Examples with RefreshToken org.keycloak.representations.RefreshToken used on opensource projects

Search in sources :

Example 66 with RefreshToken

use of org.keycloak.representations.RefreshToken in project keycloak by keycloak.

the class HolderOfKeyEnforcerExecutor method checkLogout.

private void checkLogout(LogoutRequestContext context, HttpRequest request) throws ClientPolicyException {
    MultivaluedMap<String, String> formParameters = context.getParams();
    String encodedRefreshToken = formParameters.getFirst(OAuth2Constants.REFRESH_TOKEN);
    RefreshToken refreshToken = session.tokens().decode(encodedRefreshToken, RefreshToken.class);
    if (refreshToken == null) {
        // this executor does not treat this error case.
        return;
    }
    if (!MtlsHoKTokenUtil.verifyTokenBindingWithClientCertificate(refreshToken, request, session)) {
        throw new ClientPolicyException(Errors.NOT_ALLOWED, MtlsHoKTokenUtil.CERT_VERIFY_ERROR_DESC, Response.Status.UNAUTHORIZED);
    }
}
Also used : RefreshToken(org.keycloak.representations.RefreshToken) ClientPolicyException(org.keycloak.services.clientpolicy.ClientPolicyException)

Example 67 with RefreshToken

use of org.keycloak.representations.RefreshToken in project keycloak by keycloak.

the class ParTest method testSuccessfulSinglePar.

// success with one client conducting one authz request
@Test
public void testSuccessfulSinglePar() throws Exception {
    try {
        // setup PAR realm settings
        int requestUriLifespan = 45;
        setParRealmSettings(requestUriLifespan);
        // create client dynamically
        String clientId = createClientDynamically(generateSuffixedName(CLIENT_NAME), (OIDCClientRepresentation clientRep) -> {
            clientRep.setRequirePushedAuthorizationRequests(Boolean.TRUE);
            clientRep.setRedirectUris(new ArrayList<String>(Arrays.asList(CLIENT_REDIRECT_URI)));
        });
        OIDCClientRepresentation oidcCRep = getClientDynamically(clientId);
        String clientSecret = oidcCRep.getClientSecret();
        assertEquals(Boolean.TRUE, oidcCRep.getRequirePushedAuthorizationRequests());
        assertTrue(oidcCRep.getRedirectUris().contains(CLIENT_REDIRECT_URI));
        assertEquals(OIDCLoginProtocol.CLIENT_SECRET_BASIC, oidcCRep.getTokenEndpointAuthMethod());
        // Pushed Authorization Request
        oauth.clientId(clientId);
        oauth.redirectUri(CLIENT_REDIRECT_URI);
        ParResponse pResp = oauth.doPushedAuthorizationRequest(clientId, clientSecret);
        assertEquals(201, pResp.getStatusCode());
        String requestUri = pResp.getRequestUri();
        assertEquals(requestUriLifespan, pResp.getExpiresIn());
        // Authorization Request with request_uri of PAR
        // remove parameters as query strings of uri
        oauth.redirectUri(null);
        oauth.scope(null);
        oauth.responseType(null);
        oauth.requestUri(requestUri);
        String state = oauth.stateParamRandom().getState();
        oauth.stateParamHardcoded(state);
        OAuthClient.AuthorizationEndpointResponse loginResponse = oauth.doLogin(TEST_USER_NAME, TEST_USER_PASSWORD);
        assertEquals(state, loginResponse.getState());
        String code = loginResponse.getCode();
        String sessionId = loginResponse.getSessionState();
        // Token Request
        // get tokens, it needed. https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.3
        oauth.redirectUri(CLIENT_REDIRECT_URI);
        OAuthClient.AccessTokenResponse res = oauth.doAccessTokenRequest(code, clientSecret);
        assertEquals(200, res.getStatusCode());
        AccessToken token = oauth.verifyToken(res.getAccessToken());
        String userId = findUserByUsername(adminClient.realm(REALM_NAME), TEST_USER_NAME).getId();
        assertEquals(userId, token.getSubject());
        assertEquals(sessionId, token.getSessionState());
        Assert.assertNotEquals(TEST_USER_NAME, token.getSubject());
        assertEquals(clientId, token.getIssuedFor());
        // Token Refresh
        String refreshTokenString = res.getRefreshToken();
        RefreshToken refreshToken = oauth.parseRefreshToken(refreshTokenString);
        assertEquals(sessionId, refreshToken.getSessionState());
        assertEquals(clientId, refreshToken.getIssuedFor());
        OAuthClient.AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(refreshTokenString, clientSecret);
        assertEquals(200, refreshResponse.getStatusCode());
        AccessToken refreshedToken = oauth.verifyToken(refreshResponse.getAccessToken());
        RefreshToken refreshedRefreshToken = oauth.parseRefreshToken(refreshResponse.getRefreshToken());
        assertEquals(sessionId, refreshedToken.getSessionState());
        assertEquals(sessionId, refreshedRefreshToken.getSessionState());
        assertEquals(findUserByUsername(adminClient.realm(REALM_NAME), TEST_USER_NAME).getId(), refreshedToken.getSubject());
        // Logout
        oauth.doLogout(refreshResponse.getRefreshToken(), clientSecret);
        refreshResponse = oauth.doRefreshTokenRequest(refreshResponse.getRefreshToken(), clientSecret);
        assertEquals(400, refreshResponse.getStatusCode());
    } finally {
        restoreParRealmSettings();
    }
}
Also used : RefreshToken(org.keycloak.representations.RefreshToken) ParResponse(org.keycloak.testsuite.util.OAuthClient.ParResponse) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) OAuthClient(org.keycloak.testsuite.util.OAuthClient) AccessToken(org.keycloak.representations.AccessToken) AbstractClientPoliciesTest(org.keycloak.testsuite.client.AbstractClientPoliciesTest) Test(org.junit.Test)

Example 68 with RefreshToken

use of org.keycloak.representations.RefreshToken in project keycloak by keycloak.

the class ParTest method doNormalAuthzProcess.

private void doNormalAuthzProcess(String requestUri, String redirectUrl, String clientId, String clientSecret) {
    // Authorization Request with request_uri of PAR
    // remove parameters as query strings of uri
    oauth.redirectUri(null);
    oauth.scope(null);
    oauth.responseType(null);
    oauth.requestUri(requestUri);
    String state = oauth.stateParamRandom().getState();
    oauth.stateParamHardcoded(state);
    OAuthClient.AuthorizationEndpointResponse loginResponse = oauth.doLogin(TEST_USER_NAME, TEST_USER_PASSWORD);
    assertEquals(state, loginResponse.getState());
    String code = loginResponse.getCode();
    String sessionId = loginResponse.getSessionState();
    // Token Request
    // get tokens, it needed. https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.3
    oauth.redirectUri(redirectUrl);
    OAuthClient.AccessTokenResponse res = oauth.doAccessTokenRequest(code, clientSecret);
    assertEquals(200, res.getStatusCode());
    AccessToken token = oauth.verifyToken(res.getAccessToken());
    String userId = findUserByUsername(adminClient.realm(REALM_NAME), TEST_USER_NAME).getId();
    assertEquals(userId, token.getSubject());
    assertEquals(sessionId, token.getSessionState());
    Assert.assertNotEquals(TEST_USER_NAME, token.getSubject());
    assertEquals(clientId, token.getIssuedFor());
    // Token Refresh
    String refreshTokenString = res.getRefreshToken();
    RefreshToken refreshToken = oauth.parseRefreshToken(refreshTokenString);
    assertEquals(sessionId, refreshToken.getSessionState());
    assertEquals(clientId, refreshToken.getIssuedFor());
    OAuthClient.AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(refreshTokenString, clientSecret);
    assertEquals(200, refreshResponse.getStatusCode());
    AccessToken refreshedToken = oauth.verifyToken(refreshResponse.getAccessToken());
    RefreshToken refreshedRefreshToken = oauth.parseRefreshToken(refreshResponse.getRefreshToken());
    assertEquals(sessionId, refreshedToken.getSessionState());
    assertEquals(sessionId, refreshedRefreshToken.getSessionState());
    assertEquals(findUserByUsername(adminClient.realm(REALM_NAME), TEST_USER_NAME).getId(), refreshedToken.getSubject());
    // Logout
    oauth.doLogout(refreshResponse.getRefreshToken(), clientSecret);
    refreshResponse = oauth.doRefreshTokenRequest(refreshResponse.getRefreshToken(), clientSecret);
    assertEquals(400, refreshResponse.getStatusCode());
}
Also used : RefreshToken(org.keycloak.representations.RefreshToken) OAuthClient(org.keycloak.testsuite.util.OAuthClient) AccessToken(org.keycloak.representations.AccessToken)

Aggregations

RefreshToken (org.keycloak.representations.RefreshToken)68 OAuthClient (org.keycloak.testsuite.util.OAuthClient)50 AccessToken (org.keycloak.representations.AccessToken)45 Test (org.junit.Test)34 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)29 EventRepresentation (org.keycloak.representations.idm.EventRepresentation)27 JWSInput (org.keycloak.jose.jws.JWSInput)10 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)6 AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)6 IOException (java.io.IOException)5 HttpResponse (org.apache.http.HttpResponse)5 JWSHeader (org.keycloak.jose.jws.JWSHeader)5 IDToken (org.keycloak.representations.IDToken)5 CloseableHttpResponse (org.apache.http.client.methods.CloseableHttpResponse)4 ClientResource (org.keycloak.admin.client.resource.ClientResource)4 OIDCClientRepresentation (org.keycloak.representations.oidc.OIDCClientRepresentation)4 ClientPolicyException (org.keycloak.services.clientpolicy.ClientPolicyException)4 AccessTokenResponse (org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse)4 KeyPair (java.security.KeyPair)3 PrivateKey (java.security.PrivateKey)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial