Example 1 with UserInfo
use of org.keycloak.representations.UserInfo in project keycloak by keycloak.
the class ServiceAccountTest method userInfoForServiceAccountWithoutRefreshTokenImpl.
@Test
public void userInfoForServiceAccountWithoutRefreshTokenImpl() throws Exception {
oauth.clientId("service-account-cl");
OAuthClient.AccessTokenResponse response = oauth.doClientCredentialsGrantAccessTokenRequest("secret1");
assertEquals(200, response.getStatusCode());
assertNull(response.getRefreshToken());
UserInfo info = oauth.doUserInfoRequest(response.getAccessToken());
assertEquals(200, response.getStatusCode());
assertEquals("service-account-service-account-cl", info.getPreferredUsername());
}
Also used :
OAuthClient(org.keycloak.testsuite.util.OAuthClient)
UserInfo(org.keycloak.representations.UserInfo)
AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)
Test(org.junit.Test)
Example 2 with UserInfo
use of org.keycloak.representations.UserInfo in project keycloak by keycloak.
the class ServiceAccountTest method userInfoForServiceAccountWithRefreshTokenImpl.
@Test
public void userInfoForServiceAccountWithRefreshTokenImpl() throws Exception {
oauth.clientId("service-account-cl-refresh-on");
OAuthClient.AccessTokenResponse response = oauth.doClientCredentialsGrantAccessTokenRequest("secret1");
assertEquals(200, response.getStatusCode());
assertNotNull(response.getRefreshToken());
UserInfo info = oauth.doUserInfoRequest(response.getAccessToken());
assertEquals(200, response.getStatusCode());
assertEquals("service-account-service-account-cl-refresh-on", info.getPreferredUsername());
HttpResponse logoutResponse = oauth.doLogout(response.getRefreshToken(), "secret1");
assertEquals(204, logoutResponse.getStatusLine().getStatusCode());
}
Also used :
OAuthClient(org.keycloak.testsuite.util.OAuthClient)
CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse)
HttpResponse(org.apache.http.HttpResponse)
UserInfo(org.keycloak.representations.UserInfo)
AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)
Test(org.junit.Test)
Example 3 with UserInfo
use of org.keycloak.representations.UserInfo in project keycloak by keycloak.
the class UserInfoTest method testSuccessSignedResponse.
@Test
public void testSuccessSignedResponse() throws Exception {
// Require signed userInfo request
ClientResource clientResource = ApiUtil.findClientByClientId(adminClient.realm("test"), "test-app");
ClientRepresentation clientRep = clientResource.toRepresentation();
OIDCAdvancedConfigWrapper.fromClientRepresentation(clientRep).setUserInfoSignedResponseAlg(Algorithm.RS256);
clientResource.update(clientRep);
// test signed response
Client client = AdminClientUtil.createResteasyClient();
try {
AccessTokenResponse accessTokenResponse = executeGrantAccessTokenRequest(client);
Response response = UserInfoClientUtil.executeUserInfoRequest_getMethod(client, accessTokenResponse.getToken());
events.expect(EventType.USER_INFO_REQUEST).session(Matchers.notNullValue(String.class)).detail(Details.AUTH_METHOD, Details.VALIDATE_ACCESS_TOKEN).detail(Details.USERNAME, "test-user@localhost").detail(Details.SIGNATURE_REQUIRED, "true").detail(Details.SIGNATURE_ALGORITHM, Algorithm.RS256.toString()).assertEvent();
// Check signature and content
PublicKey publicKey = PemUtils.decodePublicKey(ApiUtil.findActiveSigningKey(adminClient.realm("test")).getPublicKey());
Assert.assertEquals(200, response.getStatus());
Assert.assertEquals(response.getHeaderString(HttpHeaders.CONTENT_TYPE), MediaType.APPLICATION_JWT);
String signedResponse = response.readEntity(String.class);
response.close();
JWSInput jwsInput = new JWSInput(signedResponse);
Assert.assertTrue(RSAProvider.verify(jwsInput, publicKey));
UserInfo userInfo = JsonSerialization.readValue(jwsInput.getContent(), UserInfo.class);
Assert.assertNotNull(userInfo);
Assert.assertNotNull(userInfo.getSubject());
Assert.assertEquals("test-user@localhost", userInfo.getEmail());
Assert.assertEquals("test-user@localhost", userInfo.getPreferredUsername());
Assert.assertTrue(userInfo.hasAudience("test-app"));
String expectedIssuer = Urls.realmIssuer(new URI(AUTH_SERVER_ROOT), "test");
Assert.assertEquals(expectedIssuer, userInfo.getIssuer());
} finally {
client.close();
}
// Revert signed userInfo request
OIDCAdvancedConfigWrapper.fromClientRepresentation(clientRep).setUserInfoSignedResponseAlg(null);
clientResource.update(clientRep);
}
Also used :
AccessTokenResponse(org.keycloak.representations.AccessTokenResponse)
Response(javax.ws.rs.core.Response)
PublicKey(java.security.PublicKey)
ClientResource(org.keycloak.admin.client.resource.ClientResource)
UserInfo(org.keycloak.representations.UserInfo)
JWSInput(org.keycloak.jose.jws.JWSInput)
OAuthClient(org.keycloak.testsuite.util.OAuthClient)
Client(javax.ws.rs.client.Client)
AccessTokenResponse(org.keycloak.representations.AccessTokenResponse)
URI(java.net.URI)
ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)
AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)
Test(org.junit.Test)
Example 4 with UserInfo
use of org.keycloak.representations.UserInfo in project keycloak by keycloak.
the class OIDCAdvancedRequestParamsTest method processClaimsRequestParamSupported.
@Test
public void processClaimsRequestParamSupported() throws Exception {
String clientScopeId = null;
try {
for (ClientScopeRepresentation rep : adminClient.realm("test").clientScopes().findAll()) {
if (rep.getName().equals("profile")) {
clientScopeId = rep.getId();
break;
}
}
findClientResourceByClientId(adminClient.realm("test"), "test-app").removeDefaultClientScope(clientScopeId);
ClientResource app = findClientResourceByClientId(adminClient.realm("test"), "test-app");
ProtocolMappersResource res = app.getProtocolMappers();
res.createMapper(ModelToRepresentation.toRepresentation(ClaimsParameterTokenMapper.createMapper("claimsParameterTokenMapper", true, false))).close();
Map<String, Object> claims = ImmutableMap.of("id_token", ImmutableMap.of("email", ImmutableMap.of("essential", true), "preferred_username", ImmutableMap.of("essential", true), "family_name", ImmutableMap.of("essential", false), "given_name", ImmutableMap.of("wesentlich", true), "name", ImmutableMap.of("essential", true)), "userinfo", ImmutableMap.of("preferred_username", ImmutableMap.of("essential", "Ja"), "family_name", ImmutableMap.of("essential", true), "given_name", ImmutableMap.of("essential", true)));
Map<String, Object> oidcRequest = new HashMap<>();
oidcRequest.put(OIDCLoginProtocol.CLIENT_ID_PARAM, "test-app");
oidcRequest.put(OIDCLoginProtocol.RESPONSE_TYPE_PARAM, OAuth2Constants.CODE);
oidcRequest.put(OIDCLoginProtocol.REDIRECT_URI_PARAM, oauth.getRedirectUri());
oidcRequest.put(OIDCLoginProtocol.CLAIMS_PARAM, claims);
oidcRequest.put(OIDCLoginProtocol.SCOPE_PARAM, "openid");
String request = new JWSBuilder().jsonContent(oidcRequest).none();
oauth = oauth.request(request);
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
OAuthClient.AccessTokenResponse accessTokenResponse = sendTokenRequestAndGetResponse(loginEvent);
IDToken idToken = oauth.verifyIDToken(accessTokenResponse.getIdToken());
assertEquals("test-user@localhost", idToken.getEmail());
assertEquals("test-user@localhost", idToken.getPreferredUsername());
assertNull(idToken.getFamilyName());
assertNull(idToken.getGivenName());
assertEquals("Tom Brady", idToken.getName());
Client client = AdminClientUtil.createResteasyClient();
try {
Response response = UserInfoClientUtil.executeUserInfoRequest_getMethod(client, accessTokenResponse.getAccessToken());
UserInfo userInfo = response.readEntity(UserInfo.class);
assertEquals("test-user@localhost", userInfo.getEmail());
assertNull(userInfo.getPreferredUsername());
assertEquals("Brady", userInfo.getFamilyName());
assertEquals("Tom", userInfo.getGivenName());
assertNull(userInfo.getName());
} finally {
events.expect(EventType.USER_INFO_REQUEST).session(accessTokenResponse.getSessionState()).client("test-app").assertEvent();
client.close();
}
oauth.doLogout(accessTokenResponse.getRefreshToken(), "password");
events.expectLogout(accessTokenResponse.getSessionState()).client("test-app").clearDetails().assertEvent();
claims = ImmutableMap.of("id_token", ImmutableMap.of("test_claim", ImmutableMap.of("essential", true)), "access_token", ImmutableMap.of("email", ImmutableMap.of("essential", true), "preferred_username", ImmutableMap.of("essential", true), "family_name", ImmutableMap.of("essential", true), "given_name", ImmutableMap.of("essential", true), "name", ImmutableMap.of("essential", true)));
oidcRequest = new HashMap<>();
oidcRequest.put(OIDCLoginProtocol.CLIENT_ID_PARAM, "test-app");
oidcRequest.put(OIDCLoginProtocol.RESPONSE_TYPE_PARAM, OAuth2Constants.CODE);
oidcRequest.put(OIDCLoginProtocol.REDIRECT_URI_PARAM, oauth.getRedirectUri());
oidcRequest.put(OIDCLoginProtocol.CLAIMS_PARAM, claims);
oidcRequest.put(OIDCLoginProtocol.SCOPE_PARAM, "openid");
request = new JWSBuilder().jsonContent(oidcRequest).none();
oauth = oauth.request(request);
oauth.doLogin("test-user@localhost", "password");
loginEvent = events.expectLogin().assertEvent();
accessTokenResponse = sendTokenRequestAndGetResponse(loginEvent);
idToken = oauth.verifyIDToken(accessTokenResponse.getIdToken());
// "email" default scope still remains
assertEquals("test-user@localhost", idToken.getEmail());
assertNull(idToken.getPreferredUsername());
assertNull(idToken.getFamilyName());
assertNull(idToken.getGivenName());
assertNull(idToken.getName());
client = AdminClientUtil.createResteasyClient();
try {
Response response = UserInfoClientUtil.executeUserInfoRequest_getMethod(client, accessTokenResponse.getAccessToken());
UserInfo userInfo = response.readEntity(UserInfo.class);
assertEquals("test-user@localhost", userInfo.getEmail());
assertNull(userInfo.getPreferredUsername());
assertNull(userInfo.getFamilyName());
assertNull(userInfo.getGivenName());
assertNull(userInfo.getName());
} finally {
client.close();
}
} finally {
// revert "profile" default client scope
findClientResourceByClientId(adminClient.realm("test"), "test-app").addDefaultClientScope(clientScopeId);
}
}
Also used :
HashMap(java.util.HashMap)
MultivaluedHashMap(org.keycloak.common.util.MultivaluedHashMap)
OAuthClient(org.keycloak.testsuite.util.OAuthClient)
EventRepresentation(org.keycloak.representations.idm.EventRepresentation)
UserInfo(org.keycloak.representations.UserInfo)
JWSBuilder(org.keycloak.jose.jws.JWSBuilder)
Response(javax.ws.rs.core.Response)
ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation)
ClientResource(org.keycloak.admin.client.resource.ClientResource)
IDToken(org.keycloak.representations.IDToken)
OAuthClient(org.keycloak.testsuite.util.OAuthClient)
Client(javax.ws.rs.client.Client)
CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient)
ProtocolMappersResource(org.keycloak.admin.client.resource.ProtocolMappersResource)
AbstractAdminTest(org.keycloak.testsuite.admin.AbstractAdminTest)
Test(org.junit.Test)
AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)
Example 5 with UserInfo
use of org.keycloak.representations.UserInfo in project keycloak by keycloak.
the class OAuth2DeviceAuthorizationGrantTest method testPublicClientOptionalScope.
@Test
public void testPublicClientOptionalScope() throws Exception {
// Device Authorization Request from device - check giving optional scope phone
oauth.realm(REALM_NAME);
oauth.clientId(DEVICE_APP_PUBLIC);
OAuthClient.DeviceAuthorizationResponse response = null;
try {
oauth.scope("phone");
response = oauth.doDeviceAuthorizationRequest(DEVICE_APP_PUBLIC, null);
} finally {
oauth.scope(null);
}
Assert.assertEquals(200, response.getStatusCode());
assertNotNull(response.getDeviceCode());
assertNotNull(response.getUserCode());
assertNotNull(response.getVerificationUri());
assertNotNull(response.getVerificationUriComplete());
Assert.assertEquals(60, response.getExpiresIn());
Assert.assertEquals(5, response.getInterval());
openVerificationPage(response.getVerificationUriComplete());
// Do Login
oauth.fillLoginForm("device-login", "password");
// Consent
grantPage.assertCurrent();
grantPage.assertGrants(OAuthGrantPage.PROFILE_CONSENT_TEXT, OAuthGrantPage.EMAIL_CONSENT_TEXT, OAuthGrantPage.ROLES_CONSENT_TEXT, OAuthGrantPage.PHONE_CONSENT_TEXT);
grantPage.accept();
// Token request from device
OAuthClient.AccessTokenResponse tokenResponse = oauth.doDeviceTokenRequest(DEVICE_APP_PUBLIC, null, response.getDeviceCode());
Assert.assertEquals(200, tokenResponse.getStatusCode());
String tokenString = tokenResponse.getAccessToken();
assertNotNull(tokenString);
AccessToken token = oauth.verifyToken(tokenString);
assertNotNull(token);
UserInfo userInfo = oauth.doUserInfoRequest(tokenString);
assertNotNull(userInfo);
// UserInfo consists preferredUsername, email( required scopes) and phoneNumber(given optional scope)
Assert.assertEquals("device-login", userInfo.getPreferredUsername());
Assert.assertEquals("device-login@localhost", userInfo.getEmail());
Assert.assertEquals("211211211", userInfo.getPhoneNumber());
}
Also used :
OAuthClient(org.keycloak.testsuite.util.OAuthClient)
AccessToken(org.keycloak.representations.AccessToken)
UserInfo(org.keycloak.representations.UserInfo)
Test(org.junit.Test)
AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)
Aggregations
UserInfo (org.keycloak.representations.UserInfo)12
OAuthClient (org.keycloak.testsuite.util.OAuthClient)11
Test (org.junit.Test)10
AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)8
Client (javax.ws.rs.client.Client)7
Response (javax.ws.rs.core.Response)7
ClientResource (org.keycloak.admin.client.resource.ClientResource)4
AccessTokenResponse (org.keycloak.representations.AccessTokenResponse)4
AccessToken (org.keycloak.representations.AccessToken)3
ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)3
URI (java.net.URI)2
JWSInput (org.keycloak.jose.jws.JWSInput)2
IDToken (org.keycloak.representations.IDToken)2
EventRepresentation (org.keycloak.representations.idm.EventRepresentation)2
UserRepresentation (org.keycloak.representations.idm.UserRepresentation)2
JsonNode (com.fasterxml.jackson.databind.JsonNode)1
PublicKey (java.security.PublicKey)1
HashMap (java.util.HashMap)1
HttpResponse (org.apache.http.HttpResponse)1
CloseableHttpResponse (org.apache.http.client.methods.CloseableHttpResponse)1
