Examples with AuthorizeClient org.gluu.oxauth.client.AuthorizeClient used on opensource projects

Search in sources :

Example 41 with AuthorizeClient

use of org.gluu.oxauth.client.AuthorizeClient in project oxAuth by GluuFederation.

the class SSOWithMultipleBackendServicesHttpTest method sessionWorkFlow2.

@Parameters({ "redirectUris", "redirectUri", "userInum", "userEmail", "sectorIdentifierUri" })
@Test
public void sessionWorkFlow2(final String redirectUris, final String redirectUri, final String userInum, final String userEmail, final String sectorIdentifierUri) throws Exception {
    showTitle("sessionWorkFlow2");
    // Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.CLIENT_SECRET_POST);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
    assertNotNull(registerResponse.getClientId());
    assertNotNull(registerResponse.getClientSecret());
    assertNotNull(registerResponse.getRegistrationAccessToken());
    assertNotNull(registerResponse.getClientIdIssuedAt());
    assertNotNull(registerResponse.getClientSecretExpiresAt());
    String clientId = registerResponse.getClientId();
    String clientSecret = registerResponse.getClientSecret();
    // Authorization code flow to authenticate on B1
    String state1 = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest1 = new AuthorizationRequest(Arrays.asList(ResponseType.CODE), clientId, Arrays.asList("openid", "profile", "email"), redirectUri, null);
    authorizationRequest1.addCustomParameter("mail", userEmail);
    authorizationRequest1.addCustomParameter("inum", userInum);
    authorizationRequest1.getPrompts().add(Prompt.NONE);
    authorizationRequest1.setState(state1);
    authorizationRequest1.setAuthorizationMethod(AuthorizationMethod.FORM_ENCODED_BODY_PARAMETER);
    authorizationRequest1.setRequestSessionId(true);
    AuthorizationResponse authorizationResponse1 = authorizationRequestAndGrantAccess(authorizationEndpoint, authorizationRequest1);
    assertNotNull(authorizationResponse1.getLocation(), "The location is null");
    assertNotNull(authorizationResponse1.getCode(), "The authorization code is null");
    assertNotNull(authorizationResponse1.getSessionId(), "The session id is null");
    assertNotNull(authorizationResponse1.getScope(), "The scope is null");
    assertNotNull(authorizationResponse1.getState(), "The state is null");
    assertEquals(authorizationRequest1.getState(), state1);
    String authorizationCode1 = authorizationResponse1.getCode();
    String sessionId = authorizationResponse1.getSessionId();
    TokenRequest tokenRequest1 = new TokenRequest(GrantType.AUTHORIZATION_CODE);
    tokenRequest1.setCode(authorizationCode1);
    tokenRequest1.setRedirectUri(redirectUri);
    tokenRequest1.setAuthUsername(clientId);
    tokenRequest1.setAuthPassword(clientSecret);
    tokenRequest1.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_POST);
    TokenClient tokenClient1 = new TokenClient(tokenEndpoint);
    tokenClient1.setRequest(tokenRequest1);
    TokenResponse tokenResponse1 = tokenClient1.exec();
    showClient(tokenClient1);
    assertEquals(tokenResponse1.getStatus(), 200, "Unexpected response code: " + tokenResponse1.getStatus());
    assertNotNull(tokenResponse1.getEntity(), "The entity is null");
    assertNotNull(tokenResponse1.getAccessToken(), "The access token is null");
    assertNotNull(tokenResponse1.getExpiresIn(), "The expires in value is null");
    assertNotNull(tokenResponse1.getTokenType(), "The token type is null");
    assertNotNull(tokenResponse1.getRefreshToken(), "The refresh token is null");
    // User wants to authenticate on B2 (without sending its credentials)
    String state2 = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest2 = new AuthorizationRequest(Arrays.asList(ResponseType.CODE), clientId, Arrays.asList("openid", "profile", "email"), redirectUri, null);
    authorizationRequest2.getPrompts().add(Prompt.NONE);
    authorizationRequest2.setState(state2);
    authorizationRequest2.setSessionId(sessionId);
    AuthorizeClient authorizeClient2 = new AuthorizeClient(authorizationEndpoint);
    authorizeClient2.setRequest(authorizationRequest2);
    AuthorizationResponse authorizationResponse2 = authorizeClient2.exec();
    showClient(authorizeClient2);
    assertEquals(authorizationResponse2.getStatus(), 302, "Unexpected response code: " + authorizationResponse2.getStatus());
    assertNotNull(authorizationResponse2.getLocation(), "The location is null");
    assertNotNull(authorizationResponse2.getCode(), "The authorization code is null");
    assertNotNull(authorizationResponse2.getScope(), "The scope is null");
    assertNotNull(authorizationResponse2.getState(), "The state is null");
    assertEquals(authorizationResponse2.getState(), state2);
    String authorizationCode2 = authorizationResponse2.getCode();
    TokenRequest tokenRequest2 = new TokenRequest(GrantType.AUTHORIZATION_CODE);
    tokenRequest2.setCode(authorizationCode2);
    tokenRequest2.setRedirectUri(redirectUri);
    tokenRequest2.setAuthUsername(clientId);
    tokenRequest2.setAuthPassword(clientSecret);
    tokenRequest2.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_POST);
    TokenClient tokenClient2 = new TokenClient(tokenEndpoint);
    tokenClient2.setRequest(tokenRequest2);
    TokenResponse tokenResponse2 = tokenClient2.exec();
    showClient(tokenClient2);
    assertEquals(tokenResponse2.getStatus(), 200, "Unexpected response code: " + tokenResponse2.getStatus());
    assertNotNull(tokenResponse2.getEntity(), "The entity is null");
    assertNotNull(tokenResponse2.getAccessToken(), "The access token is null");
    assertNotNull(tokenResponse2.getExpiresIn(), "The expires in value is null");
    assertNotNull(tokenResponse2.getTokenType(), "The token type is null");
    assertNotNull(tokenResponse2.getRefreshToken(), "The refresh token is null");
    // User wants to authenticate on B3 (without sending its credentials)
    String state3 = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest3 = new AuthorizationRequest(Arrays.asList(ResponseType.CODE), clientId, Arrays.asList("openid", "profile", "email"), redirectUri, null);
    authorizationRequest3.getPrompts().add(Prompt.NONE);
    authorizationRequest3.setState(state3);
    authorizationRequest3.setSessionId(sessionId);
    AuthorizeClient authorizeClient3 = new AuthorizeClient(authorizationEndpoint);
    authorizeClient3.setRequest(authorizationRequest3);
    AuthorizationResponse authorizationResponse3 = authorizeClient3.exec();
    showClient(authorizeClient3);
    assertEquals(authorizationResponse3.getStatus(), 302, "Unexpected response code: " + authorizationResponse3.getStatus());
    assertNotNull(authorizationResponse3.getLocation(), "The location is null");
    assertNotNull(authorizationResponse3.getCode(), "The authorization code is null");
    assertNotNull(authorizationResponse3.getScope(), "The scope is null");
    assertNotNull(authorizationResponse3.getState(), "The state is null");
    assertEquals(authorizationResponse3.getState(), state3);
    String authorizationCode3 = authorizationResponse3.getCode();
    TokenRequest tokenRequest3 = new TokenRequest(GrantType.AUTHORIZATION_CODE);
    tokenRequest3.setCode(authorizationCode3);
    tokenRequest3.setRedirectUri(redirectUri);
    tokenRequest3.setAuthUsername(clientId);
    tokenRequest3.setAuthPassword(clientSecret);
    tokenRequest3.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_POST);
    TokenClient tokenClient3 = new TokenClient(tokenEndpoint);
    tokenClient3.setRequest(tokenRequest3);
    TokenResponse tokenResponse3 = tokenClient3.exec();
    showClient(tokenClient3);
    assertEquals(tokenResponse3.getStatus(), 200, "Unexpected response code: " + tokenResponse3.getStatus());
    assertNotNull(tokenResponse3.getEntity(), "The entity is null");
    assertNotNull(tokenResponse3.getAccessToken(), "The access token is null");
    assertNotNull(tokenResponse3.getExpiresIn(), "The expires in value is null");
    assertNotNull(tokenResponse3.getTokenType(), "The token type is null");
    assertNotNull(tokenResponse3.getRefreshToken(), "The refresh token is null");
}
Also used : RegisterRequest(org.gluu.oxauth.client.RegisterRequest) RegisterResponse(org.gluu.oxauth.client.RegisterResponse) AuthorizationRequest(org.gluu.oxauth.client.AuthorizationRequest) TokenResponse(org.gluu.oxauth.client.TokenResponse) RegisterClient(org.gluu.oxauth.client.RegisterClient) TokenRequest(org.gluu.oxauth.client.TokenRequest) TokenClient(org.gluu.oxauth.client.TokenClient) AuthorizeClient(org.gluu.oxauth.client.AuthorizeClient) AuthorizationResponse(org.gluu.oxauth.client.AuthorizationResponse) Parameters(org.testng.annotations.Parameters) BaseTest(org.gluu.oxauth.BaseTest) Test(org.testng.annotations.Test)

Example 42 with AuthorizeClient

use of org.gluu.oxauth.client.AuthorizeClient in project oxAuth by GluuFederation.

the class BaseTest method authorizationRequestAndDenyAccess.

public AuthorizationResponse authorizationRequestAndDenyAccess(String authorizeUrl, AuthorizationRequest authorizationRequest) {
    String authorizationRequestUrl = authorizeUrl + "?" + authorizationRequest.getQueryString();
    AuthorizeClient authorizeClient = new AuthorizeClient(authorizeUrl);
    authorizeClient.setRequest(authorizationRequest);
    System.out.println("authorizationRequestAndDenyAccess: authorizationRequestUrl:" + authorizationRequestUrl);
    startSelenium();
    navigateToAuhorizationUrl(driver, authorizationRequestUrl);
    WebElement doNotAllowButton = driver.findElement(By.id(authorizeFormDoNotAllowButton));
    final String previousURL = driver.getCurrentUrl();
    doNotAllowButton.click();
    WebDriverWait wait = new WebDriverWait(driver, 1);
    wait.until((WebDriver d) -> (d.getCurrentUrl() != previousURL));
    String authorizationResponseStr = driver.getCurrentUrl();
    Cookie sessionStateCookie = driver.manage().getCookieNamed("session_state");
    String sessionState = null;
    if (sessionStateCookie != null) {
        sessionState = sessionStateCookie.getValue();
    }
    System.out.println("authorizationRequestAndDenyAccess: sessionState:" + sessionState);
    stopSelenium();
    AuthorizationResponse authorizationResponse = new AuthorizationResponse(authorizationResponseStr);
    if (authorizationRequest.getRedirectUri() != null && authorizationRequest.getRedirectUri().equals(authorizationResponseStr)) {
        authorizationResponse.setResponseMode(ResponseMode.FORM_POST);
    }
    authorizeClient.setResponse(authorizationResponse);
    showClientUserAgent(authorizeClient);
    return authorizationResponse;
}
Also used : WebDriver(org.openqa.selenium.WebDriver) Cookie(org.openqa.selenium.Cookie) WebDriverWait(org.openqa.selenium.support.ui.WebDriverWait) WebElement(org.openqa.selenium.WebElement) AuthorizeClient(org.gluu.oxauth.client.AuthorizeClient) AuthorizationResponse(org.gluu.oxauth.client.AuthorizationResponse)

Example 43 with AuthorizeClient

use of org.gluu.oxauth.client.AuthorizeClient in project oxAuth by GluuFederation.

the class BaseTest method processAuthentication.

protected AuthorizeClient processAuthentication(WebDriver currentDriver, String authorizeUrl, AuthorizationRequest authorizationRequest, String userId, String userSecret) {
    String authorizationRequestUrl = authorizeUrl + "?" + authorizationRequest.getQueryString();
    AuthorizeClient authorizeClient = new AuthorizeClient(authorizeUrl);
    authorizeClient.setRequest(authorizationRequest);
    System.out.println("authenticateResourceOwnerAndGrantAccess: authorizationRequestUrl:" + authorizationRequestUrl);
    navigateToAuhorizationUrl(currentDriver, authorizationRequestUrl);
    if (userSecret != null) {
        final String previousUrl = currentDriver.getCurrentUrl();
        WebElement loginButton = waitForRequredElementLoad(currentDriver, loginFormLoginButton);
        if (userId != null) {
            setWebElementValue(currentDriver, loginFormUsername, userId);
        }
        setWebElementValue(currentDriver, loginFormPassword, userSecret);
        loginButton.click();
        if (ENABLE_REDIRECT_TO_LOGIN_PAGE) {
            waitForPageSwitch(currentDriver, previousUrl);
        }
        if (currentDriver.getPageSource().contains("Failed to authenticate.")) {
            fail("Failed to authenticate user");
        }
    }
    return authorizeClient;
}
Also used : WebElement(org.openqa.selenium.WebElement) AuthorizeClient(org.gluu.oxauth.client.AuthorizeClient)

Example 44 with AuthorizeClient

use of org.gluu.oxauth.client.AuthorizeClient in project oxAuth by GluuFederation.

the class BaseTest method authenticateResourceOwner.

/**
 * The authorization server authenticates the resource owner (via the user-agent)
 * No authorization page.
 */
public AuthorizationResponse authenticateResourceOwner(String authorizeUrl, AuthorizationRequest authorizationRequest, String userId, String userSecret, boolean cleanupCookies) {
    String authorizationRequestUrl = authorizeUrl + "?" + authorizationRequest.getQueryString();
    AuthorizeClient authorizeClient = new AuthorizeClient(authorizeUrl);
    authorizeClient.setRequest(authorizationRequest);
    System.out.println("authenticateResourceOwner: authorizationRequestUrl:" + authorizationRequestUrl);
    startSelenium();
    if (cleanupCookies) {
        System.out.println("authenticateResourceOwner: Cleaning cookies");
        deleteAllCookies();
    }
    navigateToAuhorizationUrl(driver, authorizationRequestUrl);
    if (userSecret != null) {
        if (userId != null) {
            WebElement usernameElement = driver.findElement(By.id(loginFormUsername));
            usernameElement.sendKeys(userId);
        }
        WebElement passwordElement = driver.findElement(By.id(loginFormPassword));
        passwordElement.sendKeys(userSecret);
        WebElement loginButton = driver.findElement(By.id(loginFormLoginButton));
        loginButton.click();
        navigateToAuhorizationUrl(driver, driver.getCurrentUrl());
        new WebDriverWait(driver, PageConfig.WAIT_OPERATION_TIMEOUT).until(webDriver -> !webDriver.getCurrentUrl().contains("/authorize"));
    }
    String authorizationResponseStr = driver.getCurrentUrl();
    Cookie sessionStateCookie = driver.manage().getCookieNamed("session_state");
    String sessionState = null;
    if (sessionStateCookie != null) {
        sessionState = sessionStateCookie.getValue();
    }
    System.out.println("authenticateResourceOwner: sessionState:" + sessionState + ", url:" + authorizationResponseStr);
    stopSelenium();
    AuthorizationResponse authorizationResponse = new AuthorizationResponse(authorizationResponseStr);
    if (authorizationRequest.getRedirectUri() != null && authorizationRequest.getRedirectUri().equals(authorizationResponseStr)) {
        authorizationResponse.setResponseMode(ResponseMode.FORM_POST);
    }
    authorizeClient.setResponse(authorizationResponse);
    showClientUserAgent(authorizeClient);
    return authorizationResponse;
}
Also used : Cookie(org.openqa.selenium.Cookie) WebDriverWait(org.openqa.selenium.support.ui.WebDriverWait) WebElement(org.openqa.selenium.WebElement) AuthorizeClient(org.gluu.oxauth.client.AuthorizeClient) AuthorizationResponse(org.gluu.oxauth.client.AuthorizationResponse)

Example 45 with AuthorizeClient

use of org.gluu.oxauth.client.AuthorizeClient in project oxAuth by GluuFederation.

the class BaseTest method authorizationRequestAndGrantAccess.

public AuthorizationResponse authorizationRequestAndGrantAccess(String authorizeUrl, AuthorizationRequest authorizationRequest) {
    String authorizationRequestUrl = authorizeUrl + "?" + authorizationRequest.getQueryString();
    AuthorizeClient authorizeClient = new AuthorizeClient(authorizeUrl);
    authorizeClient.setRequest(authorizationRequest);
    System.out.println("authorizationRequestAndGrantAccess: authorizationRequestUrl:" + authorizationRequestUrl);
    startSelenium();
    navigateToAuhorizationUrl(driver, authorizationRequestUrl);
    String authorizationResponseStr = driver.getCurrentUrl();
    WebElement allowButton = driver.findElement(By.id(authorizeFormAllowButton));
    final String previousURL = driver.getCurrentUrl();
    allowButton.click();
    waitForPageSwitch(previousURL);
    authorizationResponseStr = driver.getCurrentUrl();
    if (!authorizationResponseStr.startsWith(authorizationRequest.getRedirectUri())) {
        navigateToAuhorizationUrl(driver, authorizationResponseStr);
        authorizationResponseStr = waitForPageSwitch(authorizationResponseStr);
    }
    Cookie sessionStateCookie = driver.manage().getCookieNamed("session_state");
    String sessionState = null;
    if (sessionStateCookie != null) {
        sessionState = sessionStateCookie.getValue();
    }
    System.out.println("authorizationRequestAndGrantAccess: sessionState:" + sessionState);
    stopSelenium();
    AuthorizationResponse authorizationResponse = new AuthorizationResponse(authorizationResponseStr);
    if (authorizationRequest.getRedirectUri() != null && authorizationRequest.getRedirectUri().equals(authorizationResponseStr)) {
        authorizationResponse.setResponseMode(ResponseMode.FORM_POST);
    }
    authorizeClient.setResponse(authorizationResponse);
    showClientUserAgent(authorizeClient);
    return authorizationResponse;
}
Also used : Cookie(org.openqa.selenium.Cookie) WebElement(org.openqa.selenium.WebElement) AuthorizeClient(org.gluu.oxauth.client.AuthorizeClient) AuthorizationResponse(org.gluu.oxauth.client.AuthorizationResponse)

Aggregations

AuthorizeClient (org.gluu.oxauth.client.AuthorizeClient)218 AuthorizationResponse (org.gluu.oxauth.client.AuthorizationResponse)212 AuthorizationRequest (org.gluu.oxauth.client.AuthorizationRequest)209 BaseTest (org.gluu.oxauth.BaseTest)205 Test (org.testng.annotations.Test)205 Parameters (org.testng.annotations.Parameters)200 RegisterClient (org.gluu.oxauth.client.RegisterClient)198 RegisterRequest (org.gluu.oxauth.client.RegisterRequest)198 RegisterResponse (org.gluu.oxauth.client.RegisterResponse)198 ResponseType (org.gluu.oxauth.model.common.ResponseType)198 JwtAuthorizationRequest (org.gluu.oxauth.client.model.authorize.JwtAuthorizationRequest)109 UserInfoClient (org.gluu.oxauth.client.UserInfoClient)105 UserInfoResponse (org.gluu.oxauth.client.UserInfoResponse)105 OxAuthCryptoProvider (org.gluu.oxauth.model.crypto.OxAuthCryptoProvider)92 Jwt (org.gluu.oxauth.model.jwt.Jwt)92 Claim (org.gluu.oxauth.client.model.authorize.Claim)72 UserInfoRequest (org.gluu.oxauth.client.UserInfoRequest)54 RSAPublicKey (org.gluu.oxauth.model.crypto.signature.RSAPublicKey)53 RSASigner (org.gluu.oxauth.model.jws.RSASigner)53 BackchannelAuthenticationErrorResponseType (org.gluu.oxauth.model.ciba.BackchannelAuthenticationErrorResponseType)44
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial