Search in sources :

Example 26 with ResponseType

use of org.gluu.oxauth.model.common.ResponseType in project oxAuth by GluuFederation.

the class OpenIDRequestObjectEmbeddedTest method requestParameterMethodFail1.

@Parameters({ "authorizePath", "userId", "userSecret", "redirectUri" })
@Test(dependsOnMethods = "dynamicClientRegistration")
public void requestParameterMethodFail1(final String authorizePath, final String userId, final String userSecret, final String redirectUri) throws Exception {
    final String state = UUID.randomUUID().toString();
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
    List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
    String nonce = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    authorizationRequest.setState(state);
    authorizationRequest.setRequest("INVALID_REQUEST_OBJECT");
    authorizationRequest.setAuthUsername(userId);
    authorizationRequest.setAuthPassword(userSecret);
    Builder request = ResteasyClientBuilder.newClient().target(url.toString() + authorizePath + "?" + authorizationRequest.getQueryString()).request();
    request.header("Authorization", "Basic " + authorizationRequest.getEncodedCredentials());
    request.header("Accept", MediaType.TEXT_PLAIN);
    Response response = request.get();
    String entity = response.readEntity(String.class);
    showResponse("requestParameterMethodFail1 (Invalid OpenID Request Object)", response, entity);
    assertEquals(response.getStatus(), 302, "Unexpected response code.");
    assertNotNull(response.getLocation(), "Unexpected result: " + response.getLocation());
    if (response.getLocation() != null) {
        try {
            URI uri = new URI(response.getLocation().toString());
            assertNotNull(uri.getFragment(), "Fragment is null");
            Map<String, String> params = QueryStringDecoder.decode(uri.getFragment());
            assertNotNull(params.get("error"), "The error value is null");
            assertNotNull(params.get("error_description"), "The errorDescription value is null");
            assertNotNull(params.get(AuthorizeResponseParam.STATE), "The state is null");
            assertEquals(params.get(AuthorizeResponseParam.STATE), state);
        } catch (URISyntaxException e) {
            e.printStackTrace();
            fail("Response URI is not well formed");
        }
    }
}
Also used : Response(javax.ws.rs.core.Response) JwtAuthorizationRequest(org.gluu.oxauth.client.model.authorize.JwtAuthorizationRequest) ResteasyClientBuilder(org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder) Builder(javax.ws.rs.client.Invocation.Builder) URISyntaxException(java.net.URISyntaxException) URI(java.net.URI) ResponseType(org.gluu.oxauth.model.common.ResponseType) Parameters(org.testng.annotations.Parameters) BaseTest(org.gluu.oxauth.BaseTest) Test(org.testng.annotations.Test)

Example 27 with ResponseType

use of org.gluu.oxauth.model.common.ResponseType in project oxAuth by GluuFederation.

the class OpenIDRequestObjectEmbeddedTest method requestParameterMethodFail4.

@Parameters({ "authorizePath", "userId", "userSecret", "redirectUri" })
@Test(dependsOnMethods = "dynamicClientRegistration")
public void requestParameterMethodFail4(final String authorizePath, final String userId, final String userSecret, final String redirectUri) throws Exception {
    final String state = UUID.randomUUID().toString();
    Builder request = null;
    try {
        List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN);
        List<String> scopes = Arrays.asList("openid");
        String nonce = UUID.randomUUID().toString();
        AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
        authorizationRequest.setState(state);
        authorizationRequest.getPrompts().add(Prompt.NONE);
        authorizationRequest.setAuthUsername(userId);
        authorizationRequest.setAuthPassword(userSecret);
        OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider();
        JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, SignatureAlgorithm.HS256, clientSecret, cryptoProvider);
        jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.SUBJECT_IDENTIFIER, ClaimValue.createSingleValue("INVALID_USER_ID")));
        String authJwt = jwtAuthorizationRequest.getEncodedJwt();
        authorizationRequest.setRequest(authJwt);
        System.out.println("Request JWT: " + authJwt);
        request = ResteasyClientBuilder.newClient().target(url.toString() + authorizePath + "?" + authorizationRequest.getQueryString()).request();
        request.header("Authorization", "Basic " + authorizationRequest.getEncodedCredentials());
        request.header("Accept", MediaType.TEXT_PLAIN);
    } catch (Exception e) {
        fail(e.getMessage(), e);
    }
    Response response = request.get();
    String entity = response.readEntity(String.class);
    showResponse("requestParameterMethodFail4", response, entity);
    assertEquals(response.getStatus(), 302, "Unexpected response code.");
    assertNotNull(response.getLocation(), "Unexpected result: " + response.getLocation());
    if (response.getLocation() != null) {
        try {
            URI uri = new URI(response.getLocation().toString());
            assertNotNull(uri.getFragment(), "Fragment is null");
            Map<String, String> params = QueryStringDecoder.decode(uri.getFragment());
            assertNotNull(params.get("error"), "The error value is null");
            assertNotNull(params.get("error_description"), "The errorDescription value is null");
            assertNotNull(params.get(AuthorizeResponseParam.STATE), "The state is null");
            assertEquals(params.get(AuthorizeResponseParam.STATE), state);
        } catch (URISyntaxException e) {
            e.printStackTrace();
            fail("Response URI is not well formed");
        }
    }
}
Also used : JwtAuthorizationRequest(org.gluu.oxauth.client.model.authorize.JwtAuthorizationRequest) ResteasyClientBuilder(org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder) Builder(javax.ws.rs.client.Invocation.Builder) URISyntaxException(java.net.URISyntaxException) URI(java.net.URI) URISyntaxException(java.net.URISyntaxException) JSONException(org.json.JSONException) ResponseType(org.gluu.oxauth.model.common.ResponseType) OxAuthCryptoProvider(org.gluu.oxauth.model.crypto.OxAuthCryptoProvider) Response(javax.ws.rs.core.Response) JwtAuthorizationRequest(org.gluu.oxauth.client.model.authorize.JwtAuthorizationRequest) Claim(org.gluu.oxauth.client.model.authorize.Claim) Parameters(org.testng.annotations.Parameters) BaseTest(org.gluu.oxauth.BaseTest) Test(org.testng.annotations.Test)

Example 28 with ResponseType

use of org.gluu.oxauth.model.common.ResponseType in project oxAuth by GluuFederation.

the class ClientAuthenticationFilterEmbeddedTest method requestAccessTokenCustomClientAuth1Step1.

@Parameters({ "authorizePath", "userId", "userSecret", "redirectUri" })
@Test(dependsOnMethods = "requestClientRegistrationWithCustomAttributes")
public void requestAccessTokenCustomClientAuth1Step1(final String authorizePath, final String userId, final String userSecret, final String redirectUri) throws Exception {
    final String state = UUID.randomUUID().toString();
    final String nonce = UUID.randomUUID().toString();
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE, ResponseType.ID_TOKEN);
    List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    authorizationRequest.setState(state);
    authorizationRequest.setAuthUsername(userId);
    authorizationRequest.setAuthPassword(userSecret);
    authorizationRequest.getPrompts().add(Prompt.NONE);
    Builder request = ResteasyClientBuilder.newClient().target(url.toString() + authorizePath + "?" + authorizationRequest.getQueryString()).request();
    request.header("Authorization", "Basic " + authorizationRequest.getEncodedCredentials());
    request.header("Accept", MediaType.TEXT_PLAIN);
    Response response = request.get();
    String entity = response.readEntity(String.class);
    showResponse("requestAccessTokenCustomClientAuth1Step1", response, entity);
    assertEquals(response.getStatus(), 302, "Unexpected response code.");
    assertNotNull(response.getLocation(), "Unexpected result: " + response.getLocation());
    try {
        URI uri = new URI(response.getLocation().toString());
        assertNotNull(uri.getFragment(), "Query string is null");
        Map<String, String> params = QueryStringDecoder.decode(uri.getFragment());
        assertNotNull(params.get(AuthorizeResponseParam.CODE), "The code is null");
        assertNotNull(params.get(AuthorizeResponseParam.ID_TOKEN), "The id token is null");
        assertNotNull(params.get(AuthorizeResponseParam.STATE), "The state is null");
        assertEquals(params.get(AuthorizeResponseParam.STATE), state);
        authorizationCode1 = params.get(AuthorizeResponseParam.CODE);
    } catch (URISyntaxException e) {
        e.printStackTrace();
        fail("Response URI is not well formed");
    } catch (Exception e) {
        e.printStackTrace();
        fail(e.getMessage());
    }
}
Also used : Response(javax.ws.rs.core.Response) ResteasyClientBuilder(org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder) Builder(javax.ws.rs.client.Invocation.Builder) URISyntaxException(java.net.URISyntaxException) URI(java.net.URI) URISyntaxException(java.net.URISyntaxException) JSONException(org.json.JSONException) ResponseType(org.gluu.oxauth.model.common.ResponseType) Parameters(org.testng.annotations.Parameters) BaseTest(org.gluu.oxauth.BaseTest) Test(org.testng.annotations.Test)

Example 29 with ResponseType

use of org.gluu.oxauth.model.common.ResponseType in project oxAuth by GluuFederation.

the class ClientAuthenticationFilterEmbeddedTest method requestClientRegistrationWithCustomAttributes.

@Parameters({ "registerPath", "redirectUris" })
@Test
public void requestClientRegistrationWithCustomAttributes(final String registerPath, final String redirectUris) throws Exception {
    Builder request = ResteasyClientBuilder.newClient().target(url.toString() + registerPath).request();
    String registerRequestContent = null;
    try {
        List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE, ResponseType.TOKEN, ResponseType.ID_TOKEN);
        customAttrValue1 = UUID.randomUUID().toString();
        RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
        registerRequest.setResponseTypes(responseTypes);
        registerRequest.addCustomAttribute("oxAuthTrustedClient", "true");
        registerRequest.addCustomAttribute("myCustomAttr1", customAttrValue1);
        List<GrantType> grantTypes = Arrays.asList(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS);
        registerRequest.setGrantTypes(grantTypes);
        registerRequestContent = ServerUtil.toPrettyJson(registerRequest.getJSONParameters());
    } catch (JSONException e) {
        e.printStackTrace();
        fail(e.getMessage());
    }
    Response response = request.post(Entity.json(registerRequestContent));
    String entity = response.readEntity(String.class);
    showResponse("requestClientRegistrationWithCustomAttributes", response, entity);
    ResponseAsserter responseAsserter = ResponseAsserter.of(response.getStatus(), entity);
    responseAsserter.assertRegisterResponse();
    clientId = responseAsserter.getJson().getJson().getString(RegisterResponseParam.CLIENT_ID.toString());
}
Also used : Response(javax.ws.rs.core.Response) ResteasyClientBuilder(org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder) Builder(javax.ws.rs.client.Invocation.Builder) JSONException(org.json.JSONException) GrantType(org.gluu.oxauth.model.common.GrantType) ResponseType(org.gluu.oxauth.model.common.ResponseType) Parameters(org.testng.annotations.Parameters) BaseTest(org.gluu.oxauth.BaseTest) Test(org.testng.annotations.Test)

Example 30 with ResponseType

use of org.gluu.oxauth.model.common.ResponseType in project oxAuth by GluuFederation.

the class EndSessionBackchannelRestServerTest method requestEndSessionStep2.

@Parameters({ "authorizePath", "userId", "userSecret", "redirectUri" })
@Test(dependsOnMethods = "requestEndSessionStep1")
public void requestEndSessionStep2(final String authorizePath, final String userId, final String userSecret, final String redirectUri) throws Exception {
    final String state = UUID.randomUUID().toString();
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
    List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
    String nonce = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, registerResponse.getClientId(), scopes, redirectUri, nonce);
    authorizationRequest.setState(state);
    authorizationRequest.getPrompts().add(Prompt.NONE);
    authorizationRequest.setAuthUsername(userId);
    authorizationRequest.setAuthPassword(userSecret);
    Invocation.Builder request = ResteasyClientBuilder.newClient().target(url.toString() + authorizePath + "?" + authorizationRequest.getQueryString()).request();
    request.header("Authorization", "Basic " + authorizationRequest.getEncodedCredentials());
    request.header("Accept", MediaType.TEXT_PLAIN);
    Response response = request.get();
    String entity = response.readEntity(String.class);
    showResponse("requestEndSessionStep2", response, entity);
    assertEquals(response.getStatus(), 302, "Unexpected response code.");
    assertNotNull(response.getLocation(), "Unexpected result: " + response.getLocation());
    if (response.getLocation() != null) {
        try {
            URI uri = new URI(response.getLocation().toString());
            assertNotNull(uri.getFragment(), "Fragment is null");
            Map<String, String> params = QueryStringDecoder.decode(uri.getFragment());
            assertNotNull(params.get(AuthorizeResponseParam.ACCESS_TOKEN), "The access token is null");
            assertNotNull(params.get(AuthorizeResponseParam.STATE), "The state is null");
            assertNotNull(params.get(AuthorizeResponseParam.TOKEN_TYPE), "The token type is null");
            assertNotNull(params.get(AuthorizeResponseParam.EXPIRES_IN), "The expires in value is null");
            assertNotNull(params.get(AuthorizeResponseParam.SCOPE), "The scope must be null");
            assertNull(params.get("refresh_token"), "The refresh_token must be null");
            assertEquals(params.get(AuthorizeResponseParam.STATE), state);
            idToken = params.get(AuthorizeResponseParam.ID_TOKEN);
            sid = params.get(AuthorizeResponseParam.SID);
        } catch (URISyntaxException e) {
            e.printStackTrace();
            fail("Response URI is not well formed");
        } catch (Exception e) {
            e.printStackTrace();
            fail(e.getMessage());
        }
    }
}
Also used : Response(javax.ws.rs.core.Response) Invocation(javax.ws.rs.client.Invocation) URISyntaxException(java.net.URISyntaxException) URI(java.net.URI) URISyntaxException(java.net.URISyntaxException) ResponseType(org.gluu.oxauth.model.common.ResponseType) Parameters(org.testng.annotations.Parameters) BaseTest(org.gluu.oxauth.BaseTest) Test(org.testng.annotations.Test)

Aggregations

ResponseType (org.gluu.oxauth.model.common.ResponseType)661 Parameters (org.testng.annotations.Parameters)648 BaseTest (org.gluu.oxauth.BaseTest)646 Test (org.testng.annotations.Test)646 RegisterResponse (org.gluu.oxauth.client.RegisterResponse)541 RegisterRequest (org.gluu.oxauth.client.RegisterRequest)528 AuthorizationRequest (org.gluu.oxauth.client.AuthorizationRequest)526 AuthorizationResponse (org.gluu.oxauth.client.AuthorizationResponse)525 RegisterClient (org.gluu.oxauth.client.RegisterClient)508 OxAuthCryptoProvider (org.gluu.oxauth.model.crypto.OxAuthCryptoProvider)274 JwtAuthorizationRequest (org.gluu.oxauth.client.model.authorize.JwtAuthorizationRequest)204 AuthorizeClient (org.gluu.oxauth.client.AuthorizeClient)198 UserInfoResponse (org.gluu.oxauth.client.UserInfoResponse)179 UserInfoClient (org.gluu.oxauth.client.UserInfoClient)178 TokenClient (org.gluu.oxauth.client.TokenClient)176 TokenResponse (org.gluu.oxauth.client.TokenResponse)176 Jwt (org.gluu.oxauth.model.jwt.Jwt)170 TokenRequest (org.gluu.oxauth.client.TokenRequest)165 Claim (org.gluu.oxauth.client.model.authorize.Claim)133 Response (javax.ws.rs.core.Response)111