Examples with RefreshToken org.keycloak.representations.RefreshToken used on opensource projects

Search in sources :

Example 16 with RefreshToken

use of org.keycloak.representations.RefreshToken in project keycloak by keycloak.

the class OfflineTokenTest method browserOfflineTokenLogoutFollowedByLoginSameSession.

@Test
public void browserOfflineTokenLogoutFollowedByLoginSameSession() throws Exception {
    oauth.scope(OAuth2Constants.OFFLINE_ACCESS);
    oauth.clientId("offline-client");
    oauth.redirectUri(offlineClientAppUri);
    oauth.doLogin("test-user@localhost", "password");
    EventRepresentation loginEvent = events.expectLogin().client("offline-client").detail(Details.REDIRECT_URI, offlineClientAppUri).assertEvent();
    final String sessionId = loginEvent.getSessionId();
    String codeId = loginEvent.getDetails().get(Details.CODE_ID);
    String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
    OAuthClient.AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code, "secret1");
    oauth.verifyToken(tokenResponse.getAccessToken());
    String offlineTokenString = tokenResponse.getRefreshToken();
    RefreshToken offlineToken = oauth.parseRefreshToken(offlineTokenString);
    events.expectCodeToToken(codeId, sessionId).client("offline-client").detail(Details.REFRESH_TOKEN_TYPE, TokenUtil.TOKEN_TYPE_OFFLINE).assertEvent();
    assertEquals(TokenUtil.TOKEN_TYPE_OFFLINE, offlineToken.getType());
    assertEquals(0, offlineToken.getExpiration());
    String offlineUserSessionId = testingClient.server().fetch((KeycloakSession session) -> session.sessions().getOfflineUserSession(session.realms().getRealmByName("test"), offlineToken.getSessionState()).getId(), String.class);
    // logout offline session
    try (CloseableHttpResponse logoutResponse = oauth.doLogout(offlineTokenString, "secret1")) {
        assertEquals(204, logoutResponse.getStatusLine().getStatusCode());
    }
    events.expectLogout(offlineUserSessionId).client("offline-client").removeDetail(Details.REDIRECT_URI).assertEvent();
    // Need to login again now
    oauth.doLogin("test-user@localhost", "password");
    String code2 = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
    OAuthClient.AccessTokenResponse tokenResponse2 = oauth.doAccessTokenRequest(code2, "secret1");
    assertEquals(200, tokenResponse2.getStatusCode());
    oauth.verifyToken(tokenResponse2.getAccessToken());
    String offlineTokenString2 = tokenResponse2.getRefreshToken();
    RefreshToken offlineToken2 = oauth.parseRefreshToken(offlineTokenString2);
    loginEvent = events.expectLogin().client("offline-client").detail(Details.REDIRECT_URI, offlineClientAppUri).assertEvent();
    codeId = loginEvent.getDetails().get(Details.CODE_ID);
    events.expectCodeToToken(codeId, offlineToken2.getSessionState()).client("offline-client").detail(Details.REFRESH_TOKEN_TYPE, TokenUtil.TOKEN_TYPE_OFFLINE).assertEvent();
    assertEquals(TokenUtil.TOKEN_TYPE_OFFLINE, offlineToken2.getType());
    assertEquals(0, offlineToken2.getExpiration());
    // Assert session changed
    assertNotEquals(offlineToken.getSessionState(), offlineToken2.getSessionState());
}
Also used : RefreshToken(org.keycloak.representations.RefreshToken) OAuthClient(org.keycloak.testsuite.util.OAuthClient) KeycloakSession(org.keycloak.models.KeycloakSession) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test)

Example 17 with RefreshToken

use of org.keycloak.representations.RefreshToken in project keycloak by keycloak.

the class OfflineTokenTest method testOfflineSessionExpiration.

private void testOfflineSessionExpiration(int idleTime, int maxLifespan, int offset) {
    int[] prev = null;
    try {
        prev = changeOfflineSessionSettings(true, maxLifespan, idleTime);
        oauth.scope(OAuth2Constants.OFFLINE_ACCESS);
        oauth.clientId("offline-client");
        oauth.redirectUri(offlineClientAppUri);
        oauth.doLogin("test-user@localhost", "password");
        EventRepresentation loginEvent = events.expectLogin().client("offline-client").detail(Details.REDIRECT_URI, offlineClientAppUri).assertEvent();
        final String sessionId = loginEvent.getSessionId();
        String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
        OAuthClient.AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code, "secret1");
        String offlineTokenString = tokenResponse.getRefreshToken();
        RefreshToken offlineToken = oauth.parseRefreshToken(offlineTokenString);
        assertEquals(TokenUtil.TOKEN_TYPE_OFFLINE, offlineToken.getType());
        tokenResponse = oauth.doRefreshTokenRequest(offlineTokenString, "secret1");
        AccessToken refreshedToken = oauth.verifyToken(tokenResponse.getAccessToken());
        offlineTokenString = tokenResponse.getRefreshToken();
        offlineToken = oauth.parseRefreshToken(offlineTokenString);
        Assert.assertEquals(200, tokenResponse.getStatusCode());
        // wait to expire
        setTimeOffset(offset);
        tokenResponse = oauth.doRefreshTokenRequest(offlineTokenString, "secret1");
        Assert.assertEquals(400, tokenResponse.getStatusCode());
        assertEquals("invalid_grant", tokenResponse.getError());
        // Assert userSession expired
        testingClient.testing().removeExpired("test");
        try {
            testingClient.testing().removeUserSession("test", sessionId);
        } catch (NotFoundException nfe) {
        // Ignore
        }
        setTimeOffset(0);
    } finally {
        changeOfflineSessionSettings(false, prev[0], prev[1]);
    }
}
Also used : RefreshToken(org.keycloak.representations.RefreshToken) OAuthClient(org.keycloak.testsuite.util.OAuthClient) AccessToken(org.keycloak.representations.AccessToken) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) NotFoundException(javax.ws.rs.NotFoundException)

Example 18 with RefreshToken

use of org.keycloak.representations.RefreshToken in project keycloak by keycloak.

the class OfflineTokenTest method offlineTokenBrowserFlow.

@Test
public void offlineTokenBrowserFlow() throws Exception {
    oauth.scope(OAuth2Constants.OFFLINE_ACCESS);
    oauth.clientId("offline-client");
    oauth.redirectUri(offlineClientAppUri);
    oauth.doLogin("test-user@localhost", "password");
    EventRepresentation loginEvent = events.expectLogin().client("offline-client").detail(Details.REDIRECT_URI, offlineClientAppUri).assertEvent();
    final String sessionId = loginEvent.getSessionId();
    String codeId = loginEvent.getDetails().get(Details.CODE_ID);
    String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
    OAuthClient.AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code, "secret1");
    AccessToken token = oauth.verifyToken(tokenResponse.getAccessToken());
    String offlineTokenString = tokenResponse.getRefreshToken();
    RefreshToken offlineToken = oauth.parseRefreshToken(offlineTokenString);
    events.expectCodeToToken(codeId, sessionId).client("offline-client").detail(Details.REFRESH_TOKEN_TYPE, TokenUtil.TOKEN_TYPE_OFFLINE).assertEvent();
    assertEquals(TokenUtil.TOKEN_TYPE_OFFLINE, offlineToken.getType());
    assertEquals(0, offlineToken.getExpiration());
    assertTrue(tokenResponse.getScope().contains(OAuth2Constants.OFFLINE_ACCESS));
    String newRefreshTokenString = testRefreshWithOfflineToken(token, offlineToken, offlineTokenString, sessionId, userId);
    // Change offset to very big value to ensure offline session expires
    setTimeOffset(3000000);
    OAuthClient.AccessTokenResponse response = oauth.doRefreshTokenRequest(newRefreshTokenString, "secret1");
    RefreshToken newRefreshToken = oauth.parseRefreshToken(newRefreshTokenString);
    Assert.assertEquals(400, response.getStatusCode());
    assertEquals("invalid_grant", response.getError());
    events.expectRefresh(offlineToken.getId(), newRefreshToken.getSessionState()).client("offline-client").error(Errors.INVALID_TOKEN).user(userId).clearDetails().assertEvent();
    setTimeOffset(0);
}
Also used : RefreshToken(org.keycloak.representations.RefreshToken) OAuthClient(org.keycloak.testsuite.util.OAuthClient) AccessToken(org.keycloak.representations.AccessToken) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test)

Example 19 with RefreshToken

use of org.keycloak.representations.RefreshToken in project keycloak by keycloak.

the class OfflineTokenTest method testShortOfflineSessionMax.

@Test
public void testShortOfflineSessionMax() throws Exception {
    int[] prevOfflineSession = null;
    int[] prevSession = null;
    try {
        prevOfflineSession = changeOfflineSessionSettings(true, 60, 30);
        prevSession = changeSessionSettings(1800, 300);
        oauth.scope(OAuth2Constants.OFFLINE_ACCESS);
        oauth.clientId("offline-client");
        oauth.redirectUri(offlineClientAppUri);
        oauth.doLogin("test-user@localhost", "password");
        events.expectLogin().client("offline-client").detail(Details.REDIRECT_URI, offlineClientAppUri).assertEvent();
        String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
        OAuthClient.AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code, "secret1");
        String offlineTokenString = tokenResponse.getRefreshToken();
        RefreshToken offlineToken = oauth.parseRefreshToken(offlineTokenString);
        Assert.assertThat(tokenResponse.getExpiresIn(), allOf(greaterThanOrEqualTo(59), lessThanOrEqualTo(60)));
        Assert.assertThat(tokenResponse.getRefreshExpiresIn(), allOf(greaterThanOrEqualTo(29), lessThanOrEqualTo(30)));
        assertEquals(TokenUtil.TOKEN_TYPE_OFFLINE, offlineToken.getType());
        String introspectionResponse = oauth.introspectAccessTokenWithClientCredential("test-app", "password", tokenResponse.getAccessToken());
        ObjectMapper objectMapper = new ObjectMapper();
        JsonNode jsonNode = objectMapper.readTree(introspectionResponse);
        Assert.assertEquals(true, jsonNode.get("active").asBoolean());
        Assert.assertEquals("test-user@localhost", jsonNode.get("email").asText());
        Assert.assertThat(jsonNode.get("exp").asInt() - getCurrentTime(), allOf(greaterThanOrEqualTo(59), lessThanOrEqualTo(60)));
    } finally {
        changeOfflineSessionSettings(false, prevOfflineSession[0], prevOfflineSession[1]);
        changeSessionSettings(prevSession[0], prevSession[1]);
    }
}
Also used : RefreshToken(org.keycloak.representations.RefreshToken) OAuthClient(org.keycloak.testsuite.util.OAuthClient) JsonNode(com.fasterxml.jackson.databind.JsonNode) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test)

Example 20 with RefreshToken

use of org.keycloak.representations.RefreshToken in project keycloak by keycloak.

the class RefreshTokenTest method refreshTokenReuseTokenWithoutRefreshTokensRevoked.

@Test
public void refreshTokenReuseTokenWithoutRefreshTokensRevoked() throws Exception {
    try {
        oauth.doLogin("test-user@localhost", "password");
        EventRepresentation loginEvent = events.expectLogin().assertEvent();
        String sessionId = loginEvent.getSessionId();
        String codeId = loginEvent.getDetails().get(Details.CODE_ID);
        String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
        OAuthClient.AccessTokenResponse response1 = oauth.doAccessTokenRequest(code, "password");
        RefreshToken refreshToken1 = oauth.parseRefreshToken(response1.getRefreshToken());
        events.expectCodeToToken(codeId, sessionId).assertEvent();
        setTimeOffset(2);
        OAuthClient.AccessTokenResponse response2 = oauth.doRefreshTokenRequest(response1.getRefreshToken(), "password");
        assertEquals(200, response2.getStatusCode());
        events.expectRefresh(refreshToken1.getId(), sessionId).assertEvent();
        setTimeOffset(4);
        OAuthClient.AccessTokenResponse response3 = oauth.doRefreshTokenRequest(response1.getRefreshToken(), "password");
        assertEquals(200, response3.getStatusCode());
        events.expectRefresh(refreshToken1.getId(), sessionId).assertEvent();
    } finally {
        setTimeOffset(0);
    }
}
Also used : RefreshToken(org.keycloak.representations.RefreshToken) OAuthClient(org.keycloak.testsuite.util.OAuthClient) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test)

Aggregations

RefreshToken (org.keycloak.representations.RefreshToken)68 OAuthClient (org.keycloak.testsuite.util.OAuthClient)50 AccessToken (org.keycloak.representations.AccessToken)45 Test (org.junit.Test)34 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)29 EventRepresentation (org.keycloak.representations.idm.EventRepresentation)27 JWSInput (org.keycloak.jose.jws.JWSInput)10 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)6 AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)6 IOException (java.io.IOException)5 HttpResponse (org.apache.http.HttpResponse)5 JWSHeader (org.keycloak.jose.jws.JWSHeader)5 IDToken (org.keycloak.representations.IDToken)5 CloseableHttpResponse (org.apache.http.client.methods.CloseableHttpResponse)4 ClientResource (org.keycloak.admin.client.resource.ClientResource)4 OIDCClientRepresentation (org.keycloak.representations.oidc.OIDCClientRepresentation)4 ClientPolicyException (org.keycloak.services.clientpolicy.ClientPolicyException)4 AccessTokenResponse (org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse)4 KeyPair (java.security.KeyPair)3 PrivateKey (java.security.PrivateKey)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial