Example 46 with ResponseType
use of org.gluu.oxauth.model.common.ResponseType in project oxAuth by GluuFederation.
the class MultivaluedClaims method authorizationRequestObjectWithMultivaluedClaimAlgA128KWEncA128GCM.
@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "sectorIdentifierUri" })
@Test
public void authorizationRequestObjectWithMultivaluedClaimAlgA128KWEncA128GCM(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String sectorIdentifierUri) throws Exception {
showTitle("authorizationRequestObjectWithMultivaluedClaimAlgA128KWEncA128GCM");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
registerRequest.setIdTokenEncryptedResponseAlg(KeyEncryptionAlgorithm.A128KW);
registerRequest.setIdTokenEncryptedResponseEnc(BlockEncryptionAlgorithm.A128GCM);
registerRequest.setUserInfoEncryptedResponseAlg(KeyEncryptionAlgorithm.A128KW);
registerRequest.setUserInfoEncryptedResponseEnc(BlockEncryptionAlgorithm.A128GCM);
registerRequest.setRequestObjectEncryptionAlg(KeyEncryptionAlgorithm.A128KW);
registerRequest.setRequestObjectEncryptionEnc(BlockEncryptionAlgorithm.A128GCM);
registerRequest.setClaims(Arrays.asList("member_of"));
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
String clientSecret = registerResponse.getClientSecret();
// 2. Request authorization
List<String> scopes = Arrays.asList("openid");
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, KeyEncryptionAlgorithm.A128KW, BlockEncryptionAlgorithm.A128GCM, clientSecret);
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createEssential(true)));
jwtAuthorizationRequest.addIdTokenClaim(new Claim("member_of", ClaimValue.createEssential(true)));
jwtAuthorizationRequest.addUserInfoClaim(new Claim("member_of", ClaimValue.createEssential(true)));
String authJwt = jwtAuthorizationRequest.getEncodedJwt();
authorizationRequest.setRequest(authJwt);
AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
authorizeClient.setRequest(authorizationRequest);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
assertNotNull(authorizationResponse.getLocation(), "The location is null");
assertNotNull(authorizationResponse.getAccessToken(), "The accessToken is null");
assertNotNull(authorizationResponse.getTokenType(), "The tokenType is null");
assertNotNull(authorizationResponse.getIdToken(), "The idToken is null");
assertNotNull(authorizationResponse.getState(), "The state is null");
String idToken = authorizationResponse.getIdToken();
String accessToken = authorizationResponse.getAccessToken();
// 3. Validate id_token
Jwe jwe = Jwe.parse(idToken, null, clientSecret.getBytes(Util.UTF8_STRING_ENCODING));
assertNotNull(jwe.getHeader().getClaimAsString(JwtHeaderName.TYPE));
assertNotNull(jwe.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ISSUER));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.AUDIENCE));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ACCESS_TOKEN_HASH));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.AUTHENTICATION_TIME));
assertNotNull(jwe.getClaims().getClaimAsStringList("member_of"));
assertTrue(jwe.getClaims().getClaimAsStringList("member_of").size() > 1);
// 4. Request user info
UserInfoRequest userInfoRequest = new UserInfoRequest(accessToken);
UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
userInfoClient.setRequest(userInfoRequest);
userInfoClient.setSharedKey(clientSecret);
UserInfoResponse userInfoResponse = userInfoClient.exec();
showClient(userInfoClient);
assertEquals(userInfoResponse.getStatus(), 200, "Unexpected response code: " + userInfoResponse.getStatus());
assertNotNull(userInfoResponse.getClaim(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(userInfoResponse.getClaim("member_of"));
assertTrue(userInfoResponse.getClaim("member_of").size() > 1);
}
Also used :
RegisterRequest(org.gluu.oxauth.client.RegisterRequest)
JwtAuthorizationRequest(org.gluu.oxauth.client.model.authorize.JwtAuthorizationRequest)
AuthorizationRequest(org.gluu.oxauth.client.AuthorizationRequest)
UserInfoRequest(org.gluu.oxauth.client.UserInfoRequest)
UserInfoClient(org.gluu.oxauth.client.UserInfoClient)
ResponseType(org.gluu.oxauth.model.common.ResponseType)
AuthorizationResponse(org.gluu.oxauth.client.AuthorizationResponse)
RegisterResponse(org.gluu.oxauth.client.RegisterResponse)
RegisterClient(org.gluu.oxauth.client.RegisterClient)
JwtAuthorizationRequest(org.gluu.oxauth.client.model.authorize.JwtAuthorizationRequest)
Jwe(org.gluu.oxauth.model.jwe.Jwe)
UserInfoResponse(org.gluu.oxauth.client.UserInfoResponse)
AuthorizeClient(org.gluu.oxauth.client.AuthorizeClient)
Claim(org.gluu.oxauth.client.model.authorize.Claim)
Parameters(org.testng.annotations.Parameters)
BaseTest(org.gluu.oxauth.BaseTest)
Test(org.testng.annotations.Test)
Example 47 with ResponseType
use of org.gluu.oxauth.model.common.ResponseType in project oxAuth by GluuFederation.
the class MultivaluedClaims method authorizationRequestObjectWithMultivaluedClaimAlgRSAOAEPEncA256GCM.
@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "dnName", "keyStoreFile", "keyStoreSecret", "RSA_OAEP_keyId", "clientJwksUri", "sectorIdentifierUri" })
@Test
public void authorizationRequestObjectWithMultivaluedClaimAlgRSAOAEPEncA256GCM(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String clientKeyId, final String clientJwksUri, final String sectorIdentifierUri) throws Exception {
showTitle("authorizationRequestObjectWithMultivaluedClaimAlgRSAOAEPEncA256GCM");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
registerRequest.setJwksUri(clientJwksUri);
registerRequest.setIdTokenEncryptedResponseAlg(KeyEncryptionAlgorithm.RSA_OAEP);
registerRequest.setIdTokenEncryptedResponseEnc(BlockEncryptionAlgorithm.A256GCM);
registerRequest.setUserInfoEncryptedResponseAlg(KeyEncryptionAlgorithm.RSA_OAEP);
registerRequest.setUserInfoEncryptedResponseEnc(BlockEncryptionAlgorithm.A256GCM);
registerRequest.setRequestObjectEncryptionAlg(KeyEncryptionAlgorithm.RSA_OAEP);
registerRequest.setRequestObjectEncryptionEnc(BlockEncryptionAlgorithm.A256GCM);
registerRequest.setClaims(Arrays.asList("member_of"));
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
// 2. Choose encryption key
JwkClient jwkClient = new JwkClient(jwksUri);
JwkResponse jwkResponse = jwkClient.exec();
String serverKeyId = jwkResponse.getKeyId(Algorithm.RSA_OAEP);
assertNotNull(serverKeyId);
// 3. Request authorization
JSONObject jwks = JwtUtil.getJSONWebKeys(jwksUri);
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
List<String> scopes = Arrays.asList("openid");
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, KeyEncryptionAlgorithm.RSA_OAEP, BlockEncryptionAlgorithm.A256GCM, cryptoProvider);
jwtAuthorizationRequest.setKeyId(serverKeyId);
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createEssential(true)));
jwtAuthorizationRequest.addIdTokenClaim(new Claim("member_of", ClaimValue.createEssential(true)));
jwtAuthorizationRequest.addUserInfoClaim(new Claim("member_of", ClaimValue.createEssential(true)));
String authJwt = jwtAuthorizationRequest.getEncodedJwt(jwks);
authorizationRequest.setRequest(authJwt);
AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
authorizeClient.setRequest(authorizationRequest);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
assertNotNull(authorizationResponse.getLocation(), "The location is null");
assertNotNull(authorizationResponse.getAccessToken(), "The accessToken is null");
assertNotNull(authorizationResponse.getTokenType(), "The tokenType is null");
assertNotNull(authorizationResponse.getIdToken(), "The idToken is null");
assertNotNull(authorizationResponse.getState(), "The state is null");
String idToken = authorizationResponse.getIdToken();
String accessToken = authorizationResponse.getAccessToken();
// 4. Validate id_token
PrivateKey privateKey = cryptoProvider.getPrivateKey(clientKeyId);
Jwe jwe = Jwe.parse(idToken, privateKey, null);
assertNotNull(jwe.getHeader().getClaimAsString(JwtHeaderName.TYPE));
assertNotNull(jwe.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ISSUER));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.AUDIENCE));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ACCESS_TOKEN_HASH));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.AUTHENTICATION_TIME));
assertNotNull(jwe.getClaims().getClaimAsStringList("member_of"));
assertTrue(jwe.getClaims().getClaimAsStringList("member_of").size() > 1);
// 5. Request user info
UserInfoRequest userInfoRequest = new UserInfoRequest(accessToken);
UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
userInfoClient.setRequest(userInfoRequest);
userInfoClient.setPrivateKey(privateKey);
UserInfoResponse userInfoResponse = userInfoClient.exec();
showClient(userInfoClient);
assertEquals(userInfoResponse.getStatus(), 200, "Unexpected response code: " + userInfoResponse.getStatus());
assertNotNull(userInfoResponse.getClaim(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(userInfoResponse.getClaim("member_of"));
assertTrue(userInfoResponse.getClaim("member_of").size() > 1);
}
Also used :
RegisterRequest(org.gluu.oxauth.client.RegisterRequest)
JwtAuthorizationRequest(org.gluu.oxauth.client.model.authorize.JwtAuthorizationRequest)
AuthorizationRequest(org.gluu.oxauth.client.AuthorizationRequest)
PrivateKey(java.security.PrivateKey)
UserInfoRequest(org.gluu.oxauth.client.UserInfoRequest)
UserInfoClient(org.gluu.oxauth.client.UserInfoClient)
ResponseType(org.gluu.oxauth.model.common.ResponseType)
JwkClient(org.gluu.oxauth.client.JwkClient)
AuthorizationResponse(org.gluu.oxauth.client.AuthorizationResponse)
OxAuthCryptoProvider(org.gluu.oxauth.model.crypto.OxAuthCryptoProvider)
RegisterResponse(org.gluu.oxauth.client.RegisterResponse)
JwkResponse(org.gluu.oxauth.client.JwkResponse)
JSONObject(org.json.JSONObject)
RegisterClient(org.gluu.oxauth.client.RegisterClient)
JwtAuthorizationRequest(org.gluu.oxauth.client.model.authorize.JwtAuthorizationRequest)
Jwe(org.gluu.oxauth.model.jwe.Jwe)
UserInfoResponse(org.gluu.oxauth.client.UserInfoResponse)
AuthorizeClient(org.gluu.oxauth.client.AuthorizeClient)
Claim(org.gluu.oxauth.client.model.authorize.Claim)
Parameters(org.testng.annotations.Parameters)
BaseTest(org.gluu.oxauth.BaseTest)
Test(org.testng.annotations.Test)
Example 48 with ResponseType
use of org.gluu.oxauth.model.common.ResponseType in project oxAuth by GluuFederation.
the class MultivaluedClaims method authorizationRequestObjectWithMultivaluedClaimRS256.
@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri", "RS256_keyId", "clientJwksUri" })
@Test
public void authorizationRequestObjectWithMultivaluedClaimRS256(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri, final String keyId, final String clientJwksUri) throws Exception {
showTitle("authorizationRequestObjectWithMultivaluedClaimRS256");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
registerRequest.setIdTokenSignedResponseAlg(SignatureAlgorithm.RS256);
registerRequest.setUserInfoSignedResponseAlg(SignatureAlgorithm.RS256);
registerRequest.setRequestObjectSigningAlg(SignatureAlgorithm.RS256);
registerRequest.setJwksUri(clientJwksUri);
registerRequest.setClaims(Arrays.asList("member_of"));
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
// 2. Request authorization
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
List<String> scopes = Arrays.asList("openid");
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, SignatureAlgorithm.RS256, cryptoProvider);
jwtAuthorizationRequest.setKeyId(keyId);
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createEssential(true)));
jwtAuthorizationRequest.addIdTokenClaim(new Claim("member_of", ClaimValue.createEssential(true)));
jwtAuthorizationRequest.addUserInfoClaim(new Claim("member_of", ClaimValue.createEssential(true)));
String authJwt = jwtAuthorizationRequest.getEncodedJwt();
authorizationRequest.setRequest(authJwt);
AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
authorizeClient.setRequest(authorizationRequest);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
assertNotNull(authorizationResponse.getLocation(), "The location is null");
assertNotNull(authorizationResponse.getAccessToken(), "The accessToken is null");
assertNotNull(authorizationResponse.getTokenType(), "The tokenType is null");
assertNotNull(authorizationResponse.getIdToken(), "The idToken is null");
assertNotNull(authorizationResponse.getState(), "The state is null");
String idToken = authorizationResponse.getIdToken();
String accessToken = authorizationResponse.getAccessToken();
// 3. Validate id_token
Jwt jwt = Jwt.parse(idToken);
assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.TYPE));
assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUER));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUDIENCE));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ACCESS_TOKEN_HASH));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUTHENTICATION_TIME));
assertNotNull(jwt.getClaims().getClaimAsStringList("member_of"));
assertTrue(jwt.getClaims().getClaimAsStringList("member_of").size() > 1);
RSAPublicKey publicKey = JwkClient.getRSAPublicKey(jwksUri, jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID));
RSASigner rsaSigner = new RSASigner(SignatureAlgorithm.RS256, publicKey);
assertTrue(rsaSigner.validate(jwt));
// 4. Request user info
UserInfoRequest userInfoRequest = new UserInfoRequest(accessToken);
UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
userInfoClient.setRequest(userInfoRequest);
userInfoClient.setJwksUri(jwksUri);
UserInfoResponse userInfoResponse = userInfoClient.exec();
showClient(userInfoClient);
assertEquals(userInfoResponse.getStatus(), 200, "Unexpected response code: " + userInfoResponse.getStatus());
assertNotNull(userInfoResponse.getClaim(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(userInfoResponse.getClaim("member_of"));
assertTrue(userInfoResponse.getClaim("member_of").size() > 1);
}
Also used :
RegisterRequest(org.gluu.oxauth.client.RegisterRequest)
JwtAuthorizationRequest(org.gluu.oxauth.client.model.authorize.JwtAuthorizationRequest)
AuthorizationRequest(org.gluu.oxauth.client.AuthorizationRequest)
Jwt(org.gluu.oxauth.model.jwt.Jwt)
UserInfoRequest(org.gluu.oxauth.client.UserInfoRequest)
UserInfoClient(org.gluu.oxauth.client.UserInfoClient)
ResponseType(org.gluu.oxauth.model.common.ResponseType)
AuthorizationResponse(org.gluu.oxauth.client.AuthorizationResponse)
OxAuthCryptoProvider(org.gluu.oxauth.model.crypto.OxAuthCryptoProvider)
RegisterResponse(org.gluu.oxauth.client.RegisterResponse)
RSAPublicKey(org.gluu.oxauth.model.crypto.signature.RSAPublicKey)
RegisterClient(org.gluu.oxauth.client.RegisterClient)
RSASigner(org.gluu.oxauth.model.jws.RSASigner)
JwtAuthorizationRequest(org.gluu.oxauth.client.model.authorize.JwtAuthorizationRequest)
UserInfoResponse(org.gluu.oxauth.client.UserInfoResponse)
AuthorizeClient(org.gluu.oxauth.client.AuthorizeClient)
Claim(org.gluu.oxauth.client.model.authorize.Claim)
Parameters(org.testng.annotations.Parameters)
BaseTest(org.gluu.oxauth.BaseTest)
Test(org.testng.annotations.Test)
Example 49 with ResponseType
use of org.gluu.oxauth.model.common.ResponseType in project oxAuth by GluuFederation.
the class MultivaluedClaims method authorizationRequestWithMultivaluedClaimPS384.
@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "sectorIdentifierUri" })
@Test
public void authorizationRequestWithMultivaluedClaimPS384(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String sectorIdentifierUri) throws Exception {
showTitle("authorizationRequestWithMultivaluedClaimPS384");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
registerRequest.setUserInfoSignedResponseAlg(SignatureAlgorithm.PS384);
registerRequest.setIdTokenSignedResponseAlg(SignatureAlgorithm.PS384);
registerRequest.addCustomAttribute("oxIncludeClaimsInIdToken", "true");
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
// 2. Request authorization
List<String> scopes = Arrays.asList("openid", "test");
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
authorizeClient.setRequest(authorizationRequest);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
assertNotNull(authorizationResponse.getLocation(), "The location is null");
assertNotNull(authorizationResponse.getAccessToken(), "The accessToken is null");
assertNotNull(authorizationResponse.getTokenType(), "The tokenType is null");
assertNotNull(authorizationResponse.getIdToken(), "The idToken is null");
assertNotNull(authorizationResponse.getState(), "The state is null");
String idToken = authorizationResponse.getIdToken();
String accessToken = authorizationResponse.getAccessToken();
// 3. Validate id_token
Jwt jwt = Jwt.parse(idToken);
assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.TYPE));
assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUER));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUDIENCE));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ACCESS_TOKEN_HASH));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUTHENTICATION_TIME));
assertNotNull(jwt.getClaims().getClaimAsStringList("member_of"));
assertTrue(jwt.getClaims().getClaimAsStringList("member_of").size() > 1);
RSAPublicKey publicKey = JwkClient.getRSAPublicKey(jwksUri, jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID));
RSASigner rsaSigner = new RSASigner(SignatureAlgorithm.PS384, publicKey);
assertTrue(rsaSigner.validate(jwt));
// 4. Request user info
UserInfoRequest userInfoRequest = new UserInfoRequest(accessToken);
UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
userInfoClient.setRequest(userInfoRequest);
userInfoClient.setJwksUri(jwksUri);
UserInfoResponse userInfoResponse = userInfoClient.exec();
showClient(userInfoClient);
assertEquals(userInfoResponse.getStatus(), 200, "Unexpected response code: " + userInfoResponse.getStatus());
assertNotNull(userInfoResponse.getClaim(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(userInfoResponse.getClaim("member_of"));
assertTrue(userInfoResponse.getClaim("member_of").size() > 1);
}
Also used :
RegisterRequest(org.gluu.oxauth.client.RegisterRequest)
JwtAuthorizationRequest(org.gluu.oxauth.client.model.authorize.JwtAuthorizationRequest)
AuthorizationRequest(org.gluu.oxauth.client.AuthorizationRequest)
Jwt(org.gluu.oxauth.model.jwt.Jwt)
UserInfoRequest(org.gluu.oxauth.client.UserInfoRequest)
UserInfoClient(org.gluu.oxauth.client.UserInfoClient)
ResponseType(org.gluu.oxauth.model.common.ResponseType)
AuthorizationResponse(org.gluu.oxauth.client.AuthorizationResponse)
RegisterResponse(org.gluu.oxauth.client.RegisterResponse)
RSAPublicKey(org.gluu.oxauth.model.crypto.signature.RSAPublicKey)
RegisterClient(org.gluu.oxauth.client.RegisterClient)
RSASigner(org.gluu.oxauth.model.jws.RSASigner)
UserInfoResponse(org.gluu.oxauth.client.UserInfoResponse)
AuthorizeClient(org.gluu.oxauth.client.AuthorizeClient)
Parameters(org.testng.annotations.Parameters)
BaseTest(org.gluu.oxauth.BaseTest)
Test(org.testng.annotations.Test)
Example 50 with ResponseType
use of org.gluu.oxauth.model.common.ResponseType in project oxAuth by GluuFederation.
the class MultivaluedClaims method authorizationRequestObjectWithMultivaluedClaimRS512.
@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri", "RS512_keyId", "clientJwksUri" })
@Test
public void authorizationRequestObjectWithMultivaluedClaimRS512(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri, final String keyId, final String clientJwksUri) throws Exception {
showTitle("authorizationRequestObjectWithMultivaluedClaimRS512");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
registerRequest.setIdTokenSignedResponseAlg(SignatureAlgorithm.RS512);
registerRequest.setUserInfoSignedResponseAlg(SignatureAlgorithm.RS512);
registerRequest.setRequestObjectSigningAlg(SignatureAlgorithm.RS512);
registerRequest.setJwksUri(clientJwksUri);
registerRequest.setClaims(Arrays.asList("member_of"));
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
// 2. Request authorization
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
List<String> scopes = Arrays.asList("openid");
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, SignatureAlgorithm.RS512, cryptoProvider);
jwtAuthorizationRequest.setKeyId(keyId);
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createEssential(true)));
jwtAuthorizationRequest.addIdTokenClaim(new Claim("member_of", ClaimValue.createEssential(true)));
jwtAuthorizationRequest.addUserInfoClaim(new Claim("member_of", ClaimValue.createEssential(true)));
String authJwt = jwtAuthorizationRequest.getEncodedJwt();
authorizationRequest.setRequest(authJwt);
AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
authorizeClient.setRequest(authorizationRequest);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
assertNotNull(authorizationResponse.getLocation(), "The location is null");
assertNotNull(authorizationResponse.getAccessToken(), "The accessToken is null");
assertNotNull(authorizationResponse.getTokenType(), "The tokenType is null");
assertNotNull(authorizationResponse.getIdToken(), "The idToken is null");
assertNotNull(authorizationResponse.getState(), "The state is null");
String idToken = authorizationResponse.getIdToken();
String accessToken = authorizationResponse.getAccessToken();
// 3. Validate id_token
Jwt jwt = Jwt.parse(idToken);
assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.TYPE));
assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUER));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUDIENCE));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ACCESS_TOKEN_HASH));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUTHENTICATION_TIME));
assertNotNull(jwt.getClaims().getClaimAsStringList("member_of"));
assertTrue(jwt.getClaims().getClaimAsStringList("member_of").size() > 1);
RSAPublicKey publicKey = JwkClient.getRSAPublicKey(jwksUri, jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID));
RSASigner rsaSigner = new RSASigner(SignatureAlgorithm.RS512, publicKey);
assertTrue(rsaSigner.validate(jwt));
// 4. Request user info
UserInfoRequest userInfoRequest = new UserInfoRequest(accessToken);
UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
userInfoClient.setRequest(userInfoRequest);
userInfoClient.setJwksUri(jwksUri);
UserInfoResponse userInfoResponse = userInfoClient.exec();
showClient(userInfoClient);
assertEquals(userInfoResponse.getStatus(), 200, "Unexpected response code: " + userInfoResponse.getStatus());
assertNotNull(userInfoResponse.getClaim(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(userInfoResponse.getClaim("member_of"));
assertTrue(userInfoResponse.getClaim("member_of").size() > 1);
}
Also used :
RegisterRequest(org.gluu.oxauth.client.RegisterRequest)
JwtAuthorizationRequest(org.gluu.oxauth.client.model.authorize.JwtAuthorizationRequest)
AuthorizationRequest(org.gluu.oxauth.client.AuthorizationRequest)
Jwt(org.gluu.oxauth.model.jwt.Jwt)
UserInfoRequest(org.gluu.oxauth.client.UserInfoRequest)
UserInfoClient(org.gluu.oxauth.client.UserInfoClient)
ResponseType(org.gluu.oxauth.model.common.ResponseType)
AuthorizationResponse(org.gluu.oxauth.client.AuthorizationResponse)
OxAuthCryptoProvider(org.gluu.oxauth.model.crypto.OxAuthCryptoProvider)
RegisterResponse(org.gluu.oxauth.client.RegisterResponse)
RSAPublicKey(org.gluu.oxauth.model.crypto.signature.RSAPublicKey)
RegisterClient(org.gluu.oxauth.client.RegisterClient)
RSASigner(org.gluu.oxauth.model.jws.RSASigner)
JwtAuthorizationRequest(org.gluu.oxauth.client.model.authorize.JwtAuthorizationRequest)
UserInfoResponse(org.gluu.oxauth.client.UserInfoResponse)
AuthorizeClient(org.gluu.oxauth.client.AuthorizeClient)
Claim(org.gluu.oxauth.client.model.authorize.Claim)
Parameters(org.testng.annotations.Parameters)
BaseTest(org.gluu.oxauth.BaseTest)
Test(org.testng.annotations.Test)
Aggregations
ResponseType (org.gluu.oxauth.model.common.ResponseType)661
Parameters (org.testng.annotations.Parameters)648
BaseTest (org.gluu.oxauth.BaseTest)646
Test (org.testng.annotations.Test)646
RegisterResponse (org.gluu.oxauth.client.RegisterResponse)541
RegisterRequest (org.gluu.oxauth.client.RegisterRequest)528
AuthorizationRequest (org.gluu.oxauth.client.AuthorizationRequest)526
AuthorizationResponse (org.gluu.oxauth.client.AuthorizationResponse)525
RegisterClient (org.gluu.oxauth.client.RegisterClient)508
OxAuthCryptoProvider (org.gluu.oxauth.model.crypto.OxAuthCryptoProvider)274
JwtAuthorizationRequest (org.gluu.oxauth.client.model.authorize.JwtAuthorizationRequest)204
AuthorizeClient (org.gluu.oxauth.client.AuthorizeClient)198
UserInfoResponse (org.gluu.oxauth.client.UserInfoResponse)179
UserInfoClient (org.gluu.oxauth.client.UserInfoClient)178
TokenClient (org.gluu.oxauth.client.TokenClient)176
TokenResponse (org.gluu.oxauth.client.TokenResponse)176
Jwt (org.gluu.oxauth.model.jwt.Jwt)170
TokenRequest (org.gluu.oxauth.client.TokenRequest)165
Claim (org.gluu.oxauth.client.model.authorize.Claim)133
Response (javax.ws.rs.core.Response)111
