use of org.gluu.oxauth.model.crypto.signature.RSAPublicKey in project oxAuth by GluuFederation.
the class AuthorizeRestWebServiceHttpTest method requestAuthorizationCodeIdTokenUserBasicAuth.
@Parameters({ "userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri" })
@Test
public void requestAuthorizationCodeIdTokenUserBasicAuth(final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri) throws Exception {
showTitle("requestAuthorizationCodeIdTokenUserBasicAuth");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE, ResponseType.ID_TOKEN);
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
String registrationAccessToken = registerResponse.getRegistrationAccessToken();
String registrationClientUri = registerResponse.getRegistrationClientUri();
// 2. Client read
RegisterRequest readClientRequest = new RegisterRequest(registrationAccessToken);
RegisterClient readClient = new RegisterClient(registrationClientUri);
readClient.setRequest(readClientRequest);
RegisterResponse readClientResponse = readClient.exec();
showClient(readClient);
assertEquals(readClientResponse.getStatus(), 200, "Unexpected response code: " + readClientResponse.getEntity());
assertNotNull(readClientResponse.getClientId());
assertNotNull(readClientResponse.getClientSecret());
assertNotNull(readClientResponse.getClientIdIssuedAt());
assertNotNull(readClientResponse.getClientSecretExpiresAt());
assertNotNull(readClientResponse.getClaims().get(RESPONSE_TYPES.toString()));
assertNotNull(readClientResponse.getClaims().get(REDIRECT_URIS.toString()));
assertNotNull(readClientResponse.getClaims().get(APPLICATION_TYPE.toString()));
assertNotNull(readClientResponse.getClaims().get(CLIENT_NAME.toString()));
assertNotNull(readClientResponse.getClaims().get(ID_TOKEN_SIGNED_RESPONSE_ALG.toString()));
assertNotNull(readClientResponse.getClaims().get(SCOPE.toString()));
// 3. Request authorization
List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
String state = UUID.randomUUID().toString();
String nonce = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
assertNotNull(authorizationResponse.getLocation(), "The location is null");
assertNotNull(authorizationResponse.getCode(), "The code is null");
assertNotNull(authorizationResponse.getIdToken(), "The idToken is null");
assertNotNull(authorizationResponse.getState(), "The state is null");
String code = authorizationResponse.getCode();
String idToken = authorizationResponse.getIdToken();
// 4. Validate code and id_token
Jwt jwt = Jwt.parse(idToken);
Asserter.assertIdToken(jwt, JwtClaimName.CODE_HASH);
RSAPublicKey publicKey = JwkClient.getRSAPublicKey(jwksUri, jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID));
RSASigner rsaSigner = new RSASigner(SignatureAlgorithm.RS256, publicKey);
assertTrue(rsaSigner.validate(jwt));
assertTrue(rsaSigner.validateAuthorizationCode(code, jwt));
}
use of org.gluu.oxauth.model.crypto.signature.RSAPublicKey in project oxAuth by GluuFederation.
the class AuthorizationCodeFlowHttpTest method authorizationCodeFlowWithOptionalNonce.
@Parameters({ "userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri" })
@Test
public void authorizationCodeFlowWithOptionalNonce(final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri) throws Exception {
showTitle("authorizationCodeFlowWithOptionalNonce");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE, ResponseType.ID_TOKEN);
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
String clientSecret = registerResponse.getClientSecret();
// 2. Request authorization and receive the authorization code.
List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
String state = UUID.randomUUID().toString();
String nonce = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
assertNotNull(authorizationResponse.getLocation(), "The location is null");
assertNotNull(authorizationResponse.getCode(), "The authorization code is null");
assertNotNull(authorizationResponse.getState(), "The state is null");
assertNotNull(authorizationResponse.getScope(), "The scope is null");
String scope = authorizationResponse.getScope();
String authorizationCode = authorizationResponse.getCode();
String idToken = authorizationResponse.getIdToken();
// 3. Request access token using the authorization code.
TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
tokenRequest.setCode(authorizationCode);
tokenRequest.setRedirectUri(redirectUri);
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword(clientSecret);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_BASIC);
TokenClient tokenClient1 = new TokenClient(tokenEndpoint);
tokenClient1.setRequest(tokenRequest);
TokenResponse tokenResponse1 = tokenClient1.exec();
showClient(tokenClient1);
assertEquals(tokenResponse1.getStatus(), 200, "Unexpected response code: " + tokenResponse1.getStatus());
assertNotNull(tokenResponse1.getEntity(), "The entity is null");
assertNotNull(tokenResponse1.getAccessToken(), "The access token is null");
assertNotNull(tokenResponse1.getExpiresIn(), "The expires in value is null");
assertNotNull(tokenResponse1.getTokenType(), "The token type is null");
assertNotNull(tokenResponse1.getRefreshToken(), "The refresh token is null");
String refreshToken = tokenResponse1.getRefreshToken();
// 4. Validate id_token
Jwt jwt = Jwt.parse(idToken);
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.NONCE));
assertEquals(jwt.getClaims().getClaimAsString(JwtClaimName.NONCE), nonce);
assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.TYPE));
assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUER));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUDIENCE));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.CODE_HASH));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUTHENTICATION_TIME));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.OX_OPENID_CONNECT_VERSION));
RSAPublicKey publicKey = JwkClient.getRSAPublicKey(jwksUri, jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID));
RSASigner rsaSigner = new RSASigner(SignatureAlgorithm.RS256, publicKey);
assertTrue(rsaSigner.validate(jwt));
// 5. Request new access token using the refresh token.
TokenClient tokenClient2 = new TokenClient(tokenEndpoint);
TokenResponse tokenResponse2 = tokenClient2.execRefreshToken(scope, refreshToken, clientId, clientSecret);
showClient(tokenClient2);
assertEquals(tokenResponse2.getStatus(), 200, "Unexpected response code: " + tokenResponse2.getStatus());
assertNotNull(tokenResponse2.getEntity(), "The entity is null");
assertNotNull(tokenResponse2.getAccessToken(), "The access token is null");
assertNotNull(tokenResponse2.getTokenType(), "The token type is null");
assertNotNull(tokenResponse2.getRefreshToken(), "The refresh token is null");
assertNotNull(tokenResponse2.getScope(), "The scope is null");
}
use of org.gluu.oxauth.model.crypto.signature.RSAPublicKey in project oxAuth by GluuFederation.
the class AuthorizationCodeFlowHttpTest method authorizationCodeFlowLoginHint.
@Parameters({ "userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri" })
@Test
public void authorizationCodeFlowLoginHint(final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri) throws Exception {
showTitle("authorizationCodeFlowLoginHint");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE, ResponseType.ID_TOKEN);
List<String> scopes = Arrays.asList("openid", "profile", "address", "email", "user_name");
// 1. Register client
RegisterResponse registerResponse = registerClient(redirectUris, responseTypes, scopes, sectorIdentifierUri);
String clientId = registerResponse.getClientId();
String clientSecret = registerResponse.getClientSecret();
// 2. Request authorization and receive the authorization code.
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setLoginHint(userId);
authorizationRequest.setState(state);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, // put userId explicitly, window.onload function result is not same as in browser (tested with chrome and FF)
userSecret);
assertNotNull(authorizationResponse.getLocation(), "The location is null");
assertNotNull(authorizationResponse.getCode(), "The authorization code is null");
assertNotNull(authorizationResponse.getState(), "The state is null");
assertNotNull(authorizationResponse.getScope(), "The scope is null");
String scope = authorizationResponse.getScope();
String authorizationCode = authorizationResponse.getCode();
String idToken = authorizationResponse.getIdToken();
// 3. Request access token using the authorization code.
TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
tokenRequest.setCode(authorizationCode);
tokenRequest.setRedirectUri(redirectUri);
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword(clientSecret);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_BASIC);
TokenClient tokenClient1 = new TokenClient(tokenEndpoint);
tokenClient1.setRequest(tokenRequest);
TokenResponse tokenResponse1 = tokenClient1.exec();
showClient(tokenClient1);
assertEquals(tokenResponse1.getStatus(), 200, "Unexpected response code: " + tokenResponse1.getStatus());
assertNotNull(tokenResponse1.getEntity(), "The entity is null");
assertNotNull(tokenResponse1.getAccessToken(), "The access token is null");
assertNotNull(tokenResponse1.getExpiresIn(), "The expires in value is null");
assertNotNull(tokenResponse1.getTokenType(), "The token type is null");
assertNotNull(tokenResponse1.getRefreshToken(), "The refresh token is null");
String refreshToken = tokenResponse1.getRefreshToken();
// 4. Validate id_token
Jwt jwt = Jwt.parse(idToken);
assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.TYPE));
assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUER));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUDIENCE));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.CODE_HASH));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUTHENTICATION_TIME));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.OX_OPENID_CONNECT_VERSION));
RSAPublicKey publicKey = JwkClient.getRSAPublicKey(jwksUri, jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID));
RSASigner rsaSigner = new RSASigner(SignatureAlgorithm.RS256, publicKey);
assertTrue(rsaSigner.validate(jwt));
// 5. Request new access token using the refresh token.
TokenClient tokenClient2 = new TokenClient(tokenEndpoint);
TokenResponse tokenResponse2 = tokenClient2.execRefreshToken(scope, refreshToken, clientId, clientSecret);
showClient(tokenClient2);
assertEquals(tokenResponse2.getStatus(), 200, "Unexpected response code: " + tokenResponse2.getStatus());
assertNotNull(tokenResponse2.getEntity(), "The entity is null");
assertNotNull(tokenResponse2.getAccessToken(), "The access token is null");
assertNotNull(tokenResponse2.getTokenType(), "The token type is null");
assertNotNull(tokenResponse2.getRefreshToken(), "The refresh token is null");
assertNotNull(tokenResponse2.getScope(), "The scope is null");
String accessToken = tokenResponse2.getAccessToken();
// 6. Request user info
UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
UserInfoResponse userInfoResponse = userInfoClient.execUserInfo(accessToken);
showClient(userInfoClient);
assertEquals(userInfoResponse.getStatus(), 200, "Unexpected response code: " + userInfoResponse.getStatus());
assertNotNull(userInfoResponse.getClaim(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.NAME));
assertNotNull(userInfoResponse.getClaim("user_name"));
assertNull(userInfoResponse.getClaim("org_name"));
assertNull(userInfoResponse.getClaim("work_phone"));
}
use of org.gluu.oxauth.model.crypto.signature.RSAPublicKey in project oxAuth by GluuFederation.
the class AuthorizationCodeFlowHttpTest method authorizationCodeFlow.
/**
* Test for the complete Authorization Code Flow.
*/
@Parameters({ "userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri" })
@Test
public void authorizationCodeFlow(final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri) throws Exception {
showTitle("authorizationCodeFlow");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE, ResponseType.ID_TOKEN);
List<String> scopes = Arrays.asList("openid", "profile", "address", "email", "phone", "user_name");
// 1. Register client
RegisterResponse registerResponse = registerClient(redirectUris, responseTypes, scopes, sectorIdentifierUri);
String clientId = registerResponse.getClientId();
String clientSecret = registerResponse.getClientSecret();
// 2. Request authorization and receive the authorization code.
String nonce = UUID.randomUUID().toString();
AuthorizationResponse authorizationResponse = requestAuthorization(userId, userSecret, redirectUri, responseTypes, scopes, clientId, nonce);
String scope = authorizationResponse.getScope();
String authorizationCode = authorizationResponse.getCode();
String idToken = authorizationResponse.getIdToken();
// 3. Request access token using the authorization code.
TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
tokenRequest.setCode(authorizationCode);
tokenRequest.setRedirectUri(redirectUri);
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword(clientSecret);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_BASIC);
TokenClient tokenClient1 = newTokenClient(tokenRequest);
tokenClient1.setRequest(tokenRequest);
TokenResponse tokenResponse1 = tokenClient1.exec();
showClient(tokenClient1);
assertEquals(tokenResponse1.getStatus(), 200, "Unexpected response code: " + tokenResponse1.getStatus());
assertNotNull(tokenResponse1.getEntity(), "The entity is null");
assertNotNull(tokenResponse1.getAccessToken(), "The access token is null");
assertNotNull(tokenResponse1.getExpiresIn(), "The expires in value is null");
assertNotNull(tokenResponse1.getTokenType(), "The token type is null");
assertNotNull(tokenResponse1.getRefreshToken(), "The refresh token is null");
String refreshToken = tokenResponse1.getRefreshToken();
// 4. Validate id_token
Jwt jwt = Jwt.parse(idToken);
Asserter.assertIdToken(jwt, JwtClaimName.CODE_HASH);
RSAPublicKey publicKey = JwkClient.getRSAPublicKey(jwksUri, jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID), clientEngine(true));
RSASigner rsaSigner = new RSASigner(SignatureAlgorithm.RS256, publicKey);
assertTrue(rsaSigner.validate(jwt));
// 5. Request new access token using the refresh token.
TokenClient tokenClient2 = new TokenClient(tokenEndpoint);
tokenClient2.setExecutor(clientEngine(true));
TokenResponse tokenResponse2 = tokenClient2.execRefreshToken(scope, refreshToken, clientId, clientSecret);
showClient(tokenClient2);
assertEquals(tokenResponse2.getStatus(), 200, "Unexpected response code: " + tokenResponse2.getStatus());
assertNotNull(tokenResponse2.getEntity(), "The entity is null");
assertNotNull(tokenResponse2.getAccessToken(), "The access token is null");
assertNotNull(tokenResponse2.getTokenType(), "The token type is null");
assertNotNull(tokenResponse2.getRefreshToken(), "The refresh token is null");
assertNotNull(tokenResponse2.getScope(), "The scope is null");
String accessToken = tokenResponse2.getAccessToken();
// 6. Request user info
UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
userInfoClient.setExecutor(clientEngine(true));
UserInfoResponse userInfoResponse = userInfoClient.execUserInfo(accessToken);
showClient(userInfoClient);
assertEquals(userInfoResponse.getStatus(), 200, "Unexpected response code: " + userInfoResponse.getStatus());
assertNotNull(userInfoResponse.getClaim(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.NAME));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.BIRTHDATE));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.FAMILY_NAME));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.GENDER));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.GIVEN_NAME));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.MIDDLE_NAME));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.NICKNAME));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.PICTURE));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.PREFERRED_USERNAME));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.PROFILE));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.WEBSITE));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.EMAIL));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.EMAIL_VERIFIED));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.PHONE_NUMBER));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.PHONE_NUMBER_VERIFIED));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.ADDRESS));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.LOCALE));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.ZONEINFO));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.USER_NAME));
assertNull(userInfoResponse.getClaim("org_name"));
assertNull(userInfoResponse.getClaim("work_phone"));
}
use of org.gluu.oxauth.model.crypto.signature.RSAPublicKey in project oxAuth by GluuFederation.
the class AddressClaimsTest method authorizationRequestRS384.
@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri", "RS384_keyId", "clientJwksUri" })
@Test
public void authorizationRequestRS384(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri, final String keyId, final String clientJwksUri) throws Exception {
showTitle("authorizationRequestRS384");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
registerRequest.setIdTokenSignedResponseAlg(SignatureAlgorithm.RS384);
registerRequest.setUserInfoSignedResponseAlg(SignatureAlgorithm.RS384);
registerRequest.setRequestObjectSigningAlg(SignatureAlgorithm.RS384);
registerRequest.addCustomAttribute("oxIncludeClaimsInIdToken", "true");
registerRequest.setJwksUri(clientJwksUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
// 2. Request authorization
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
List<String> scopes = Arrays.asList("openid", "address");
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, SignatureAlgorithm.RS384, cryptoProvider);
jwtAuthorizationRequest.setKeyId(keyId);
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createEssential(true)));
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.ADDRESS_STREET_ADDRESS, ClaimValue.createEssential(true)));
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.ADDRESS_COUNTRY, ClaimValue.createEssential(true)));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.ADDRESS_STREET_ADDRESS, ClaimValue.createEssential(true)));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.ADDRESS_COUNTRY, ClaimValue.createEssential(true)));
String authJwt = jwtAuthorizationRequest.getEncodedJwt();
authorizationRequest.setRequest(authJwt);
AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
authorizeClient.setRequest(authorizationRequest);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
assertNotNull(authorizationResponse.getLocation(), "The location is null");
assertNotNull(authorizationResponse.getAccessToken(), "The accessToken is null");
assertNotNull(authorizationResponse.getTokenType(), "The tokenType is null");
assertNotNull(authorizationResponse.getIdToken(), "The idToken is null");
assertNotNull(authorizationResponse.getState(), "The state is null");
String idToken = authorizationResponse.getIdToken();
String accessToken = authorizationResponse.getAccessToken();
// 3. Validate id_token
Jwt jwt = Jwt.parse(idToken);
assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.TYPE));
assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUER));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUDIENCE));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ACCESS_TOKEN_HASH));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUTHENTICATION_TIME));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ADDRESS_STREET_ADDRESS));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ADDRESS_COUNTRY));
assertNotNull(jwt.getClaims().getClaim(JwtClaimName.ADDRESS));
assertNotNull(jwt.getClaims().getClaimAsJSON(JwtClaimName.ADDRESS).has(JwtClaimName.ADDRESS_STREET_ADDRESS));
assertNotNull(jwt.getClaims().getClaimAsJSON(JwtClaimName.ADDRESS).has(JwtClaimName.ADDRESS_COUNTRY));
assertNotNull(jwt.getClaims().getClaimAsJSON(JwtClaimName.ADDRESS).has(JwtClaimName.ADDRESS_LOCALITY));
assertNotNull(jwt.getClaims().getClaimAsJSON(JwtClaimName.ADDRESS).has(JwtClaimName.ADDRESS_REGION));
RSAPublicKey publicKey = JwkClient.getRSAPublicKey(jwksUri, jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID));
RSASigner rsaSigner = new RSASigner(SignatureAlgorithm.RS384, publicKey);
assertTrue(rsaSigner.validate(jwt));
// 4. Request user info
UserInfoRequest userInfoRequest = new UserInfoRequest(accessToken);
UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
userInfoClient.setRequest(userInfoRequest);
userInfoClient.setJwksUri(jwksUri);
UserInfoResponse userInfoResponse = userInfoClient.exec();
showClient(userInfoClient);
assertEquals(userInfoResponse.getStatus(), 200, "Unexpected response code: " + userInfoResponse.getStatus());
assertNotNull(userInfoResponse.getClaim(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.ISSUER));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.AUDIENCE));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.ADDRESS_STREET_ADDRESS));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.ADDRESS_COUNTRY));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.ADDRESS));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.ADDRESS).containsAll(Arrays.asList(JwtClaimName.ADDRESS_STREET_ADDRESS, JwtClaimName.ADDRESS_COUNTRY, JwtClaimName.ADDRESS_LOCALITY, JwtClaimName.ADDRESS_REGION)));
}
Aggregations