Example 1 with TokenIntrospectionResponse
use of org.keycloak.authorization.client.representation.TokenIntrospectionResponse in project keycloak by keycloak.
the class EntitlementAPITest method testOfflineRequestingPartyToken.
@Test
public void testOfflineRequestingPartyToken() throws Exception {
ClientResource client = getClient(getRealm(), RESOURCE_SERVER_TEST);
AuthorizationResource authorization = client.authorization();
JSPolicyRepresentation policy = new JSPolicyRepresentation();
policy.setName(KeycloakModelUtils.generateId());
policy.setCode("$evaluation.grant();");
authorization.policies().js().create(policy).close();
ResourceRepresentation resource = new ResourceRepresentation();
resource.setName("Sensors");
resource.addScope("sensors:view", "sensors:update", "sensors:delete");
try (Response response = authorization.resources().create(resource)) {
resource = response.readEntity(ResourceRepresentation.class);
}
ScopePermissionRepresentation permission = new ScopePermissionRepresentation();
permission.setName("View Sensor");
permission.addScope("sensors:view");
permission.addPolicy(policy.getName());
authorization.permissions().scope().create(permission).close();
String accessToken = new OAuthClient().realm("authz-test").clientId(RESOURCE_SERVER_TEST).scope("offline_access").doGrantAccessTokenRequest("secret", "offlineuser", "password").getAccessToken();
AuthzClient authzClient = getAuthzClient(AUTHZ_CLIENT_CONFIG);
AccessTokenResponse response = authzClient.authorization(accessToken).authorize();
assertNotNull(response.getToken());
controller.stop(suiteContext.getAuthServerInfo().getQualifier());
controller.start(suiteContext.getAuthServerInfo().getQualifier());
reconnectAdminClient();
configureSectorIdentifierRedirectUris();
TokenIntrospectionResponse introspectionResponse = authzClient.protection().introspectRequestingPartyToken(response.getToken());
assertTrue(introspectionResponse.getActive());
assertFalse(introspectionResponse.getPermissions().isEmpty());
response = authzClient.authorization(accessToken).authorize();
assertNotNull(response.getToken());
}
Also used :
AccessTokenResponse(org.keycloak.representations.AccessTokenResponse)
Response(javax.ws.rs.core.Response)
TokenIntrospectionResponse(org.keycloak.authorization.client.representation.TokenIntrospectionResponse)
AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse)
PermissionResponse(org.keycloak.representations.idm.authorization.PermissionResponse)
AuthzClient(org.keycloak.authorization.client.AuthzClient)
OAuthClient(org.keycloak.testsuite.util.OAuthClient)
JSPolicyRepresentation(org.keycloak.representations.idm.authorization.JSPolicyRepresentation)
ClientResource(org.keycloak.admin.client.resource.ClientResource)
TokenIntrospectionResponse(org.keycloak.authorization.client.representation.TokenIntrospectionResponse)
AccessTokenResponse(org.keycloak.representations.AccessTokenResponse)
AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource)
ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation)
ScopePermissionRepresentation(org.keycloak.representations.idm.authorization.ScopePermissionRepresentation)
Test(org.junit.Test)
Example 2 with TokenIntrospectionResponse
use of org.keycloak.authorization.client.representation.TokenIntrospectionResponse in project keycloak by keycloak.
the class UmaGrantTypeTest method testTokenIntrospect.
@Test
public void testTokenIntrospect() throws Exception {
AuthzClient authzClient = getAuthzClient();
AccessTokenResponse accessTokenResponse = authzClient.obtainAccessToken("marta", "password");
AuthorizationResponse response = authorize(null, null, null, null, accessTokenResponse.getToken(), null, null, new PermissionRequest("Resource A", "ScopeA", "ScopeB"));
String rpt = response.getToken();
assertNotNull(rpt);
assertFalse(response.isUpgraded());
AccessToken accessToken = toAccessToken(rpt);
AccessToken.Authorization authorization = accessToken.getAuthorization();
assertNotNull(authorization);
Collection<Permission> permissions = authorization.getPermissions();
assertNotNull(permissions);
assertPermissions(permissions, "Resource A", "ScopeA", "ScopeB");
assertTrue(permissions.isEmpty());
TokenIntrospectionResponse introspectionResponse = authzClient.protection().introspectRequestingPartyToken(rpt);
assertNotNull(introspectionResponse);
assertNotNull(introspectionResponse.getPermissions());
oauth.realm("authz-test");
String introspectHttpResponse = oauth.introspectTokenWithClientCredential("resource-server-test", "secret", "requesting_party_token", rpt);
Map jsonNode = JsonSerialization.readValue(introspectHttpResponse, Map.class);
assertEquals(true, jsonNode.get("active"));
Collection permissionClaims = (Collection) jsonNode.get("permissions");
assertNotNull(permissionClaims);
assertEquals(1, permissionClaims.size());
Map<String, Object> claim = (Map) permissionClaims.iterator().next();
assertThat(claim.keySet(), containsInAnyOrder("resource_id", "rsname", "resource_scopes", "scopes", "rsid"));
assertThat(claim.get("rsname"), equalTo("Resource A"));
ResourceRepresentation resourceRep = authzClient.protection().resource().findByName("Resource A");
assertThat(claim.get("rsid"), equalTo(resourceRep.getId()));
assertThat(claim.get("resource_id"), equalTo(resourceRep.getId()));
assertThat((Collection<String>) claim.get("resource_scopes"), containsInAnyOrder("ScopeA", "ScopeB"));
assertThat((Collection<String>) claim.get("scopes"), containsInAnyOrder("ScopeA", "ScopeB"));
}
Also used :
PermissionRequest(org.keycloak.representations.idm.authorization.PermissionRequest)
AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse)
ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation)
AuthzClient(org.keycloak.authorization.client.AuthzClient)
AccessToken(org.keycloak.representations.AccessToken)
Permission(org.keycloak.representations.idm.authorization.Permission)
Collection(java.util.Collection)
TokenIntrospectionResponse(org.keycloak.authorization.client.representation.TokenIntrospectionResponse)
AccessTokenResponse(org.keycloak.representations.AccessTokenResponse)
Map(java.util.Map)
Test(org.junit.Test)
Aggregations
Test (org.junit.Test)2
AuthzClient (org.keycloak.authorization.client.AuthzClient)2
TokenIntrospectionResponse (org.keycloak.authorization.client.representation.TokenIntrospectionResponse)2
AccessTokenResponse (org.keycloak.representations.AccessTokenResponse)2
AuthorizationResponse (org.keycloak.representations.idm.authorization.AuthorizationResponse)2
ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)2
Collection (java.util.Collection)1
Map (java.util.Map)1
Response (javax.ws.rs.core.Response)1
AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)1
ClientResource (org.keycloak.admin.client.resource.ClientResource)1
AccessToken (org.keycloak.representations.AccessToken)1
JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)1
Permission (org.keycloak.representations.idm.authorization.Permission)1
PermissionRequest (org.keycloak.representations.idm.authorization.PermissionRequest)1
PermissionResponse (org.keycloak.representations.idm.authorization.PermissionResponse)1
ScopePermissionRepresentation (org.keycloak.representations.idm.authorization.ScopePermissionRepresentation)1
OAuthClient (org.keycloak.testsuite.util.OAuthClient)1
