Examples with ClientAccessToken org.apache.cxf.rs.security.oauth2.common.ClientAccessToken used on opensource projects

Example 76 with ClientAccessToken

use of org.apache.cxf.rs.security.oauth2.common.ClientAccessToken in project cxf by apache.

the class JAXRSOAuth2TlsTest method testTwoWayTLSClientIdBound.

@Test
public void testTwoWayTLSClientIdBound() throws Exception {
    String atServiceAddress = "https://localhost:" + PORT + "/oauth2/token";
    WebClient wc = createOAuth2WebClient(atServiceAddress);
    ClientAccessToken at = OAuthClientUtils.getAccessToken(wc, new Consumer("bound"), new CustomGrant());
    assertNotNull(at.getTokenKey());
}

Example 77 with ClientAccessToken

use of org.apache.cxf.rs.security.oauth2.common.ClientAccessToken in project cxf by apache.

the class OIDCDynamicRegistrationTest method testRegisterClientInitialAccessTokenCodeGrantTls.

@org.junit.Test
public void testRegisterClientInitialAccessTokenCodeGrantTls() throws Exception {
    URL busFile = OIDCDynamicRegistrationTest.class.getResource("client.xml");
    String address = "https://localhost:" + PORT + "/services/dynamicWithAt/register";
    WebClient wc = WebClient.create(address, Collections.singletonList(new JsonMapObjectProvider()), busFile.toString());
    wc.accept("application/json").type("application/json");
    ClientRegistration reg = newClientRegistrationCodeGrant();
    reg.setTokenEndpointAuthMethod(OAuthConstants.TOKEN_ENDPOINT_AUTH_TLS);
    reg.setProperty(OAuthConstants.TLS_CLIENT_AUTH_SUBJECT_DN, "CN=whateverhost.com,OU=Morpit,O=ApacheTest,L=Syracuse,C=US");
    ClientRegistrationResponse resp = null;
    assertEquals(401, wc.post(reg).getStatus());
    wc.authorization(new ClientAccessToken("Bearer", "123456789"));
    resp = wc.post(reg, ClientRegistrationResponse.class);
    assertNotNull(resp.getClientId());
    assertNull(resp.getClientSecret());
    assertEquals(address + "/" + resp.getClientId(), resp.getRegistrationClientUri());
    String regAccessToken = resp.getRegistrationAccessToken();
    assertNotNull(regAccessToken);
    wc.reset();
    wc.path(resp.getClientId());
    assertEquals(401, wc.get().getStatus());
    wc.authorization(new ClientAccessToken("Bearer", regAccessToken));
    ClientRegistration clientRegResp = wc.get(ClientRegistration.class);
    testCommonRegCodeGrantProperties(clientRegResp);
    assertEquals(OAuthConstants.TOKEN_ENDPOINT_AUTH_TLS, clientRegResp.getTokenEndpointAuthMethod());
    assertEquals("CN=whateverhost.com,OU=Morpit,O=ApacheTest,L=Syracuse,C=US", clientRegResp.getProperty(OAuthConstants.TLS_CLIENT_AUTH_SUBJECT_DN));
    assertEquals(200, wc.delete().getStatus());
}

Example 78 with ClientAccessToken

use of org.apache.cxf.rs.security.oauth2.common.ClientAccessToken in project cxf by apache.

the class OIDCDynamicRegistrationTest method testRegisterClientPasswordGrant.

@org.junit.Test
public void testRegisterClientPasswordGrant() throws Exception {
    URL busFile = OIDCDynamicRegistrationTest.class.getResource("client.xml");
    String address = "https://localhost:" + PORT + "/services/dynamicWithAt/register";
    WebClient wc = WebClient.create(address, Collections.singletonList(new JsonMapObjectProvider()), busFile.toString());
    wc.accept("application/json").type("application/json");
    ClientRegistration reg = new ClientRegistration();
    reg.setClientName("dynamic_client");
    reg.setGrantTypes(Collections.singletonList(OAuthConstants.RESOURCE_OWNER_GRANT));
    wc.authorization(new ClientAccessToken("Bearer", "123456789"));
    ClientRegistrationResponse resp = wc.post(reg, ClientRegistrationResponse.class);
    assertNotNull(resp.getClientId());
    assertNotNull(resp.getClientSecret());
    assertEquals(address + "/" + resp.getClientId(), resp.getRegistrationClientUri());
    String regAccessToken = resp.getRegistrationAccessToken();
    assertNotNull(regAccessToken);
    wc.reset();
    wc.path(resp.getClientId());
    wc.authorization(new ClientAccessToken("Bearer", regAccessToken));
    ClientRegistration clientRegResp = wc.get(ClientRegistration.class);
    assertEquals("web", clientRegResp.getApplicationType());
    assertEquals("dynamic_client", clientRegResp.getClientName());
    assertEquals(Collections.singletonList(OAuthConstants.RESOURCE_OWNER_GRANT), clientRegResp.getGrantTypes());
    assertNull(clientRegResp.getTokenEndpointAuthMethod());
    assertNull(clientRegResp.getScope());
    assertNull(clientRegResp.getRedirectUris());
    assertEquals(200, wc.delete().getStatus());
}

Example 79 with ClientAccessToken

use of org.apache.cxf.rs.security.oauth2.common.ClientAccessToken in project cxf by apache.

the class OIDCFlowTest method testAuthorizationCodeFlowWithState.

@org.junit.Test
public void testAuthorizationCodeFlowWithState() throws Exception {
    URL busFile = OIDCFlowTest.class.getResource("client.xml");
    String address = "https://localhost:" + PORT + "/services/";
    WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "alice", "security", busFile.toString());
    // Save the Cookie for the second request...
    WebClient.getConfig(client).getRequestContext().put(org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
    // Get Authorization Code
    String code = OAuth2TestUtils.getAuthorizationCode(client, "openid", "consumer-id", null, "123456789");
    assertNotNull(code);
    // Now get the access token
    client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "consumer-id", "this-is-a-secret", busFile.toString());
    // Save the Cookie for the second request...
    WebClient.getConfig(client).getRequestContext().put(org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
    ClientAccessToken accessToken = OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code);
    assertNotNull(accessToken.getTokenKey());
    assertTrue(accessToken.getApprovedScope().contains("openid"));
    String idToken = accessToken.getParameters().get("id_token");
    assertNotNull(idToken);
    validateIdToken(idToken, null);
}

Example 80 with ClientAccessToken

use of org.apache.cxf.rs.security.oauth2.common.ClientAccessToken in project cxf by apache.

the class OIDCFlowTest method testAuthorizationCodeFlowWithKey.

@org.junit.Test
public void testAuthorizationCodeFlowWithKey() throws Exception {
    URL busFile = OIDCFlowTest.class.getResource("client.xml");
    String address = "https://localhost:" + PORT + "/services/";
    WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "alice", "security", busFile.toString());
    // Save the Cookie for the second request...
    WebClient.getConfig(client).getRequestContext().put(org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
    // Get Authorization Code
    String code = OAuth2TestUtils.getAuthorizationCode(client, "openid");
    assertNotNull(code);
    // Now get the access token
    client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "consumer-id", "this-is-a-secret", busFile.toString());
    // Save the Cookie for the second request...
    WebClient.getConfig(client).getRequestContext().put(org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
    ClientAccessToken accessToken = OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code);
    assertNotNull(accessToken.getTokenKey());
    assertTrue(accessToken.getApprovedScope().contains("openid"));
    String idToken = accessToken.getParameters().get("id_token");
    assertNotNull(idToken);
    JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(idToken);
    // Now get the key to validate the token
    client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "alice", "security", busFile.toString());
    client.accept("application/json");
    client.path("keys/");
    Response response = client.get();
    JsonWebKeys jsonWebKeys = response.readEntity(JsonWebKeys.class);
    Assert.assertTrue(jwtConsumer.verifySignatureWith(jsonWebKeys.getKeys().get(0), SignatureAlgorithm.RS256));
}