Examples with RefreshToken org.keycloak.representations.RefreshToken used on opensource projects

Search in sources :

Example 26 with RefreshToken

use of org.keycloak.representations.RefreshToken in project keycloak by keycloak.

the class ClientAuthSignedJWTTest method assertSuccess.

private void assertSuccess(OAuthClient.AccessTokenResponse response, String clientId, String userId, String userName) {
    assertEquals(200, response.getStatusCode());
    AccessToken accessToken = oauth.verifyToken(response.getAccessToken());
    RefreshToken refreshToken = oauth.parseRefreshToken(response.getRefreshToken());
    events.expectClientLogin().client(clientId).user(userId).session(accessToken.getSessionState()).detail(Details.TOKEN_ID, accessToken.getId()).detail(Details.REFRESH_TOKEN_ID, refreshToken.getId()).detail(Details.USERNAME, userName).detail(Details.CLIENT_AUTH_METHOD, JWTClientAuthenticator.PROVIDER_ID).assertEvent();
}
Also used : RefreshToken(org.keycloak.representations.RefreshToken) AccessToken(org.keycloak.representations.AccessToken)

Example 27 with RefreshToken

use of org.keycloak.representations.RefreshToken in project keycloak by keycloak.

the class ClientAuthSignedJWTTest method testClientWithGeneratedKeys.

private void testClientWithGeneratedKeys(String format) throws Exception {
    ClientRepresentation client = app3;
    UserRepresentation user = defaultUser;
    final String keyAlias = "somekey";
    final String keyPassword = "pwd1";
    final String storePassword = "pwd2";
    // Generate new keystore (which is intended for sending to the user and store in a client app)
    // with public/private keys; in KC, store the certificate itself
    KeyStoreConfig keyStoreConfig = new KeyStoreConfig();
    keyStoreConfig.setFormat(format);
    keyStoreConfig.setKeyPassword(keyPassword);
    keyStoreConfig.setStorePassword(storePassword);
    keyStoreConfig.setKeyAlias(keyAlias);
    client = getClient(testRealm.getRealm(), client.getId()).toRepresentation();
    final String certOld = client.getAttributes().get(JWTClientAuthenticator.CERTIFICATE_ATTR);
    // Generate the keystore and save the new certificate in client (in KC)
    byte[] keyStoreBytes = getClientAttributeCertificateResource(testRealm.getRealm(), client.getId()).generateAndGetKeystore(keyStoreConfig);
    ByteArrayInputStream keyStoreIs = new ByteArrayInputStream(keyStoreBytes);
    KeyStore keyStore = getKeystore(keyStoreIs, storePassword, format);
    keyStoreIs.close();
    client = getClient(testRealm.getRealm(), client.getId()).toRepresentation();
    X509Certificate x509Cert = (X509Certificate) keyStore.getCertificate(keyAlias);
    assertCertificate(client, certOld, KeycloakModelUtils.getPemFromCertificate(x509Cert));
    // Try to login with the new keys
    oauth.clientId(client.getClientId());
    PrivateKey privateKey = (PrivateKey) keyStore.getKey(keyAlias, keyPassword.toCharArray());
    KeyPair keyPair = new KeyPair(x509Cert.getPublicKey(), privateKey);
    OAuthClient.AccessTokenResponse response = doGrantAccessTokenRequest(user.getUsername(), user.getCredentials().get(0).getValue(), getClientSignedJWT(keyPair, client.getClientId()));
    assertEquals(200, response.getStatusCode());
    AccessToken accessToken = oauth.verifyToken(response.getAccessToken());
    RefreshToken refreshToken = oauth.parseRefreshToken(response.getRefreshToken());
    events.expectLogin().client(client.getClientId()).session(accessToken.getSessionState()).detail(Details.GRANT_TYPE, OAuth2Constants.PASSWORD).detail(Details.TOKEN_ID, accessToken.getId()).detail(Details.REFRESH_TOKEN_ID, refreshToken.getId()).detail(Details.USERNAME, user.getUsername()).detail(Details.CLIENT_AUTH_METHOD, JWTClientAuthenticator.PROVIDER_ID).removeDetail(Details.CODE_ID).removeDetail(Details.REDIRECT_URI).removeDetail(Details.CONSENT).assertEvent();
}
Also used : KeyPair(java.security.KeyPair) PrivateKey(java.security.PrivateKey) OAuthClient(org.keycloak.testsuite.util.OAuthClient) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) RefreshToken(org.keycloak.representations.RefreshToken) ByteArrayInputStream(java.io.ByteArrayInputStream) AccessToken(org.keycloak.representations.AccessToken) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) KeyStoreConfig(org.keycloak.representations.KeyStoreConfig)

Example 28 with RefreshToken

use of org.keycloak.representations.RefreshToken in project keycloak by keycloak.

the class AbstractGroupTest method login.

AccessToken login(String login, String clientId, String clientSecret, String userId) throws Exception {
    AccessTokenResponse tokenResponse = oauth.doGrantAccessTokenRequest("test", login, "password", null, clientId, clientSecret);
    String accessToken = tokenResponse.getAccessToken();
    String refreshToken = tokenResponse.getRefreshToken();
    PublicKey publicKey = PemUtils.decodePublicKey(ApiUtil.findActiveSigningKey(adminClient.realm("test")).getPublicKey());
    AccessToken accessTokenRepresentation = RSATokenVerifier.verifyToken(accessToken, publicKey, getAuthServerContextRoot() + "/auth/realms/test");
    JWSInput jws = new JWSInput(refreshToken);
    RefreshToken refreshTokenRepresentation = jws.readJsonContent(RefreshToken.class);
    events.expectLogin().client(clientId).user(userId).detail(Details.GRANT_TYPE, OAuth2Constants.PASSWORD).detail(Details.TOKEN_ID, accessTokenRepresentation.getId()).detail(Details.REFRESH_TOKEN_ID, refreshTokenRepresentation.getId()).detail(Details.USERNAME, login).removeDetail(Details.CODE_ID).removeDetail(Details.REDIRECT_URI).removeDetail(Details.CONSENT).assertEvent();
    return accessTokenRepresentation;
}
Also used : RefreshToken(org.keycloak.representations.RefreshToken) PublicKey(java.security.PublicKey) AccessToken(org.keycloak.representations.AccessToken) JWSInput(org.keycloak.jose.jws.JWSInput) AccessTokenResponse(org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse)

Example 29 with RefreshToken

use of org.keycloak.representations.RefreshToken in project keycloak by keycloak.

the class ClientStorageTest method offlineTokenDirectGrantFlowNoRefresh.

public void offlineTokenDirectGrantFlowNoRefresh(String clientId) throws Exception {
    oauth.scope(OAuth2Constants.OFFLINE_ACCESS);
    oauth.clientId(clientId);
    OAuthClient.AccessTokenResponse tokenResponse = oauth.doGrantAccessTokenRequest("password", "test-user@localhost", "password");
    Assert.assertNull(tokenResponse.getErrorDescription());
    AccessToken token = oauth.verifyToken(tokenResponse.getAccessToken());
    String offlineTokenString = tokenResponse.getRefreshToken();
    RefreshToken offlineToken = oauth.parseRefreshToken(offlineTokenString);
}
Also used : RefreshToken(org.keycloak.representations.RefreshToken) OAuthClient(org.keycloak.testsuite.util.OAuthClient) AccessToken(org.keycloak.representations.AccessToken)

Example 30 with RefreshToken

use of org.keycloak.representations.RefreshToken in project keycloak by keycloak.

the class UserStorageFailureTest method testKeycloak5350.

// this is a hack so that UserModel doesn't have to be available when offline token is imported.
// see related JIRA - KEYCLOAK-5350 and corresponding test
/**
 *  KEYCLOAK-5350
 */
@Test
public void testKeycloak5350() throws Exception {
    ContainerAssume.assumeNotAuthServerRemote();
    oauth.scope(OAuth2Constants.OFFLINE_ACCESS);
    oauth.clientId("offline-client");
    oauth.redirectUri(OAuthClient.AUTH_SERVER_ROOT + "/offline-client");
    oauth.doLogin(FailableHardcodedStorageProvider.username, "password");
    EventRepresentation loginEvent = events.expectLogin().user(AssertEvents.isUUID()).client("offline-client").detail(Details.REDIRECT_URI, OAuthClient.AUTH_SERVER_ROOT + "/offline-client").assertEvent();
    final String sessionId = loginEvent.getSessionId();
    String codeId = loginEvent.getDetails().get(Details.CODE_ID);
    String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
    OAuthClient.AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code, "secret");
    AccessToken token = oauth.verifyToken(tokenResponse.getAccessToken());
    String offlineTokenString = tokenResponse.getRefreshToken();
    RefreshToken offlineToken = oauth.parseRefreshToken(offlineTokenString);
    events.clear();
    evictUser(FailableHardcodedStorageProvider.username);
    toggleForceFail(true);
    // make sure failure is turned on
    testingClient.server().run(session -> {
        RealmModel realm = session.realms().getRealmByName(AuthRealm.TEST);
        try {
            UserModel user = session.users().getUserByUsername(realm, FailableHardcodedStorageProvider.username);
            Assert.fail();
        } catch (Exception e) {
            Assert.assertEquals("FORCED FAILURE", e.getMessage());
        }
    });
    controller.stop(suiteContext.getAuthServerInfo().getQualifier());
    controller.start(suiteContext.getAuthServerInfo().getQualifier());
    reconnectAdminClient();
    toggleForceFail(false);
    // test that once user storage provider is available again we can still access the token.
    tokenResponse = oauth.doRefreshTokenRequest(offlineTokenString, "secret");
    Assert.assertNotNull(tokenResponse.getAccessToken());
    token = oauth.verifyToken(tokenResponse.getAccessToken());
    offlineTokenString = tokenResponse.getRefreshToken();
    offlineToken = oauth.parseRefreshToken(offlineTokenString);
    events.clear();
}
Also used : RealmModel(org.keycloak.models.RealmModel) UserModel(org.keycloak.models.UserModel) CachedUserModel(org.keycloak.models.cache.CachedUserModel) RefreshToken(org.keycloak.representations.RefreshToken) OAuthClient(org.keycloak.testsuite.util.OAuthClient) AccessToken(org.keycloak.representations.AccessToken) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Aggregations

RefreshToken (org.keycloak.representations.RefreshToken)68 OAuthClient (org.keycloak.testsuite.util.OAuthClient)50 AccessToken (org.keycloak.representations.AccessToken)45 Test (org.junit.Test)34 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)29 EventRepresentation (org.keycloak.representations.idm.EventRepresentation)27 JWSInput (org.keycloak.jose.jws.JWSInput)10 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)6 AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)6 IOException (java.io.IOException)5 HttpResponse (org.apache.http.HttpResponse)5 JWSHeader (org.keycloak.jose.jws.JWSHeader)5 IDToken (org.keycloak.representations.IDToken)5 CloseableHttpResponse (org.apache.http.client.methods.CloseableHttpResponse)4 ClientResource (org.keycloak.admin.client.resource.ClientResource)4 OIDCClientRepresentation (org.keycloak.representations.oidc.OIDCClientRepresentation)4 ClientPolicyException (org.keycloak.services.clientpolicy.ClientPolicyException)4 AccessTokenResponse (org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse)4 KeyPair (java.security.KeyPair)3 PrivateKey (java.security.PrivateKey)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial