Search in sources :

Example 1 with ClientInitialAccessCreatePresentation

use of org.keycloak.representations.idm.ClientInitialAccessCreatePresentation in project keycloak by keycloak.

the class FluentTestsHelper method generateInitialAccessToken.

protected String generateInitialAccessToken() {
    ClientInitialAccessCreatePresentation rep = new ClientInitialAccessCreatePresentation();
    rep.setCount(2);
    rep.setExpiration(180);
    ClientInitialAccessPresentation initialAccess = keycloak.realms().realm(testRealm).clientInitialAccess().create(rep);
    return initialAccess.getToken();
}
Also used : ClientInitialAccessCreatePresentation(org.keycloak.representations.idm.ClientInitialAccessCreatePresentation) ClientInitialAccessPresentation(org.keycloak.representations.idm.ClientInitialAccessPresentation)

Example 2 with ClientInitialAccessCreatePresentation

use of org.keycloak.representations.idm.ClientInitialAccessCreatePresentation in project keycloak by keycloak.

the class KeyRotationTest method testTokens.

@Test
public void testTokens() throws Exception {
    // Create keys #1
    Map<String, String> keys1 = createKeys1();
    // Get token with keys #1
    oauth.doLogin("test-user@localhost", "password");
    OAuthClient.AccessTokenResponse response = oauth.doAccessTokenRequest(oauth.getCurrentQuery().get("code"), "password");
    assertEquals(200, response.getStatusCode());
    assertTokenKid(keys1.get(Algorithm.RS256), response.getAccessToken());
    assertTokenKid(keys1.get(Algorithm.HS256), response.getRefreshToken());
    // Create client with keys #1
    ClientInitialAccessCreatePresentation initialToken = new ClientInitialAccessCreatePresentation();
    initialToken.setCount(100);
    initialToken.setExpiration(0);
    ClientInitialAccessPresentation accessRep = adminClient.realm("test").clientInitialAccess().create(initialToken);
    String initialAccessToken = accessRep.getToken();
    ClientRegistration reg = ClientRegistration.create().url(suiteContext.getAuthServerInfo().getContextRoot() + "/auth", "test").build();
    reg.auth(Auth.token(initialAccessToken));
    ClientRepresentation clientRep = reg.create(ClientBuilder.create().clientId("test").build());
    // Userinfo with keys #1
    assertUserInfo(response.getAccessToken(), 200);
    // Token introspection with keys #1
    assertTokenIntrospection(response.getAccessToken(), true);
    // Get client with keys #1 - registration access token should not have changed
    ClientRepresentation clientRep2 = reg.auth(Auth.token(clientRep.getRegistrationAccessToken())).get("test");
    assertEquals(clientRep.getRegistrationAccessToken(), clientRep2.getRegistrationAccessToken());
    // Create keys #2
    Map<String, String> keys2 = createKeys2();
    assertNotEquals(keys1.get(Algorithm.RS256), keys2.get(Algorithm.RS256));
    assertNotEquals(keys1.get(Algorithm.HS256), keys2.get(Algorithm.HS512));
    // Refresh token with keys #2
    response = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
    assertEquals(200, response.getStatusCode());
    assertTokenKid(keys2.get(Algorithm.RS256), response.getAccessToken());
    assertTokenKid(keys2.get(Algorithm.HS256), response.getRefreshToken());
    // Userinfo with keys #2
    assertUserInfo(response.getAccessToken(), 200);
    // Token introspection with keys #2
    assertTokenIntrospection(response.getAccessToken(), true);
    // Get client with keys #2 - registration access token should be changed
    ClientRepresentation clientRep3 = reg.auth(Auth.token(clientRep.getRegistrationAccessToken())).get("test");
    assertNotEquals(clientRep.getRegistrationAccessToken(), clientRep3.getRegistrationAccessToken());
    // Drop key #1
    dropKeys1();
    // Refresh token with keys #1 dropped - should pass as refresh token should be signed with key #2
    response = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
    assertTokenKid(keys2.get(Algorithm.RS256), response.getAccessToken());
    assertTokenKid(keys2.get(Algorithm.HS256), response.getRefreshToken());
    // Userinfo with keys #1 dropped
    assertUserInfo(response.getAccessToken(), 200);
    // Token introspection with keys #1 dropped
    assertTokenIntrospection(response.getAccessToken(), true);
    // Get client with keys #1 - should fail
    try {
        reg.auth(Auth.token(clientRep.getRegistrationAccessToken())).get("test");
        fail("Expected to fail");
    } catch (ClientRegistrationException e) {
    }
    // Get client with keys #2 - should succeed
    ClientRepresentation clientRep4 = reg.auth(Auth.token(clientRep3.getRegistrationAccessToken())).get("test");
    assertNotEquals(clientRep2.getRegistrationAccessToken(), clientRep4.getRegistrationAccessToken());
    // Drop key #2
    dropKeys2();
    // Userinfo with keys #2 dropped
    assertUserInfo(response.getAccessToken(), 401);
    // Token introspection with keys #2 dropped
    assertTokenIntrospection(response.getAccessToken(), false);
    // Refresh token with keys #2 dropped - should fail as refresh token is signed with key #2
    response = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
    assertEquals(400, response.getStatusCode());
    assertEquals("Invalid refresh token", response.getErrorDescription());
}
Also used : ClientRegistration(org.keycloak.client.registration.ClientRegistration) OAuthClient(org.keycloak.testsuite.util.OAuthClient) ClientRegistrationException(org.keycloak.client.registration.ClientRegistrationException) ClientInitialAccessCreatePresentation(org.keycloak.representations.idm.ClientInitialAccessCreatePresentation) ClientInitialAccessPresentation(org.keycloak.representations.idm.ClientInitialAccessPresentation) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) Test(org.junit.Test) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)

Example 3 with ClientInitialAccessCreatePresentation

use of org.keycloak.representations.idm.ClientInitialAccessCreatePresentation in project keycloak by keycloak.

the class InitialAccessTokenResourceTest method testInitialAccessTokens.

@Test
// Time difference is possible on remote server
@AuthServerContainerExclude(AuthServer.REMOTE)
public void testInitialAccessTokens() {
    ClientInitialAccessCreatePresentation rep = new ClientInitialAccessCreatePresentation();
    rep.setCount(2);
    rep.setExpiration(100);
    int time = Time.currentTime();
    ClientInitialAccessPresentation response = resource.create(rep);
    assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientInitialAccessPath(response.getId()), rep, ResourceType.CLIENT_INITIAL_ACCESS_MODEL);
    assertNotNull(response.getId());
    assertEquals(new Integer(2), response.getCount());
    assertEquals(new Integer(2), response.getRemainingCount());
    assertEquals(new Integer(100), response.getExpiration());
    assertThat(response.getTimestamp(), allOf(greaterThanOrEqualTo(time), lessThanOrEqualTo(Time.currentTime())));
    assertNotNull(response.getToken());
    rep.setCount(3);
    response = resource.create(rep);
    assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientInitialAccessPath(response.getId()), rep, ResourceType.CLIENT_INITIAL_ACCESS_MODEL);
    rep.setCount(4);
    response = resource.create(rep);
    String lastId = response.getId();
    assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientInitialAccessPath(lastId), rep, ResourceType.CLIENT_INITIAL_ACCESS_MODEL);
    List<ClientInitialAccessPresentation> list = resource.list();
    assertEquals(3, list.size());
    assertEquals(9, list.get(0).getCount() + list.get(1).getCount() + list.get(2).getCount());
    assertNull(list.get(0).getToken());
    // Delete last and assert it was deleted
    resource.delete(lastId);
    assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.clientInitialAccessPath(lastId), ResourceType.CLIENT_INITIAL_ACCESS_MODEL);
    list = resource.list();
    assertEquals(2, list.size());
    assertEquals(5, list.get(0).getCount() + list.get(1).getCount());
}
Also used : ClientInitialAccessCreatePresentation(org.keycloak.representations.idm.ClientInitialAccessCreatePresentation) ClientInitialAccessPresentation(org.keycloak.representations.idm.ClientInitialAccessPresentation) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) Test(org.junit.Test)

Example 4 with ClientInitialAccessCreatePresentation

use of org.keycloak.representations.idm.ClientInitialAccessCreatePresentation in project keycloak by keycloak.

the class InitialAccessTokenTest method createMultiple.

@Test
public void createMultiple() throws ClientRegistrationException {
    ClientInitialAccessPresentation response = resource.create(new ClientInitialAccessCreatePresentation(0, 2));
    reg.auth(Auth.token(response));
    ClientRepresentation rep = new ClientRepresentation();
    ClientRepresentation created = reg.create(rep);
    Assert.assertNotNull(created);
    created = reg.create(rep);
    Assert.assertNotNull(created);
    try {
        reg.create(rep);
        Assert.fail("Expected exception");
    } catch (ClientRegistrationException e) {
        assertEquals(401, ((HttpErrorException) e.getCause()).getStatusLine().getStatusCode());
    }
}
Also used : ClientRegistrationException(org.keycloak.client.registration.ClientRegistrationException) ClientInitialAccessCreatePresentation(org.keycloak.representations.idm.ClientInitialAccessCreatePresentation) ClientInitialAccessPresentation(org.keycloak.representations.idm.ClientInitialAccessPresentation) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) Test(org.junit.Test)

Example 5 with ClientInitialAccessCreatePresentation

use of org.keycloak.representations.idm.ClientInitialAccessCreatePresentation in project keycloak by keycloak.

the class InitialAccessTokenTest method createWithES256.

@Test
public void createWithES256() throws JWSInputException, ClientRegistrationException {
    try {
        TokenSignatureUtil.changeRealmTokenSignatureProvider(adminClient, Algorithm.ES256);
        ClientInitialAccessPresentation response = resource.create(new ClientInitialAccessCreatePresentation());
        reg.auth(Auth.token(response));
        String token = response.getToken();
        JWSHeader header = new JWSInput(token).getHeader();
        assertEquals(Algorithm.HS256, header.getAlgorithm().name());
        ClientRepresentation rep = new ClientRepresentation();
        ClientRepresentation created = reg.create(rep);
        Assert.assertNotNull(created);
    } finally {
        TokenSignatureUtil.changeRealmTokenSignatureProvider(adminClient, Algorithm.RS256);
    }
}
Also used : ClientInitialAccessCreatePresentation(org.keycloak.representations.idm.ClientInitialAccessCreatePresentation) JWSInput(org.keycloak.jose.jws.JWSInput) ClientInitialAccessPresentation(org.keycloak.representations.idm.ClientInitialAccessPresentation) JWSHeader(org.keycloak.jose.jws.JWSHeader) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) Test(org.junit.Test)

Aggregations

ClientInitialAccessCreatePresentation (org.keycloak.representations.idm.ClientInitialAccessCreatePresentation)20 ClientInitialAccessPresentation (org.keycloak.representations.idm.ClientInitialAccessPresentation)20 Test (org.junit.Test)9 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)9 ClientRegistrationException (org.keycloak.client.registration.ClientRegistrationException)6 Before (org.junit.Before)5 ClientRegistration (org.keycloak.client.registration.ClientRegistration)3 JWSInput (org.keycloak.jose.jws.JWSInput)3 AuthServerContainerExclude (org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)3 ClientInitialAccessResource (org.keycloak.admin.client.resource.ClientInitialAccessResource)2 JsonWebToken (org.keycloak.representations.JsonWebToken)2 List (java.util.List)1 Collectors (java.util.stream.Collectors)1 CoreMatchers.allOf (org.hamcrest.CoreMatchers.allOf)1 Matchers.greaterThanOrEqualTo (org.hamcrest.Matchers.greaterThanOrEqualTo)1 Matchers.lessThanOrEqualTo (org.hamcrest.Matchers.lessThanOrEqualTo)1 Assert.assertEquals (org.junit.Assert.assertEquals)1 Assert.assertNotNull (org.junit.Assert.assertNotNull)1 Assert.assertNull (org.junit.Assert.assertNull)1 Assert.assertThat (org.junit.Assert.assertThat)1