use of org.gluu.oxauth.client.EndSessionClient in project oxAuth by GluuFederation.
the class EndSessionRestWebServiceHttpTest method requestEndSessionFail1.
@Test
public void requestEndSessionFail1() throws Exception {
showTitle("requestEndSessionFail1");
EndSessionClient endSessionClient = new EndSessionClient(endSessionEndpoint);
EndSessionResponse response = endSessionClient.execEndSession(null, null, null);
showClient(endSessionClient);
assertEquals(response.getStatus(), 400, "Unexpected response code. Entity: " + response.getEntity());
assertNotNull(response.getEntity(), "The entity is null");
assertNotNull(response.getErrorType(), "The error type is null");
assertNotNull(response.getErrorDescription(), "The error description is null");
}
use of org.gluu.oxauth.client.EndSessionClient in project oxAuth by GluuFederation.
the class EndSessionRestWebServiceHttpTest method requestEndSession.
@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "postLogoutRedirectUri", "logoutUri", "sectorIdentifierUri" })
@Test
public void requestEndSession(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String postLogoutRedirectUri, final String logoutUri, final String sectorIdentifierUri) throws Exception {
showTitle("requestEndSession by id_token");
// 1. OpenID Connect Dynamic Registration
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN));
registerRequest.setPostLogoutRedirectUris(Arrays.asList(postLogoutRedirectUri));
registerRequest.setFrontChannelLogoutUris(Lists.newArrayList(logoutUri));
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse response = registerClient.exec();
showClient(registerClient);
assertEquals(response.getStatus(), 200, "Unexpected response code: " + response.getEntity());
assertNotNull(response.getClientId());
assertNotNull(response.getClientSecret());
assertNotNull(response.getRegistrationAccessToken());
assertNotNull(response.getClientSecretExpiresAt());
String clientId = response.getClientId();
// 2. Request authorization
List<ResponseType> responseTypes = new ArrayList<ResponseType>();
responseTypes.add(ResponseType.TOKEN);
responseTypes.add(ResponseType.ID_TOKEN);
List<String> scopes = new ArrayList<String>();
scopes.add("openid");
scopes.add("profile");
scopes.add("address");
scopes.add("email");
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
assertNotNull(authorizationResponse.getLocation(), "The location is null");
assertNotNull(authorizationResponse.getAccessToken(), "The access token is null");
assertEquals(authorizationResponse.getState(), state);
assertNotNull(authorizationResponse.getTokenType(), "The token type is null");
assertNotNull(authorizationResponse.getExpiresIn(), "The expires in value is null");
assertNotNull(authorizationResponse.getScope(), "The scope must be null");
assertNotNull(authorizationResponse.getSessionId(), "The session_id is null");
assertNotNull(authorizationResponse.getSid(), "The sid is null");
String idToken = authorizationResponse.getIdToken();
// 3. End session
String endSessionId1 = UUID.randomUUID().toString();
EndSessionRequest endSessionRequest1 = new EndSessionRequest(idToken, postLogoutRedirectUri, endSessionId1);
endSessionRequest1.setSid(authorizationResponse.getSid());
EndSessionClient endSessionClient = new EndSessionClient(endSessionEndpoint);
endSessionClient.setRequest(endSessionRequest1);
EndSessionResponse endSessionResponse1 = endSessionClient.exec();
showClient(endSessionClient);
assertEquals(endSessionResponse1.getStatus(), 200);
assertNotNull(endSessionResponse1.getHtmlPage(), "The HTML page is null");
// silly validation of html content returned by server but at least it verifies that logout_uri and post_logout_uri are present
assertTrue(endSessionResponse1.getHtmlPage().contains("<html>"), "The HTML page is null");
assertTrue(endSessionResponse1.getHtmlPage().contains(logoutUri), "logout_uri is not present on html page");
assertTrue(endSessionResponse1.getHtmlPage().contains(postLogoutRedirectUri), "postLogoutRedirectUri is not present on html page");
// assertEquals(endSessionResponse.getState(), endSessionId); // commented out, for http-based logout we get html page
// 4. End session with an already ended session
String endSessionId2 = UUID.randomUUID().toString();
EndSessionRequest endSessionRequest2 = new EndSessionRequest(idToken, postLogoutRedirectUri, endSessionId2);
endSessionRequest2.setSid(authorizationResponse.getSid());
EndSessionClient endSessionClient2 = new EndSessionClient(endSessionEndpoint);
endSessionClient2.setRequest(endSessionRequest2);
EndSessionResponse endSessionResponse2 = endSessionClient2.exec();
showClient(endSessionClient2);
assertStatusOrRedirect(endSessionResponse2.getStatus(), Status.BAD_REQUEST.getStatusCode());
assertEquals(endSessionResponse2.getErrorType(), EndSessionErrorResponseType.INVALID_GRANT_AND_SESSION);
}
use of org.gluu.oxauth.client.EndSessionClient in project oxTrust by GluuFederation.
the class AuthenticationSessionService method sessionDestroyed.
@PreDestroy
public void sessionDestroyed() {
OauthData oauthData = identity.getOauthData();
if ((oauthData == null) || StringHelper.isEmpty(oauthData.getSessionState())) {
return;
}
String userUid = oauthData.getUserUid();
log.debug("Calling oxAuth logout method at the end of HTTP session. User: '{}'", userUid);
try {
String endSessionState = UUID.randomUUID().toString();
EndSessionRequest endSessionRequest = new EndSessionRequest(oauthData.getIdToken(), appConfiguration.getLogoutRedirectUrl(), endSessionState);
endSessionRequest.setSid(oauthData.getSessionState());
EndSessionClient endSessionClient = new EndSessionClient(openIdService.getOpenIdConfiguration().getEndSessionEndpoint());
endSessionClient.setRequest(endSessionRequest);
EndSessionResponse endSessionResponse = endSessionClient.exec();
if ((endSessionResponse == null) || (endSessionResponse.getStatus() != 302)) {
log.error("Invalid response code at oxAuth logout. User: '{}'", userUid);
}
} catch (Exception ex) {
log.error("Exception happened at oxAuth logout. User: '{}'", userUid, ex);
}
}
use of org.gluu.oxauth.client.EndSessionClient in project oxAuth by GluuFederation.
the class EndSessionRestWebServiceHttpTest method requestEndSessionWithSessionId.
@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "postLogoutRedirectUri", "logoutUri", "sectorIdentifierUri" })
@Test
public void requestEndSessionWithSessionId(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String postLogoutRedirectUri, final String logoutUri, final String sectorIdentifierUri) throws Exception {
showTitle("requestEndSession by session_id");
// 1. OpenID Connect Dynamic Registration
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN));
registerRequest.setPostLogoutRedirectUris(Arrays.asList(postLogoutRedirectUri));
registerRequest.setFrontChannelLogoutUris(Lists.newArrayList(logoutUri));
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse response = registerClient.exec();
showClient(registerClient);
assertEquals(response.getStatus(), 200, "Unexpected response code: " + response.getEntity());
assertNotNull(response.getClientId());
assertNotNull(response.getClientSecret());
assertNotNull(response.getRegistrationAccessToken());
assertNotNull(response.getClientSecretExpiresAt());
String clientId = response.getClientId();
// 2. Request authorization
List<ResponseType> responseTypes = new ArrayList<ResponseType>();
responseTypes.add(ResponseType.TOKEN);
responseTypes.add(ResponseType.ID_TOKEN);
List<String> scopes = new ArrayList<String>();
scopes.add("openid");
scopes.add("profile");
scopes.add("address");
scopes.add("email");
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
assertNotNull(authorizationResponse.getLocation(), "The location is null");
assertNotNull(authorizationResponse.getAccessToken(), "The access token is null");
assertEquals(authorizationResponse.getState(), state);
assertNotNull(authorizationResponse.getTokenType(), "The token type is null");
assertNotNull(authorizationResponse.getExpiresIn(), "The expires in value is null");
assertNotNull(authorizationResponse.getScope(), "The scope must be null");
assertNotNull(authorizationResponse.getSessionId(), "The session_id is null");
// 3. End session
String endSessionId1 = UUID.randomUUID().toString();
EndSessionRequest endSessionRequest1 = new EndSessionRequest(null, postLogoutRedirectUri, endSessionId1);
endSessionRequest1.setSid(authorizationResponse.getSid());
EndSessionClient endSessionClient = new EndSessionClient(endSessionEndpoint);
endSessionClient.setRequest(endSessionRequest1);
EndSessionResponse endSessionResponse1 = endSessionClient.exec();
showClient(endSessionClient);
assertEquals(endSessionResponse1.getStatus(), 200);
assertNotNull(endSessionResponse1.getHtmlPage(), "The HTML page is null");
// silly validation of html content returned by server but at least it verifies that logout_uri and post_logout_uri are present
assertTrue(endSessionResponse1.getHtmlPage().contains("<html>"), "The HTML page is null");
assertTrue(endSessionResponse1.getHtmlPage().contains(logoutUri), "logout_uri is not present on html page");
assertTrue(endSessionResponse1.getHtmlPage().contains(postLogoutRedirectUri), "postLogoutRedirectUri is not present on html page");
// assertEquals(endSessionResponse.getState(), endSessionId); // commented out, for http-based logout we get html page
// 4. End session with an already ended session
String endSessionId2 = UUID.randomUUID().toString();
EndSessionRequest endSessionRequest2 = new EndSessionRequest(null, postLogoutRedirectUri, endSessionId2);
endSessionRequest2.setSid(authorizationResponse.getSid());
EndSessionClient endSessionClient2 = new EndSessionClient(endSessionEndpoint);
endSessionClient2.setRequest(endSessionRequest2);
EndSessionResponse endSessionResponse2 = endSessionClient2.exec();
showClient(endSessionClient2);
assertStatusOrRedirect(endSessionResponse2.getStatus(), Status.BAD_REQUEST.getStatusCode());
assertEquals(endSessionResponse2.getErrorType(), EndSessionErrorResponseType.INVALID_GRANT_AND_SESSION);
}
use of org.gluu.oxauth.client.EndSessionClient in project oxAuth by GluuFederation.
the class EndSessionRestWebServiceHttpTest method requestEndSessionFail2.
@Parameters({ "postLogoutRedirectUri" })
@Test
public void requestEndSessionFail2(final String postLogoutRedirectUri) throws Exception {
showTitle("requestEndSessionFail2");
String state = UUID.randomUUID().toString();
EndSessionClient endSessionClient = new EndSessionClient(endSessionEndpoint);
EndSessionResponse response = endSessionClient.execEndSession("INVALID_ACCESS_TOKEN", postLogoutRedirectUri, state);
showClient(endSessionClient);
assertStatusOrRedirect(response.getStatus(), Status.BAD_REQUEST.getStatusCode());
assertNotNull(response.getEntity(), "The entity is null");
assertNotNull(response.getErrorType(), "The error type is null");
assertNotNull(response.getErrorDescription(), "The error description is null");
}
Aggregations