use of org.keycloak.representations.idm.ClientRepresentation in project keycloak by keycloak.
the class UserInfoTest method testNotBeforeTokens.
@Test
public void testNotBeforeTokens() {
Client client = AdminClientUtil.createResteasyClient();
try {
AccessTokenResponse accessTokenResponse = executeGrantAccessTokenRequest(client);
int time = Time.currentTime() + 60;
RealmResource realm = adminClient.realm("test");
RealmRepresentation rep = realm.toRepresentation();
rep.setNotBefore(time);
realm.update(rep);
Response response = UserInfoClientUtil.executeUserInfoRequest_getMethod(client, accessTokenResponse.getToken());
assertEquals(Status.UNAUTHORIZED.getStatusCode(), response.getStatus());
response.close();
events.expect(EventType.USER_INFO_REQUEST_ERROR).error(Errors.INVALID_TOKEN).user(Matchers.nullValue(String.class)).session(Matchers.nullValue(String.class)).detail(Details.AUTH_METHOD, Details.VALIDATE_ACCESS_TOKEN).client((String) null).assertEvent();
events.clear();
rep.setNotBefore(0);
realm.update(rep);
// do the same with client's notBefore
ClientResource clientResource = realm.clients().get(realm.clients().findByClientId("test-app").get(0).getId());
ClientRepresentation clientRep = clientResource.toRepresentation();
clientRep.setNotBefore(time);
clientResource.update(clientRep);
response = UserInfoClientUtil.executeUserInfoRequest_getMethod(client, accessTokenResponse.getToken());
assertEquals(Status.UNAUTHORIZED.getStatusCode(), response.getStatus());
response.close();
events.expect(EventType.USER_INFO_REQUEST_ERROR).error(Errors.INVALID_TOKEN).user(Matchers.nullValue(String.class)).session(Matchers.nullValue(String.class)).detail(Details.AUTH_METHOD, Details.VALIDATE_ACCESS_TOKEN).client((String) null).assertEvent();
clientRep.setNotBefore(0);
clientResource.update(clientRep);
} finally {
client.close();
}
}
use of org.keycloak.representations.idm.ClientRepresentation in project keycloak by keycloak.
the class UserInfoTest method testUserInfoRequestWithSamlClient.
@Test
public void testUserInfoRequestWithSamlClient() throws Exception {
// obtain an access token
String accessToken = oauth.doGrantAccessTokenRequest("test", "test-user@localhost", "password", null, "saml-client", "secret").getAccessToken();
// change client's protocol
ClientRepresentation samlClient = adminClient.realm("test").clients().findByClientId("saml-client").get(0);
samlClient.setProtocol("saml");
adminClient.realm("test").clients().get(samlClient.getId()).update(samlClient);
Client client = AdminClientUtil.createResteasyClient();
try {
events.clear();
Response response = UserInfoClientUtil.executeUserInfoRequest_getMethod(client, accessToken);
response.close();
assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
events.expect(EventType.USER_INFO_REQUEST).error(Errors.INVALID_CLIENT).client((String) null).user(Matchers.nullValue(String.class)).session(Matchers.nullValue(String.class)).detail(Details.AUTH_METHOD, Details.VALIDATE_ACCESS_TOKEN).assertEvent();
} finally {
client.close();
}
}
use of org.keycloak.representations.idm.ClientRepresentation in project keycloak by keycloak.
the class UserInfoTest method testSuccess_dotsInClientId.
// KEYCLOAK-8838
@Test
public void testSuccess_dotsInClientId() throws Exception {
// Create client with dot in the name
ClientRepresentation clientRep = org.keycloak.testsuite.util.ClientBuilder.create().clientId("my.foo.client").addRedirectUri("http://foo.host").secret("password").directAccessGrants().build();
RealmResource realm = adminClient.realm("test");
Response resp = realm.clients().create(clientRep);
String clientUUID = ApiUtil.getCreatedId(resp);
resp.close();
getCleanup().addClientUuid(clientUUID);
// Create role with dot in the name
realm.clients().get(clientUUID).roles().create(RoleBuilder.create().name("my.foo.role").build());
// Assign role to the user
RoleRepresentation fooRole = realm.clients().get(clientUUID).roles().get("my.foo.role").toRepresentation();
UserResource userResource = ApiUtil.findUserByUsernameId(realm, "test-user@localhost");
userResource.roles().clientLevel(clientUUID).add(Collections.singletonList(fooRole));
// Login to the new client
OAuthClient.AccessTokenResponse accessTokenResponse = oauth.clientId("my.foo.client").doGrantAccessTokenRequest("password", "test-user@localhost", "password");
AccessToken accessToken = oauth.verifyToken(accessTokenResponse.getAccessToken());
Assert.assertNames(accessToken.getResourceAccess("my.foo.client").getRoles(), "my.foo.role");
events.clear();
// Send UserInfo request and ensure it is correct
Client client = AdminClientUtil.createResteasyClient();
try {
Response response = UserInfoClientUtil.executeUserInfoRequest_getMethod(client, accessTokenResponse.getAccessToken());
testSuccessfulUserInfoResponse(response, "my.foo.client");
} finally {
client.close();
}
}
use of org.keycloak.representations.idm.ClientRepresentation in project keycloak by keycloak.
the class UserInfoTest method addTestRealms.
@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
RealmRepresentation realmRepresentation = loadJson(getClass().getResourceAsStream("/testrealm.json"), RealmRepresentation.class);
RealmBuilder realm = RealmBuilder.edit(realmRepresentation).testEventListener();
RealmRepresentation testRealm = realm.build();
testRealms.add(testRealm);
ClientRepresentation samlApp = KeycloakModelUtils.createClient(testRealm, "saml-client");
samlApp.setSecret("secret");
samlApp.setServiceAccountsEnabled(true);
samlApp.setDirectAccessGrantsEnabled(true);
}
use of org.keycloak.representations.idm.ClientRepresentation in project keycloak by keycloak.
the class TokenIntrospectionTest method configureTestRealm.
@Override
public void configureTestRealm(RealmRepresentation testRealm) {
ClientRepresentation confApp = KeycloakModelUtils.createClient(testRealm, "confidential-cli");
confApp.setSecret("secret1");
confApp.setServiceAccountsEnabled(Boolean.TRUE);
ClientRepresentation pubApp = KeycloakModelUtils.createClient(testRealm, "public-cli");
pubApp.setPublicClient(Boolean.TRUE);
ClientRepresentation samlApp = KeycloakModelUtils.createClient(testRealm, "saml-client");
samlApp.setSecret("secret2");
samlApp.setServiceAccountsEnabled(Boolean.TRUE);
samlApp.setProtocol("saml");
UserRepresentation user = new UserRepresentation();
user.setUsername("no-permissions");
CredentialRepresentation credential = new CredentialRepresentation();
credential.setType("password");
credential.setValue("password");
List<CredentialRepresentation> creds = new ArrayList<>();
creds.add(credential);
user.setCredentials(creds);
user.setEnabled(Boolean.TRUE);
List<String> realmRoles = new ArrayList<>();
realmRoles.add("user");
user.setRealmRoles(realmRoles);
testRealm.getUsers().add(user);
}
Aggregations