use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.
the class OIDCAdvancedRequestParamsTest method processClaimsRequestParamSupported.
@Test
public void processClaimsRequestParamSupported() throws Exception {
String clientScopeId = null;
try {
for (ClientScopeRepresentation rep : adminClient.realm("test").clientScopes().findAll()) {
if (rep.getName().equals("profile")) {
clientScopeId = rep.getId();
break;
}
}
findClientResourceByClientId(adminClient.realm("test"), "test-app").removeDefaultClientScope(clientScopeId);
ClientResource app = findClientResourceByClientId(adminClient.realm("test"), "test-app");
ProtocolMappersResource res = app.getProtocolMappers();
res.createMapper(ModelToRepresentation.toRepresentation(ClaimsParameterTokenMapper.createMapper("claimsParameterTokenMapper", true, false))).close();
Map<String, Object> claims = ImmutableMap.of("id_token", ImmutableMap.of("email", ImmutableMap.of("essential", true), "preferred_username", ImmutableMap.of("essential", true), "family_name", ImmutableMap.of("essential", false), "given_name", ImmutableMap.of("wesentlich", true), "name", ImmutableMap.of("essential", true)), "userinfo", ImmutableMap.of("preferred_username", ImmutableMap.of("essential", "Ja"), "family_name", ImmutableMap.of("essential", true), "given_name", ImmutableMap.of("essential", true)));
Map<String, Object> oidcRequest = new HashMap<>();
oidcRequest.put(OIDCLoginProtocol.CLIENT_ID_PARAM, "test-app");
oidcRequest.put(OIDCLoginProtocol.RESPONSE_TYPE_PARAM, OAuth2Constants.CODE);
oidcRequest.put(OIDCLoginProtocol.REDIRECT_URI_PARAM, oauth.getRedirectUri());
oidcRequest.put(OIDCLoginProtocol.CLAIMS_PARAM, claims);
oidcRequest.put(OIDCLoginProtocol.SCOPE_PARAM, "openid");
String request = new JWSBuilder().jsonContent(oidcRequest).none();
oauth = oauth.request(request);
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
OAuthClient.AccessTokenResponse accessTokenResponse = sendTokenRequestAndGetResponse(loginEvent);
IDToken idToken = oauth.verifyIDToken(accessTokenResponse.getIdToken());
assertEquals("test-user@localhost", idToken.getEmail());
assertEquals("test-user@localhost", idToken.getPreferredUsername());
assertNull(idToken.getFamilyName());
assertNull(idToken.getGivenName());
assertEquals("Tom Brady", idToken.getName());
Client client = AdminClientUtil.createResteasyClient();
try {
Response response = UserInfoClientUtil.executeUserInfoRequest_getMethod(client, accessTokenResponse.getAccessToken());
UserInfo userInfo = response.readEntity(UserInfo.class);
assertEquals("test-user@localhost", userInfo.getEmail());
assertNull(userInfo.getPreferredUsername());
assertEquals("Brady", userInfo.getFamilyName());
assertEquals("Tom", userInfo.getGivenName());
assertNull(userInfo.getName());
} finally {
events.expect(EventType.USER_INFO_REQUEST).session(accessTokenResponse.getSessionState()).client("test-app").assertEvent();
client.close();
}
oauth.doLogout(accessTokenResponse.getRefreshToken(), "password");
events.expectLogout(accessTokenResponse.getSessionState()).client("test-app").clearDetails().assertEvent();
claims = ImmutableMap.of("id_token", ImmutableMap.of("test_claim", ImmutableMap.of("essential", true)), "access_token", ImmutableMap.of("email", ImmutableMap.of("essential", true), "preferred_username", ImmutableMap.of("essential", true), "family_name", ImmutableMap.of("essential", true), "given_name", ImmutableMap.of("essential", true), "name", ImmutableMap.of("essential", true)));
oidcRequest = new HashMap<>();
oidcRequest.put(OIDCLoginProtocol.CLIENT_ID_PARAM, "test-app");
oidcRequest.put(OIDCLoginProtocol.RESPONSE_TYPE_PARAM, OAuth2Constants.CODE);
oidcRequest.put(OIDCLoginProtocol.REDIRECT_URI_PARAM, oauth.getRedirectUri());
oidcRequest.put(OIDCLoginProtocol.CLAIMS_PARAM, claims);
oidcRequest.put(OIDCLoginProtocol.SCOPE_PARAM, "openid");
request = new JWSBuilder().jsonContent(oidcRequest).none();
oauth = oauth.request(request);
oauth.doLogin("test-user@localhost", "password");
loginEvent = events.expectLogin().assertEvent();
accessTokenResponse = sendTokenRequestAndGetResponse(loginEvent);
idToken = oauth.verifyIDToken(accessTokenResponse.getIdToken());
// "email" default scope still remains
assertEquals("test-user@localhost", idToken.getEmail());
assertNull(idToken.getPreferredUsername());
assertNull(idToken.getFamilyName());
assertNull(idToken.getGivenName());
assertNull(idToken.getName());
client = AdminClientUtil.createResteasyClient();
try {
Response response = UserInfoClientUtil.executeUserInfoRequest_getMethod(client, accessTokenResponse.getAccessToken());
UserInfo userInfo = response.readEntity(UserInfo.class);
assertEquals("test-user@localhost", userInfo.getEmail());
assertNull(userInfo.getPreferredUsername());
assertNull(userInfo.getFamilyName());
assertNull(userInfo.getGivenName());
assertNull(userInfo.getName());
} finally {
client.close();
}
} finally {
// revert "profile" default client scope
findClientResourceByClientId(adminClient.realm("test"), "test-app").addDefaultClientScope(clientScopeId);
}
}
use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.
the class OIDCDynamicScopeTest method testLoginAndClientScopesPermissions.
/**
* Copying the same method from {@link OIDCScopeTest} to avoid a change in that test class to affect this one
*
* @param username
* @param expectedRoleScopes
* @param expectedRoles
*/
private void testLoginAndClientScopesPermissions(String username, String expectedRoleScopes, String... expectedRoles) {
String userId = ApiUtil.findUserByUsername(testRealm(), username).getId();
oauth.openLoginForm();
oauth.doLogin(username, "password");
EventRepresentation loginEvent = events.expectLogin().user(userId).assertEvent();
Tokens tokens = sendTokenRequest(loginEvent, userId, "openid email profile " + expectedRoleScopes, "test-app");
Assert.assertNames(tokens.accessToken.getRealmAccess().getRoles(), expectedRoles);
oauth.doLogout(tokens.refreshToken, "password");
events.expectLogout(tokens.idToken.getSessionState()).client("test-app").user(userId).removeDetail(Details.REDIRECT_URI).assertEvent();
}
use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.
the class OIDCBasicResponseTypeCodeTest method nonceNotUsed.
@Test
public void nonceNotUsed() {
EventRepresentation loginEvent = loginUser(null);
OAuthClient.AuthorizationEndpointResponse authzResponse = new OAuthClient.AuthorizationEndpointResponse(oauth, false);
List<IDToken> idTokens = testAuthzResponseAndRetrieveIDTokens(authzResponse, loginEvent);
for (IDToken idToken : idTokens) {
Assert.assertNull(idToken.getNonce());
}
}
use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.
the class AudienceTest method testAudienceProtocolMapperWithCustomAudience.
@Test
public void testAudienceProtocolMapperWithCustomAudience() throws Exception {
// Add audience protocol mapper to the clientScope "audience-scope"
ProtocolMapperRepresentation audienceMapper = ProtocolMapperUtil.createAudienceMapper("audience mapper 1", null, "http://host/service/ctx1", true, false);
ClientScopeResource clientScope = ApiUtil.findClientScopeByName(testRealm(), "audience-scope");
Response resp = clientScope.getProtocolMappers().createMapper(audienceMapper);
String mapper1Id = ApiUtil.getCreatedId(resp);
resp.close();
audienceMapper = ProtocolMapperUtil.createAudienceMapper("audience mapper 2", null, "http://host/service/ctx2", true, true);
resp = clientScope.getProtocolMappers().createMapper(audienceMapper);
String mapper2Id = ApiUtil.getCreatedId(resp);
resp.close();
// Login and check audiences in the token
oauth.scope("openid audience-scope");
oauth.doLogin("john", "password");
EventRepresentation loginEvent = events.expectLogin().user(userId).assertEvent();
Tokens tokens = sendTokenRequest(loginEvent, userId, "openid profile email audience-scope", "test-app");
assertAudiences(tokens.accessToken, "http://host/service/ctx1", "http://host/service/ctx2");
assertAudiences(tokens.idToken, "test-app", "http://host/service/ctx2");
// Revert
clientScope.getProtocolMappers().delete(mapper1Id);
clientScope.getProtocolMappers().delete(mapper2Id);
}
use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.
the class OIDCScopeTest method testClientDisplayedOnConsentScreen.
@Test
public void testClientDisplayedOnConsentScreen() throws Exception {
// Add "displayOnConsentScreen" to client
ClientResource thirdParty = ApiUtil.findClientByClientId(testRealm(), "third-party");
ClientRepresentation thirdPartyRep = thirdParty.toRepresentation();
thirdPartyRep.getAttributes().put(ClientScopeModel.DISPLAY_ON_CONSENT_SCREEN, "true");
thirdPartyRep.getAttributes().put(ClientScopeModel.CONSENT_SCREEN_TEXT, "ThirdParty permissions");
thirdParty.update(thirdPartyRep);
// Login. Client should be displayed on consent screen
oauth.clientId("third-party");
oauth.doLoginGrant("john", "password");
grantPage.assertCurrent();
grantPage.assertGrants(OAuthGrantPage.PROFILE_CONSENT_TEXT, OAuthGrantPage.EMAIL_CONSENT_TEXT, OAuthGrantPage.ROLES_CONSENT_TEXT, "ThirdParty permissions");
grantPage.accept();
EventRepresentation loginEvent = events.expectLogin().user(userId).client("third-party").detail(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED).assertEvent();
Tokens tokens = sendTokenRequest(loginEvent, userId, "openid email profile", "third-party");
IDToken idToken = tokens.idToken;
assertProfile(idToken, true);
assertEmail(idToken, true);
assertAddress(idToken, false);
assertPhone(idToken, false);
// Revert
thirdPartyRep.getAttributes().put(ClientScopeModel.DISPLAY_ON_CONSENT_SCREEN, "false");
thirdParty.update(thirdPartyRep);
}
Aggregations