Examples with Jwt org.gluu.oxauth.model.jwt.Jwt used on opensource projects

Search in sources :

Example 96 with Jwt

use of org.gluu.oxauth.model.jwt.Jwt in project oxAuth by GluuFederation.

the class UsesSymmetricIdTokenSignatures method usesSymmetricIdTokenSignaturesHS384.

@Parameters({ "redirectUris", "userId", "userSecret", "redirectUri", "sectorIdentifierUri" })
@Test
public void usesSymmetricIdTokenSignaturesHS384(final String redirectUris, final String userId, final String userSecret, final String redirectUri, final String sectorIdentifierUri) throws Exception {
    showTitle("OC5:FeatureTest-Uses Symmetric ID Token Signatures HS384");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.ID_TOKEN);
    // 1. Registration
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setResponseTypes(responseTypes);
    registerRequest.setIdTokenSignedResponseAlg(SignatureAlgorithm.HS384);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
    assertNotNull(registerResponse.getClientId());
    assertNotNull(registerResponse.getClientSecret());
    assertNotNull(registerResponse.getRegistrationAccessToken());
    assertNotNull(registerResponse.getClientSecretExpiresAt());
    String clientId = registerResponse.getClientId();
    String clientSecret = registerResponse.getClientSecret();
    // 2. Request Authorization
    List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
    String nonce = UUID.randomUUID().toString();
    String state = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    authorizationRequest.setState(state);
    AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
    assertNotNull(authorizationResponse.getLocation());
    assertNotNull(authorizationResponse.getIdToken());
    assertNotNull(authorizationResponse.getState());
    String idToken = authorizationResponse.getIdToken();
    // 3. Validate id_token
    Jwt jwt = Jwt.parse(idToken);
    HMACSigner hmacSigner = new HMACSigner(SignatureAlgorithm.HS384, clientSecret);
    assertTrue(hmacSigner.validate(jwt));
}
Also used : RegisterRequest(org.gluu.oxauth.client.RegisterRequest) RegisterResponse(org.gluu.oxauth.client.RegisterResponse) AuthorizationRequest(org.gluu.oxauth.client.AuthorizationRequest) HMACSigner(org.gluu.oxauth.model.jws.HMACSigner) RegisterClient(org.gluu.oxauth.client.RegisterClient) Jwt(org.gluu.oxauth.model.jwt.Jwt) ResponseType(org.gluu.oxauth.model.common.ResponseType) AuthorizationResponse(org.gluu.oxauth.client.AuthorizationResponse) Parameters(org.testng.annotations.Parameters) BaseTest(org.gluu.oxauth.BaseTest) Test(org.testng.annotations.Test)

Example 97 with Jwt

use of org.gluu.oxauth.model.jwt.Jwt in project oxAuth by GluuFederation.

the class UsesSymmetricIdTokenSignatures method usesSymmetricIdTokenSignaturesHS512.

@Parameters({ "redirectUris", "userId", "userSecret", "redirectUri", "sectorIdentifierUri" })
@Test
public void usesSymmetricIdTokenSignaturesHS512(final String redirectUris, final String userId, final String userSecret, final String redirectUri, final String sectorIdentifierUri) throws Exception {
    showTitle("OC5:FeatureTest-Uses Symmetric ID Token Signatures HS512");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.ID_TOKEN);
    // 1. Registration
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setResponseTypes(responseTypes);
    registerRequest.setIdTokenSignedResponseAlg(SignatureAlgorithm.HS512);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
    assertNotNull(registerResponse.getClientId());
    assertNotNull(registerResponse.getClientSecret());
    assertNotNull(registerResponse.getRegistrationAccessToken());
    assertNotNull(registerResponse.getClientSecretExpiresAt());
    String clientId = registerResponse.getClientId();
    String clientSecret = registerResponse.getClientSecret();
    // 2. Request Authorization
    List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
    String nonce = UUID.randomUUID().toString();
    String state = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    authorizationRequest.setState(state);
    AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
    assertNotNull(authorizationResponse.getLocation());
    assertNotNull(authorizationResponse.getIdToken());
    assertNotNull(authorizationResponse.getState());
    String idToken = authorizationResponse.getIdToken();
    // 3. Validate id_token
    Jwt jwt = Jwt.parse(idToken);
    HMACSigner hmacSigner = new HMACSigner(SignatureAlgorithm.HS512, clientSecret);
    assertTrue(hmacSigner.validate(jwt));
}
Also used : RegisterRequest(org.gluu.oxauth.client.RegisterRequest) RegisterResponse(org.gluu.oxauth.client.RegisterResponse) AuthorizationRequest(org.gluu.oxauth.client.AuthorizationRequest) HMACSigner(org.gluu.oxauth.model.jws.HMACSigner) RegisterClient(org.gluu.oxauth.client.RegisterClient) Jwt(org.gluu.oxauth.model.jwt.Jwt) ResponseType(org.gluu.oxauth.model.common.ResponseType) AuthorizationResponse(org.gluu.oxauth.client.AuthorizationResponse) Parameters(org.testng.annotations.Parameters) BaseTest(org.gluu.oxauth.BaseTest) Test(org.testng.annotations.Test)

Example 98 with Jwt

use of org.gluu.oxauth.model.jwt.Jwt in project oxAuth by GluuFederation.

the class SessionIdService method generateJwt.

private Jwt generateJwt(SessionId sessionId, String audience) {
    try {
        JwtSigner jwtSigner = new JwtSigner(appConfiguration, webKeysConfiguration, SignatureAlgorithm.RS512, audience);
        Jwt jwt = jwtSigner.newJwt();
        // claims
        jwt.getClaims().setClaim("id", sessionId.getId());
        jwt.getClaims().setClaim("authentication_time", sessionId.getAuthenticationTime());
        jwt.getClaims().setClaim("user_dn", sessionId.getUserDn());
        jwt.getClaims().setClaim("state", sessionId.getState() != null ? sessionId.getState().getValue() : "");
        jwt.getClaims().setClaim("session_attributes", JwtSubClaimObject.fromMap(sessionId.getSessionAttributes()));
        jwt.getClaims().setClaim("last_used_at", sessionId.getLastUsedAt());
        jwt.getClaims().setClaim("permission_granted", sessionId.getPermissionGranted());
        jwt.getClaims().setClaim("permission_granted_map", JwtSubClaimObject.fromBooleanMap(sessionId.getPermissionGrantedMap().getPermissionGranted()));
        // sign
        return jwtSigner.sign();
    } catch (Exception e) {
        log.error("Failed to sign session jwt! " + e.getMessage(), e);
        throw new RuntimeException(e);
    }
}
Also used : JwtSigner(org.gluu.oxauth.model.token.JwtSigner) Jwt(org.gluu.oxauth.model.jwt.Jwt) URISyntaxException(java.net.URISyntaxException) JSONException(org.json.JSONException) InvalidSessionStateException(org.gluu.oxauth.model.exception.InvalidSessionStateException) EntryPersistenceException(org.gluu.persist.exception.EntryPersistenceException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) AcrChangedException(org.gluu.oxauth.model.exception.AcrChangedException) LDAPException(com.unboundid.ldap.sdk.LDAPException) NoSuchProviderException(java.security.NoSuchProviderException)

Example 99 with Jwt

use of org.gluu.oxauth.model.jwt.Jwt in project oxAuth by GluuFederation.

the class BackchannelAuthenticationPollMode method idTokenHintRS512.

@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "sectorIdentifierUri" })
@Test
public void idTokenHintRS512(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String sectorIdentifierUri) throws Exception {
    showTitle("idTokenHintRS512");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setResponseTypes(responseTypes);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    registerRequest.setIdTokenSignedResponseAlg(SignatureAlgorithm.RS512);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
    assertNotNull(registerResponse.getClientId());
    assertNotNull(registerResponse.getClientSecret());
    assertNotNull(registerResponse.getRegistrationAccessToken());
    assertNotNull(registerResponse.getClientIdIssuedAt());
    assertNotNull(registerResponse.getClientSecretExpiresAt());
    String clientId = registerResponse.getClientId();
    // 2. Request authorization
    List<String> scopes = Arrays.asList("openid");
    String nonce = UUID.randomUUID().toString();
    String state = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    authorizationRequest.setState(state);
    AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
    authorizeClient.setRequest(authorizationRequest);
    AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
    assertNotNull(authorizationResponse.getLocation(), "The location is null");
    assertNotNull(authorizationResponse.getAccessToken(), "The accessToken is null");
    assertNotNull(authorizationResponse.getTokenType(), "The tokenType is null");
    assertNotNull(authorizationResponse.getIdToken(), "The idToken is null");
    assertNotNull(authorizationResponse.getState(), "The state is null");
    String idToken = authorizationResponse.getIdToken();
    // 3. Validate id_token
    Jwt jwt = Jwt.parse(idToken);
    assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.TYPE));
    assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUER));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUDIENCE));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ACCESS_TOKEN_HASH));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUTHENTICATION_TIME));
    RSAPublicKey publicKey = JwkClient.getRSAPublicKey(jwksUri, jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID));
    RSASigner rsaSigner = new RSASigner(SignatureAlgorithm.RS512, publicKey);
    assertTrue(rsaSigner.validate(jwt));
    idTokenHintRS512 = idToken;
}
Also used : RegisterRequest(org.gluu.oxauth.client.RegisterRequest) AuthorizationRequest(org.gluu.oxauth.client.AuthorizationRequest) Jwt(org.gluu.oxauth.model.jwt.Jwt) ResponseType(org.gluu.oxauth.model.common.ResponseType) BackchannelAuthenticationErrorResponseType(org.gluu.oxauth.model.ciba.BackchannelAuthenticationErrorResponseType) AuthorizationResponse(org.gluu.oxauth.client.AuthorizationResponse) RegisterResponse(org.gluu.oxauth.client.RegisterResponse) RSAPublicKey(org.gluu.oxauth.model.crypto.signature.RSAPublicKey) RegisterClient(org.gluu.oxauth.client.RegisterClient) RSASigner(org.gluu.oxauth.model.jws.RSASigner) AuthorizeClient(org.gluu.oxauth.client.AuthorizeClient) Parameters(org.testng.annotations.Parameters) BaseTest(org.gluu.oxauth.BaseTest) Test(org.testng.annotations.Test)

Example 100 with Jwt

use of org.gluu.oxauth.model.jwt.Jwt in project oxAuth by GluuFederation.

the class BackchannelAuthenticationPollMode method requestBackchannelAuthentication.

public String requestBackchannelAuthentication(final String userId, final String clientId, final String clientSecret, final String backchannelUserCode) throws Exception {
    // Authentication Request
    String bindingMessage = RandomStringUtils.randomAlphanumeric(6);
    String clientNotificationToken = UUID.randomUUID().toString();
    BackchannelAuthenticationRequest backchannelAuthenticationRequest = new BackchannelAuthenticationRequest();
    backchannelAuthenticationRequest.setScope(Arrays.asList("openid", "profile", "email", "address", "phone"));
    backchannelAuthenticationRequest.setLoginHint(userId);
    backchannelAuthenticationRequest.setClientNotificationToken(clientNotificationToken);
    backchannelAuthenticationRequest.setUserCode(backchannelUserCode);
    backchannelAuthenticationRequest.setRequestedExpiry(1200);
    backchannelAuthenticationRequest.setAcrValues(Arrays.asList("auth_ldap_server", "basic"));
    backchannelAuthenticationRequest.setBindingMessage(bindingMessage);
    backchannelAuthenticationRequest.setAuthUsername(clientId);
    backchannelAuthenticationRequest.setAuthPassword(clientSecret);
    BackchannelAuthenticationClient backchannelAuthenticationClient = new BackchannelAuthenticationClient(backchannelAuthenticationEndpoint);
    backchannelAuthenticationClient.setRequest(backchannelAuthenticationRequest);
    BackchannelAuthenticationResponse backchannelAuthenticationResponse = backchannelAuthenticationClient.exec();
    showClient(backchannelAuthenticationClient);
    assertEquals(backchannelAuthenticationResponse.getStatus(), 200, "Unexpected response code: " + backchannelAuthenticationResponse.getEntity());
    assertNotNull(backchannelAuthenticationResponse.getAuthReqId());
    assertNotNull(backchannelAuthenticationResponse.getExpiresIn());
    // This parameter will only be present if the Client is registered to use the Poll or Ping modes.
    assertNotNull(backchannelAuthenticationResponse.getInterval());
    String authReqId = backchannelAuthenticationResponse.getAuthReqId();
    // Token Request Using CIBA Grant Type
    TokenResponse tokenResponse = null;
    int pollCount = 0;
    do {
        Thread.sleep(5000);
        TokenRequest tokenRequest = new TokenRequest(GrantType.CIBA);
        tokenRequest.setAuthUsername(clientId);
        tokenRequest.setAuthPassword(clientSecret);
        tokenRequest.setAuthReqId(authReqId);
        TokenClient tokenClient = new TokenClient(tokenEndpoint);
        tokenClient.setRequest(tokenRequest);
        tokenResponse = tokenClient.exec();
        showClient(tokenClient);
        pollCount++;
    } while (tokenResponse.getStatus() == 400 && pollCount < 5);
    assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus());
    assertNotNull(tokenResponse.getEntity(), "The entity is null");
    assertNotNull(tokenResponse.getAccessToken(), "The access token is null");
    assertNotNull(tokenResponse.getTokenType(), "The token type is null");
    String accessToken = tokenResponse.getAccessToken();
    String idToken = tokenResponse.getIdToken();
    // Request user info
    UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
    UserInfoResponse userInfoResponse = userInfoClient.execUserInfo(accessToken);
    showClient(userInfoClient);
    assertEquals(userInfoResponse.getStatus(), 200, "Unexpected response code: " + userInfoResponse.getStatus());
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.SUBJECT_IDENTIFIER));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.WEBSITE));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.ZONEINFO));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.ADDRESS));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.BIRTHDATE));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.EMAIL_VERIFIED));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.GENDER));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.PROFILE));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.PHONE_NUMBER_VERIFIED));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.PREFERRED_USERNAME));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.GIVEN_NAME));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.MIDDLE_NAME));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.LOCALE));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.PICTURE));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.UPDATED_AT));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.NAME));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.NICKNAME));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.PHONE_NUMBER));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.FAMILY_NAME));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.EMAIL));
    // Validate id_token
    Jwt jwt = Jwt.parse(idToken);
    assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.TYPE));
    assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUER));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUDIENCE));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
    RSAPublicKey publicKey = JwkClient.getRSAPublicKey(jwksUri, jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID));
    RSASigner rsaSigner = new RSASigner(SignatureAlgorithm.RS256, publicKey);
    assertTrue(rsaSigner.validate(jwt));
    String sub = jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER);
    return sub;
}
Also used : Jwt(org.gluu.oxauth.model.jwt.Jwt) UserInfoClient(org.gluu.oxauth.client.UserInfoClient) TokenResponse(org.gluu.oxauth.client.TokenResponse) RSAPublicKey(org.gluu.oxauth.model.crypto.signature.RSAPublicKey) BackchannelAuthenticationResponse(org.gluu.oxauth.client.BackchannelAuthenticationResponse) BackchannelAuthenticationClient(org.gluu.oxauth.client.BackchannelAuthenticationClient) RSASigner(org.gluu.oxauth.model.jws.RSASigner) TokenRequest(org.gluu.oxauth.client.TokenRequest) BackchannelAuthenticationRequest(org.gluu.oxauth.client.BackchannelAuthenticationRequest) UserInfoResponse(org.gluu.oxauth.client.UserInfoResponse) TokenClient(org.gluu.oxauth.client.TokenClient)

Aggregations

Jwt (org.gluu.oxauth.model.jwt.Jwt)244 Test (org.testng.annotations.Test)217 BaseTest (org.gluu.oxauth.BaseTest)215 Parameters (org.testng.annotations.Parameters)210 AuthorizationResponse (org.gluu.oxauth.client.AuthorizationResponse)171 ResponseType (org.gluu.oxauth.model.common.ResponseType)170 RegisterResponse (org.gluu.oxauth.client.RegisterResponse)167 AuthorizationRequest (org.gluu.oxauth.client.AuthorizationRequest)162 RegisterClient (org.gluu.oxauth.client.RegisterClient)156 RegisterRequest (org.gluu.oxauth.client.RegisterRequest)156 OxAuthCryptoProvider (org.gluu.oxauth.model.crypto.OxAuthCryptoProvider)108 RSASigner (org.gluu.oxauth.model.jws.RSASigner)98 RSAPublicKey (org.gluu.oxauth.model.crypto.signature.RSAPublicKey)97 AuthorizeClient (org.gluu.oxauth.client.AuthorizeClient)92 UserInfoResponse (org.gluu.oxauth.client.UserInfoResponse)82 UserInfoClient (org.gluu.oxauth.client.UserInfoClient)81 JwtAuthorizationRequest (org.gluu.oxauth.client.model.authorize.JwtAuthorizationRequest)70 JSONObject (org.json.JSONObject)60 Claim (org.gluu.oxauth.client.model.authorize.Claim)46 UserInfoRequest (org.gluu.oxauth.client.UserInfoRequest)39
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial