

use of io.jans.as.model.jwt.Jwt in project jans by JanssenProject.

the class BackchannelAuthenticationPingMode method idTokenHintRS256.

@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "sectorIdentifierUri" })
@Test
public void idTokenHintRS256(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String sectorIdentifierUri) throws Exception {
    showTitle("idTokenHintRS256");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setResponseTypes(responseTypes);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    registerRequest.setIdTokenSignedResponseAlg(SignatureAlgorithm.RS256);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(registerResponse, 201, true);
    String clientId = registerResponse.getClientId();
    // 2. Request authorization
    List<String> scopes = Collections.singletonList("openid");
    String nonce = UUID.randomUUID().toString();
    String state = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    authorizationRequest.setState(state);
    AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
    authorizeClient.setRequest(authorizationRequest);
    AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
    assertAuthorizationResponse(authorizationResponse, responseTypes, true);
    String idToken = authorizationResponse.getIdToken();
    // 3. Validate id_token
    Jwt jwt = Jwt.parse(idToken);
    assertNotNull(jwt);
    assertJwtStandarClaimsNotNull(jwt, true);
    RSAPublicKey publicKey = JwkClient.getRSAPublicKey(jwksUri, jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID));
    RSASigner rsaSigner = new RSASigner(SignatureAlgorithm.RS256, publicKey);
    assertTrue(rsaSigner.validate(jwt));
    idTokenHintRS256 = idToken;
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) AuthorizationRequest(io.jans.as.client.AuthorizationRequest) Jwt(io.jans.as.model.jwt.Jwt) BackchannelAuthenticationErrorResponseType(io.jans.as.model.ciba.BackchannelAuthenticationErrorResponseType) ResponseType(io.jans.as.model.common.ResponseType) AuthorizationResponse(io.jans.as.client.AuthorizationResponse) RegisterResponse(io.jans.as.client.RegisterResponse) RSAPublicKey(io.jans.as.model.crypto.signature.RSAPublicKey) RegisterClient(io.jans.as.client.RegisterClient) RSASigner(io.jans.as.model.jws.RSASigner) AuthorizeClient(io.jans.as.client.AuthorizeClient) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Example 2 with Jwt

use of io.jans.as.model.jwt.Jwt in project jans by JanssenProject.

the class BackchannelAuthenticationPollMode method idTokenHintPS384.

@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "sectorIdentifierUri" })
@Test
public void idTokenHintPS384(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String sectorIdentifierUri) throws Exception {
    showTitle("idTokenHintPS384");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setResponseTypes(responseTypes);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    registerRequest.setIdTokenSignedResponseAlg(SignatureAlgorithm.PS384);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(registerResponse, 201, true);
    String clientId = registerResponse.getClientId();
    // 2. Request authorization
    List<String> scopes = Collections.singletonList("openid");
    String nonce = UUID.randomUUID().toString();
    String state = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    authorizationRequest.setState(state);
    AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
    authorizeClient.setRequest(authorizationRequest);
    AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
    assertAuthorizationResponse(authorizationResponse, responseTypes, true);
    String idToken = authorizationResponse.getIdToken();
    // 3. Validate id_token
    Jwt jwt = Jwt.parse(idToken);
    assertNotNull(jwt);
    assertJwtStandarClaimsNotNull(jwt, true);
    RSAPublicKey publicKey = JwkClient.getRSAPublicKey(jwksUri, jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID));
    RSASigner rsaSigner = new RSASigner(SignatureAlgorithm.PS384, publicKey);
    assertTrue(rsaSigner.validate(jwt));
    idTokenHintPS384 = idToken;
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) AuthorizationRequest(io.jans.as.client.AuthorizationRequest) Jwt(io.jans.as.model.jwt.Jwt) BackchannelAuthenticationErrorResponseType(io.jans.as.model.ciba.BackchannelAuthenticationErrorResponseType) ResponseType(io.jans.as.model.common.ResponseType) AuthorizationResponse(io.jans.as.client.AuthorizationResponse) RegisterResponse(io.jans.as.client.RegisterResponse) RSAPublicKey(io.jans.as.model.crypto.signature.RSAPublicKey) RegisterClient(io.jans.as.client.RegisterClient) RSASigner(io.jans.as.model.jws.RSASigner) AuthorizeClient(io.jans.as.client.AuthorizeClient) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Example 3 with Jwt

use of io.jans.as.model.jwt.Jwt in project jans by JanssenProject.

the class BackchannelAuthenticationPollMode method loginHintTokenPS384.

@Parameters({ "PS384_keyId", "userEmail", "dnName", "keyStoreFile", "keyStoreSecret" })
@Test
public void loginHintTokenPS384(final String keyId, final String userEmail, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws Exception {
    showTitle("loginHintTokenPS384");
    JSONObject subjectValue = new JSONObject();
    subjectValue.put("subject_type", "email");
    subjectValue.put("email", userEmail);
    Jwt jwt = new Jwt();
    jwt.getHeader().setAlgorithm(SignatureAlgorithm.PS384);
    jwt.getHeader().setKeyId(keyId);
    jwt.getClaims().setClaim("subject", subjectValue);
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    String encodedSignature = cryptoProvider.sign(jwt.getSigningInput(), keyId, null, SignatureAlgorithm.PS384);
    jwt.setEncodedSignature(encodedSignature);
    loginHintTokenPS384 = jwt.toString();
}
Also used : JSONObject(org.json.JSONObject) Jwt(io.jans.as.model.jwt.Jwt) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Example 4 with Jwt

use of io.jans.as.model.jwt.Jwt in project jans by JanssenProject.

the class BackchannelAuthenticationPollMode method requestBackchannelAuthentication.

public String requestBackchannelAuthentication(final String userId, final String clientId, final String clientSecret, final String backchannelUserCode) throws Exception {
    // Authentication Request
    String bindingMessage = RandomStringUtils.randomAlphanumeric(6);
    String clientNotificationToken = UUID.randomUUID().toString();
    BackchannelAuthenticationRequest backchannelAuthenticationRequest = new BackchannelAuthenticationRequest();
    backchannelAuthenticationRequest.setScope(Arrays.asList("openid", "profile", "email", "address", "phone"));
    backchannelAuthenticationRequest.setLoginHint(userId);
    backchannelAuthenticationRequest.setClientNotificationToken(clientNotificationToken);
    backchannelAuthenticationRequest.setUserCode(backchannelUserCode);
    backchannelAuthenticationRequest.setRequestedExpiry(1200);
    backchannelAuthenticationRequest.setAcrValues(Arrays.asList("auth_ldap_server", "basic"));
    backchannelAuthenticationRequest.setBindingMessage(bindingMessage);
    backchannelAuthenticationRequest.setAuthUsername(clientId);
    backchannelAuthenticationRequest.setAuthPassword(clientSecret);
    BackchannelAuthenticationClient backchannelAuthenticationClient = new BackchannelAuthenticationClient(backchannelAuthenticationEndpoint);
    backchannelAuthenticationClient.setRequest(backchannelAuthenticationRequest);
    BackchannelAuthenticationResponse backchannelAuthenticationResponse = backchannelAuthenticationClient.exec();
    showClient(backchannelAuthenticationClient);
    assertBackchannelAuthentication(backchannelAuthenticationResponse, true);
    String authReqId = backchannelAuthenticationResponse.getAuthReqId();
    // Token Request Using CIBA Grant Type
    TokenResponse tokenResponse = null;
    int pollCount = 0;
    do {
        Thread.sleep(5000);
        TokenRequest tokenRequest = new TokenRequest(GrantType.CIBA);
        tokenRequest.setAuthUsername(clientId);
        tokenRequest.setAuthPassword(clientSecret);
        tokenRequest.setAuthReqId(authReqId);
        TokenClient tokenClient = new TokenClient(tokenEndpoint);
        tokenClient.setRequest(tokenRequest);
        tokenResponse = tokenClient.exec();
        showClient(tokenClient);
        pollCount++;
    } while (tokenResponse.getStatus() == 400 && pollCount < 5);
    assertTokenResponseOk(tokenResponse, false);
    String accessToken = tokenResponse.getAccessToken();
    String idToken = tokenResponse.getIdToken();
    // Request user info
    UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
    UserInfoResponse userInfoResponse = userInfoClient.execUserInfo(accessToken);
    showClient(userInfoClient);
    assertUserInfoBasicResponseOk(userInfoResponse, 200);
    assertUserInfoPersonalDataNotNull(userInfoResponse);
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.WEBSITE));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.ADDRESS));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.BIRTHDATE));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.EMAIL_VERIFIED));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.GENDER));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.PROFILE));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.PHONE_NUMBER_VERIFIED));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.PREFERRED_USERNAME));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.MIDDLE_NAME));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.UPDATED_AT));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.NICKNAME));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.PHONE_NUMBER));
    // Validate id_token
    Jwt jwt = Jwt.parse(idToken);
    assertNotNull(jwt);
    assertJwtStandarClaimsNotNull(jwt, true);
    RSAPublicKey publicKey = JwkClient.getRSAPublicKey(jwksUri, jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID));
    RSASigner rsaSigner = new RSASigner(SignatureAlgorithm.RS256, publicKey);
    assertTrue(rsaSigner.validate(jwt));
    String sub = jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER);
    return sub;
}
Also used : Jwt(io.jans.as.model.jwt.Jwt) UserInfoClient(io.jans.as.client.UserInfoClient) TokenResponse(io.jans.as.client.TokenResponse) RSAPublicKey(io.jans.as.model.crypto.signature.RSAPublicKey) BackchannelAuthenticationResponse(io.jans.as.client.BackchannelAuthenticationResponse) BackchannelAuthenticationClient(io.jans.as.client.BackchannelAuthenticationClient) RSASigner(io.jans.as.model.jws.RSASigner) TokenRequest(io.jans.as.client.TokenRequest) BackchannelAuthenticationRequest(io.jans.as.client.BackchannelAuthenticationRequest) UserInfoResponse(io.jans.as.client.UserInfoResponse) TokenClient(io.jans.as.client.TokenClient)

Example 5 with Jwt

use of io.jans.as.model.jwt.Jwt in project jans by JanssenProject.

the class BackchannelAuthenticationPingMode method idTokenHintRS384.

@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "sectorIdentifierUri" })
@Test
public void idTokenHintRS384(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String sectorIdentifierUri) throws Exception {
    showTitle("idTokenHintRS384");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setResponseTypes(responseTypes);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    registerRequest.setIdTokenSignedResponseAlg(SignatureAlgorithm.RS384);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(registerResponse, 201, true);
    String clientId = registerResponse.getClientId();
    // 2. Request authorization
    List<String> scopes = Collections.singletonList("openid");
    String nonce = UUID.randomUUID().toString();
    String state = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    authorizationRequest.setState(state);
    AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
    authorizeClient.setRequest(authorizationRequest);
    AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
    assertAuthorizationResponse(authorizationResponse, responseTypes, true);
    String idToken = authorizationResponse.getIdToken();
    // 3. Validate id_token
    Jwt jwt = Jwt.parse(idToken);
    assertNotNull(jwt);
    assertJwtStandarClaimsNotNull(jwt, true);
    RSAPublicKey publicKey = JwkClient.getRSAPublicKey(jwksUri, jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID));
    RSASigner rsaSigner = new RSASigner(SignatureAlgorithm.RS384, publicKey);
    assertTrue(rsaSigner.validate(jwt));
    idTokenHintRS384 = idToken;
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) AuthorizationRequest(io.jans.as.client.AuthorizationRequest) Jwt(io.jans.as.model.jwt.Jwt) BackchannelAuthenticationErrorResponseType(io.jans.as.model.ciba.BackchannelAuthenticationErrorResponseType) ResponseType(io.jans.as.model.common.ResponseType) AuthorizationResponse(io.jans.as.client.AuthorizationResponse) RegisterResponse(io.jans.as.client.RegisterResponse) RSAPublicKey(io.jans.as.model.crypto.signature.RSAPublicKey) RegisterClient(io.jans.as.client.RegisterClient) RSASigner(io.jans.as.model.jws.RSASigner) AuthorizeClient(io.jans.as.client.AuthorizeClient) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Aggregations

Jwt (io.jans.as.model.jwt.Jwt)295 Test (org.testng.annotations.Test)249 Parameters (org.testng.annotations.Parameters)231 BaseTest (io.jans.as.client.BaseTest)210 ResponseType (io.jans.as.model.common.ResponseType)189 AuthorizationResponse (io.jans.as.client.AuthorizationResponse)171 RegisterResponse (io.jans.as.client.RegisterResponse)167 AuthorizationRequest (io.jans.as.client.AuthorizationRequest)161 RegisterClient (io.jans.as.client.RegisterClient)156 RegisterRequest (io.jans.as.client.RegisterRequest)156 AuthCryptoProvider (io.jans.as.model.crypto.AuthCryptoProvider)128 RSAPublicKey (io.jans.as.model.crypto.signature.RSAPublicKey)101 RSASigner (io.jans.as.model.jws.RSASigner)100 AuthorizeClient (io.jans.as.client.AuthorizeClient)92 JwtAuthorizationRequest (io.jans.as.client.model.authorize.JwtAuthorizationRequest)88 JSONObject (org.json.JSONObject)85 UserInfoClient (io.jans.as.client.UserInfoClient)79 UserInfoResponse (io.jans.as.client.UserInfoResponse)79 Claim (io.jans.as.client.model.authorize.Claim)46 UserInfoRequest (io.jans.as.client.UserInfoRequest)42
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial