use of org.keycloak.representations.idm.ClientRepresentation in project keycloak by keycloak.
the class DynamicScopesRARParseTest method generatedAuthorizationRequestsShouldMatchRequestedAndDefaultScopes.
@Test
public void generatedAuthorizationRequestsShouldMatchRequestedAndDefaultScopes() {
Response response = createScope("static-scope", false);
String scopeId = ApiUtil.getCreatedId(response);
getCleanup().addClientScopeId(scopeId);
response.close();
ClientResource testApp = ApiUtil.findClientByClientId(testRealm(), "test-app");
ClientRepresentation testAppRep = testApp.toRepresentation();
testApp.update(testAppRep);
testApp.addDefaultClientScope(scopeId);
List<ClientScopeRepresentation> defScopes = testApp.getDefaultClientScopes();
oauth.openLoginForm();
oauth.scope("openid static-scope");
oauth.doLogin("rar-test", "password");
events.expectLogin().user(userId).assertEvent();
AuthorizationRequestContextHolder contextHolder = fetchAuthorizationRequestContextHolder(userId);
List<AuthorizationRequestContextHolder.AuthorizationRequestHolder> authorizationRequestHolders = contextHolder.getAuthorizationRequestHolders().stream().filter(authorizationRequestHolder -> authorizationRequestHolder.getSource().equals(AuthorizationRequestSource.SCOPE)).collect(Collectors.toList());
assertEquals(defScopes.size(), authorizationRequestHolders.size());
assertEquals(defScopes.stream().map(ClientScopeRepresentation::getName).collect(Collectors.toSet()), authorizationRequestHolders.stream().map(authorizationRequestHolder -> authorizationRequestHolder.getAuthorizationDetails().getScopeNameFromCustomData()).collect(Collectors.toSet()));
Assert.assertTrue(authorizationRequestHolders.stream().map(AuthorizationRequestContextHolder.AuthorizationRequestHolder::getAuthorizationDetails).allMatch(rep -> rep.getType().equalsIgnoreCase(AuthorizationDetailsJSONRepresentation.STATIC_SCOPE_RAR_TYPE)));
testApp.removeOptionalClientScope(scopeId);
}
use of org.keycloak.representations.idm.ClientRepresentation in project keycloak by keycloak.
the class OpenShiftTokenReviewEndpointTest method longExpiration.
@Test
public void longExpiration() {
ClientResource client = ApiUtil.findClientByClientId(adminClient.realm("test"), "test-app");
ClientRepresentation clientRep = client.toRepresentation();
try {
clientRep.getAttributes().put(OIDCConfigAttributes.ACCESS_TOKEN_LIFESPAN, "-1");
client.update(clientRep);
// Set time offset just before SSO idle, to get session last refresh updated
setTimeOffset(1500);
Review review = new Review();
review.invoke().assertSuccess();
// Bump last refresh updated again
setTimeOffset(3000);
review.invoke().assertSuccess();
// And, again
setTimeOffset(4500);
// Token should still be valid as session last refresh should have been updated
review.invoke().assertSuccess();
} finally {
clientRep.getAttributes().put(OIDCConfigAttributes.ACCESS_TOKEN_LIFESPAN, null);
client.update(clientRep);
}
}
use of org.keycloak.representations.idm.ClientRepresentation in project keycloak by keycloak.
the class OpenShiftTokenReviewEndpointTest method customScopes.
@Test
public void customScopes() {
ClientScopeRepresentation clientScope = new ClientScopeRepresentation();
clientScope.setProtocol("openid-connect");
clientScope.setName("user:info");
String id;
try (Response r = testRealm().clientScopes().create(clientScope)) {
id = ApiUtil.getCreatedId(r);
}
ClientRepresentation clientRep = testRealm().clients().findByClientId("test-app").get(0);
testRealm().clients().get(clientRep.getId()).addOptionalClientScope(id);
try {
oauth.scope("user:info");
new Review().invoke().assertSuccess().assertScope("openid", "user:info", "profile", "email");
} finally {
testRealm().clients().get(clientRep.getId()).removeOptionalClientScope(id);
}
}
use of org.keycloak.representations.idm.ClientRepresentation in project keycloak by keycloak.
the class OpenShiftTokenReviewEndpointTest method configureTestRealm.
@Override
public void configureTestRealm(RealmRepresentation testRealm) {
ClientRepresentation client = testRealm.getClients().stream().filter(r -> r.getClientId().equals("test-app")).findFirst().get();
List<ProtocolMapperRepresentation> mappers = new LinkedList<>();
ProtocolMapperRepresentation mapper = new ProtocolMapperRepresentation();
mapper.setName("groups");
mapper.setProtocolMapper(GroupMembershipMapper.PROVIDER_ID);
mapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
Map<String, String> config = new HashMap<>();
config.put("full.path", "false");
config.put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, "groups");
config.put(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN, "true");
config.put(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN, "true");
mapper.setConfig(config);
mappers.add(mapper);
client.setProtocolMappers(mappers);
client.setPublicClient(false);
client.setClientAuthenticatorType("testsuite-client-dummy");
testRealm.getUsers().add(UserBuilder.create().username("groups-user").password("password").addGroups("/topGroup", "/topGroup/level2group").role("account", "view-profile").build());
testRealm.getUsers().add(UserBuilder.create().username("empty-audience").password("password").build());
}
use of org.keycloak.representations.idm.ClientRepresentation in project keycloak by keycloak.
the class ParTest method testSuccessfulUsingRequestParameter.
@Test
public void testSuccessfulUsingRequestParameter() throws Exception {
try {
// setup PAR realm settings
int requestUriLifespan = 45;
setParRealmSettings(requestUriLifespan);
// create client dynamically
String clientId = createClientDynamically(generateSuffixedName(CLIENT_NAME), (OIDCClientRepresentation clientRep) -> {
clientRep.setRequirePushedAuthorizationRequests(Boolean.TRUE);
clientRep.setRedirectUris(new ArrayList<>(Arrays.asList(CLIENT_REDIRECT_URI)));
});
oauth.clientId(clientId);
OIDCClientRepresentation oidcCRep = getClientDynamically(clientId);
String clientSecret = oidcCRep.getClientSecret();
assertEquals(Boolean.TRUE, oidcCRep.getRequirePushedAuthorizationRequests());
assertTrue(oidcCRep.getRedirectUris().contains(CLIENT_REDIRECT_URI));
assertEquals(OIDCLoginProtocol.CLIENT_SECRET_BASIC, oidcCRep.getTokenEndpointAuthMethod());
TestingOIDCEndpointsApplicationResource.AuthorizationEndpointRequestObject requestObject = new TestingOIDCEndpointsApplicationResource.AuthorizationEndpointRequestObject();
requestObject.id(KeycloakModelUtils.generateId());
requestObject.iat(Long.valueOf(Time.currentTime()));
requestObject.exp(requestObject.getIat() + Long.valueOf(300));
requestObject.nbf(requestObject.getIat());
requestObject.setClientId(oauth.getClientId());
requestObject.setResponseType("code");
requestObject.setRedirectUriParam(CLIENT_REDIRECT_URI);
requestObject.setScope("openid");
requestObject.setNonce(KeycloakModelUtils.generateId());
byte[] contentBytes = JsonSerialization.writeValueAsBytes(requestObject);
String encodedRequestObject = Base64Url.encode(contentBytes);
TestOIDCEndpointsApplicationResource client = testingClient.testApp().oidcClientEndpoints();
// use and set jwks_url
ClientResource clientResource = ApiUtil.findClientByClientId(adminClient.realm(oauth.getRealm()), oauth.getClientId());
ClientRepresentation clientRep = clientResource.toRepresentation();
OIDCAdvancedConfigWrapper.fromClientRepresentation(clientRep).setUseJwksUrl(true);
OIDCAdvancedConfigWrapper.fromClientRepresentation(clientRep).setJwksUrl(TestApplicationResourceUrls.clientJwksUri());
clientResource.update(clientRep);
client.generateKeys(org.keycloak.crypto.Algorithm.RS256);
client.registerOIDCRequest(encodedRequestObject, org.keycloak.crypto.Algorithm.RS256);
// do not send any other parameter but the request request parameter
oauth.request(client.getOIDCRequest());
oauth.responseType(null);
oauth.redirectUri(null);
oauth.scope(null);
ParResponse pResp = oauth.doPushedAuthorizationRequest(clientId, clientSecret);
assertEquals(201, pResp.getStatusCode());
String requestUri = pResp.getRequestUri();
assertEquals(requestUriLifespan, pResp.getExpiresIn());
// Authorization Request with request_uri of PAR
// remove parameters as query strings of uri
oauth.redirectUri(null);
oauth.scope(null);
oauth.responseType(null);
oauth.request(null);
oauth.requestUri(requestUri);
OAuthClient.AuthorizationEndpointResponse loginResponse = oauth.doLogin(TEST_USER_NAME, TEST_USER_PASSWORD);
// Token Request
// get tokens, it needed. https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.3
oauth.redirectUri(CLIENT_REDIRECT_URI);
OAuthClient.AccessTokenResponse res = oauth.doAccessTokenRequest(loginResponse.getCode(), clientSecret);
assertEquals(200, res.getStatusCode());
oauth.verifyToken(res.getAccessToken());
IDToken idToken = oauth.verifyIDToken(res.getIdToken());
assertEquals(requestObject.getNonce(), idToken.getNonce());
} finally {
restoreParRealmSettings();
}
}
Aggregations