use of org.gluu.oxauth.client.UserInfoResponse in project oxAuth by GluuFederation.
the class UserInfoRestWebServiceHttpTest method requestUserInfoHS512.
@Parameters({ "redirectUris", "redirectUri", "userId", "userSecret", "sectorIdentifierUri" })
@Test
public void requestUserInfoHS512(final String redirectUris, final String redirectUri, final String userId, final String userSecret, final String sectorIdentifierUri) {
showTitle("requestUserInfoHS512");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
// 1. Dynamic Registration
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setUserInfoSignedResponseAlg(SignatureAlgorithm.HS512);
registerRequest.setSubjectType(SubjectType.PAIRWISE);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
String clientSecret = registerResponse.getClientSecret();
AuthorizationResponse authorizationResponse = requestAuthorization(userId, userSecret, redirectUri, responseTypes, clientId);
String accessToken = authorizationResponse.getAccessToken();
// 3. Request user info
UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
userInfoClient.setSharedKey(clientSecret);
UserInfoResponse userInfoResponse = userInfoClient.execUserInfo(accessToken);
showClient(userInfoClient);
assertEquals(userInfoResponse.getStatus(), 200, "Unexpected response code: " + userInfoResponse.getStatus());
assertNotNull(userInfoResponse.getClaim(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.ISSUER));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.AUDIENCE));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.NAME));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.GIVEN_NAME));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.FAMILY_NAME));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.PICTURE));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.EMAIL));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.ZONEINFO));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.LOCALE));
}
use of org.gluu.oxauth.client.UserInfoResponse in project oxAuth by GluuFederation.
the class UserInfoRestWebServiceHttpTest method requestUserInfoWithoutOpenidScope.
@Parameters({ "userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri" })
@Test
public void requestUserInfoWithoutOpenidScope(final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri) {
showTitle("requestUserInfoWithoutOpenidScope");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
registerRequest.setSubjectType(SubjectType.PAIRWISE);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
// 2. Request authorization
List<String> scopes = Arrays.asList("profile", "address", "email");
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
assertNotNull(authorizationResponse.getLocation(), "The location is null");
assertNotNull(authorizationResponse.getAccessToken(), "The access token is null");
assertNotNull(authorizationResponse.getState(), "The state is null");
assertNotNull(authorizationResponse.getTokenType(), "The token type is null");
assertNotNull(authorizationResponse.getExpiresIn(), "The expires in value is null");
assertNotNull(authorizationResponse.getScope(), "The scope must be null");
assertNotNull(authorizationResponse.getIdToken(), "The id token must be null");
String accessToken = authorizationResponse.getAccessToken();
// 3. Request user info
UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
UserInfoResponse userInfoResponse = userInfoClient.execUserInfo(accessToken);
showClient(userInfoClient);
assertEquals(userInfoResponse.getStatus(), 403, "Unexpected response code: " + userInfoResponse.getStatus());
assertNotNull(userInfoResponse.getErrorType(), "Unexpected result: errorType not found");
assertNotNull(userInfoResponse.getErrorDescription(), "Unexpected result: errorDescription not found");
}
use of org.gluu.oxauth.client.UserInfoResponse in project oxAuth by GluuFederation.
the class UserInfoRestWebServiceHttpTest method requestUserInfoPasswordFlow.
@Parameters({ "userId", "userSecret", "redirectUris", "sectorIdentifierUri" })
@Test
public void requestUserInfoPasswordFlow(final String userId, final String userSecret, final String redirectUris, final String sectorIdentifierUri) {
showTitle("requestUserInfoPasswordFlow");
List<ResponseType> responseTypes = new ArrayList<ResponseType>();
List<GrantType> grantTypes = Arrays.asList(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS);
RegisterResponse registerResponse = registerClient(redirectUris, responseTypes, grantTypes, sectorIdentifierUri);
String clientId = registerResponse.getClientId();
String clientSecret = registerResponse.getClientSecret();
// 2. Request authorization
String username = userId;
String password = userSecret;
String scope = "openid profile address email";
TokenClient tokenClient = new TokenClient(tokenEndpoint);
TokenResponse response1 = tokenClient.execResourceOwnerPasswordCredentialsGrant(username, password, scope, clientId, clientSecret);
showClient(tokenClient);
assertEquals(response1.getStatus(), 200, "Unexpected response code: " + response1.getStatus());
assertNotNull(response1.getEntity(), "The entity is null");
assertNotNull(response1.getAccessToken(), "The access token is null");
assertNotNull(response1.getTokenType(), "The token type is null");
assertNotNull(response1.getScope(), "The scope is null");
String accessToken = response1.getAccessToken();
// 3. Request user info
UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
UserInfoResponse response2 = userInfoClient.execUserInfo(accessToken);
showClient(userInfoClient);
assertEquals(response2.getStatus(), 200, "Unexpected response code: " + response2.getStatus());
assertNotNull(response2.getClaim(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(response2.getClaim(JwtClaimName.NAME));
assertNotNull(response2.getClaim(JwtClaimName.GIVEN_NAME));
assertNotNull(response2.getClaim(JwtClaimName.FAMILY_NAME));
assertNotNull(response2.getClaim(JwtClaimName.EMAIL));
assertNotNull(response2.getClaim(JwtClaimName.ZONEINFO));
assertNotNull(response2.getClaim(JwtClaimName.LOCALE));
assertNull(response2.getClaim("org_name"));
assertNull(response2.getClaim("work_phone"));
}
use of org.gluu.oxauth.client.UserInfoResponse in project oxAuth by GluuFederation.
the class UserInfoRestWebServiceHttpTest method requestUserInfoImplicitFlow.
@Parameters({ "userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri" })
@Test
public void requestUserInfoImplicitFlow(final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri) {
showTitle("requestUserInfoImplicitFlow");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
List<GrantType> grantTypes = Arrays.asList(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS);
// 1. Register client
RegisterResponse registerResponse = registerClient(redirectUris, responseTypes, grantTypes, sectorIdentifierUri);
String clientId = registerResponse.getClientId();
// 2. Request authorization
AuthorizationResponse response1 = requestAuthorization(userId, userSecret, redirectUri, responseTypes, clientId);
String accessToken = response1.getAccessToken();
// 3. Request user info
UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
UserInfoResponse response2 = userInfoClient.execUserInfo(accessToken);
showClient(userInfoClient);
assertEquals(response2.getStatus(), 200, "Unexpected response code: " + response2.getStatus());
assertNotNull(response2.getClaim(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(response2.getClaim(JwtClaimName.NAME));
assertNotNull(response2.getClaim(JwtClaimName.GIVEN_NAME));
assertNotNull(response2.getClaim(JwtClaimName.FAMILY_NAME));
assertNotNull(response2.getClaim(JwtClaimName.EMAIL));
assertNotNull(response2.getClaim(JwtClaimName.ZONEINFO));
assertNotNull(response2.getClaim(JwtClaimName.LOCALE));
assertNotNull(response2.getClaim(JwtClaimName.ADDRESS));
assertNull(response2.getClaim("org_name"));
assertNull(response2.getClaim("work_phone"));
}
use of org.gluu.oxauth.client.UserInfoResponse in project oxAuth by GluuFederation.
the class UserInfoRestWebServiceHttpTest method requestUserInfoES256.
@Parameters({ "redirectUris", "redirectUri", "userId", "userSecret", "sectorIdentifierUri" })
@Test
public void requestUserInfoES256(final String redirectUris, final String redirectUri, final String userId, final String userSecret, final String sectorIdentifierUri) {
showTitle("requestUserInfoES256");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
// 1. Dynamic Registration
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setUserInfoSignedResponseAlg(SignatureAlgorithm.ES256);
registerRequest.setSubjectType(SubjectType.PAIRWISE);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
AuthorizationResponse authorizationResponse = requestAuthorization(userId, userSecret, redirectUri, responseTypes, clientId);
String accessToken = authorizationResponse.getAccessToken();
// 3. Request user info
UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
userInfoClient.setJwksUri(jwksUri);
UserInfoResponse userInfoResponse = userInfoClient.execUserInfo(accessToken);
showClient(userInfoClient);
assertEquals(userInfoResponse.getStatus(), 200, "Unexpected response code: " + userInfoResponse.getStatus());
assertNotNull(userInfoResponse.getClaim(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.ISSUER));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.AUDIENCE));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.NAME));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.GIVEN_NAME));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.FAMILY_NAME));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.PICTURE));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.EMAIL));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.ZONEINFO));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.LOCALE));
}
Aggregations