use of org.keycloak.representations.idm.ClientInitialAccessCreatePresentation in project keycloak by keycloak.
the class FluentTestsHelper method generateInitialAccessToken.
protected String generateInitialAccessToken() {
ClientInitialAccessCreatePresentation rep = new ClientInitialAccessCreatePresentation();
rep.setCount(2);
rep.setExpiration(180);
ClientInitialAccessPresentation initialAccess = keycloak.realms().realm(testRealm).clientInitialAccess().create(rep);
return initialAccess.getToken();
}
use of org.keycloak.representations.idm.ClientInitialAccessCreatePresentation in project keycloak by keycloak.
the class KeyRotationTest method testTokens.
@Test
public void testTokens() throws Exception {
// Create keys #1
Map<String, String> keys1 = createKeys1();
// Get token with keys #1
oauth.doLogin("test-user@localhost", "password");
OAuthClient.AccessTokenResponse response = oauth.doAccessTokenRequest(oauth.getCurrentQuery().get("code"), "password");
assertEquals(200, response.getStatusCode());
assertTokenKid(keys1.get(Algorithm.RS256), response.getAccessToken());
assertTokenKid(keys1.get(Algorithm.HS256), response.getRefreshToken());
// Create client with keys #1
ClientInitialAccessCreatePresentation initialToken = new ClientInitialAccessCreatePresentation();
initialToken.setCount(100);
initialToken.setExpiration(0);
ClientInitialAccessPresentation accessRep = adminClient.realm("test").clientInitialAccess().create(initialToken);
String initialAccessToken = accessRep.getToken();
ClientRegistration reg = ClientRegistration.create().url(suiteContext.getAuthServerInfo().getContextRoot() + "/auth", "test").build();
reg.auth(Auth.token(initialAccessToken));
ClientRepresentation clientRep = reg.create(ClientBuilder.create().clientId("test").build());
// Userinfo with keys #1
assertUserInfo(response.getAccessToken(), 200);
// Token introspection with keys #1
assertTokenIntrospection(response.getAccessToken(), true);
// Get client with keys #1 - registration access token should not have changed
ClientRepresentation clientRep2 = reg.auth(Auth.token(clientRep.getRegistrationAccessToken())).get("test");
assertEquals(clientRep.getRegistrationAccessToken(), clientRep2.getRegistrationAccessToken());
// Create keys #2
Map<String, String> keys2 = createKeys2();
assertNotEquals(keys1.get(Algorithm.RS256), keys2.get(Algorithm.RS256));
assertNotEquals(keys1.get(Algorithm.HS256), keys2.get(Algorithm.HS512));
// Refresh token with keys #2
response = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
assertEquals(200, response.getStatusCode());
assertTokenKid(keys2.get(Algorithm.RS256), response.getAccessToken());
assertTokenKid(keys2.get(Algorithm.HS256), response.getRefreshToken());
// Userinfo with keys #2
assertUserInfo(response.getAccessToken(), 200);
// Token introspection with keys #2
assertTokenIntrospection(response.getAccessToken(), true);
// Get client with keys #2 - registration access token should be changed
ClientRepresentation clientRep3 = reg.auth(Auth.token(clientRep.getRegistrationAccessToken())).get("test");
assertNotEquals(clientRep.getRegistrationAccessToken(), clientRep3.getRegistrationAccessToken());
// Drop key #1
dropKeys1();
// Refresh token with keys #1 dropped - should pass as refresh token should be signed with key #2
response = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
assertTokenKid(keys2.get(Algorithm.RS256), response.getAccessToken());
assertTokenKid(keys2.get(Algorithm.HS256), response.getRefreshToken());
// Userinfo with keys #1 dropped
assertUserInfo(response.getAccessToken(), 200);
// Token introspection with keys #1 dropped
assertTokenIntrospection(response.getAccessToken(), true);
// Get client with keys #1 - should fail
try {
reg.auth(Auth.token(clientRep.getRegistrationAccessToken())).get("test");
fail("Expected to fail");
} catch (ClientRegistrationException e) {
}
// Get client with keys #2 - should succeed
ClientRepresentation clientRep4 = reg.auth(Auth.token(clientRep3.getRegistrationAccessToken())).get("test");
assertNotEquals(clientRep2.getRegistrationAccessToken(), clientRep4.getRegistrationAccessToken());
// Drop key #2
dropKeys2();
// Userinfo with keys #2 dropped
assertUserInfo(response.getAccessToken(), 401);
// Token introspection with keys #2 dropped
assertTokenIntrospection(response.getAccessToken(), false);
// Refresh token with keys #2 dropped - should fail as refresh token is signed with key #2
response = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
assertEquals(400, response.getStatusCode());
assertEquals("Invalid refresh token", response.getErrorDescription());
}
use of org.keycloak.representations.idm.ClientInitialAccessCreatePresentation in project keycloak by keycloak.
the class InitialAccessTokenResourceTest method testInitialAccessTokens.
@Test
// Time difference is possible on remote server
@AuthServerContainerExclude(AuthServer.REMOTE)
public void testInitialAccessTokens() {
ClientInitialAccessCreatePresentation rep = new ClientInitialAccessCreatePresentation();
rep.setCount(2);
rep.setExpiration(100);
int time = Time.currentTime();
ClientInitialAccessPresentation response = resource.create(rep);
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientInitialAccessPath(response.getId()), rep, ResourceType.CLIENT_INITIAL_ACCESS_MODEL);
assertNotNull(response.getId());
assertEquals(new Integer(2), response.getCount());
assertEquals(new Integer(2), response.getRemainingCount());
assertEquals(new Integer(100), response.getExpiration());
assertThat(response.getTimestamp(), allOf(greaterThanOrEqualTo(time), lessThanOrEqualTo(Time.currentTime())));
assertNotNull(response.getToken());
rep.setCount(3);
response = resource.create(rep);
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientInitialAccessPath(response.getId()), rep, ResourceType.CLIENT_INITIAL_ACCESS_MODEL);
rep.setCount(4);
response = resource.create(rep);
String lastId = response.getId();
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientInitialAccessPath(lastId), rep, ResourceType.CLIENT_INITIAL_ACCESS_MODEL);
List<ClientInitialAccessPresentation> list = resource.list();
assertEquals(3, list.size());
assertEquals(9, list.get(0).getCount() + list.get(1).getCount() + list.get(2).getCount());
assertNull(list.get(0).getToken());
// Delete last and assert it was deleted
resource.delete(lastId);
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.clientInitialAccessPath(lastId), ResourceType.CLIENT_INITIAL_ACCESS_MODEL);
list = resource.list();
assertEquals(2, list.size());
assertEquals(5, list.get(0).getCount() + list.get(1).getCount());
}
use of org.keycloak.representations.idm.ClientInitialAccessCreatePresentation in project keycloak by keycloak.
the class InitialAccessTokenTest method createMultiple.
@Test
public void createMultiple() throws ClientRegistrationException {
ClientInitialAccessPresentation response = resource.create(new ClientInitialAccessCreatePresentation(0, 2));
reg.auth(Auth.token(response));
ClientRepresentation rep = new ClientRepresentation();
ClientRepresentation created = reg.create(rep);
Assert.assertNotNull(created);
created = reg.create(rep);
Assert.assertNotNull(created);
try {
reg.create(rep);
Assert.fail("Expected exception");
} catch (ClientRegistrationException e) {
assertEquals(401, ((HttpErrorException) e.getCause()).getStatusLine().getStatusCode());
}
}
use of org.keycloak.representations.idm.ClientInitialAccessCreatePresentation in project keycloak by keycloak.
the class InitialAccessTokenTest method createWithES256.
@Test
public void createWithES256() throws JWSInputException, ClientRegistrationException {
try {
TokenSignatureUtil.changeRealmTokenSignatureProvider(adminClient, Algorithm.ES256);
ClientInitialAccessPresentation response = resource.create(new ClientInitialAccessCreatePresentation());
reg.auth(Auth.token(response));
String token = response.getToken();
JWSHeader header = new JWSInput(token).getHeader();
assertEquals(Algorithm.HS256, header.getAlgorithm().name());
ClientRepresentation rep = new ClientRepresentation();
ClientRepresentation created = reg.create(rep);
Assert.assertNotNull(created);
} finally {
TokenSignatureUtil.changeRealmTokenSignatureProvider(adminClient, Algorithm.RS256);
}
}
Aggregations