Example 21 with UserInfoResponse
use of org.gluu.oxauth.client.UserInfoResponse in project oxAuth by GluuFederation.
the class MultivaluedClaims method authorizationRequestWithMultivaluedClaimHS384.
@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "sectorIdentifierUri" })
@Test
public void authorizationRequestWithMultivaluedClaimHS384(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String sectorIdentifierUri) throws Exception {
showTitle("authorizationRequestWithMultivaluedClaimHS384");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
registerRequest.setIdTokenSignedResponseAlg(SignatureAlgorithm.HS384);
registerRequest.setUserInfoSignedResponseAlg(SignatureAlgorithm.HS384);
registerRequest.addCustomAttribute("oxIncludeClaimsInIdToken", "true");
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
String clientSecret = registerResponse.getClientSecret();
// 2. Request authorization
List<String> scopes = Arrays.asList("openid", "test");
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
authorizeClient.setRequest(authorizationRequest);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
assertNotNull(authorizationResponse.getLocation(), "The location is null");
assertNotNull(authorizationResponse.getAccessToken(), "The accessToken is null");
assertNotNull(authorizationResponse.getTokenType(), "The tokenType is null");
assertNotNull(authorizationResponse.getIdToken(), "The idToken is null");
assertNotNull(authorizationResponse.getState(), "The state is null");
String idToken = authorizationResponse.getIdToken();
String accessToken = authorizationResponse.getAccessToken();
// 3. Validate id_token
Jwt jwt = Jwt.parse(idToken);
assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.TYPE));
assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUER));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUDIENCE));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ACCESS_TOKEN_HASH));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUTHENTICATION_TIME));
assertNotNull(jwt.getClaims().getClaimAsStringList("member_of"));
assertTrue(jwt.getClaims().getClaimAsStringList("member_of").size() > 1);
HMACSigner hmacSigner = new HMACSigner(SignatureAlgorithm.HS384, clientSecret);
assertTrue(hmacSigner.validate(jwt));
// 4. Request user info
UserInfoRequest userInfoRequest = new UserInfoRequest(accessToken);
UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
userInfoClient.setRequest(userInfoRequest);
userInfoClient.setSharedKey(clientSecret);
UserInfoResponse userInfoResponse = userInfoClient.exec();
showClient(userInfoClient);
assertEquals(userInfoResponse.getStatus(), 200, "Unexpected response code: " + userInfoResponse.getStatus());
assertNotNull(userInfoResponse.getClaim(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(userInfoResponse.getClaim("member_of"));
assertTrue(userInfoResponse.getClaim("member_of").size() > 1);
}
Also used :
RegisterRequest(org.gluu.oxauth.client.RegisterRequest)
JwtAuthorizationRequest(org.gluu.oxauth.client.model.authorize.JwtAuthorizationRequest)
AuthorizationRequest(org.gluu.oxauth.client.AuthorizationRequest)
Jwt(org.gluu.oxauth.model.jwt.Jwt)
UserInfoRequest(org.gluu.oxauth.client.UserInfoRequest)
UserInfoClient(org.gluu.oxauth.client.UserInfoClient)
ResponseType(org.gluu.oxauth.model.common.ResponseType)
AuthorizationResponse(org.gluu.oxauth.client.AuthorizationResponse)
RegisterResponse(org.gluu.oxauth.client.RegisterResponse)
HMACSigner(org.gluu.oxauth.model.jws.HMACSigner)
RegisterClient(org.gluu.oxauth.client.RegisterClient)
UserInfoResponse(org.gluu.oxauth.client.UserInfoResponse)
AuthorizeClient(org.gluu.oxauth.client.AuthorizeClient)
Parameters(org.testng.annotations.Parameters)
BaseTest(org.gluu.oxauth.BaseTest)
Test(org.testng.annotations.Test)
Example 22 with UserInfoResponse
use of org.gluu.oxauth.client.UserInfoResponse in project oxAuth by GluuFederation.
the class MultivaluedClaims method authorizationRequestWithMultivaluedClaimES384.
@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "sectorIdentifierUri" })
@Test
public void authorizationRequestWithMultivaluedClaimES384(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String sectorIdentifierUri) throws Exception {
showTitle("authorizationRequestWithMultivaluedClaimES384");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
registerRequest.setIdTokenSignedResponseAlg(SignatureAlgorithm.ES384);
registerRequest.setUserInfoSignedResponseAlg(SignatureAlgorithm.ES384);
registerRequest.addCustomAttribute("oxIncludeClaimsInIdToken", "true");
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
// 2. Request authorization
List<String> scopes = Arrays.asList("openid", "test");
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
authorizeClient.setRequest(authorizationRequest);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
assertNotNull(authorizationResponse.getLocation(), "The location is null");
assertNotNull(authorizationResponse.getAccessToken(), "The accessToken is null");
assertNotNull(authorizationResponse.getTokenType(), "The tokenType is null");
assertNotNull(authorizationResponse.getIdToken(), "The idToken is null");
assertNotNull(authorizationResponse.getState(), "The state is null");
String idToken = authorizationResponse.getIdToken();
String accessToken = authorizationResponse.getAccessToken();
// 3. Validate id_token
Jwt jwt = Jwt.parse(idToken);
assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.TYPE));
assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUER));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUDIENCE));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ACCESS_TOKEN_HASH));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUTHENTICATION_TIME));
assertNotNull(jwt.getClaims().getClaimAsStringList("member_of"));
assertTrue(jwt.getClaims().getClaimAsStringList("member_of").size() > 1);
ECDSAPublicKey publicKey = JwkClient.getECDSAPublicKey(jwksUri, jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID));
ECDSASigner ecdsaSigner = new ECDSASigner(SignatureAlgorithm.ES384, publicKey);
assertTrue(ecdsaSigner.validate(jwt));
// 4. Request user info
UserInfoRequest userInfoRequest = new UserInfoRequest(accessToken);
UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
userInfoClient.setRequest(userInfoRequest);
userInfoClient.setJwksUri(jwksUri);
UserInfoResponse userInfoResponse = userInfoClient.exec();
showClient(userInfoClient);
assertEquals(userInfoResponse.getStatus(), 200, "Unexpected response code: " + userInfoResponse.getStatus());
assertNotNull(userInfoResponse.getClaim(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(userInfoResponse.getClaim("member_of"));
assertTrue(userInfoResponse.getClaim("member_of").size() > 1);
}
Also used :
RegisterRequest(org.gluu.oxauth.client.RegisterRequest)
JwtAuthorizationRequest(org.gluu.oxauth.client.model.authorize.JwtAuthorizationRequest)
AuthorizationRequest(org.gluu.oxauth.client.AuthorizationRequest)
ECDSASigner(org.gluu.oxauth.model.jws.ECDSASigner)
Jwt(org.gluu.oxauth.model.jwt.Jwt)
UserInfoRequest(org.gluu.oxauth.client.UserInfoRequest)
UserInfoClient(org.gluu.oxauth.client.UserInfoClient)
ResponseType(org.gluu.oxauth.model.common.ResponseType)
AuthorizationResponse(org.gluu.oxauth.client.AuthorizationResponse)
RegisterResponse(org.gluu.oxauth.client.RegisterResponse)
RegisterClient(org.gluu.oxauth.client.RegisterClient)
UserInfoResponse(org.gluu.oxauth.client.UserInfoResponse)
AuthorizeClient(org.gluu.oxauth.client.AuthorizeClient)
ECDSAPublicKey(org.gluu.oxauth.model.crypto.signature.ECDSAPublicKey)
Parameters(org.testng.annotations.Parameters)
BaseTest(org.gluu.oxauth.BaseTest)
Test(org.testng.annotations.Test)
Example 23 with UserInfoResponse
use of org.gluu.oxauth.client.UserInfoResponse in project oxAuth by GluuFederation.
the class MultivaluedClaims method authorizationRequestWithMultivaluedClaimPS256.
@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "sectorIdentifierUri" })
@Test
public void authorizationRequestWithMultivaluedClaimPS256(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String sectorIdentifierUri) throws Exception {
showTitle("authorizationRequestWithMultivaluedClaimPS256");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
registerRequest.setUserInfoSignedResponseAlg(SignatureAlgorithm.PS256);
registerRequest.setIdTokenSignedResponseAlg(SignatureAlgorithm.PS256);
registerRequest.addCustomAttribute("oxIncludeClaimsInIdToken", "true");
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
// 2. Request authorization
List<String> scopes = Arrays.asList("openid", "test");
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
authorizeClient.setRequest(authorizationRequest);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
assertNotNull(authorizationResponse.getLocation(), "The location is null");
assertNotNull(authorizationResponse.getAccessToken(), "The accessToken is null");
assertNotNull(authorizationResponse.getTokenType(), "The tokenType is null");
assertNotNull(authorizationResponse.getIdToken(), "The idToken is null");
assertNotNull(authorizationResponse.getState(), "The state is null");
String idToken = authorizationResponse.getIdToken();
String accessToken = authorizationResponse.getAccessToken();
// 3. Validate id_token
Jwt jwt = Jwt.parse(idToken);
assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.TYPE));
assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUER));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUDIENCE));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ACCESS_TOKEN_HASH));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUTHENTICATION_TIME));
assertNotNull(jwt.getClaims().getClaimAsStringList("member_of"));
assertTrue(jwt.getClaims().getClaimAsStringList("member_of").size() > 1);
RSAPublicKey publicKey = JwkClient.getRSAPublicKey(jwksUri, jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID));
RSASigner rsaSigner = new RSASigner(SignatureAlgorithm.PS256, publicKey);
assertTrue(rsaSigner.validate(jwt));
// 4. Request user info
UserInfoRequest userInfoRequest = new UserInfoRequest(accessToken);
UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
userInfoClient.setRequest(userInfoRequest);
userInfoClient.setJwksUri(jwksUri);
UserInfoResponse userInfoResponse = userInfoClient.exec();
showClient(userInfoClient);
assertEquals(userInfoResponse.getStatus(), 200, "Unexpected response code: " + userInfoResponse.getStatus());
assertNotNull(userInfoResponse.getClaim(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(userInfoResponse.getClaim("member_of"));
assertTrue(userInfoResponse.getClaim("member_of").size() > 1);
}
Also used :
RegisterRequest(org.gluu.oxauth.client.RegisterRequest)
JwtAuthorizationRequest(org.gluu.oxauth.client.model.authorize.JwtAuthorizationRequest)
AuthorizationRequest(org.gluu.oxauth.client.AuthorizationRequest)
Jwt(org.gluu.oxauth.model.jwt.Jwt)
UserInfoRequest(org.gluu.oxauth.client.UserInfoRequest)
UserInfoClient(org.gluu.oxauth.client.UserInfoClient)
ResponseType(org.gluu.oxauth.model.common.ResponseType)
AuthorizationResponse(org.gluu.oxauth.client.AuthorizationResponse)
RegisterResponse(org.gluu.oxauth.client.RegisterResponse)
RSAPublicKey(org.gluu.oxauth.model.crypto.signature.RSAPublicKey)
RegisterClient(org.gluu.oxauth.client.RegisterClient)
RSASigner(org.gluu.oxauth.model.jws.RSASigner)
UserInfoResponse(org.gluu.oxauth.client.UserInfoResponse)
AuthorizeClient(org.gluu.oxauth.client.AuthorizeClient)
Parameters(org.testng.annotations.Parameters)
BaseTest(org.gluu.oxauth.BaseTest)
Test(org.testng.annotations.Test)
Example 24 with UserInfoResponse
use of org.gluu.oxauth.client.UserInfoResponse in project oxAuth by GluuFederation.
the class MultivaluedClaims method authorizationRequestObjectWithMultivaluedClaimES384.
@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri", "ES384_keyId", "clientJwksUri" })
@Test
public void authorizationRequestObjectWithMultivaluedClaimES384(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri, final String keyId, final String clientJwksUri) throws Exception {
showTitle("authorizationRequestObjectWithMultivaluedClaimES384");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
registerRequest.setIdTokenSignedResponseAlg(SignatureAlgorithm.ES384);
registerRequest.setUserInfoSignedResponseAlg(SignatureAlgorithm.ES384);
registerRequest.setRequestObjectSigningAlg(SignatureAlgorithm.ES384);
registerRequest.setJwksUri(clientJwksUri);
registerRequest.setClaims(Arrays.asList("member_of"));
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
// 2. Request authorization
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
List<String> scopes = Arrays.asList("openid");
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, SignatureAlgorithm.ES384, cryptoProvider);
jwtAuthorizationRequest.setKeyId(keyId);
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createEssential(true)));
jwtAuthorizationRequest.addIdTokenClaim(new Claim("member_of", ClaimValue.createEssential(true)));
jwtAuthorizationRequest.addUserInfoClaim(new Claim("member_of", ClaimValue.createEssential(true)));
String authJwt = jwtAuthorizationRequest.getEncodedJwt();
authorizationRequest.setRequest(authJwt);
AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
authorizeClient.setRequest(authorizationRequest);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
assertNotNull(authorizationResponse.getLocation(), "The location is null");
assertNotNull(authorizationResponse.getAccessToken(), "The accessToken is null");
assertNotNull(authorizationResponse.getTokenType(), "The tokenType is null");
assertNotNull(authorizationResponse.getIdToken(), "The idToken is null");
assertNotNull(authorizationResponse.getState(), "The state is null");
String idToken = authorizationResponse.getIdToken();
String accessToken = authorizationResponse.getAccessToken();
// 3. Validate id_token
Jwt jwt = Jwt.parse(idToken);
assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.TYPE));
assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUER));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUDIENCE));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ACCESS_TOKEN_HASH));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUTHENTICATION_TIME));
assertNotNull(jwt.getClaims().getClaimAsStringList("member_of"));
assertTrue(jwt.getClaims().getClaimAsStringList("member_of").size() > 1);
ECDSAPublicKey publicKey = JwkClient.getECDSAPublicKey(jwksUri, jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID));
ECDSASigner ecdsaSigner = new ECDSASigner(SignatureAlgorithm.ES384, publicKey);
assertTrue(ecdsaSigner.validate(jwt));
// 4. Request user info
UserInfoRequest userInfoRequest = new UserInfoRequest(accessToken);
UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
userInfoClient.setRequest(userInfoRequest);
userInfoClient.setJwksUri(jwksUri);
UserInfoResponse userInfoResponse = userInfoClient.exec();
showClient(userInfoClient);
assertEquals(userInfoResponse.getStatus(), 200, "Unexpected response code: " + userInfoResponse.getStatus());
assertNotNull(userInfoResponse.getClaim(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(userInfoResponse.getClaim("member_of"));
assertTrue(userInfoResponse.getClaim("member_of").size() > 1);
}
Also used :
RegisterRequest(org.gluu.oxauth.client.RegisterRequest)
JwtAuthorizationRequest(org.gluu.oxauth.client.model.authorize.JwtAuthorizationRequest)
AuthorizationRequest(org.gluu.oxauth.client.AuthorizationRequest)
ECDSASigner(org.gluu.oxauth.model.jws.ECDSASigner)
Jwt(org.gluu.oxauth.model.jwt.Jwt)
UserInfoRequest(org.gluu.oxauth.client.UserInfoRequest)
UserInfoClient(org.gluu.oxauth.client.UserInfoClient)
ResponseType(org.gluu.oxauth.model.common.ResponseType)
AuthorizationResponse(org.gluu.oxauth.client.AuthorizationResponse)
OxAuthCryptoProvider(org.gluu.oxauth.model.crypto.OxAuthCryptoProvider)
RegisterResponse(org.gluu.oxauth.client.RegisterResponse)
RegisterClient(org.gluu.oxauth.client.RegisterClient)
JwtAuthorizationRequest(org.gluu.oxauth.client.model.authorize.JwtAuthorizationRequest)
UserInfoResponse(org.gluu.oxauth.client.UserInfoResponse)
AuthorizeClient(org.gluu.oxauth.client.AuthorizeClient)
Claim(org.gluu.oxauth.client.model.authorize.Claim)
ECDSAPublicKey(org.gluu.oxauth.model.crypto.signature.ECDSAPublicKey)
Parameters(org.testng.annotations.Parameters)
BaseTest(org.gluu.oxauth.BaseTest)
Test(org.testng.annotations.Test)
Example 25 with UserInfoResponse
use of org.gluu.oxauth.client.UserInfoResponse in project oxAuth by GluuFederation.
the class MultivaluedClaims method authorizationRequestObjectWithMultivaluedClaimHS256.
@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
@Test
public void authorizationRequestObjectWithMultivaluedClaimHS256(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
showTitle("authorizationRequestObjectWithMultivaluedClaimHS256");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
registerRequest.setIdTokenSignedResponseAlg(SignatureAlgorithm.HS256);
registerRequest.setUserInfoSignedResponseAlg(SignatureAlgorithm.HS256);
registerRequest.setRequestObjectSigningAlg(SignatureAlgorithm.HS256);
registerRequest.setClaims(Arrays.asList("member_of"));
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
String clientSecret = registerResponse.getClientSecret();
// 2. Request authorization
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
List<String> scopes = Arrays.asList("openid");
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, SignatureAlgorithm.HS256, clientSecret, cryptoProvider);
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createEssential(true)));
jwtAuthorizationRequest.addIdTokenClaim(new Claim("member_of", ClaimValue.createEssential(true)));
jwtAuthorizationRequest.addUserInfoClaim(new Claim("member_of", ClaimValue.createEssential(true)));
String authJwt = jwtAuthorizationRequest.getEncodedJwt();
authorizationRequest.setRequest(authJwt);
AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
authorizeClient.setRequest(authorizationRequest);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
assertNotNull(authorizationResponse.getLocation(), "The location is null");
assertNotNull(authorizationResponse.getAccessToken(), "The accessToken is null");
assertNotNull(authorizationResponse.getTokenType(), "The tokenType is null");
assertNotNull(authorizationResponse.getIdToken(), "The idToken is null");
assertNotNull(authorizationResponse.getState(), "The state is null");
String idToken = authorizationResponse.getIdToken();
String accessToken = authorizationResponse.getAccessToken();
// 3. Validate id_token
Jwt jwt = Jwt.parse(idToken);
assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.TYPE));
assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUER));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUDIENCE));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ACCESS_TOKEN_HASH));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUTHENTICATION_TIME));
assertNotNull(jwt.getClaims().getClaimAsStringList("member_of"));
assertTrue(jwt.getClaims().getClaimAsStringList("member_of").size() > 1);
HMACSigner hmacSigner = new HMACSigner(SignatureAlgorithm.HS256, clientSecret);
assertTrue(hmacSigner.validate(jwt));
// 4. Request user info
UserInfoRequest userInfoRequest = new UserInfoRequest(accessToken);
UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
userInfoClient.setRequest(userInfoRequest);
userInfoClient.setSharedKey(clientSecret);
UserInfoResponse userInfoResponse = userInfoClient.exec();
showClient(userInfoClient);
assertEquals(userInfoResponse.getStatus(), 200, "Unexpected response code: " + userInfoResponse.getStatus());
assertNotNull(userInfoResponse.getClaim(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(userInfoResponse.getClaim("member_of"));
assertTrue(userInfoResponse.getClaim("member_of").size() > 1);
}
Also used :
RegisterRequest(org.gluu.oxauth.client.RegisterRequest)
JwtAuthorizationRequest(org.gluu.oxauth.client.model.authorize.JwtAuthorizationRequest)
AuthorizationRequest(org.gluu.oxauth.client.AuthorizationRequest)
Jwt(org.gluu.oxauth.model.jwt.Jwt)
UserInfoRequest(org.gluu.oxauth.client.UserInfoRequest)
UserInfoClient(org.gluu.oxauth.client.UserInfoClient)
ResponseType(org.gluu.oxauth.model.common.ResponseType)
AuthorizationResponse(org.gluu.oxauth.client.AuthorizationResponse)
OxAuthCryptoProvider(org.gluu.oxauth.model.crypto.OxAuthCryptoProvider)
RegisterResponse(org.gluu.oxauth.client.RegisterResponse)
HMACSigner(org.gluu.oxauth.model.jws.HMACSigner)
RegisterClient(org.gluu.oxauth.client.RegisterClient)
JwtAuthorizationRequest(org.gluu.oxauth.client.model.authorize.JwtAuthorizationRequest)
UserInfoResponse(org.gluu.oxauth.client.UserInfoResponse)
AuthorizeClient(org.gluu.oxauth.client.AuthorizeClient)
Claim(org.gluu.oxauth.client.model.authorize.Claim)
Parameters(org.testng.annotations.Parameters)
BaseTest(org.gluu.oxauth.BaseTest)
Test(org.testng.annotations.Test)
Aggregations
UserInfoResponse (org.gluu.oxauth.client.UserInfoResponse)190
UserInfoClient (org.gluu.oxauth.client.UserInfoClient)189
BaseTest (org.gluu.oxauth.BaseTest)184
Test (org.testng.annotations.Test)184
RegisterResponse (org.gluu.oxauth.client.RegisterResponse)181
Parameters (org.testng.annotations.Parameters)181
AuthorizationResponse (org.gluu.oxauth.client.AuthorizationResponse)180
ResponseType (org.gluu.oxauth.model.common.ResponseType)179
RegisterClient (org.gluu.oxauth.client.RegisterClient)163
RegisterRequest (org.gluu.oxauth.client.RegisterRequest)163
AuthorizationRequest (org.gluu.oxauth.client.AuthorizationRequest)148
JwtAuthorizationRequest (org.gluu.oxauth.client.model.authorize.JwtAuthorizationRequest)107
AuthorizeClient (org.gluu.oxauth.client.AuthorizeClient)105
Claim (org.gluu.oxauth.client.model.authorize.Claim)86
OxAuthCryptoProvider (org.gluu.oxauth.model.crypto.OxAuthCryptoProvider)84
Jwt (org.gluu.oxauth.model.jwt.Jwt)79
UserInfoRequest (org.gluu.oxauth.client.UserInfoRequest)62
RSAPublicKey (org.gluu.oxauth.model.crypto.signature.RSAPublicKey)49
RSASigner (org.gluu.oxauth.model.jws.RSASigner)49
TokenClient (org.gluu.oxauth.client.TokenClient)37
