Example 41 with TokenRequest
use of org.gluu.oxauth.client.TokenRequest in project oxAuth by GluuFederation.
the class TokenEndpointAuthMethodRestrictionEmbeddedTest method tokenEndpointAuthMethodClientSecretJwtFail3.
/**
* Fail 3: Call to Token Endpoint with Auth Method
* <code>private_key_jwt</code> should fail.
*/
@Parameters({ "tokenPath", "userId", "userSecret", "audience", "RS256_keyId", "keyStoreFile", "keyStoreSecret" })
@Test(dependsOnMethods = "tokenEndpointAuthMethodClientSecretJwtStep2")
public void tokenEndpointAuthMethodClientSecretJwtFail3(final String tokenPath, final String userId, final String userSecret, final String audience, final String keyId, final String keyStoreFile, final String keyStoreSecret) throws Exception {
Builder request = ResteasyClientBuilder.newClient().target(url.toString() + tokenPath).request();
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, null);
TokenRequest tokenRequest = new TokenRequest(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
tokenRequest.setAlgorithm(SignatureAlgorithm.RS256);
tokenRequest.setKeyId(keyId);
tokenRequest.setCryptoProvider(cryptoProvider);
tokenRequest.setAudience(audience);
tokenRequest.setUsername(userId);
tokenRequest.setPassword(userSecret);
tokenRequest.setScope("email read_stream manage_pages");
tokenRequest.setAuthUsername(clientId4);
tokenRequest.setAuthPassword(clientSecret4);
request.header("Content-Type", MediaType.APPLICATION_FORM_URLENCODED);
Response response = request.post(Entity.form(new MultivaluedHashMap<String, String>(tokenRequest.getParameters())));
String entity = response.readEntity(String.class);
showResponse("tokenEndpointAuthMethodClientSecretJwtFail3", response, entity);
assertEquals(response.getStatus(), 401, "Unexpected response code.");
assertNotNull(entity, "Unexpected result: " + entity);
try {
JSONObject jsonObj = new JSONObject(entity);
assertTrue(jsonObj.has("error"), "The error type is null");
assertTrue(jsonObj.has("error_description"), "The error description is null");
} catch (JSONException e) {
e.printStackTrace();
fail(e.getMessage() + "\nResponse was: " + entity);
}
}
Also used :
OxAuthCryptoProvider(org.gluu.oxauth.model.crypto.OxAuthCryptoProvider)
Response(javax.ws.rs.core.Response)
MultivaluedHashMap(javax.ws.rs.core.MultivaluedHashMap)
JSONObject(org.json.JSONObject)
ResteasyClientBuilder(org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder)
Builder(javax.ws.rs.client.Invocation.Builder)
TokenRequest(org.gluu.oxauth.client.TokenRequest)
JSONException(org.json.JSONException)
Parameters(org.testng.annotations.Parameters)
BaseTest(org.gluu.oxauth.BaseTest)
Test(org.testng.annotations.Test)
Example 42 with TokenRequest
use of org.gluu.oxauth.client.TokenRequest in project oxAuth by GluuFederation.
the class TokenRestWebServiceWithRSAlgEmbeddedTest method requestAccessTokenWithClientSecretJwtRS512Step2.
@Parameters({ "tokenPath", "userId", "userSecret", "audience", "RS512_keyId", "keyStoreFile", "keyStoreSecret" })
@Test(dependsOnMethods = "requestAccessTokenWithClientSecretJwtRS512Step1")
public void requestAccessTokenWithClientSecretJwtRS512Step2(final String tokenPath, final String userId, final String userSecret, final String audience, final String keyId, final String keyStoreFile, final String keyStoreSecret) throws Exception {
Builder request = ResteasyClientBuilder.newClient().target(url.toString() + tokenPath).request();
request.header("Content-Type", MediaType.APPLICATION_FORM_URLENCODED);
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, null);
TokenRequest tokenRequest = new TokenRequest(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS);
tokenRequest.setUsername(userId);
tokenRequest.setPassword(userSecret);
tokenRequest.setScope("email read_stream manage_pages");
tokenRequest.setAuthUsername(clientId3);
tokenRequest.setAuthPassword(clientSecret3);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_JWT);
tokenRequest.setAlgorithm(SignatureAlgorithm.RS512);
tokenRequest.setKeyId(keyId);
tokenRequest.setCryptoProvider(cryptoProvider);
tokenRequest.setAudience(audience);
Response response = request.post(Entity.form(new MultivaluedHashMap<String, String>(tokenRequest.getParameters())));
String entity = response.readEntity(String.class);
showResponse("requestAccessTokenWithClientSecretJwtRS512Step2", response, entity);
assertEquals(response.getStatus(), 200, "Unexpected response code.");
assertTrue(response.getHeaderString("Cache-Control") != null && response.getHeaderString("Cache-Control").equals("no-store"), "Unexpected result: " + response.getHeaderString("Cache-Control"));
assertTrue(response.getHeaderString("Pragma") != null && response.getHeaderString("Pragma").equals("no-cache"), "Unexpected result: " + response.getHeaderString("Pragma"));
assertNotNull(entity, "Unexpected result: " + entity);
try {
JSONObject jsonObj = new JSONObject(entity);
assertTrue(jsonObj.has("access_token"), "Unexpected result: access_token not found");
assertTrue(jsonObj.has("token_type"), "Unexpected result: token_type not found");
assertTrue(jsonObj.has("scope"), "Unexpected result: scope not found");
} catch (JSONException e) {
e.printStackTrace();
fail(e.getMessage() + "\nResponse was: " + entity);
}
}
Also used :
OxAuthCryptoProvider(org.gluu.oxauth.model.crypto.OxAuthCryptoProvider)
Response(javax.ws.rs.core.Response)
MultivaluedHashMap(javax.ws.rs.core.MultivaluedHashMap)
JSONObject(org.json.JSONObject)
ResteasyClientBuilder(org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder)
Builder(javax.ws.rs.client.Invocation.Builder)
TokenRequest(org.gluu.oxauth.client.TokenRequest)
JSONException(org.json.JSONException)
Parameters(org.testng.annotations.Parameters)
BaseTest(org.gluu.oxauth.BaseTest)
Test(org.testng.annotations.Test)
Example 43 with TokenRequest
use of org.gluu.oxauth.client.TokenRequest in project oxAuth by GluuFederation.
the class TokenRestWebServiceWithRSAlgEmbeddedTest method requestAccessTokenWithClientSecretJwtRS384X509CertStep2.
@Parameters({ "tokenPath", "userId", "userSecret", "audience", "RS384_keyId", "keyStoreFile", "keyStoreSecret" })
@Test(dependsOnMethods = "requestAccessTokenWithClientSecretJwtRS384X509CertStep1")
public void requestAccessTokenWithClientSecretJwtRS384X509CertStep2(final String tokenPath, final String userId, final String userSecret, final String audience, final String keyId, final String keyStoreFile, final String keyStoreSecret) throws Exception {
Builder request = ResteasyClientBuilder.newClient().target(url.toString() + tokenPath).request();
request.header("Content-Type", MediaType.APPLICATION_FORM_URLENCODED);
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, null);
TokenRequest tokenRequest = new TokenRequest(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS);
tokenRequest.setUsername(userId);
tokenRequest.setPassword(userSecret);
tokenRequest.setScope("email read_stream manage_pages");
tokenRequest.setAuthUsername(clientId5);
tokenRequest.setAuthPassword(clientSecret5);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_JWT);
tokenRequest.setAlgorithm(SignatureAlgorithm.RS384);
tokenRequest.setKeyId(keyId);
tokenRequest.setCryptoProvider(cryptoProvider);
tokenRequest.setAudience(audience);
Response response = request.post(Entity.form(new MultivaluedHashMap<String, String>(tokenRequest.getParameters())));
String entity = response.readEntity(String.class);
showResponse("requestAccessTokenWithClientSecretJwtRS384X509CertStep2", response, entity);
assertEquals(response.getStatus(), 200, "Unexpected response code.");
assertTrue(response.getHeaderString("Cache-Control") != null && response.getHeaderString("Cache-Control").equals("no-store"), "Unexpected result: " + response.getHeaderString("Cache-Control"));
assertTrue(response.getHeaderString("Pragma") != null && response.getHeaderString("Pragma").equals("no-cache"), "Unexpected result: " + response.getHeaderString("Pragma"));
assertNotNull(entity, "Unexpected result: " + entity);
try {
JSONObject jsonObj = new JSONObject(entity);
assertTrue(jsonObj.has("access_token"), "Unexpected result: access_token not found");
assertTrue(jsonObj.has("token_type"), "Unexpected result: token_type not found");
assertTrue(jsonObj.has("scope"), "Unexpected result: scope not found");
} catch (JSONException e) {
e.printStackTrace();
fail(e.getMessage() + "\nResponse was: " + entity);
}
}
Also used :
OxAuthCryptoProvider(org.gluu.oxauth.model.crypto.OxAuthCryptoProvider)
Response(javax.ws.rs.core.Response)
MultivaluedHashMap(javax.ws.rs.core.MultivaluedHashMap)
JSONObject(org.json.JSONObject)
ResteasyClientBuilder(org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder)
Builder(javax.ws.rs.client.Invocation.Builder)
TokenRequest(org.gluu.oxauth.client.TokenRequest)
JSONException(org.json.JSONException)
Parameters(org.testng.annotations.Parameters)
BaseTest(org.gluu.oxauth.BaseTest)
Test(org.testng.annotations.Test)
Example 44 with TokenRequest
use of org.gluu.oxauth.client.TokenRequest in project oxAuth by GluuFederation.
the class TokenRestWebServiceWithRSAlgEmbeddedTest method requestAccessTokenWithClientSecretJwtRS256Step2.
@Parameters({ "tokenPath", "userId", "userSecret", "audience", "RS256_keyId", "keyStoreFile", "keyStoreSecret" })
@Test(dependsOnMethods = "requestAccessTokenWithClientSecretJwtRS256Step1")
public void requestAccessTokenWithClientSecretJwtRS256Step2(final String tokenPath, final String userId, final String userSecret, final String audience, final String keyId, final String keyStoreFile, final String keyStoreSecret) throws Exception {
Builder request = ResteasyClientBuilder.newClient().target(url.toString() + tokenPath).request();
request.header("Content-Type", MediaType.APPLICATION_FORM_URLENCODED);
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, null);
TokenRequest tokenRequest = new TokenRequest(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS);
tokenRequest.setUsername(userId);
tokenRequest.setPassword(userSecret);
tokenRequest.setScope("email read_stream manage_pages");
tokenRequest.setAuthUsername(clientId1);
tokenRequest.setAuthPassword(clientSecret1);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_JWT);
tokenRequest.setAlgorithm(SignatureAlgorithm.RS256);
tokenRequest.setKeyId(keyId);
tokenRequest.setCryptoProvider(cryptoProvider);
tokenRequest.setAudience(audience);
Response response = request.post(Entity.form(new MultivaluedHashMap<String, String>(tokenRequest.getParameters())));
String entity = response.readEntity(String.class);
showResponse("requestAccessTokenWithClientSecretJwtRS256Step2", response, entity);
assertEquals(response.getStatus(), 200, "Unexpected response code.");
assertTrue(response.getHeaderString("Cache-Control") != null && response.getHeaderString("Cache-Control").equals("no-store"), "Unexpected result: " + response.getHeaderString("Cache-Control"));
assertTrue(response.getHeaderString("Pragma") != null && response.getHeaderString("Pragma").equals("no-cache"), "Unexpected result: " + response.getHeaderString("Pragma"));
assertNotNull(entity, "Unexpected result: " + entity);
try {
JSONObject jsonObj = new JSONObject(entity);
assertTrue(jsonObj.has("access_token"), "Unexpected result: access_token not found");
assertTrue(jsonObj.has("token_type"), "Unexpected result: token_type not found");
assertTrue(jsonObj.has("scope"), "Unexpected result: scope not found");
} catch (JSONException e) {
e.printStackTrace();
fail(e.getMessage() + "\nResponse was: " + entity);
}
}
Also used :
OxAuthCryptoProvider(org.gluu.oxauth.model.crypto.OxAuthCryptoProvider)
Response(javax.ws.rs.core.Response)
MultivaluedHashMap(javax.ws.rs.core.MultivaluedHashMap)
JSONObject(org.json.JSONObject)
ResteasyClientBuilder(org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder)
Builder(javax.ws.rs.client.Invocation.Builder)
TokenRequest(org.gluu.oxauth.client.TokenRequest)
JSONException(org.json.JSONException)
Parameters(org.testng.annotations.Parameters)
BaseTest(org.gluu.oxauth.BaseTest)
Test(org.testng.annotations.Test)
Example 45 with TokenRequest
use of org.gluu.oxauth.client.TokenRequest in project oxAuth by GluuFederation.
the class TokenEndpointAuthMethodRestrictionHttpTest method tokenEndpointAuthMethodClientSecretJwtSigningAlgHS384Fail2.
@Parameters({ "redirectUris", "redirectUri", "userId", "userSecret", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
@Test
public void tokenEndpointAuthMethodClientSecretJwtSigningAlgHS384Fail2(final String redirectUris, final String redirectUri, final String userId, final String userSecret, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
showTitle("tokenEndpointAuthMethodClientSecretJwtSigningAlgHS384Fail2");
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.CLIENT_SECRET_JWT);
registerRequest.setTokenEndpointAuthSigningAlg(SignatureAlgorithm.HS384);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
String clientSecret = registerResponse.getClientSecret();
String registrationAccessToken = registerResponse.getRegistrationAccessToken();
String registrationClientUri = registerResponse.getRegistrationClientUri();
// 2. Client read
RegisterRequest readClientRequest = new RegisterRequest(registrationAccessToken);
RegisterClient readClient = new RegisterClient(registrationClientUri);
readClient.setRequest(readClientRequest);
RegisterResponse readClientResponse = readClient.exec();
showClient(readClient);
assertEquals(readClientResponse.getStatus(), 200, "Unexpected response code: " + readClientResponse.getEntity());
assertNotNull(readClientResponse.getClientId());
assertNotNull(readClientResponse.getClientSecret());
assertNotNull(readClientResponse.getClientIdIssuedAt());
assertNotNull(readClientResponse.getClientSecretExpiresAt());
assertTrue(readClientResponse.getClaims().containsKey(TOKEN_ENDPOINT_AUTH_METHOD.toString()));
assertEquals(readClientResponse.getClaims().get(TOKEN_ENDPOINT_AUTH_METHOD.toString()), AuthenticationMethod.CLIENT_SECRET_JWT.toString());
assertTrue(readClientResponse.getClaims().containsKey(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString()));
assertEquals(readClientResponse.getClaims().get(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString()), SignatureAlgorithm.HS384.toString());
assertNotNull(readClientResponse.getClaims().get(RESPONSE_TYPES.toString()));
assertNotNull(readClientResponse.getClaims().get(REDIRECT_URIS.toString()));
assertNotNull(readClientResponse.getClaims().get(APPLICATION_TYPE.toString()));
assertNotNull(readClientResponse.getClaims().get(CLIENT_NAME.toString()));
assertNotNull(readClientResponse.getClaims().get(ID_TOKEN_SIGNED_RESPONSE_ALG.toString()));
assertNotNull(readClientResponse.getClaims().get(SCOPE.toString()));
// 3. Request authorization
List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE);
List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, null);
authorizationRequest.setState(state);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
assertNotNull(authorizationResponse.getLocation(), "The location is null");
assertNotNull(authorizationResponse.getCode(), "The authorization code is null");
assertNotNull(authorizationResponse.getState(), "The state is null");
assertNotNull(authorizationResponse.getScope(), "The scope is null");
assertNull(authorizationResponse.getIdToken(), "The id token is not null");
String authorizationCode = authorizationResponse.getCode();
// 4. Get Access Token
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
tokenRequest.setAudience(tokenEndpoint);
tokenRequest.setCode(authorizationCode);
tokenRequest.setRedirectUri(redirectUri);
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword(clientSecret);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_JWT);
tokenRequest.setAlgorithm(SignatureAlgorithm.HS512);
tokenRequest.setCryptoProvider(cryptoProvider);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertEquals(tokenResponse.getStatus(), 401, "Unexpected response code: " + tokenResponse.getStatus());
assertNotNull(tokenResponse.getErrorType(), "The error type is null");
assertNotNull(tokenResponse.getErrorDescription(), "The error description is null");
}
Also used :
RegisterRequest(org.gluu.oxauth.client.RegisterRequest)
AuthorizationRequest(org.gluu.oxauth.client.AuthorizationRequest)
ResponseType(org.gluu.oxauth.model.common.ResponseType)
AuthorizationResponse(org.gluu.oxauth.client.AuthorizationResponse)
OxAuthCryptoProvider(org.gluu.oxauth.model.crypto.OxAuthCryptoProvider)
RegisterResponse(org.gluu.oxauth.client.RegisterResponse)
TokenResponse(org.gluu.oxauth.client.TokenResponse)
RegisterClient(org.gluu.oxauth.client.RegisterClient)
TokenRequest(org.gluu.oxauth.client.TokenRequest)
TokenClient(org.gluu.oxauth.client.TokenClient)
Parameters(org.testng.annotations.Parameters)
BaseTest(org.gluu.oxauth.BaseTest)
Test(org.testng.annotations.Test)
Aggregations
TokenRequest (org.gluu.oxauth.client.TokenRequest)281
Parameters (org.testng.annotations.Parameters)265
BaseTest (org.gluu.oxauth.BaseTest)264
Test (org.testng.annotations.Test)264
TokenClient (org.gluu.oxauth.client.TokenClient)235
TokenResponse (org.gluu.oxauth.client.TokenResponse)235
RegisterResponse (org.gluu.oxauth.client.RegisterResponse)230
RegisterClient (org.gluu.oxauth.client.RegisterClient)212
RegisterRequest (org.gluu.oxauth.client.RegisterRequest)212
OxAuthCryptoProvider (org.gluu.oxauth.model.crypto.OxAuthCryptoProvider)171
AuthorizationResponse (org.gluu.oxauth.client.AuthorizationResponse)167
ResponseType (org.gluu.oxauth.model.common.ResponseType)165
AuthorizationRequest (org.gluu.oxauth.client.AuthorizationRequest)154
GrantType (org.gluu.oxauth.model.common.GrantType)46
JSONObject (org.json.JSONObject)41
Builder (javax.ws.rs.client.Invocation.Builder)40
MultivaluedHashMap (javax.ws.rs.core.MultivaluedHashMap)40
Response (javax.ws.rs.core.Response)40
ResteasyClientBuilder (org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder)40
JSONException (org.json.JSONException)40
