Examples with AccessToken org.keycloak.representations.AccessToken used on opensource projects

Search in sources :

Example 36 with AccessToken

use of org.keycloak.representations.AccessToken in project keycloak by keycloak.

the class ServiceAccountTest method clientCredentialsAuthSuccessWithoutRefreshToken_revokeToken.

/**
 * See KEYCLOAK-9551
 */
@Test
public void clientCredentialsAuthSuccessWithoutRefreshToken_revokeToken() throws Exception {
    String tokenString = clientCredentialsAuthSuccessWithoutRefreshTokenImpl();
    AccessToken accessToken = oauth.verifyToken(tokenString);
    // Revoke access token
    CloseableHttpResponse response1 = oauth.doTokenRevoke(tokenString, "access_token", "secret1");
    assertThat(response1, org.keycloak.testsuite.util.Matchers.statusCodeIsHC(Response.Status.OK));
    response1.close();
    events.expect(EventType.REVOKE_GRANT).client("service-account-cl").user(AssertEvents.isUUID()).session(Matchers.isEmptyOrNullString()).detail(Details.TOKEN_ID, accessToken.getId()).assertEvent();
    // Check that it is not possible to introspect token anymore
    Assert.assertFalse(getIntrospectionResponse("service-account-cl", "secret1", tokenString));
    // TODO: This would be better to be "INTROSPECT_TOKEN_ERROR"
    events.expect(EventType.INTROSPECT_TOKEN).client("service-account-cl").user(Matchers.isEmptyOrNullString()).session(Matchers.isEmptyOrNullString()).assertEvent();
}
Also used : AccessToken(org.keycloak.representations.AccessToken) CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test)

Example 37 with AccessToken

use of org.keycloak.representations.AccessToken in project keycloak by keycloak.

the class ResourceOwnerPasswordCredentialsGrantTest method grantAccessTokenLogout.

@Test
public void grantAccessTokenLogout() throws Exception {
    oauth.clientId("resource-owner");
    OAuthClient.AccessTokenResponse response = oauth.doGrantAccessTokenRequest("secret", "test-user@localhost", "password");
    assertEquals(200, response.getStatusCode());
    AccessToken accessToken = oauth.verifyToken(response.getAccessToken());
    RefreshToken refreshToken = oauth.parseRefreshToken(response.getRefreshToken());
    events.expectLogin().client("resource-owner").session(accessToken.getSessionState()).detail(Details.GRANT_TYPE, OAuth2Constants.PASSWORD).detail(Details.TOKEN_ID, accessToken.getId()).detail(Details.REFRESH_TOKEN_ID, refreshToken.getId()).removeDetail(Details.CODE_ID).removeDetail(Details.REDIRECT_URI).removeDetail(Details.CONSENT).detail(Details.CLIENT_AUTH_METHOD, ClientIdAndSecretAuthenticator.PROVIDER_ID).assertEvent();
    HttpResponse logoutResponse = oauth.doLogout(response.getRefreshToken(), "secret");
    assertEquals(204, logoutResponse.getStatusLine().getStatusCode());
    events.expectLogout(accessToken.getSessionState()).client("resource-owner").removeDetail(Details.REDIRECT_URI).assertEvent();
    response = oauth.doRefreshTokenRequest(response.getRefreshToken(), "secret");
    assertEquals(400, response.getStatusCode());
    assertEquals("invalid_grant", response.getError());
    events.expectRefresh(refreshToken.getId(), refreshToken.getSessionState()).client("resource-owner").removeDetail(Details.TOKEN_ID).removeDetail(Details.UPDATED_REFRESH_TOKEN_ID).error(Errors.INVALID_TOKEN).assertEvent();
}
Also used : RefreshToken(org.keycloak.representations.RefreshToken) OAuthClient(org.keycloak.testsuite.util.OAuthClient) AccessToken(org.keycloak.representations.AccessToken) HttpResponse(org.apache.http.HttpResponse) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test)

Example 38 with AccessToken

use of org.keycloak.representations.AccessToken in project keycloak by keycloak.

the class ResourceOwnerPasswordCredentialsGrantTest method grantAccessTokenWithDynamicScope.

@Test
@EnableFeature(value = Profile.Feature.DYNAMIC_SCOPES, skipRestart = true)
public void grantAccessTokenWithDynamicScope() throws Exception {
    ClientScopeRepresentation clientScope = new ClientScopeRepresentation();
    clientScope.setName("dynamic-scope");
    clientScope.setAttributes(new HashMap<String, String>() {

        {
            put(ClientScopeModel.IS_DYNAMIC_SCOPE, "true");
            put(ClientScopeModel.DYNAMIC_SCOPE_REGEXP, "dynamic-scope:*");
        }
    });
    clientScope.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    RealmResource realmResource = adminClient.realm("test");
    try (Response response = realmResource.clientScopes().create(clientScope)) {
        String scopeId = ApiUtil.getCreatedId(response);
        getCleanup().addClientScopeId(scopeId);
        ClientResource resourceOwnerPublicClient = ApiUtil.findClientByClientId(realmResource, "resource-owner-public");
        ClientRepresentation testAppRep = resourceOwnerPublicClient.toRepresentation();
        resourceOwnerPublicClient.update(testAppRep);
        resourceOwnerPublicClient.addOptionalClientScope(scopeId);
    }
    oauth.scope("dynamic-scope:123");
    oauth.clientId("resource-owner-public");
    OAuthClient.AccessTokenResponse response = oauth.doGrantAccessTokenRequest("secret", "direct-login", "password");
    assertTrue(response.getScope().contains("dynamic-scope:123"));
    assertEquals(200, response.getStatusCode());
    AccessToken accessToken = oauth.verifyToken(response.getAccessToken());
    RefreshToken refreshToken = oauth.parseRefreshToken(response.getRefreshToken());
    events.expectLogin().client("resource-owner-public").user(userId).session(accessToken.getSessionState()).detail(Details.GRANT_TYPE, OAuth2Constants.PASSWORD).detail(Details.TOKEN_ID, accessToken.getId()).detail(Details.REFRESH_TOKEN_ID, refreshToken.getId()).detail(Details.USERNAME, "direct-login").removeDetail(Details.CODE_ID).removeDetail(Details.REDIRECT_URI).removeDetail(Details.CONSENT).assertEvent();
    assertTrue(accessToken.getScope().contains("dynamic-scope:123"));
}
Also used : Response(javax.ws.rs.core.Response) HttpResponse(org.apache.http.HttpResponse) RefreshToken(org.keycloak.representations.RefreshToken) OAuthClient(org.keycloak.testsuite.util.OAuthClient) RealmResource(org.keycloak.admin.client.resource.RealmResource) AccessToken(org.keycloak.representations.AccessToken) ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation) ClientResource(org.keycloak.admin.client.resource.ClientResource) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test) EnableFeature(org.keycloak.testsuite.arquillian.annotation.EnableFeature)

Example 39 with AccessToken

use of org.keycloak.representations.AccessToken in project keycloak by keycloak.

the class OfflineTokenTest method testOfflineSessionExpiration.

private void testOfflineSessionExpiration(int idleTime, int maxLifespan, int offset) {
    int[] prev = null;
    try {
        prev = changeOfflineSessionSettings(true, maxLifespan, idleTime);
        oauth.scope(OAuth2Constants.OFFLINE_ACCESS);
        oauth.clientId("offline-client");
        oauth.redirectUri(offlineClientAppUri);
        oauth.doLogin("test-user@localhost", "password");
        EventRepresentation loginEvent = events.expectLogin().client("offline-client").detail(Details.REDIRECT_URI, offlineClientAppUri).assertEvent();
        final String sessionId = loginEvent.getSessionId();
        String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
        OAuthClient.AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code, "secret1");
        String offlineTokenString = tokenResponse.getRefreshToken();
        RefreshToken offlineToken = oauth.parseRefreshToken(offlineTokenString);
        assertEquals(TokenUtil.TOKEN_TYPE_OFFLINE, offlineToken.getType());
        tokenResponse = oauth.doRefreshTokenRequest(offlineTokenString, "secret1");
        AccessToken refreshedToken = oauth.verifyToken(tokenResponse.getAccessToken());
        offlineTokenString = tokenResponse.getRefreshToken();
        offlineToken = oauth.parseRefreshToken(offlineTokenString);
        Assert.assertEquals(200, tokenResponse.getStatusCode());
        // wait to expire
        setTimeOffset(offset);
        tokenResponse = oauth.doRefreshTokenRequest(offlineTokenString, "secret1");
        Assert.assertEquals(400, tokenResponse.getStatusCode());
        assertEquals("invalid_grant", tokenResponse.getError());
        // Assert userSession expired
        testingClient.testing().removeExpired("test");
        try {
            testingClient.testing().removeUserSession("test", sessionId);
        } catch (NotFoundException nfe) {
        // Ignore
        }
        setTimeOffset(0);
    } finally {
        changeOfflineSessionSettings(false, prev[0], prev[1]);
    }
}
Also used : RefreshToken(org.keycloak.representations.RefreshToken) OAuthClient(org.keycloak.testsuite.util.OAuthClient) AccessToken(org.keycloak.representations.AccessToken) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) NotFoundException(javax.ws.rs.NotFoundException)

Example 40 with AccessToken

use of org.keycloak.representations.AccessToken in project keycloak by keycloak.

the class OfflineTokenTest method offlineTokenBrowserFlow.

@Test
public void offlineTokenBrowserFlow() throws Exception {
    oauth.scope(OAuth2Constants.OFFLINE_ACCESS);
    oauth.clientId("offline-client");
    oauth.redirectUri(offlineClientAppUri);
    oauth.doLogin("test-user@localhost", "password");
    EventRepresentation loginEvent = events.expectLogin().client("offline-client").detail(Details.REDIRECT_URI, offlineClientAppUri).assertEvent();
    final String sessionId = loginEvent.getSessionId();
    String codeId = loginEvent.getDetails().get(Details.CODE_ID);
    String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
    OAuthClient.AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code, "secret1");
    AccessToken token = oauth.verifyToken(tokenResponse.getAccessToken());
    String offlineTokenString = tokenResponse.getRefreshToken();
    RefreshToken offlineToken = oauth.parseRefreshToken(offlineTokenString);
    events.expectCodeToToken(codeId, sessionId).client("offline-client").detail(Details.REFRESH_TOKEN_TYPE, TokenUtil.TOKEN_TYPE_OFFLINE).assertEvent();
    assertEquals(TokenUtil.TOKEN_TYPE_OFFLINE, offlineToken.getType());
    assertEquals(0, offlineToken.getExpiration());
    assertTrue(tokenResponse.getScope().contains(OAuth2Constants.OFFLINE_ACCESS));
    String newRefreshTokenString = testRefreshWithOfflineToken(token, offlineToken, offlineTokenString, sessionId, userId);
    // Change offset to very big value to ensure offline session expires
    setTimeOffset(3000000);
    OAuthClient.AccessTokenResponse response = oauth.doRefreshTokenRequest(newRefreshTokenString, "secret1");
    RefreshToken newRefreshToken = oauth.parseRefreshToken(newRefreshTokenString);
    Assert.assertEquals(400, response.getStatusCode());
    assertEquals("invalid_grant", response.getError());
    events.expectRefresh(offlineToken.getId(), newRefreshToken.getSessionState()).client("offline-client").error(Errors.INVALID_TOKEN).user(userId).clearDetails().assertEvent();
    setTimeOffset(0);
}
Also used : RefreshToken(org.keycloak.representations.RefreshToken) OAuthClient(org.keycloak.testsuite.util.OAuthClient) AccessToken(org.keycloak.representations.AccessToken) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test)

Aggregations

AccessToken (org.keycloak.representations.AccessToken)230 Test (org.junit.Test)129 OAuthClient (org.keycloak.testsuite.util.OAuthClient)104 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)54 RefreshToken (org.keycloak.representations.RefreshToken)45 AuthorizationResponse (org.keycloak.representations.idm.authorization.AuthorizationResponse)37 JWSInput (org.keycloak.jose.jws.JWSInput)29 Permission (org.keycloak.representations.idm.authorization.Permission)28 EventRepresentation (org.keycloak.representations.idm.EventRepresentation)27 Response (javax.ws.rs.core.Response)26 ClientResource (org.keycloak.admin.client.resource.ClientResource)22 VerificationException (org.keycloak.common.VerificationException)19 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)19 AccessTokenResponse (org.keycloak.representations.AccessTokenResponse)18 IDToken (org.keycloak.representations.IDToken)18 AuthorizationRequest (org.keycloak.representations.idm.authorization.AuthorizationRequest)17 IOException (java.io.IOException)15 AuthzClient (org.keycloak.authorization.client.AuthzClient)15 ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)14 ArrayList (java.util.ArrayList)13
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial