use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.
the class OfflineTokenTest method testClientOfflineSessionMaxLifespan.
@Test
public void testClientOfflineSessionMaxLifespan() throws Exception {
ClientResource client = ApiUtil.findClientByClientId(adminClient.realm("test"), "offline-client");
ClientRepresentation clientRepresentation = client.toRepresentation();
RealmResource realm = adminClient.realm("test");
RealmRepresentation rep = realm.toRepresentation();
Boolean originalOfflineSessionMaxLifespanEnabled = rep.getOfflineSessionMaxLifespanEnabled();
Integer originalOfflineSessionMaxLifespan = rep.getOfflineSessionMaxLifespan();
int offlineSessionMaxLifespan = rep.getOfflineSessionIdleTimeout() - 100;
Integer originalClientOfflineSessionMaxLifespan = rep.getClientOfflineSessionMaxLifespan();
try {
rep.setOfflineSessionMaxLifespanEnabled(true);
rep.setOfflineSessionMaxLifespan(offlineSessionMaxLifespan);
realm.update(rep);
oauth.scope(OAuth2Constants.OFFLINE_ACCESS);
oauth.clientId("offline-client");
oauth.redirectUri(offlineClientAppUri);
oauth.doLogin("test-user@localhost", "password");
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
OAuthClient.AccessTokenResponse response = oauth.doAccessTokenRequest(code, "secret1");
assertEquals(200, response.getStatusCode());
assertExpiration(response.getRefreshExpiresIn(), offlineSessionMaxLifespan);
rep.setClientOfflineSessionMaxLifespan(offlineSessionMaxLifespan - 100);
realm.update(rep);
String refreshToken = response.getRefreshToken();
response = oauth.doRefreshTokenRequest(refreshToken, "secret1");
assertEquals(200, response.getStatusCode());
assertExpiration(response.getRefreshExpiresIn(), offlineSessionMaxLifespan - 100);
clientRepresentation.getAttributes().put(OIDCConfigAttributes.CLIENT_OFFLINE_SESSION_MAX_LIFESPAN, Integer.toString(offlineSessionMaxLifespan - 200));
client.update(clientRepresentation);
refreshToken = response.getRefreshToken();
response = oauth.doRefreshTokenRequest(refreshToken, "secret1");
assertEquals(200, response.getStatusCode());
assertExpiration(response.getRefreshExpiresIn(), offlineSessionMaxLifespan - 200);
} finally {
rep.setOfflineSessionMaxLifespanEnabled(originalOfflineSessionMaxLifespanEnabled);
rep.setOfflineSessionMaxLifespan(originalOfflineSessionMaxLifespan);
rep.setClientOfflineSessionMaxLifespan(originalClientOfflineSessionMaxLifespan);
realm.update(rep);
clientRepresentation.getAttributes().put(OIDCConfigAttributes.CLIENT_OFFLINE_SESSION_MAX_LIFESPAN, null);
client.update(clientRepresentation);
}
}
use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.
the class OfflineTokenTest method offlineTokenAdminRESTAccess.
/**
* KEYCLOAK-4201
*
* @throws Exception
*/
@Test
public void offlineTokenAdminRESTAccess() throws Exception {
// Grant "view-realm" role to user
RealmResource appRealm = adminClient.realm("test");
ClientResource realmMgmt = ApiUtil.findClientByClientId(appRealm, Constants.REALM_MANAGEMENT_CLIENT_ID);
String realmMgmtUuid = realmMgmt.toRepresentation().getId();
RoleRepresentation roleRep = realmMgmt.roles().get(AdminRoles.VIEW_REALM).toRepresentation();
UserResource testUser = findUserByUsernameId(appRealm, "test-user@localhost");
testUser.roles().clientLevel(realmMgmtUuid).add(Collections.singletonList(roleRep));
// Login with offline token now
oauth.scope(OAuth2Constants.OFFLINE_ACCESS);
oauth.clientId("offline-client");
OAuthClient.AccessTokenResponse tokenResponse = oauth.doGrantAccessTokenRequest("secret1", "test-user@localhost", "password");
events.clear();
// Set the time offset, so that "normal" userSession expires
setTimeOffset(86400);
// Remove expired sessions. This will remove "normal" userSession
testingClient.testing().removeUserSessions(appRealm.toRepresentation().getId());
// Refresh with the offline token
tokenResponse = oauth.doRefreshTokenRequest(tokenResponse.getRefreshToken(), "secret1");
// Use accessToken to admin REST request
try (Keycloak offlineTokenAdmin = Keycloak.getInstance(getAuthServerContextRoot() + "/auth", AuthRealm.MASTER, Constants.ADMIN_CLI_CLIENT_ID, tokenResponse.getAccessToken(), TLSUtils.initializeTLS())) {
RealmRepresentation testRealm = offlineTokenAdmin.realm("test").toRepresentation();
Assert.assertNotNull(testRealm);
}
}
use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.
the class OfflineTokenTest method offlineTokenAllowedWithCompositeRole.
@Test
public void offlineTokenAllowedWithCompositeRole() throws Exception {
RealmResource appRealm = adminClient.realm("test");
UserResource testUser = findUserByUsernameId(appRealm, "test-user@localhost");
RoleRepresentation offlineAccess = findRealmRoleByName(adminClient.realm("test"), Constants.OFFLINE_ACCESS_ROLE).toRepresentation();
// Grant offline_access role indirectly through composite role
appRealm.roles().create(RoleBuilder.create().name("composite").build());
RoleResource roleResource = appRealm.roles().get("composite");
roleResource.addComposites(Collections.singletonList(offlineAccess));
testUser.roles().realmLevel().remove(Collections.singletonList(offlineAccess));
testUser.roles().realmLevel().add(Collections.singletonList(roleResource.toRepresentation()));
// Integration test
offlineTokenDirectGrantFlow();
// Revert changes
testUser.roles().realmLevel().remove(Collections.singletonList(appRealm.roles().get("composite").toRepresentation()));
appRealm.roles().get("composite").remove();
testUser.roles().realmLevel().add(Collections.singletonList(offlineAccess));
}
use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.
the class OfflineTokenTest method testClientOfflineSessionIdleTimeout.
@Test
public void testClientOfflineSessionIdleTimeout() throws Exception {
ClientResource client = ApiUtil.findClientByClientId(adminClient.realm("test"), "offline-client");
ClientRepresentation clientRepresentation = client.toRepresentation();
RealmResource realm = adminClient.realm("test");
RealmRepresentation rep = realm.toRepresentation();
Boolean originalOfflineSessionMaxLifespanEnabled = rep.getOfflineSessionMaxLifespanEnabled();
int offlineSessionIdleTimeout = rep.getOfflineSessionIdleTimeout();
Integer originalClientOfflineSessionIdleTimeout = rep.getClientOfflineSessionIdleTimeout();
try {
rep.setOfflineSessionMaxLifespanEnabled(true);
realm.update(rep);
oauth.scope(OAuth2Constants.OFFLINE_ACCESS);
oauth.clientId("offline-client");
oauth.redirectUri(offlineClientAppUri);
oauth.doLogin("test-user@localhost", "password");
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
OAuthClient.AccessTokenResponse response = oauth.doAccessTokenRequest(code, "secret1");
assertEquals(200, response.getStatusCode());
assertExpiration(response.getRefreshExpiresIn(), offlineSessionIdleTimeout);
rep.setClientOfflineSessionIdleTimeout(offlineSessionIdleTimeout - 100);
realm.update(rep);
String refreshToken = response.getRefreshToken();
response = oauth.doRefreshTokenRequest(refreshToken, "secret1");
assertEquals(200, response.getStatusCode());
assertExpiration(response.getRefreshExpiresIn(), offlineSessionIdleTimeout - 100);
clientRepresentation.getAttributes().put(OIDCConfigAttributes.CLIENT_OFFLINE_SESSION_IDLE_TIMEOUT, Integer.toString(offlineSessionIdleTimeout - 200));
client.update(clientRepresentation);
refreshToken = response.getRefreshToken();
response = oauth.doRefreshTokenRequest(refreshToken, "secret1");
assertEquals(200, response.getStatusCode());
assertExpiration(response.getRefreshExpiresIn(), offlineSessionIdleTimeout - 200);
} finally {
rep.setOfflineSessionMaxLifespanEnabled(originalOfflineSessionMaxLifespanEnabled);
rep.setClientOfflineSessionIdleTimeout(originalClientOfflineSessionIdleTimeout);
realm.update(rep);
clientRepresentation.getAttributes().put(OIDCConfigAttributes.CLIENT_OFFLINE_SESSION_IDLE_TIMEOUT, null);
client.update(clientRepresentation);
}
}
use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.
the class RefreshTokenTest method testUserSessionRefreshAndIdleRememberMe.
@Test
public void testUserSessionRefreshAndIdleRememberMe() throws Exception {
RealmResource testRealm = adminClient.realm("test");
RealmRepresentation testRealmRep = testRealm.toRepresentation();
Boolean previousRememberMe = testRealmRep.isRememberMe();
int originalIdleRememberMe = testRealmRep.getSsoSessionIdleTimeoutRememberMe();
try {
testRealmRep.setRememberMe(true);
testRealm.update(testRealmRep);
oauth.doRememberMeLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
String sessionId = loginEvent.getSessionId();
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
OAuthClient.AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code, "password");
events.poll();
String refreshId = oauth.parseRefreshToken(tokenResponse.getRefreshToken()).getId();
int last = testingClient.testing().getLastSessionRefresh("test", sessionId, false);
setTimeOffset(2);
tokenResponse = oauth.doRefreshTokenRequest(tokenResponse.getRefreshToken(), "password");
oauth.verifyToken(tokenResponse.getAccessToken());
oauth.parseRefreshToken(tokenResponse.getRefreshToken());
assertEquals(200, tokenResponse.getStatusCode());
int next = testingClient.testing().getLastSessionRefresh("test", sessionId, false);
Assert.assertNotEquals(last, next);
testRealmRep.setSsoSessionIdleTimeoutRememberMe(1);
testRealm.update(testRealmRep);
events.clear();
// Needs to add some additional time due the tollerance allowed by IDLE_TIMEOUT_WINDOW_SECONDS
setTimeOffset(6 + SessionTimeoutHelper.IDLE_TIMEOUT_WINDOW_SECONDS);
tokenResponse = oauth.doRefreshTokenRequest(tokenResponse.getRefreshToken(), "password");
// test idle remember me timeout
assertEquals(400, tokenResponse.getStatusCode());
assertNull(tokenResponse.getAccessToken());
assertNull(tokenResponse.getRefreshToken());
events.expectRefresh(refreshId, sessionId).error(Errors.INVALID_TOKEN);
events.clear();
} finally {
testRealmRep.setSsoSessionIdleTimeoutRememberMe(originalIdleRememberMe);
testRealmRep.setRememberMe(previousRememberMe);
testRealm.update(testRealmRep);
setTimeOffset(0);
}
}
Aggregations