Example 86 with IDToken
use of org.keycloak.representations.IDToken in project keycloak by keycloak.
the class OIDCWellKnownProviderTest method testIssuerMatches.
@Test
public void testIssuerMatches() throws Exception {
OAuthClient.AuthorizationEndpointResponse authzResp = oauth.doLogin("test-user@localhost", "password");
OAuthClient.AccessTokenResponse response = oauth.doAccessTokenRequest(authzResp.getCode(), "password");
assertEquals(200, response.getStatusCode());
IDToken idToken = oauth.verifyIDToken(response.getIdToken());
Client client = AdminClientUtil.createResteasyClient();
try {
OIDCConfigurationRepresentation oidcConfig = getOIDCDiscoveryRepresentation(client, OAuthClient.AUTH_SERVER_ROOT);
// assert issuer matches
assertEquals(idToken.getIssuer(), oidcConfig.getIssuer());
} finally {
client.close();
}
}
Also used :
OAuthClient(org.keycloak.testsuite.util.OAuthClient)
IDToken(org.keycloak.representations.IDToken)
OAuthClient(org.keycloak.testsuite.util.OAuthClient)
Client(javax.ws.rs.client.Client)
CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient)
OIDCConfigurationRepresentation(org.keycloak.protocol.oidc.representations.OIDCConfigurationRepresentation)
AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)
AbstractAdminTest(org.keycloak.testsuite.admin.AbstractAdminTest)
BrowserFlowTest(org.keycloak.testsuite.forms.BrowserFlowTest)
Test(org.junit.Test)
LevelOfAssuranceFlowTest(org.keycloak.testsuite.forms.LevelOfAssuranceFlowTest)
Example 87 with IDToken
use of org.keycloak.representations.IDToken in project keycloak by keycloak.
the class OIDCImplicitResponseTypeIDTokenTest method testAuthzResponseAndRetrieveIDTokens.
protected List<IDToken> testAuthzResponseAndRetrieveIDTokens(OAuthClient.AuthorizationEndpointResponse authzResponse, EventRepresentation loginEvent) {
Assert.assertEquals(OIDCResponseType.ID_TOKEN, loginEvent.getDetails().get(Details.RESPONSE_TYPE));
Assert.assertNull(authzResponse.getAccessToken());
String idTokenStr = authzResponse.getIdToken();
IDToken idToken = oauth.verifyIDToken(idTokenStr);
Assert.assertNull(idToken.getAccessTokenHash());
Assert.assertNull(idToken.getCodeHash());
// Validate if token_type is null
Assert.assertNull(authzResponse.getTokenType());
// Validate if expires_in is null
Assert.assertNull(authzResponse.getExpiresIn());
return Collections.singletonList(idToken);
}
Also used :
IDToken(org.keycloak.representations.IDToken)
Example 88 with IDToken
use of org.keycloak.representations.IDToken in project keycloak by keycloak.
the class OIDCHybridResponseTypeCodeIDTokenTokenTest method testAuthzResponseAndRetrieveIDTokens.
protected List<IDToken> testAuthzResponseAndRetrieveIDTokens(OAuthClient.AuthorizationEndpointResponse authzResponse, EventRepresentation loginEvent) {
Assert.assertEquals(OIDCResponseType.CODE + " " + OIDCResponseType.ID_TOKEN + " " + OIDCResponseType.TOKEN, loginEvent.getDetails().get(Details.RESPONSE_TYPE));
// IDToken from the authorization response
Assert.assertNotNull(authzResponse.getAccessToken());
String idTokenStr = authzResponse.getIdToken();
IDToken idToken = oauth.verifyIDToken(idTokenStr);
// Validate "at_hash"
assertValidAccessTokenHash(idToken.getAccessTokenHash(), authzResponse.getAccessToken());
// Validate "c_hash"
assertValidCodeHash(idToken.getCodeHash(), authzResponse.getCode());
// Financial API - Part 2: Read and Write API Security Profile
// http://openid.net/specs/openid-financial-api-part-2.html#authorization-server
// Validate "s_hash"
Assert.assertNotNull(idToken.getStateHash());
Assert.assertEquals(idToken.getStateHash(), HashUtils.oidcHash(getIdTokenSignatureAlgorithm(), authzResponse.getState()));
// Validate if token_type is present
Assert.assertNotNull(authzResponse.getTokenType());
// Validate if expires_in is present
Assert.assertNotNull(authzResponse.getExpiresIn());
// IDToken exchanged for the code
IDToken idToken2 = sendTokenRequestAndGetIDToken(loginEvent);
return Arrays.asList(idToken, idToken2);
}
Also used :
IDToken(org.keycloak.representations.IDToken)
Example 89 with IDToken
use of org.keycloak.representations.IDToken in project keycloak by keycloak.
the class OIDCHybridResponseTypeCodeTokenTest method testAuthzResponseAndRetrieveIDTokens.
protected List<IDToken> testAuthzResponseAndRetrieveIDTokens(OAuthClient.AuthorizationEndpointResponse authzResponse, EventRepresentation loginEvent) {
Assert.assertEquals(OIDCResponseType.CODE + " " + OIDCResponseType.TOKEN, loginEvent.getDetails().get(Details.RESPONSE_TYPE));
Assert.assertNotNull(authzResponse.getAccessToken());
Assert.assertNull(authzResponse.getIdToken());
// IDToken exchanged for the code
OAuthClient.AccessTokenResponse authzResponse2 = sendTokenRequestAndGetResponse(loginEvent);
IDToken idToken2 = oauth.verifyIDToken(authzResponse2.getIdToken());
// Validate "at_hash"
assertValidAccessTokenHash(idToken2.getAccessTokenHash(), authzResponse2.getAccessToken());
// Validate if token_type is present
Assert.assertNotNull(authzResponse.getTokenType());
// Validate if expires_in is present
Assert.assertNotNull(authzResponse.getExpiresIn());
return Collections.singletonList(idToken2);
}
Also used :
OAuthClient(org.keycloak.testsuite.util.OAuthClient)
IDToken(org.keycloak.representations.IDToken)
Aggregations
IDToken (org.keycloak.representations.IDToken)89
Test (org.junit.Test)57
OAuthClient (org.keycloak.testsuite.util.OAuthClient)53
AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)25
EventRepresentation (org.keycloak.representations.idm.EventRepresentation)23
ProtocolMappersResource (org.keycloak.admin.client.resource.ProtocolMappersResource)18
AccessToken (org.keycloak.representations.AccessToken)18
HashMap (java.util.HashMap)16
ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)16
ClientResource (org.keycloak.admin.client.resource.ClientResource)15
AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)14
Matchers.isEmptyOrNullString (org.hamcrest.Matchers.isEmptyOrNullString)13
ProtocolMapperRepresentation (org.keycloak.representations.idm.ProtocolMapperRepresentation)12
List (java.util.List)11
Map (java.util.Map)11
UserResource (org.keycloak.admin.client.resource.UserResource)11
GroupRepresentation (org.keycloak.representations.idm.GroupRepresentation)10
OIDCClientRepresentation (org.keycloak.representations.oidc.OIDCClientRepresentation)10
AbstractAdminTest (org.keycloak.testsuite.admin.AbstractAdminTest)9
RefreshToken (org.keycloak.representations.RefreshToken)5
