Example 11 with JWSHeader
use of org.keycloak.jose.jws.JWSHeader in project keycloak by keycloak.
the class RefreshTokenTest method refreshToken.
private void refreshToken(String expectedRefreshAlg, String expectedAccessAlg, String expectedIdTokenAlg) throws Exception {
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
String sessionId = loginEvent.getSessionId();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
OAuthClient.AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code, "password");
JWSHeader header = new JWSInput(tokenResponse.getAccessToken()).getHeader();
assertEquals(expectedAccessAlg, header.getAlgorithm().name());
assertEquals("JWT", header.getType());
assertNull(header.getContentType());
header = new JWSInput(tokenResponse.getIdToken()).getHeader();
assertEquals(expectedIdTokenAlg, header.getAlgorithm().name());
assertEquals("JWT", header.getType());
assertNull(header.getContentType());
header = new JWSInput(tokenResponse.getRefreshToken()).getHeader();
assertEquals(expectedRefreshAlg, header.getAlgorithm().name());
assertEquals("JWT", header.getType());
assertNull(header.getContentType());
AccessToken token = oauth.verifyToken(tokenResponse.getAccessToken());
String refreshTokenString = tokenResponse.getRefreshToken();
RefreshToken refreshToken = oauth.parseRefreshToken(refreshTokenString);
EventRepresentation tokenEvent = events.expectCodeToToken(codeId, sessionId).assertEvent();
assertNotNull(refreshTokenString);
assertEquals("Bearer", tokenResponse.getTokenType());
assertEquals(sessionId, refreshToken.getSessionState());
setTimeOffset(2);
OAuthClient.AccessTokenResponse response = oauth.doRefreshTokenRequest(refreshTokenString, "password");
if (response.getError() != null || response.getErrorDescription() != null) {
log.debugf("Refresh token error: %s, error description: %s", response.getError(), response.getErrorDescription());
}
AccessToken refreshedToken = oauth.verifyToken(response.getAccessToken());
RefreshToken refreshedRefreshToken = oauth.parseRefreshToken(response.getRefreshToken());
assertEquals(200, response.getStatusCode());
assertEquals(sessionId, refreshedToken.getSessionState());
assertEquals(sessionId, refreshedRefreshToken.getSessionState());
Assert.assertNotEquals(token.getId(), refreshedToken.getId());
Assert.assertNotEquals(refreshToken.getId(), refreshedRefreshToken.getId());
assertEquals("Bearer", response.getTokenType());
assertEquals(findUserByUsername(adminClient.realm("test"), "test-user@localhost").getId(), refreshedToken.getSubject());
Assert.assertNotEquals("test-user@localhost", refreshedToken.getSubject());
EventRepresentation refreshEvent = events.expectRefresh(tokenEvent.getDetails().get(Details.REFRESH_TOKEN_ID), sessionId).assertEvent();
Assert.assertNotEquals(tokenEvent.getDetails().get(Details.TOKEN_ID), refreshEvent.getDetails().get(Details.TOKEN_ID));
Assert.assertNotEquals(tokenEvent.getDetails().get(Details.REFRESH_TOKEN_ID), refreshEvent.getDetails().get(Details.UPDATED_REFRESH_TOKEN_ID));
setTimeOffset(0);
}
Also used :
RefreshToken(org.keycloak.representations.RefreshToken)
OAuthClient(org.keycloak.testsuite.util.OAuthClient)
AccessToken(org.keycloak.representations.AccessToken)
EventRepresentation(org.keycloak.representations.idm.EventRepresentation)
JWSInput(org.keycloak.jose.jws.JWSInput)
JWSHeader(org.keycloak.jose.jws.JWSHeader)
Example 12 with JWSHeader
use of org.keycloak.jose.jws.JWSHeader in project keycloak by keycloak.
the class HoKTest method expectSuccessfulResponseFromTokenEndpoint.
private void expectSuccessfulResponseFromTokenEndpoint(String sessionId, String codeId, AccessTokenResponse response) throws Exception {
assertEquals(200, response.getStatusCode());
Assert.assertThat(response.getExpiresIn(), allOf(greaterThanOrEqualTo(250), lessThanOrEqualTo(300)));
Assert.assertThat(response.getRefreshExpiresIn(), allOf(greaterThanOrEqualTo(1750), lessThanOrEqualTo(1800)));
assertEquals("Bearer", response.getTokenType());
String expectedKid = oauth.doCertsRequest("test").getKeys()[0].getKeyId();
JWSHeader header = new JWSInput(response.getAccessToken()).getHeader();
assertEquals("RS256", header.getAlgorithm().name());
assertEquals("JWT", header.getType());
assertEquals(expectedKid, header.getKeyId());
assertNull(header.getContentType());
header = new JWSInput(response.getIdToken()).getHeader();
assertEquals("RS256", header.getAlgorithm().name());
assertEquals("JWT", header.getType());
assertEquals(expectedKid, header.getKeyId());
assertNull(header.getContentType());
header = new JWSInput(response.getRefreshToken()).getHeader();
assertEquals("HS256", header.getAlgorithm().name());
assertEquals("JWT", header.getType());
assertNull(header.getContentType());
AccessToken token = oauth.verifyToken(response.getAccessToken());
assertEquals(findUserByUsername(adminClient.realm("test"), "test-user@localhost").getId(), token.getSubject());
Assert.assertNotEquals("test-user@localhost", token.getSubject());
assertEquals(sessionId, token.getSessionState());
assertEquals(2, token.getRealmAccess().getRoles().size());
assertTrue(token.getRealmAccess().isUserInRole("user"));
assertEquals(1, token.getResourceAccess(oauth.getClientId()).getRoles().size());
assertTrue(token.getResourceAccess(oauth.getClientId()).isUserInRole("customer-user"));
EventRepresentation event = events.expectCodeToToken(codeId, sessionId).assertEvent();
assertEquals(token.getId(), event.getDetails().get(Details.TOKEN_ID));
assertEquals(oauth.parseRefreshToken(response.getRefreshToken()).getId(), event.getDetails().get(Details.REFRESH_TOKEN_ID));
assertEquals(sessionId, token.getSessionState());
}
Also used :
AccessToken(org.keycloak.representations.AccessToken)
EventRepresentation(org.keycloak.representations.idm.EventRepresentation)
JWSInput(org.keycloak.jose.jws.JWSInput)
JWSHeader(org.keycloak.jose.jws.JWSHeader)
Aggregations
JWSHeader (org.keycloak.jose.jws.JWSHeader)12
JWSInput (org.keycloak.jose.jws.JWSInput)11
AccessToken (org.keycloak.representations.AccessToken)8
OAuthClient (org.keycloak.testsuite.util.OAuthClient)8
EventRepresentation (org.keycloak.representations.idm.EventRepresentation)6
RefreshToken (org.keycloak.representations.RefreshToken)5
Test (org.junit.Test)2
JsonParser (com.fasterxml.jackson.core.JsonParser)1
TreeNode (com.fasterxml.jackson.core.TreeNode)1
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)1
TextNode (com.fasterxml.jackson.databind.node.TextNode)1
InvalidKeyException (java.security.InvalidKeyException)1
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1
Signature (java.security.Signature)1
SignatureException (java.security.SignatureException)1
CloseableHttpResponse (org.apache.http.client.methods.CloseableHttpResponse)1
HttpGet (org.apache.http.client.methods.HttpGet)1
CloseableHttpClient (org.apache.http.impl.client.CloseableHttpClient)1
IDToken (org.keycloak.representations.IDToken)1
LogoutToken (org.keycloak.representations.LogoutToken)1
