Examples with IDToken org.keycloak.representations.IDToken used on opensource projects

Search in sources :

Example 36 with IDToken

use of org.keycloak.representations.IDToken in project keycloak by keycloak.

the class HoKTest method accessTokenRequestWithClientCertificateInHybridFlowWithCodeIDToken.

// Hybrid Code Flow : response_type = code id_token
// Bind HoK Token
@Test
public void accessTokenRequestWithClientCertificateInHybridFlowWithCodeIDToken() throws Exception {
    String nonce = "ckw938gnspa93dj";
    ClientManager.realm(adminClient.realm("test")).clientId("test-app").standardFlow(true).implicitFlow(true);
    oauth.clientId("test-app");
    oauth.responseType(OIDCResponseType.CODE + " " + OIDCResponseType.ID_TOKEN);
    oauth.nonce(nonce);
    oauth.doLogin("test-user@localhost", "password");
    EventRepresentation loginEvent = events.expectLogin().assertEvent();
    OAuthClient.AuthorizationEndpointResponse authzResponse = new OAuthClient.AuthorizationEndpointResponse(oauth, true);
    Assert.assertNotNull(authzResponse.getSessionState());
    List<IDToken> idTokens = testAuthzResponseAndRetrieveIDTokens(authzResponse, loginEvent);
    for (IDToken idToken : idTokens) {
        Assert.assertEquals(nonce, idToken.getNonce());
        Assert.assertEquals(authzResponse.getSessionState(), idToken.getSessionState());
    }
}
Also used : OAuthClient(org.keycloak.testsuite.util.OAuthClient) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) IDToken(org.keycloak.representations.IDToken) RefreshTokenTest(org.keycloak.testsuite.oauth.RefreshTokenTest) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Example 37 with IDToken

use of org.keycloak.representations.IDToken in project keycloak by keycloak.

the class SSOTest method loginSuccess.

@Test
// TODO remove this (KEYCLOAK-16228)
@DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true)
public void loginSuccess() {
    loginPage.open();
    loginPage.login("test-user@localhost", "password");
    assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
    Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE));
    EventRepresentation loginEvent = events.expectLogin().assertEvent();
    String sessionId = loginEvent.getSessionId();
    IDToken idToken = sendTokenRequestAndGetIDToken(loginEvent);
    Assert.assertEquals("1", idToken.getAcr());
    Long authTime = idToken.getAuth_time();
    appPage.open();
    oauth.openLoginForm();
    assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
    loginEvent = events.expectLogin().removeDetail(Details.USERNAME).client("test-app").assertEvent();
    String sessionId2 = loginEvent.getSessionId();
    assertEquals(sessionId, sessionId2);
    // acr is 0 as we authenticated through SSO cookie
    idToken = sendTokenRequestAndGetIDToken(loginEvent);
    Assert.assertEquals("0", idToken.getAcr());
    // auth time hasn't changed as we authenticated through SSO cookie
    Assert.assertEquals(authTime, idToken.getAuth_time());
    profilePage.open();
    assertTrue(profilePage.isCurrent());
    // Expire session
    testingClient.testing().removeUserSession("test", sessionId);
    oauth.doLogin("test-user@localhost", "password");
    String sessionId4 = events.expectLogin().assertEvent().getSessionId();
    assertNotEquals(sessionId, sessionId4);
    events.clear();
}
Also used : EventRepresentation(org.keycloak.representations.idm.EventRepresentation) IDToken(org.keycloak.representations.IDToken) DisableFeature(org.keycloak.testsuite.arquillian.annotation.DisableFeature) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Example 38 with IDToken

use of org.keycloak.representations.IDToken in project keycloak by keycloak.

the class FAPI1Test method assertIDTokenAsDetachedSignature.

private void assertIDTokenAsDetachedSignature(String idTokenParam, String code) {
    Assert.assertNotNull(idTokenParam);
    IDToken idToken = oauth.verifyIDToken(idTokenParam);
    Assert.assertNotNull(idToken.getId());
    Assert.assertEquals("foo", idToken.getIssuedFor());
    Assert.assertNull(idToken.getPreferredUsername());
    Assert.assertNull(idToken.getEmail());
    Assert.assertNull(idToken.getGivenName());
    Assert.assertNull(idToken.getAccessTokenHash());
    Assert.assertEquals(idToken.getNonce(), "123456");
    String state = getParameterFromUrl(OAuth2Constants.STATE, true);
    Assert.assertEquals(idToken.getStateHash(), HashUtils.oidcHash(Algorithm.PS256, state));
    Assert.assertEquals(idToken.getCodeHash(), HashUtils.oidcHash(Algorithm.PS256, code));
}
Also used : IDToken(org.keycloak.representations.IDToken)

Example 39 with IDToken

use of org.keycloak.representations.IDToken in project keycloak by keycloak.

the class OIDCPairwiseClientRegistrationTest method refreshPairwiseToken.

@Test
public void refreshPairwiseToken() throws Exception {
    // Create pairwise client
    OIDCClientRepresentation pairwiseClient = createPairwise();
    // Login to pairwise client
    OAuthClient.AccessTokenResponse accessTokenResponse = login(pairwiseClient, "test-user@localhost", "password");
    // Verify tokens
    oauth.parseRefreshToken(accessTokenResponse.getAccessToken());
    IDToken idToken = oauth.verifyIDToken(accessTokenResponse.getIdToken());
    oauth.parseRefreshToken(accessTokenResponse.getRefreshToken());
    // Refresh token
    OAuthClient.AccessTokenResponse refreshTokenResponse = oauth.doRefreshTokenRequest(accessTokenResponse.getRefreshToken(), pairwiseClient.getClientSecret());
    // Verify refreshed tokens
    oauth.verifyToken(refreshTokenResponse.getAccessToken());
    RefreshToken refreshedRefreshToken = oauth.parseRefreshToken(refreshTokenResponse.getRefreshToken());
    IDToken refreshedIdToken = oauth.verifyIDToken(refreshTokenResponse.getIdToken());
    // If an ID Token is returned as a result of a token refresh request, the following requirements apply:
    // its iss Claim Value MUST be the same as in the ID Token issued when the original authentication occurred
    Assert.assertEquals(idToken.getIssuer(), refreshedRefreshToken.getIssuer());
    // its sub Claim Value MUST be the same as in the ID Token issued when the original authentication occurred
    Assert.assertEquals(idToken.getSubject(), refreshedRefreshToken.getSubject());
    // its iat Claim MUST represent the time that the new ID Token is issued
    Assert.assertEquals(refreshedIdToken.getIssuedAt(), refreshedRefreshToken.getIssuedAt());
    // if the ID Token contains an auth_time Claim, its value MUST represent the time of the original authentication
    // - not the time that the new ID token is issued
    Assert.assertEquals(idToken.getAuthTime(), refreshedIdToken.getAuthTime());
    // its azp Claim Value MUST be the same as in the ID Token issued when the original authentication occurred; if
    // no azp Claim was present in the original ID Token, one MUST NOT be present in the new ID Token
    Assert.assertEquals(idToken.getIssuedFor(), refreshedIdToken.getIssuedFor());
}
Also used : RefreshToken(org.keycloak.representations.RefreshToken) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) OAuthClient(org.keycloak.testsuite.util.OAuthClient) IDToken(org.keycloak.representations.IDToken) Test(org.junit.Test)

Example 40 with IDToken

use of org.keycloak.representations.IDToken in project keycloak by keycloak.

the class LevelOfAssuranceFlowTest method assertLoggedInWithAcr.

private void assertLoggedInWithAcr(String acr) {
    EventRepresentation loginEvent = events.expectLogin().detail(Details.USERNAME, "test-user@localhost").assertEvent();
    IDToken idToken = sendTokenRequestAndGetIDToken(loginEvent);
    Assert.assertEquals(acr, idToken.getAcr());
}
Also used : EventRepresentation(org.keycloak.representations.idm.EventRepresentation) IDToken(org.keycloak.representations.IDToken)

Aggregations

IDToken (org.keycloak.representations.IDToken)89 Test (org.junit.Test)57 OAuthClient (org.keycloak.testsuite.util.OAuthClient)53 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)25 EventRepresentation (org.keycloak.representations.idm.EventRepresentation)23 ProtocolMappersResource (org.keycloak.admin.client.resource.ProtocolMappersResource)18 AccessToken (org.keycloak.representations.AccessToken)18 HashMap (java.util.HashMap)16 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)16 ClientResource (org.keycloak.admin.client.resource.ClientResource)15 AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)14 Matchers.isEmptyOrNullString (org.hamcrest.Matchers.isEmptyOrNullString)13 ProtocolMapperRepresentation (org.keycloak.representations.idm.ProtocolMapperRepresentation)12 List (java.util.List)11 Map (java.util.Map)11 UserResource (org.keycloak.admin.client.resource.UserResource)11 GroupRepresentation (org.keycloak.representations.idm.GroupRepresentation)10 OIDCClientRepresentation (org.keycloak.representations.oidc.OIDCClientRepresentation)10 AbstractAdminTest (org.keycloak.testsuite.admin.AbstractAdminTest)9 RefreshToken (org.keycloak.representations.RefreshToken)5
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial