Examples with AccessToken org.keycloak.representations.AccessToken used on opensource projects

Search in sources :

Example 86 with AccessToken

use of org.keycloak.representations.AccessToken in project keycloak by keycloak.

the class OAuth2DeviceAuthorizationGrantTest method testPublicClientWithPKCESuccess.

@Test
public void testPublicClientWithPKCESuccess() throws Exception {
    // Successful Device Authorization Request with PKCE from device
    oauth.realm(REALM_NAME);
    oauth.clientId(DEVICE_APP_PUBLIC);
    PkceGenerator pkce = new PkceGenerator();
    oauth.codeChallenge(pkce.getCodeChallenge());
    oauth.codeChallengeMethod(OAuth2Constants.PKCE_METHOD_S256);
    oauth.codeVerifier(pkce.getCodeVerifier());
    OAuthClient.DeviceAuthorizationResponse response = oauth.doDeviceAuthorizationRequest(DEVICE_APP_PUBLIC, null);
    Assert.assertEquals(200, response.getStatusCode());
    assertNotNull(response.getDeviceCode());
    assertNotNull(response.getUserCode());
    assertNotNull(response.getVerificationUri());
    assertNotNull(response.getVerificationUriComplete());
    Assert.assertEquals(60, response.getExpiresIn());
    Assert.assertEquals(5, response.getInterval());
    openVerificationPage(response.getVerificationUriComplete());
    // Do Login
    oauth.fillLoginForm("device-login", "password");
    // Consent
    grantPage.accept();
    // Token request from device
    OAuthClient.AccessTokenResponse tokenResponse = oauth.doDeviceTokenRequest(DEVICE_APP_PUBLIC, null, response.getDeviceCode());
    Assert.assertEquals(200, tokenResponse.getStatusCode());
    String tokenString = tokenResponse.getAccessToken();
    assertNotNull(tokenString);
    AccessToken token = oauth.verifyToken(tokenString);
    assertNotNull(token);
}
Also used : OAuthClient(org.keycloak.testsuite.util.OAuthClient) AccessToken(org.keycloak.representations.AccessToken) PkceGenerator(org.keycloak.testsuite.oidc.PkceGenerator) Test(org.junit.Test) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)

Example 87 with AccessToken

use of org.keycloak.representations.AccessToken in project keycloak by keycloak.

the class OAuth2DeviceAuthorizationGrantTest method testPublicClientOptionalScope.

@Test
public void testPublicClientOptionalScope() throws Exception {
    // Device Authorization Request from device - check giving optional scope phone
    oauth.realm(REALM_NAME);
    oauth.clientId(DEVICE_APP_PUBLIC);
    OAuthClient.DeviceAuthorizationResponse response = null;
    try {
        oauth.scope("phone");
        response = oauth.doDeviceAuthorizationRequest(DEVICE_APP_PUBLIC, null);
    } finally {
        oauth.scope(null);
    }
    Assert.assertEquals(200, response.getStatusCode());
    assertNotNull(response.getDeviceCode());
    assertNotNull(response.getUserCode());
    assertNotNull(response.getVerificationUri());
    assertNotNull(response.getVerificationUriComplete());
    Assert.assertEquals(60, response.getExpiresIn());
    Assert.assertEquals(5, response.getInterval());
    openVerificationPage(response.getVerificationUriComplete());
    // Do Login
    oauth.fillLoginForm("device-login", "password");
    // Consent
    grantPage.assertCurrent();
    grantPage.assertGrants(OAuthGrantPage.PROFILE_CONSENT_TEXT, OAuthGrantPage.EMAIL_CONSENT_TEXT, OAuthGrantPage.ROLES_CONSENT_TEXT, OAuthGrantPage.PHONE_CONSENT_TEXT);
    grantPage.accept();
    // Token request from device
    OAuthClient.AccessTokenResponse tokenResponse = oauth.doDeviceTokenRequest(DEVICE_APP_PUBLIC, null, response.getDeviceCode());
    Assert.assertEquals(200, tokenResponse.getStatusCode());
    String tokenString = tokenResponse.getAccessToken();
    assertNotNull(tokenString);
    AccessToken token = oauth.verifyToken(tokenString);
    assertNotNull(token);
    UserInfo userInfo = oauth.doUserInfoRequest(tokenString);
    assertNotNull(userInfo);
    // UserInfo consists preferredUsername, email( required scopes) and phoneNumber(given optional scope)
    Assert.assertEquals("device-login", userInfo.getPreferredUsername());
    Assert.assertEquals("device-login@localhost", userInfo.getEmail());
    Assert.assertEquals("211211211", userInfo.getPhoneNumber());
}
Also used : OAuthClient(org.keycloak.testsuite.util.OAuthClient) AccessToken(org.keycloak.representations.AccessToken) UserInfo(org.keycloak.representations.UserInfo) Test(org.junit.Test) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)

Example 88 with AccessToken

use of org.keycloak.representations.AccessToken in project keycloak by keycloak.

the class OAuth2DeviceAuthorizationGrantTest method testPublicClient.

@Test
public void testPublicClient() throws Exception {
    // Device Authorization Request from device
    oauth.realm(REALM_NAME);
    oauth.clientId(DEVICE_APP_PUBLIC);
    OAuthClient.DeviceAuthorizationResponse response = oauth.doDeviceAuthorizationRequest(DEVICE_APP_PUBLIC, null);
    Assert.assertEquals(200, response.getStatusCode());
    assertNotNull(response.getDeviceCode());
    assertNotNull(response.getUserCode());
    assertNotNull(response.getVerificationUri());
    assertNotNull(response.getVerificationUriComplete());
    Assert.assertEquals(60, response.getExpiresIn());
    Assert.assertEquals(5, response.getInterval());
    openVerificationPage(response.getVerificationUriComplete());
    // Do Login
    oauth.fillLoginForm("device-login", "password");
    // Consent
    grantPage.accept();
    // Token request from device
    OAuthClient.AccessTokenResponse tokenResponse = oauth.doDeviceTokenRequest(DEVICE_APP_PUBLIC, null, response.getDeviceCode());
    Assert.assertEquals(200, tokenResponse.getStatusCode());
    String tokenString = tokenResponse.getAccessToken();
    assertNotNull(tokenString);
    AccessToken token = oauth.verifyToken(tokenString);
    assertNotNull(token);
}
Also used : OAuthClient(org.keycloak.testsuite.util.OAuthClient) AccessToken(org.keycloak.representations.AccessToken) Test(org.junit.Test) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)

Example 89 with AccessToken

use of org.keycloak.representations.AccessToken in project keycloak by keycloak.

the class OAuthProofKeyForCodeExchangeTest method expectSuccessfulResponseFromTokenEndpoint.

private void expectSuccessfulResponseFromTokenEndpoint(String codeId, String sessionId, String code) throws Exception {
    OAuthClient.AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
    assertEquals(200, response.getStatusCode());
    Assert.assertThat(response.getExpiresIn(), allOf(greaterThanOrEqualTo(250), lessThanOrEqualTo(300)));
    Assert.assertThat(response.getRefreshExpiresIn(), allOf(greaterThanOrEqualTo(1750), lessThanOrEqualTo(1800)));
    assertEquals("Bearer", response.getTokenType());
    String expectedKid = oauth.doCertsRequest("test").getKeys()[0].getKeyId();
    JWSHeader header = new JWSInput(response.getAccessToken()).getHeader();
    assertEquals("RS256", header.getAlgorithm().name());
    assertEquals("JWT", header.getType());
    assertEquals(expectedKid, header.getKeyId());
    assertNull(header.getContentType());
    header = new JWSInput(response.getIdToken()).getHeader();
    assertEquals("RS256", header.getAlgorithm().name());
    assertEquals("JWT", header.getType());
    assertEquals(expectedKid, header.getKeyId());
    assertNull(header.getContentType());
    header = new JWSInput(response.getRefreshToken()).getHeader();
    assertEquals("HS256", header.getAlgorithm().name());
    assertEquals("JWT", header.getType());
    assertNull(header.getContentType());
    AccessToken token = oauth.verifyToken(response.getAccessToken());
    assertEquals(findUserByUsername(adminClient.realm("test"), "test-user@localhost").getId(), token.getSubject());
    Assert.assertNotEquals("test-user@localhost", token.getSubject());
    assertEquals(sessionId, token.getSessionState());
    assertEquals(2, token.getRealmAccess().getRoles().size());
    assertTrue(token.getRealmAccess().isUserInRole("user"));
    assertEquals(1, token.getResourceAccess(oauth.getClientId()).getRoles().size());
    assertTrue(token.getResourceAccess(oauth.getClientId()).isUserInRole("customer-user"));
    EventRepresentation event = events.expectCodeToToken(codeId, sessionId).assertEvent();
    assertEquals(token.getId(), event.getDetails().get(Details.TOKEN_ID));
    assertEquals(oauth.parseRefreshToken(response.getRefreshToken()).getId(), event.getDetails().get(Details.REFRESH_TOKEN_ID));
    assertEquals(sessionId, token.getSessionState());
    // make sure PKCE does not affect token refresh on Token Endpoint
    String refreshTokenString = response.getRefreshToken();
    RefreshToken refreshToken = oauth.parseRefreshToken(refreshTokenString);
    Assert.assertNotNull(refreshTokenString);
    Assert.assertThat(token.getExpiration() - getCurrentTime(), allOf(greaterThanOrEqualTo(200), lessThanOrEqualTo(350)));
    int actual = refreshToken.getExpiration() - getCurrentTime();
    Assert.assertThat(actual, allOf(greaterThanOrEqualTo(1799 - RefreshTokenTest.ALLOWED_CLOCK_SKEW), lessThanOrEqualTo(1800 + RefreshTokenTest.ALLOWED_CLOCK_SKEW)));
    assertEquals(sessionId, refreshToken.getSessionState());
    setTimeOffset(2);
    OAuthClient.AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(refreshTokenString, "password");
    AccessToken refreshedToken = oauth.verifyToken(refreshResponse.getAccessToken());
    RefreshToken refreshedRefreshToken = oauth.parseRefreshToken(refreshResponse.getRefreshToken());
    assertEquals(200, refreshResponse.getStatusCode());
    assertEquals(sessionId, refreshedToken.getSessionState());
    assertEquals(sessionId, refreshedRefreshToken.getSessionState());
    Assert.assertThat(refreshResponse.getExpiresIn(), allOf(greaterThanOrEqualTo(250), lessThanOrEqualTo(300)));
    Assert.assertThat(refreshedToken.getExpiration() - getCurrentTime(), allOf(greaterThanOrEqualTo(250 - RefreshTokenTest.ALLOWED_CLOCK_SKEW), lessThanOrEqualTo(300 + RefreshTokenTest.ALLOWED_CLOCK_SKEW)));
    Assert.assertThat(refreshedToken.getExpiration() - token.getExpiration(), allOf(greaterThanOrEqualTo(1), lessThanOrEqualTo(10)));
    Assert.assertThat(refreshedRefreshToken.getExpiration() - refreshToken.getExpiration(), allOf(greaterThanOrEqualTo(1), lessThanOrEqualTo(10)));
    Assert.assertNotEquals(token.getId(), refreshedToken.getId());
    Assert.assertNotEquals(refreshToken.getId(), refreshedRefreshToken.getId());
    assertEquals("Bearer", refreshResponse.getTokenType());
    assertEquals(findUserByUsername(adminClient.realm("test"), "test-user@localhost").getId(), refreshedToken.getSubject());
    Assert.assertNotEquals("test-user@localhost", refreshedToken.getSubject());
    assertEquals(2, refreshedToken.getRealmAccess().getRoles().size());
    Assert.assertTrue(refreshedToken.getRealmAccess().isUserInRole("user"));
    assertEquals(1, refreshedToken.getResourceAccess(oauth.getClientId()).getRoles().size());
    Assert.assertTrue(refreshedToken.getResourceAccess(oauth.getClientId()).isUserInRole("customer-user"));
    EventRepresentation refreshEvent = events.expectRefresh(event.getDetails().get(Details.REFRESH_TOKEN_ID), sessionId).assertEvent();
    Assert.assertNotEquals(event.getDetails().get(Details.TOKEN_ID), refreshEvent.getDetails().get(Details.TOKEN_ID));
    Assert.assertNotEquals(event.getDetails().get(Details.REFRESH_TOKEN_ID), refreshEvent.getDetails().get(Details.UPDATED_REFRESH_TOKEN_ID));
    setTimeOffset(0);
}
Also used : RefreshToken(org.keycloak.representations.RefreshToken) OAuthClient(org.keycloak.testsuite.util.OAuthClient) AccessToken(org.keycloak.representations.AccessToken) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) JWSInput(org.keycloak.jose.jws.JWSInput) JWSHeader(org.keycloak.jose.jws.JWSHeader)

Example 90 with AccessToken

use of org.keycloak.representations.AccessToken in project keycloak by keycloak.

the class ClientAuthPostMethodTest method testPostAuthentication.

@Test
public void testPostAuthentication() {
    oauth.doLogin("test-user@localhost", "password");
    EventRepresentation loginEvent = events.expectLogin().assertEvent();
    String sessionId = loginEvent.getSessionId();
    String codeId = loginEvent.getDetails().get(Details.CODE_ID);
    String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
    OAuthClient.AccessTokenResponse response = doAccessTokenRequestPostAuth(code, "password");
    assertEquals(200, response.getStatusCode());
    Assert.assertThat(response.getExpiresIn(), allOf(greaterThanOrEqualTo(250), lessThanOrEqualTo(300)));
    Assert.assertThat(response.getRefreshExpiresIn(), allOf(greaterThanOrEqualTo(1750), lessThanOrEqualTo(1800)));
    AccessToken token = oauth.verifyToken(response.getAccessToken());
    EventRepresentation event = events.expectCodeToToken(codeId, sessionId).assertEvent();
    assertEquals(token.getId(), event.getDetails().get(Details.TOKEN_ID));
    assertEquals(oauth.parseRefreshToken(response.getRefreshToken()).getId(), event.getDetails().get(Details.REFRESH_TOKEN_ID));
    assertEquals(sessionId, token.getSessionState());
}
Also used : OAuthClient(org.keycloak.testsuite.util.OAuthClient) AccessToken(org.keycloak.representations.AccessToken) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) AbstractAdminTest(org.keycloak.testsuite.admin.AbstractAdminTest) Test(org.junit.Test) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)

Aggregations

AccessToken (org.keycloak.representations.AccessToken)230 Test (org.junit.Test)129 OAuthClient (org.keycloak.testsuite.util.OAuthClient)104 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)54 RefreshToken (org.keycloak.representations.RefreshToken)45 AuthorizationResponse (org.keycloak.representations.idm.authorization.AuthorizationResponse)37 JWSInput (org.keycloak.jose.jws.JWSInput)29 Permission (org.keycloak.representations.idm.authorization.Permission)28 EventRepresentation (org.keycloak.representations.idm.EventRepresentation)27 Response (javax.ws.rs.core.Response)26 ClientResource (org.keycloak.admin.client.resource.ClientResource)22 VerificationException (org.keycloak.common.VerificationException)19 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)19 AccessTokenResponse (org.keycloak.representations.AccessTokenResponse)18 IDToken (org.keycloak.representations.IDToken)18 AuthorizationRequest (org.keycloak.representations.idm.authorization.AuthorizationRequest)17 IOException (java.io.IOException)15 AuthzClient (org.keycloak.authorization.client.AuthzClient)15 ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)14 ArrayList (java.util.ArrayList)13
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial