Example 96 with UserInfoClient
use of org.gluu.oxauth.client.UserInfoClient in project oxAuth by GluuFederation.
the class UserInfoEndpointAccessWithHeaderMethod method userInfoEndpointAccessWithHeaderMethod.
@Parameters({ "userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri" })
@Test
public void userInfoEndpointAccessWithHeaderMethod(final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri) throws Exception {
showTitle("OC5:FeatureTest-UserInfo Endpoint Access with Header Method");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
// 2. Request authorization
List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
assertNotNull(authorizationResponse.getLocation());
assertNotNull(authorizationResponse.getAccessToken());
assertNotNull(authorizationResponse.getIdToken());
assertNotNull(authorizationResponse.getState());
String accessToken = authorizationResponse.getAccessToken();
// 3. Request user info
UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
UserInfoResponse userInfoResponse = userInfoClient.execUserInfo(accessToken);
showClient(userInfoClient);
assertEquals(userInfoResponse.getStatus(), 200, "Unexpected response code: " + userInfoResponse.getStatus());
assertNotNull(userInfoResponse.getClaim(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.NAME));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.GIVEN_NAME));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.FAMILY_NAME));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.EMAIL));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.ZONEINFO));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.LOCALE));
}
Also used :
RegisterRequest(org.gluu.oxauth.client.RegisterRequest)
RegisterResponse(org.gluu.oxauth.client.RegisterResponse)
AuthorizationRequest(org.gluu.oxauth.client.AuthorizationRequest)
RegisterClient(org.gluu.oxauth.client.RegisterClient)
UserInfoResponse(org.gluu.oxauth.client.UserInfoResponse)
UserInfoClient(org.gluu.oxauth.client.UserInfoClient)
ResponseType(org.gluu.oxauth.model.common.ResponseType)
AuthorizationResponse(org.gluu.oxauth.client.AuthorizationResponse)
Parameters(org.testng.annotations.Parameters)
BaseTest(org.gluu.oxauth.BaseTest)
Test(org.testng.annotations.Test)
Example 97 with UserInfoClient
use of org.gluu.oxauth.client.UserInfoClient in project oxAuth by GluuFederation.
the class BackchannelAuthenticationPollMode method requestBackchannelAuthentication.
public String requestBackchannelAuthentication(final String userId, final String clientId, final String clientSecret, final String backchannelUserCode) throws Exception {
// Authentication Request
String bindingMessage = RandomStringUtils.randomAlphanumeric(6);
String clientNotificationToken = UUID.randomUUID().toString();
BackchannelAuthenticationRequest backchannelAuthenticationRequest = new BackchannelAuthenticationRequest();
backchannelAuthenticationRequest.setScope(Arrays.asList("openid", "profile", "email", "address", "phone"));
backchannelAuthenticationRequest.setLoginHint(userId);
backchannelAuthenticationRequest.setClientNotificationToken(clientNotificationToken);
backchannelAuthenticationRequest.setUserCode(backchannelUserCode);
backchannelAuthenticationRequest.setRequestedExpiry(1200);
backchannelAuthenticationRequest.setAcrValues(Arrays.asList("auth_ldap_server", "basic"));
backchannelAuthenticationRequest.setBindingMessage(bindingMessage);
backchannelAuthenticationRequest.setAuthUsername(clientId);
backchannelAuthenticationRequest.setAuthPassword(clientSecret);
BackchannelAuthenticationClient backchannelAuthenticationClient = new BackchannelAuthenticationClient(backchannelAuthenticationEndpoint);
backchannelAuthenticationClient.setRequest(backchannelAuthenticationRequest);
BackchannelAuthenticationResponse backchannelAuthenticationResponse = backchannelAuthenticationClient.exec();
showClient(backchannelAuthenticationClient);
assertEquals(backchannelAuthenticationResponse.getStatus(), 200, "Unexpected response code: " + backchannelAuthenticationResponse.getEntity());
assertNotNull(backchannelAuthenticationResponse.getAuthReqId());
assertNotNull(backchannelAuthenticationResponse.getExpiresIn());
// This parameter will only be present if the Client is registered to use the Poll or Ping modes.
assertNotNull(backchannelAuthenticationResponse.getInterval());
String authReqId = backchannelAuthenticationResponse.getAuthReqId();
// Token Request Using CIBA Grant Type
TokenResponse tokenResponse = null;
int pollCount = 0;
do {
Thread.sleep(5000);
TokenRequest tokenRequest = new TokenRequest(GrantType.CIBA);
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword(clientSecret);
tokenRequest.setAuthReqId(authReqId);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
tokenResponse = tokenClient.exec();
showClient(tokenClient);
pollCount++;
} while (tokenResponse.getStatus() == 400 && pollCount < 5);
assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus());
assertNotNull(tokenResponse.getEntity(), "The entity is null");
assertNotNull(tokenResponse.getAccessToken(), "The access token is null");
assertNotNull(tokenResponse.getTokenType(), "The token type is null");
String accessToken = tokenResponse.getAccessToken();
String idToken = tokenResponse.getIdToken();
// Request user info
UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
UserInfoResponse userInfoResponse = userInfoClient.execUserInfo(accessToken);
showClient(userInfoClient);
assertEquals(userInfoResponse.getStatus(), 200, "Unexpected response code: " + userInfoResponse.getStatus());
assertNotNull(userInfoResponse.getClaim(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.WEBSITE));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.ZONEINFO));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.ADDRESS));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.BIRTHDATE));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.EMAIL_VERIFIED));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.GENDER));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.PROFILE));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.PHONE_NUMBER_VERIFIED));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.PREFERRED_USERNAME));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.GIVEN_NAME));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.MIDDLE_NAME));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.LOCALE));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.PICTURE));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.UPDATED_AT));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.NAME));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.NICKNAME));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.PHONE_NUMBER));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.FAMILY_NAME));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.EMAIL));
// Validate id_token
Jwt jwt = Jwt.parse(idToken);
assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.TYPE));
assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUER));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUDIENCE));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
RSAPublicKey publicKey = JwkClient.getRSAPublicKey(jwksUri, jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID));
RSASigner rsaSigner = new RSASigner(SignatureAlgorithm.RS256, publicKey);
assertTrue(rsaSigner.validate(jwt));
String sub = jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER);
return sub;
}
Also used :
Jwt(org.gluu.oxauth.model.jwt.Jwt)
UserInfoClient(org.gluu.oxauth.client.UserInfoClient)
TokenResponse(org.gluu.oxauth.client.TokenResponse)
RSAPublicKey(org.gluu.oxauth.model.crypto.signature.RSAPublicKey)
BackchannelAuthenticationResponse(org.gluu.oxauth.client.BackchannelAuthenticationResponse)
BackchannelAuthenticationClient(org.gluu.oxauth.client.BackchannelAuthenticationClient)
RSASigner(org.gluu.oxauth.model.jws.RSASigner)
TokenRequest(org.gluu.oxauth.client.TokenRequest)
BackchannelAuthenticationRequest(org.gluu.oxauth.client.BackchannelAuthenticationRequest)
UserInfoResponse(org.gluu.oxauth.client.UserInfoResponse)
TokenClient(org.gluu.oxauth.client.TokenClient)
Example 98 with UserInfoClient
use of org.gluu.oxauth.client.UserInfoClient in project oxAuth by GluuFederation.
the class TestSessionWorkflow method test.
@Parameters({ "userId", "userSecret", "clientId", "clientSecret", "redirectUri" })
@Test
public void test(final String userId, final String userSecret, final String clientId, final String clientSecret, final String redirectUri) throws Exception {
DefaultHttpClient httpClient = new DefaultHttpClient();
try {
CookieStore cookieStore = new BasicCookieStore();
httpClient.setCookieStore(cookieStore);
ApacheHttpClient43Engine clientExecutor = new ApacheHttpClient43Engine(httpClient);
// //////////////////////////////////////////////
// TV side. Code 1 //
// //////////////////////////////////////////////
AuthorizationRequest authorizationRequest1 = new AuthorizationRequest(Arrays.asList(ResponseType.CODE), clientId, Arrays.asList("openid", "profile", "email"), redirectUri, null);
authorizationRequest1.setAuthUsername(userId);
authorizationRequest1.setAuthPassword(userSecret);
authorizationRequest1.getPrompts().add(Prompt.NONE);
authorizationRequest1.setState("af0ifjsldkj");
authorizationRequest1.setRequestSessionId(true);
AuthorizeClient authorizeClient1 = new AuthorizeClient(authorizationEndpoint);
authorizeClient1.setRequest(authorizationRequest1);
AuthorizationResponse authorizationResponse1 = authorizeClient1.exec(clientExecutor);
// showClient(authorizeClient1, cookieStore);
String code1 = authorizationResponse1.getCode();
String sessionId = authorizationResponse1.getSessionId();
Assert.assertNotNull("code1 is null", code1);
Assert.assertNotNull("sessionId is null", sessionId);
// TV sends the code to the Backend
// We don't use httpClient and cookieStore during this call
// //////////////////////////////////////////////
// Backend 1 side. Code 1 //
// //////////////////////////////////////////////
// Get the access token
TokenClient tokenClient1 = new TokenClient(tokenEndpoint);
TokenResponse tokenResponse1 = tokenClient1.execAuthorizationCode(code1, redirectUri, clientId, clientSecret);
String accessToken1 = tokenResponse1.getAccessToken();
Assert.assertNotNull("accessToken1 is null", accessToken1);
// Get the user's claims
UserInfoClient userInfoClient1 = new UserInfoClient(userInfoEndpoint);
UserInfoResponse userInfoResponse1 = userInfoClient1.execUserInfo(accessToken1);
Assert.assertTrue("userInfoResponse1.getStatus() is not 200", userInfoResponse1.getStatus() == 200);
// System.out.println(userInfoResponse1.getEntity());
// //////////////////////////////////////////////
// TV side. Code 2 //
// //////////////////////////////////////////////
AuthorizationRequest authorizationRequest2 = new AuthorizationRequest(Arrays.asList(ResponseType.CODE), clientId, Arrays.asList("openid", "profile", "email"), redirectUri, null);
authorizationRequest2.getPrompts().add(Prompt.NONE);
authorizationRequest2.setState("af0ifjsldkj");
authorizationRequest2.setSessionId(sessionId);
AuthorizeClient authorizeClient2 = new AuthorizeClient(authorizationEndpoint);
authorizeClient2.setRequest(authorizationRequest2);
AuthorizationResponse authorizationResponse2 = authorizeClient2.exec(clientExecutor);
// showClient(authorizeClient2, cookieStore);
String code2 = authorizationResponse2.getCode();
Assert.assertNotNull("code2 is null", code2);
// TV sends the code to the Backend
// We don't use httpClient and cookieStore during this call
// //////////////////////////////////////////////
// Backend 2 side. Code 2 //
// //////////////////////////////////////////////
// Get the access token
TokenClient tokenClient2 = new TokenClient(tokenEndpoint);
TokenResponse tokenResponse2 = tokenClient2.execAuthorizationCode(code2, redirectUri, clientId, clientSecret);
String accessToken2 = tokenResponse2.getAccessToken();
Assert.assertNotNull("accessToken2 is null", accessToken2);
// Get the user's claims
UserInfoClient userInfoClient2 = new UserInfoClient(userInfoEndpoint);
UserInfoResponse userInfoResponse2 = userInfoClient2.execUserInfo(accessToken2);
Assert.assertTrue("userInfoResponse1.getStatus() is not 200", userInfoResponse2.getStatus() == 200);
// System.out.println(userInfoResponse2.getEntity());
} finally {
if (httpClient != null) {
httpClient.getConnectionManager().shutdown();
}
}
}
Also used :
CookieStore(org.apache.http.client.CookieStore)
BasicCookieStore(org.apache.http.impl.client.BasicCookieStore)
BasicCookieStore(org.apache.http.impl.client.BasicCookieStore)
AuthorizationRequest(org.gluu.oxauth.client.AuthorizationRequest)
TokenResponse(org.gluu.oxauth.client.TokenResponse)
UserInfoResponse(org.gluu.oxauth.client.UserInfoResponse)
AuthorizeClient(org.gluu.oxauth.client.AuthorizeClient)
TokenClient(org.gluu.oxauth.client.TokenClient)
DefaultHttpClient(org.apache.http.impl.client.DefaultHttpClient)
ApacheHttpClient43Engine(org.jboss.resteasy.client.jaxrs.engines.ApacheHttpClient43Engine)
UserInfoClient(org.gluu.oxauth.client.UserInfoClient)
AuthorizationResponse(org.gluu.oxauth.client.AuthorizationResponse)
Parameters(org.testng.annotations.Parameters)
BaseTest(org.gluu.oxauth.BaseTest)
Test(org.testng.annotations.Test)
Example 99 with UserInfoClient
use of org.gluu.oxauth.client.UserInfoClient in project oxTrust by GluuFederation.
the class Authenticator method requestAccessToken.
private String requestAccessToken(String oxAuthHost, String authorizationCode, String sessionState, String scopes, String clientID, String clientPassword) {
OpenIdConfigurationResponse openIdConfiguration = openIdService.getOpenIdConfiguration();
// 1. Request access token using the authorization code.
TokenClient tokenClient1 = new TokenClient(openIdConfiguration.getTokenEndpoint());
TokenResponse tokenResponse = tokenClient1.execAuthorizationCode(authorizationCode, appConfiguration.getLoginRedirectUrl(), clientID, clientPassword);
log.debug(" tokenResponse : " + tokenResponse);
if (tokenResponse == null) {
log.error("Get empty token response. User rcan't log into application");
return OxTrustConstants.RESULT_NO_PERMISSIONS;
}
log.debug(" tokenResponse.getErrorType() : " + tokenResponse.getErrorType());
String accessToken = tokenResponse.getAccessToken();
log.debug(" accessToken : " + accessToken);
String idToken = tokenResponse.getIdToken();
log.debug(" idToken : " + idToken);
if (idToken == null) {
log.error("Failed to get id_token");
return OxTrustConstants.RESULT_NO_PERMISSIONS;
}
log.info("Session validation successful. User is logged in");
UserInfoClient userInfoClient = new UserInfoClient(openIdConfiguration.getUserInfoEndpoint());
UserInfoResponse userInfoResponse = userInfoClient.execUserInfo(accessToken);
if (userInfoResponse == null) {
log.error("Get empty token response. User can't log into application");
return OxTrustConstants.RESULT_NO_PERMISSIONS;
}
// Parse JWT
Jwt jwt;
try {
jwt = Jwt.parse(idToken);
} catch (InvalidJwtException ex) {
log.error("Failed to parse id_token");
return OxTrustConstants.RESULT_NO_PERMISSIONS;
}
// Check nonce
if (!StringHelper.equals((String) identity.getSessionMap().get(OxTrustConstants.OXAUTH_NONCE), (String) jwt.getClaims().getClaim(JwtClaimName.NONCE))) {
log.error("User info response : nonce is not matching.");
return OxTrustConstants.RESULT_NO_PERMISSIONS;
}
// Determine uid
List<String> uidValues = userInfoResponse.getClaims().get(JwtClaimName.USER_NAME);
if ((uidValues == null) || (uidValues.size() == 0)) {
log.error("User info response doesn't contains uid claim");
return OxTrustConstants.RESULT_NO_PERMISSIONS;
}
// Check requested authentication method
if (identity.getSessionMap().containsKey(OxTrustConstants.OXAUTH_ACR_VALUES)) {
String requestAcrValues = (String) identity.getSessionMap().get(OxTrustConstants.OXAUTH_ACR_VALUES);
String issuer = openIdConfiguration.getIssuer();
String responseIssuer = (String) jwt.getClaims().getClaim(JwtClaimName.ISSUER);
if (issuer == null || responseIssuer == null || !issuer.equals(responseIssuer)) {
log.error("User info response : Issuer.");
return OxTrustConstants.RESULT_NO_PERMISSIONS;
}
List<String> acrLevels = jwt.getClaims().getClaimAsStringList(JwtClaimName.AUTHENTICATION_METHOD_REFERENCES);
if ((acrLevels == null) || (acrLevels.size() == 0)) {
log.error("User info response doesn't contains acr claim");
return OxTrustConstants.RESULT_NO_PERMISSIONS;
}
int currentAcrLevel = 0;
if (requestAcrValues.equalsIgnoreCase(OxTrustConstants.SCRIPT_TYPE_INTERNAL_RESERVED_NAME)) {
currentAcrLevel = -1;
} else {
currentAcrLevel = customScriptService.getScriptLevel(customScriptService.getScriptByDisplayName(requestAcrValues));
}
if (currentAcrLevel > Integer.valueOf(acrLevels.get(0))) {
log.error("User info response doesn't contains acr claim");
return OxTrustConstants.RESULT_NO_PERMISSIONS;
}
}
OauthData oauthData = identity.getOauthData();
oauthData.setHost(oxAuthHost);
oauthData.setUserUid(uidValues.get(0));
oauthData.setAccessToken(accessToken);
oauthData.setAccessTokenExpirationInSeconds(tokenResponse.getExpiresIn());
oauthData.setScopes(scopes);
oauthData.setIdToken(idToken);
oauthData.setSessionState(sessionState);
identity.setWorkingParameter(OxTrustConstants.OXAUTH_SSO_SESSION_STATE, Boolean.FALSE);
log.info("user uid:" + oauthData.getUserUid());
return authenticate();
}
Also used :
InvalidJwtException(org.gluu.oxauth.model.exception.InvalidJwtException)
TokenResponse(org.gluu.oxauth.client.TokenResponse)
OauthData(org.gluu.oxtrust.security.OauthData)
Jwt(org.gluu.oxauth.model.jwt.Jwt)
OpenIdConfigurationResponse(org.gluu.oxauth.client.OpenIdConfigurationResponse)
UserInfoResponse(org.gluu.oxauth.client.UserInfoResponse)
TokenClient(org.gluu.oxauth.client.TokenClient)
UserInfoClient(org.gluu.oxauth.client.UserInfoClient)
Example 100 with UserInfoClient
use of org.gluu.oxauth.client.UserInfoClient in project oxAuth by GluuFederation.
the class IndividualClaimsRequestsTest method requestClaimsIndividuallyRequestObjectEncryptionAlgRSA1_5EncA128CBC_PLUS_HS256UserInfoEncryptedResponseAlgRSA1_5EncA128CBC_PLUS_HS256.
@Parameters({ "userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri", "dnName", "keyStoreFile", "keyStoreSecret", "RSA1_5_keyId", "clientJwksUri" })
@Test
public void requestClaimsIndividuallyRequestObjectEncryptionAlgRSA1_5EncA128CBC_PLUS_HS256UserInfoEncryptedResponseAlgRSA1_5EncA128CBC_PLUS_HS256(final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String clientKeyId, final String clientJwksUri) throws Exception {
showTitle("requestClaimsIndividuallyRequestObjectEncryptionAlgRSA1_5EncA128CBC_PLUS_HS256UserInfoEncryptedResponseAlgRSA1_5EncA128CBC_PLUS_HS256");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
registerRequest.setJwksUri(clientJwksUri);
registerRequest.setIdTokenEncryptedResponseAlg(KeyEncryptionAlgorithm.RSA1_5);
registerRequest.setIdTokenEncryptedResponseEnc(BlockEncryptionAlgorithm.A128CBC_PLUS_HS256);
registerRequest.setRequestObjectEncryptionAlg(KeyEncryptionAlgorithm.RSA1_5);
registerRequest.setRequestObjectEncryptionEnc(BlockEncryptionAlgorithm.A128CBC_PLUS_HS256);
registerRequest.setUserInfoEncryptedResponseAlg(KeyEncryptionAlgorithm.RSA1_5);
registerRequest.setUserInfoEncryptedResponseEnc(BlockEncryptionAlgorithm.A128CBC_PLUS_HS256);
registerRequest.setClaims(Arrays.asList(JwtClaimName.NAME, JwtClaimName.NICKNAME, JwtClaimName.GIVEN_NAME, JwtClaimName.FAMILY_NAME, JwtClaimName.PICTURE, JwtClaimName.ZONEINFO, JwtClaimName.LOCALE, JwtClaimName.ADDRESS_STREET_ADDRESS, JwtClaimName.ADDRESS_LOCALITY, JwtClaimName.ADDRESS_REGION, JwtClaimName.ADDRESS_POSTAL_CODE, JwtClaimName.ADDRESS_COUNTRY));
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
String clientSecret = registerResponse.getClientSecret();
// 2. Choose encryption key
JwkClient jwkClient = new JwkClient(jwksUri);
JwkResponse jwkResponse = jwkClient.exec();
String serverKeyId = jwkResponse.getKeyId(Algorithm.RSA1_5);
assertNotNull(serverKeyId);
// 3. Request authorization
JSONObject jwks = JwtUtil.getJSONWebKeys(jwksUri);
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
List<String> scopes = Arrays.asList("openid", "clientinfo");
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, KeyEncryptionAlgorithm.RSA1_5, BlockEncryptionAlgorithm.A128CBC_PLUS_HS256, cryptoProvider);
jwtAuthorizationRequest.setKeyId(serverKeyId);
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NAME, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NICKNAME, ClaimValue.createEssential(false)));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.GIVEN_NAME, ClaimValue.createEssential(false)));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.FAMILY_NAME, ClaimValue.createEssential(false)));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL_VERIFIED, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.PICTURE, ClaimValue.createEssential(false)));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.ZONEINFO, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.LOCALE, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.ADDRESS_STREET_ADDRESS, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.ADDRESS_LOCALITY, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.ADDRESS_REGION, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.ADDRESS_POSTAL_CODE, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.ADDRESS_COUNTRY, ClaimValue.createNull()));
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createNull()));
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_CONTEXT_CLASS_REFERENCE, ClaimValue.createValueList(new String[] { ACR_VALUE })));
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.NAME, ClaimValue.createEssential(true)));
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.NICKNAME, ClaimValue.createEssential(false)));
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.GIVEN_NAME, ClaimValue.createEssential(false)));
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.FAMILY_NAME, ClaimValue.createEssential(false)));
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull()));
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.EMAIL_VERIFIED, ClaimValue.createNull()));
jwtAuthorizationRequest.getIdTokenMember().setMaxAge(86400);
String authJwt = jwtAuthorizationRequest.getEncodedJwt(jwks);
authorizationRequest.setRequest(authJwt);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
assertNotNull(authorizationResponse.getLocation(), "The location is null");
assertNotNull(authorizationResponse.getAccessToken(), "The accessToken is null");
assertNotNull(authorizationResponse.getTokenType(), "The tokenType is null");
assertNotNull(authorizationResponse.getIdToken(), "The idToken is null");
assertNotNull(authorizationResponse.getState(), "The state is null");
String idToken = authorizationResponse.getIdToken();
String accessToken = authorizationResponse.getAccessToken();
// 4. Validate id_token
PrivateKey privateKey = cryptoProvider.getPrivateKey(clientKeyId);
Jwe jwe = Jwe.parse(idToken, privateKey, null);
assertNotNull(jwe.getHeader().getClaimAsString(JwtHeaderName.TYPE));
assertNotNull(jwe.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ISSUER));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.AUDIENCE));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ACCESS_TOKEN_HASH));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.AUTHENTICATION_TIME));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.NAME));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.NICKNAME));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.GIVEN_NAME));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.FAMILY_NAME));
assertNull(jwe.getClaims().getClaimAsString(JwtClaimName.EMAIL));
assertNull(jwe.getClaims().getClaimAsString(JwtClaimName.EMAIL_VERIFIED));
// 5. Request user info
UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
userInfoClient.setPrivateKey(privateKey);
UserInfoResponse userInfoResponse = userInfoClient.execUserInfo(accessToken);
showClient(userInfoClient);
assertEquals(userInfoResponse.getStatus(), 200, "Unexpected response code: " + userInfoResponse.getStatus());
assertNotNull(userInfoResponse.getClaim(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.NAME));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.NICKNAME));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.GIVEN_NAME));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.FAMILY_NAME));
assertNull(userInfoResponse.getClaim(JwtClaimName.EMAIL));
assertNull(userInfoResponse.getClaim(JwtClaimName.EMAIL_VERIFIED));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.PICTURE));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.ZONEINFO));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.LOCALE));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.ADDRESS_STREET_ADDRESS));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.ADDRESS_LOCALITY));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.ADDRESS_REGION));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.ADDRESS_COUNTRY));
}
Also used :
RegisterRequest(org.gluu.oxauth.client.RegisterRequest)
JwtAuthorizationRequest(org.gluu.oxauth.client.model.authorize.JwtAuthorizationRequest)
AuthorizationRequest(org.gluu.oxauth.client.AuthorizationRequest)
PrivateKey(java.security.PrivateKey)
UserInfoClient(org.gluu.oxauth.client.UserInfoClient)
ResponseType(org.gluu.oxauth.model.common.ResponseType)
JwkClient(org.gluu.oxauth.client.JwkClient)
AuthorizationResponse(org.gluu.oxauth.client.AuthorizationResponse)
OxAuthCryptoProvider(org.gluu.oxauth.model.crypto.OxAuthCryptoProvider)
RegisterResponse(org.gluu.oxauth.client.RegisterResponse)
JwkResponse(org.gluu.oxauth.client.JwkResponse)
JSONObject(org.json.JSONObject)
RegisterClient(org.gluu.oxauth.client.RegisterClient)
JwtAuthorizationRequest(org.gluu.oxauth.client.model.authorize.JwtAuthorizationRequest)
Jwe(org.gluu.oxauth.model.jwe.Jwe)
UserInfoResponse(org.gluu.oxauth.client.UserInfoResponse)
Claim(org.gluu.oxauth.client.model.authorize.Claim)
Parameters(org.testng.annotations.Parameters)
BaseTest(org.gluu.oxauth.BaseTest)
Test(org.testng.annotations.Test)
Aggregations
UserInfoClient (org.gluu.oxauth.client.UserInfoClient)193
UserInfoResponse (org.gluu.oxauth.client.UserInfoResponse)192
BaseTest (org.gluu.oxauth.BaseTest)183
Test (org.testng.annotations.Test)183
RegisterResponse (org.gluu.oxauth.client.RegisterResponse)180
Parameters (org.testng.annotations.Parameters)180
AuthorizationResponse (org.gluu.oxauth.client.AuthorizationResponse)179
ResponseType (org.gluu.oxauth.model.common.ResponseType)178
RegisterClient (org.gluu.oxauth.client.RegisterClient)162
RegisterRequest (org.gluu.oxauth.client.RegisterRequest)162
AuthorizationRequest (org.gluu.oxauth.client.AuthorizationRequest)147
JwtAuthorizationRequest (org.gluu.oxauth.client.model.authorize.JwtAuthorizationRequest)107
AuthorizeClient (org.gluu.oxauth.client.AuthorizeClient)105
Claim (org.gluu.oxauth.client.model.authorize.Claim)86
OxAuthCryptoProvider (org.gluu.oxauth.model.crypto.OxAuthCryptoProvider)84
Jwt (org.gluu.oxauth.model.jwt.Jwt)81
UserInfoRequest (org.gluu.oxauth.client.UserInfoRequest)62
RSAPublicKey (org.gluu.oxauth.model.crypto.signature.RSAPublicKey)49
RSASigner (org.gluu.oxauth.model.jws.RSASigner)49
TokenClient (org.gluu.oxauth.client.TokenClient)38
