Search in sources :

Example 76 with BackchannelAuthenticationResponse

use of org.gluu.oxauth.client.BackchannelAuthenticationResponse in project oxAuth by GluuFederation.

the class BackchannelAuthenticationPingMode method backchannelTokenDeliveryModePingIdTokenHintAlgA256KWEncA256GCM.

@Parameters({ "clientJwksUri", "backchannelClientNotificationEndpoint", "backchannelUserCode" })
@Test(dependsOnMethods = "idTokenHintAlgA256KWEncA256GCM")
public void backchannelTokenDeliveryModePingIdTokenHintAlgA256KWEncA256GCM(final String clientJwksUri, final String backchannelClientNotificationEndpoint, final String backchannelUserCode) {
    showTitle("backchannelTokenDeliveryModePingIdTokenHintAlgA256KWEncA256GCM");
    // 1. Dynamic Client Registration
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", null);
    registerRequest.setJwksUri(clientJwksUri);
    registerRequest.setGrantTypes(Arrays.asList(GrantType.CIBA));
    registerRequest.setBackchannelTokenDeliveryMode(BackchannelTokenDeliveryMode.PING);
    registerRequest.setBackchannelClientNotificationEndpoint(backchannelClientNotificationEndpoint);
    registerRequest.setBackchannelAuthenticationRequestSigningAlg(AsymmetricSignatureAlgorithm.RS256);
    registerRequest.setBackchannelUserCodeParameter(true);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
    assertNotNull(registerResponse.getClientId());
    assertNotNull(registerResponse.getClientSecret());
    assertNotNull(registerResponse.getRegistrationAccessToken());
    assertNotNull(registerResponse.getClientSecretExpiresAt());
    assertTrue(registerResponse.getClaims().containsKey(BACKCHANNEL_TOKEN_DELIVERY_MODE.toString()));
    assertTrue(registerResponse.getClaims().containsKey(BACKCHANNEL_AUTHENTICATION_REQUEST_SIGNING_ALG.toString()));
    assertTrue(registerResponse.getClaims().containsKey(BACKCHANNEL_USER_CODE_PARAMETER.toString()));
    assertTrue(registerResponse.getClaims().containsKey(BACKCHANNEL_CLIENT_NOTIFICATION_ENDPOINT.toString()));
    assertEquals(registerResponse.getClaims().get(BACKCHANNEL_TOKEN_DELIVERY_MODE.toString()), BackchannelTokenDeliveryMode.PING.getValue());
    assertEquals(registerResponse.getClaims().get(BACKCHANNEL_AUTHENTICATION_REQUEST_SIGNING_ALG.toString()), AsymmetricSignatureAlgorithm.RS256.getValue());
    assertEquals(registerResponse.getClaims().get(BACKCHANNEL_USER_CODE_PARAMETER.toString()), new Boolean(true).toString());
    String clientId = registerResponse.getClientId();
    String clientSecret = registerResponse.getClientSecret();
    // 2. Authentication Request
    String clientNotificationToken = UUID.randomUUID().toString();
    BackchannelAuthenticationRequest backchannelAuthenticationRequest = new BackchannelAuthenticationRequest();
    backchannelAuthenticationRequest.setScope(Arrays.asList("openid"));
    backchannelAuthenticationRequest.setIdTokenHint(idTokenHintAlgA256KWEncA256GCM);
    backchannelAuthenticationRequest.setClientNotificationToken(clientNotificationToken);
    backchannelAuthenticationRequest.setUserCode(backchannelUserCode);
    backchannelAuthenticationRequest.setRequestedExpiry(1200);
    backchannelAuthenticationRequest.setAuthUsername(clientId);
    backchannelAuthenticationRequest.setAuthPassword(clientSecret);
    BackchannelAuthenticationClient backchannelAuthenticationClient = new BackchannelAuthenticationClient(backchannelAuthenticationEndpoint);
    backchannelAuthenticationClient.setRequest(backchannelAuthenticationRequest);
    BackchannelAuthenticationResponse backchannelAuthenticationResponse = backchannelAuthenticationClient.exec();
    showClient(backchannelAuthenticationClient);
    assertEquals(backchannelAuthenticationResponse.getStatus(), 200, "Unexpected response code: " + backchannelAuthenticationResponse.getEntity());
    assertNotNull(backchannelAuthenticationResponse.getAuthReqId());
    assertNotNull(backchannelAuthenticationResponse.getExpiresIn());
    // This parameter will only be present if the Client is registered to use the Poll or Ping modes.
    assertNotNull(backchannelAuthenticationResponse.getInterval());
}
Also used : RegisterRequest(org.gluu.oxauth.client.RegisterRequest) RegisterResponse(org.gluu.oxauth.client.RegisterResponse) BackchannelAuthenticationResponse(org.gluu.oxauth.client.BackchannelAuthenticationResponse) RegisterClient(org.gluu.oxauth.client.RegisterClient) BackchannelAuthenticationClient(org.gluu.oxauth.client.BackchannelAuthenticationClient) BackchannelAuthenticationRequest(org.gluu.oxauth.client.BackchannelAuthenticationRequest) Parameters(org.testng.annotations.Parameters) BaseTest(org.gluu.oxauth.BaseTest) Test(org.testng.annotations.Test)

Example 77 with BackchannelAuthenticationResponse

use of org.gluu.oxauth.client.BackchannelAuthenticationResponse in project oxAuth by GluuFederation.

the class BackchannelAuthenticationPingMode method backchannelTokenDeliveryModePingFail7.

@Parameters({ "clientJwksUri", "backchannelClientNotificationEndpoint", "backchannelUserCode", "userId" })
@Test
public void backchannelTokenDeliveryModePingFail7(final String clientJwksUri, final String backchannelClientNotificationEndpoint, final String backchannelUserCode, final String userId) throws InterruptedException {
    showTitle("backchannelTokenDeliveryModePingFail7");
    // 1. Dynamic Client Registration
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", null);
    registerRequest.setJwksUri(clientJwksUri);
    registerRequest.setGrantTypes(Arrays.asList(GrantType.CIBA));
    registerRequest.setBackchannelTokenDeliveryMode(BackchannelTokenDeliveryMode.PING);
    registerRequest.setBackchannelClientNotificationEndpoint(backchannelClientNotificationEndpoint);
    registerRequest.setBackchannelAuthenticationRequestSigningAlg(AsymmetricSignatureAlgorithm.RS256);
    registerRequest.setBackchannelUserCodeParameter(true);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
    assertNotNull(registerResponse.getClientId());
    assertNotNull(registerResponse.getClientSecret());
    assertNotNull(registerResponse.getRegistrationAccessToken());
    assertNotNull(registerResponse.getClientSecretExpiresAt());
    assertTrue(registerResponse.getClaims().containsKey(BACKCHANNEL_TOKEN_DELIVERY_MODE.toString()));
    assertTrue(registerResponse.getClaims().containsKey(BACKCHANNEL_AUTHENTICATION_REQUEST_SIGNING_ALG.toString()));
    assertTrue(registerResponse.getClaims().containsKey(BACKCHANNEL_USER_CODE_PARAMETER.toString()));
    assertTrue(registerResponse.getClaims().containsKey(BACKCHANNEL_CLIENT_NOTIFICATION_ENDPOINT.toString()));
    assertEquals(registerResponse.getClaims().get(BACKCHANNEL_TOKEN_DELIVERY_MODE.toString()), BackchannelTokenDeliveryMode.PING.getValue());
    assertEquals(registerResponse.getClaims().get(BACKCHANNEL_AUTHENTICATION_REQUEST_SIGNING_ALG.toString()), AsymmetricSignatureAlgorithm.RS256.getValue());
    assertEquals(registerResponse.getClaims().get(BACKCHANNEL_USER_CODE_PARAMETER.toString()), new Boolean(true).toString());
    String clientId = registerResponse.getClientId();
    String clientSecret = registerResponse.getClientSecret();
    // 2. Authentication Request
    String clientNotificationToken = UUID.randomUUID().toString();
    BackchannelAuthenticationRequest backchannelAuthenticationRequest = new BackchannelAuthenticationRequest();
    backchannelAuthenticationRequest.setScope(Arrays.asList("openid", "profile", "email", "address", "phone"));
    backchannelAuthenticationRequest.setLoginHint(userId);
    backchannelAuthenticationRequest.setClientNotificationToken(clientNotificationToken);
    backchannelAuthenticationRequest.setUserCode(backchannelUserCode);
    backchannelAuthenticationRequest.setRequestedExpiry(1200);
    backchannelAuthenticationRequest.setAcrValues(Arrays.asList("auth_ldap_server", "basic"));
    // Invalid binding message
    backchannelAuthenticationRequest.setBindingMessage("####");
    backchannelAuthenticationRequest.setAuthUsername(clientId);
    backchannelAuthenticationRequest.setAuthPassword(clientSecret);
    BackchannelAuthenticationClient backchannelAuthenticationClient = new BackchannelAuthenticationClient(backchannelAuthenticationEndpoint);
    backchannelAuthenticationClient.setRequest(backchannelAuthenticationRequest);
    BackchannelAuthenticationResponse backchannelAuthenticationResponse = backchannelAuthenticationClient.exec();
    showClient(backchannelAuthenticationClient);
    assertEquals(backchannelAuthenticationResponse.getStatus(), 400, "Unexpected response code: " + backchannelAuthenticationResponse.getEntity());
    assertNotNull(backchannelAuthenticationResponse.getEntity(), "The entity is null");
    assertNotNull(backchannelAuthenticationResponse.getErrorType(), "The error type is null");
    assertEquals(BackchannelAuthenticationErrorResponseType.INVALID_BINDING_MESSAGE, backchannelAuthenticationResponse.getErrorType());
    assertNotNull(backchannelAuthenticationResponse.getErrorDescription(), "The error description is null");
}
Also used : RegisterRequest(org.gluu.oxauth.client.RegisterRequest) RegisterResponse(org.gluu.oxauth.client.RegisterResponse) BackchannelAuthenticationResponse(org.gluu.oxauth.client.BackchannelAuthenticationResponse) RegisterClient(org.gluu.oxauth.client.RegisterClient) BackchannelAuthenticationClient(org.gluu.oxauth.client.BackchannelAuthenticationClient) BackchannelAuthenticationRequest(org.gluu.oxauth.client.BackchannelAuthenticationRequest) Parameters(org.testng.annotations.Parameters) BaseTest(org.gluu.oxauth.BaseTest) Test(org.testng.annotations.Test)

Example 78 with BackchannelAuthenticationResponse

use of org.gluu.oxauth.client.BackchannelAuthenticationResponse in project oxAuth by GluuFederation.

the class BackchannelAuthenticationPingMode method backchannelTokenDeliveryModePingIdTokenHintES256.

@Parameters({ "clientJwksUri", "backchannelClientNotificationEndpoint", "backchannelUserCode", "ES256_keyId", "dnName", "keyStoreFile", "keyStoreSecret" })
@Test(dependsOnMethods = "idTokenHintES256")
public void backchannelTokenDeliveryModePingIdTokenHintES256(final String clientJwksUri, final String backchannelClientNotificationEndpoint, final String backchannelUserCode, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws Exception {
    showTitle("backchannelTokenDeliveryModePingIdTokenHintES256");
    // 1. Dynamic Client Registration
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", null);
    registerRequest.setJwksUri(clientJwksUri);
    registerRequest.setGrantTypes(Arrays.asList(GrantType.CIBA));
    registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    registerRequest.setTokenEndpointAuthSigningAlg(SignatureAlgorithm.ES256);
    registerRequest.setBackchannelTokenDeliveryMode(BackchannelTokenDeliveryMode.PING);
    registerRequest.setBackchannelClientNotificationEndpoint(backchannelClientNotificationEndpoint);
    registerRequest.setBackchannelAuthenticationRequestSigningAlg(AsymmetricSignatureAlgorithm.ES256);
    registerRequest.setBackchannelUserCodeParameter(true);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
    assertNotNull(registerResponse.getClientId());
    assertNotNull(registerResponse.getClientSecret());
    assertNotNull(registerResponse.getRegistrationAccessToken());
    assertNotNull(registerResponse.getClientSecretExpiresAt());
    assertTrue(registerResponse.getClaims().containsKey(BACKCHANNEL_TOKEN_DELIVERY_MODE.toString()));
    assertTrue(registerResponse.getClaims().containsKey(BACKCHANNEL_AUTHENTICATION_REQUEST_SIGNING_ALG.toString()));
    assertTrue(registerResponse.getClaims().containsKey(BACKCHANNEL_USER_CODE_PARAMETER.toString()));
    assertTrue(registerResponse.getClaims().containsKey(BACKCHANNEL_CLIENT_NOTIFICATION_ENDPOINT.toString()));
    assertEquals(registerResponse.getClaims().get(BACKCHANNEL_TOKEN_DELIVERY_MODE.toString()), BackchannelTokenDeliveryMode.PING.getValue());
    assertEquals(registerResponse.getClaims().get(BACKCHANNEL_AUTHENTICATION_REQUEST_SIGNING_ALG.toString()), AsymmetricSignatureAlgorithm.ES256.getValue());
    assertEquals(registerResponse.getClaims().get(BACKCHANNEL_USER_CODE_PARAMETER.toString()), new Boolean(true).toString());
    String clientId = registerResponse.getClientId();
    // 2. Authentication Request
    OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    String clientNotificationToken = UUID.randomUUID().toString();
    BackchannelAuthenticationRequest backchannelAuthenticationRequest = new BackchannelAuthenticationRequest();
    backchannelAuthenticationRequest.setScope(Arrays.asList("openid"));
    backchannelAuthenticationRequest.setIdTokenHint(idTokenHintES256);
    backchannelAuthenticationRequest.setClientNotificationToken(clientNotificationToken);
    backchannelAuthenticationRequest.setUserCode(backchannelUserCode);
    backchannelAuthenticationRequest.setRequestedExpiry(1200);
    backchannelAuthenticationRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    backchannelAuthenticationRequest.setAlgorithm(SignatureAlgorithm.ES256);
    backchannelAuthenticationRequest.setCryptoProvider(cryptoProvider);
    backchannelAuthenticationRequest.setKeyId(keyId);
    backchannelAuthenticationRequest.setAudience(tokenEndpoint);
    backchannelAuthenticationRequest.setAuthUsername(clientId);
    BackchannelAuthenticationClient backchannelAuthenticationClient = new BackchannelAuthenticationClient(backchannelAuthenticationEndpoint);
    backchannelAuthenticationClient.setRequest(backchannelAuthenticationRequest);
    BackchannelAuthenticationResponse backchannelAuthenticationResponse = backchannelAuthenticationClient.exec();
    showClient(backchannelAuthenticationClient);
    assertEquals(backchannelAuthenticationResponse.getStatus(), 200, "Unexpected response code: " + backchannelAuthenticationResponse.getEntity());
    assertNotNull(backchannelAuthenticationResponse.getAuthReqId());
    assertNotNull(backchannelAuthenticationResponse.getExpiresIn());
    // This parameter will only be present if the Client is registered to use the Poll or Ping modes.
    assertNotNull(backchannelAuthenticationResponse.getInterval());
}
Also used : OxAuthCryptoProvider(org.gluu.oxauth.model.crypto.OxAuthCryptoProvider) RegisterRequest(org.gluu.oxauth.client.RegisterRequest) RegisterResponse(org.gluu.oxauth.client.RegisterResponse) BackchannelAuthenticationResponse(org.gluu.oxauth.client.BackchannelAuthenticationResponse) RegisterClient(org.gluu.oxauth.client.RegisterClient) BackchannelAuthenticationClient(org.gluu.oxauth.client.BackchannelAuthenticationClient) BackchannelAuthenticationRequest(org.gluu.oxauth.client.BackchannelAuthenticationRequest) Parameters(org.testng.annotations.Parameters) BaseTest(org.gluu.oxauth.BaseTest) Test(org.testng.annotations.Test)

Example 79 with BackchannelAuthenticationResponse

use of org.gluu.oxauth.client.BackchannelAuthenticationResponse in project oxAuth by GluuFederation.

the class BackchannelAuthenticationPingMode method requestBackchannelAuthentication.

public String requestBackchannelAuthentication(final String userInum, final String clientId, final String clientSecret, final String backchannelUserCode) throws Exception {
    // Authentication Request
    String bindingMessage = RandomStringUtils.randomAlphanumeric(6);
    String clientNotificationToken = UUID.randomUUID().toString();
    BackchannelAuthenticationRequest backchannelAuthenticationRequest = new BackchannelAuthenticationRequest();
    backchannelAuthenticationRequest.setScope(Arrays.asList("openid", "profile", "email", "address", "phone"));
    backchannelAuthenticationRequest.setLoginHint(userInum);
    backchannelAuthenticationRequest.setClientNotificationToken(clientNotificationToken);
    backchannelAuthenticationRequest.setUserCode(backchannelUserCode);
    backchannelAuthenticationRequest.setRequestedExpiry(1200);
    backchannelAuthenticationRequest.setAcrValues(Arrays.asList("auth_ldap_server", "basic"));
    backchannelAuthenticationRequest.setBindingMessage(bindingMessage);
    backchannelAuthenticationRequest.setAuthUsername(clientId);
    backchannelAuthenticationRequest.setAuthPassword(clientSecret);
    BackchannelAuthenticationClient backchannelAuthenticationClient = new BackchannelAuthenticationClient(backchannelAuthenticationEndpoint);
    backchannelAuthenticationClient.setRequest(backchannelAuthenticationRequest);
    BackchannelAuthenticationResponse backchannelAuthenticationResponse = backchannelAuthenticationClient.exec();
    showClient(backchannelAuthenticationClient);
    assertEquals(backchannelAuthenticationResponse.getStatus(), 200, "Unexpected response code: " + backchannelAuthenticationResponse.getEntity());
    assertNotNull(backchannelAuthenticationResponse.getAuthReqId());
    assertNotNull(backchannelAuthenticationResponse.getExpiresIn());
    // This parameter will only be present if the Client is registered to use the Poll or Ping modes.
    assertNotNull(backchannelAuthenticationResponse.getInterval());
    String authReqId = backchannelAuthenticationResponse.getAuthReqId();
    // 3. Token Request Using CIBA Grant Type
    TokenResponse tokenResponse = null;
    int pollCount = 0;
    do {
        Thread.sleep(5000);
        TokenRequest tokenRequest = new TokenRequest(GrantType.CIBA);
        tokenRequest.setAuthUsername(clientId);
        tokenRequest.setAuthPassword(clientSecret);
        tokenRequest.setAuthReqId(authReqId);
        TokenClient tokenClient = new TokenClient(tokenEndpoint);
        tokenClient.setRequest(tokenRequest);
        tokenResponse = tokenClient.exec();
        showClient(tokenClient);
        pollCount++;
    } while (tokenResponse.getStatus() == 400 && pollCount < 5);
    assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus());
    assertNotNull(tokenResponse.getEntity(), "The entity is null");
    assertNotNull(tokenResponse.getAccessToken(), "The access token is null");
    assertNotNull(tokenResponse.getTokenType(), "The token type is null");
    String accessToken = tokenResponse.getAccessToken();
    String idToken = tokenResponse.getIdToken();
    // 4. Request user info
    UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
    UserInfoResponse userInfoResponse = userInfoClient.execUserInfo(accessToken);
    showClient(userInfoClient);
    assertEquals(userInfoResponse.getStatus(), 200, "Unexpected response code: " + userInfoResponse.getStatus());
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.SUBJECT_IDENTIFIER));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.WEBSITE));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.ZONEINFO));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.ADDRESS));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.BIRTHDATE));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.EMAIL_VERIFIED));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.GENDER));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.PROFILE));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.PHONE_NUMBER_VERIFIED));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.PREFERRED_USERNAME));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.GIVEN_NAME));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.MIDDLE_NAME));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.LOCALE));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.PICTURE));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.UPDATED_AT));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.NAME));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.NICKNAME));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.PHONE_NUMBER));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.FAMILY_NAME));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.EMAIL));
    // Validate id_token
    Jwt jwt = Jwt.parse(idToken);
    assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.TYPE));
    assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUER));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUDIENCE));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
    RSAPublicKey publicKey = JwkClient.getRSAPublicKey(jwksUri, jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID));
    RSASigner rsaSigner = new RSASigner(SignatureAlgorithm.RS256, publicKey);
    assertTrue(rsaSigner.validate(jwt));
    String sub = jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER);
    return sub;
}
Also used : Jwt(org.gluu.oxauth.model.jwt.Jwt) UserInfoClient(org.gluu.oxauth.client.UserInfoClient) TokenResponse(org.gluu.oxauth.client.TokenResponse) RSAPublicKey(org.gluu.oxauth.model.crypto.signature.RSAPublicKey) BackchannelAuthenticationResponse(org.gluu.oxauth.client.BackchannelAuthenticationResponse) BackchannelAuthenticationClient(org.gluu.oxauth.client.BackchannelAuthenticationClient) RSASigner(org.gluu.oxauth.model.jws.RSASigner) TokenRequest(org.gluu.oxauth.client.TokenRequest) BackchannelAuthenticationRequest(org.gluu.oxauth.client.BackchannelAuthenticationRequest) UserInfoResponse(org.gluu.oxauth.client.UserInfoResponse) TokenClient(org.gluu.oxauth.client.TokenClient)

Example 80 with BackchannelAuthenticationResponse

use of org.gluu.oxauth.client.BackchannelAuthenticationResponse in project oxAuth by GluuFederation.

the class BackchannelAuthenticationPushMode method backchannelTokenDeliveryModePushFail3.

@Parameters({ "backchannelClientNotificationEndpoint" })
@Test
public void backchannelTokenDeliveryModePushFail3(final String backchannelClientNotificationEndpoint) {
    showTitle("backchannelTokenDeliveryModePushFail3");
    // 1. Dynamic Client Registration
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", null);
    registerRequest.setGrantTypes(Arrays.asList(GrantType.CIBA));
    registerRequest.setBackchannelTokenDeliveryMode(BackchannelTokenDeliveryMode.PUSH);
    registerRequest.setBackchannelClientNotificationEndpoint(backchannelClientNotificationEndpoint);
    registerRequest.setBackchannelAuthenticationRequestSigningAlg(AsymmetricSignatureAlgorithm.RS256);
    registerRequest.setBackchannelUserCodeParameter(true);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
    assertNotNull(registerResponse.getClientId());
    assertNotNull(registerResponse.getClientSecret());
    assertNotNull(registerResponse.getRegistrationAccessToken());
    assertNotNull(registerResponse.getClientSecretExpiresAt());
    assertTrue(registerResponse.getClaims().containsKey(BACKCHANNEL_TOKEN_DELIVERY_MODE.toString()));
    assertTrue(registerResponse.getClaims().containsKey(BACKCHANNEL_AUTHENTICATION_REQUEST_SIGNING_ALG.toString()));
    assertTrue(registerResponse.getClaims().containsKey(BACKCHANNEL_USER_CODE_PARAMETER.toString()));
    assertTrue(registerResponse.getClaims().containsKey(BACKCHANNEL_CLIENT_NOTIFICATION_ENDPOINT.toString()));
    assertEquals(registerResponse.getClaims().get(BACKCHANNEL_TOKEN_DELIVERY_MODE.toString()), BackchannelTokenDeliveryMode.PUSH.getValue());
    assertEquals(registerResponse.getClaims().get(BACKCHANNEL_AUTHENTICATION_REQUEST_SIGNING_ALG.toString()), AsymmetricSignatureAlgorithm.RS256.getValue());
    assertEquals(registerResponse.getClaims().get(BACKCHANNEL_USER_CODE_PARAMETER.toString()), new Boolean(true).toString());
    String clientId = registerResponse.getClientId();
    String clientSecret = registerResponse.getClientSecret();
    // 2. Authentication Request
    BackchannelAuthenticationRequest backchannelAuthenticationRequest = new BackchannelAuthenticationRequest();
    // Invalid Scope
    backchannelAuthenticationRequest.setScope(null);
    backchannelAuthenticationRequest.setAuthUsername(clientId);
    backchannelAuthenticationRequest.setAuthPassword(clientSecret);
    BackchannelAuthenticationClient backchannelAuthenticationClient = new BackchannelAuthenticationClient(backchannelAuthenticationEndpoint);
    backchannelAuthenticationClient.setRequest(backchannelAuthenticationRequest);
    BackchannelAuthenticationResponse backchannelAuthenticationResponse = backchannelAuthenticationClient.exec();
    showClient(backchannelAuthenticationClient);
    assertEquals(backchannelAuthenticationResponse.getStatus(), 400, "Unexpected response code: " + backchannelAuthenticationResponse.getEntity());
    assertNotNull(backchannelAuthenticationResponse.getEntity(), "The entity is null");
    assertNotNull(backchannelAuthenticationResponse.getErrorType(), "The error type is null");
    assertEquals(BackchannelAuthenticationErrorResponseType.UNKNOWN_USER_ID, backchannelAuthenticationResponse.getErrorType());
    assertNotNull(backchannelAuthenticationResponse.getErrorDescription(), "The error description is null");
}
Also used : RegisterRequest(org.gluu.oxauth.client.RegisterRequest) RegisterResponse(org.gluu.oxauth.client.RegisterResponse) BackchannelAuthenticationResponse(org.gluu.oxauth.client.BackchannelAuthenticationResponse) RegisterClient(org.gluu.oxauth.client.RegisterClient) BackchannelAuthenticationClient(org.gluu.oxauth.client.BackchannelAuthenticationClient) BackchannelAuthenticationRequest(org.gluu.oxauth.client.BackchannelAuthenticationRequest) Parameters(org.testng.annotations.Parameters) BaseTest(org.gluu.oxauth.BaseTest) Test(org.testng.annotations.Test)

Aggregations

BackchannelAuthenticationClient (org.gluu.oxauth.client.BackchannelAuthenticationClient)111 BackchannelAuthenticationRequest (org.gluu.oxauth.client.BackchannelAuthenticationRequest)111 BackchannelAuthenticationResponse (org.gluu.oxauth.client.BackchannelAuthenticationResponse)111 BaseTest (org.gluu.oxauth.BaseTest)105 RegisterClient (org.gluu.oxauth.client.RegisterClient)105 RegisterRequest (org.gluu.oxauth.client.RegisterRequest)105 RegisterResponse (org.gluu.oxauth.client.RegisterResponse)105 Parameters (org.testng.annotations.Parameters)105 Test (org.testng.annotations.Test)105 OxAuthCryptoProvider (org.gluu.oxauth.model.crypto.OxAuthCryptoProvider)27 TokenClient (org.gluu.oxauth.client.TokenClient)4 TokenRequest (org.gluu.oxauth.client.TokenRequest)4 TokenResponse (org.gluu.oxauth.client.TokenResponse)4 UserInfoClient (org.gluu.oxauth.client.UserInfoClient)2 UserInfoResponse (org.gluu.oxauth.client.UserInfoResponse)2 RSAPublicKey (org.gluu.oxauth.model.crypto.signature.RSAPublicKey)2 RSASigner (org.gluu.oxauth.model.jws.RSASigner)2 Jwt (org.gluu.oxauth.model.jwt.Jwt)2