Search in sources :

Example 46 with EventRepresentation

use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.

the class OIDCAdvancedRequestParamsTest method processClaimsRequestParamSupported.

@Test
public void processClaimsRequestParamSupported() throws Exception {
    String clientScopeId = null;
    try {
        for (ClientScopeRepresentation rep : adminClient.realm("test").clientScopes().findAll()) {
            if (rep.getName().equals("profile")) {
                clientScopeId = rep.getId();
                break;
            }
        }
        findClientResourceByClientId(adminClient.realm("test"), "test-app").removeDefaultClientScope(clientScopeId);
        ClientResource app = findClientResourceByClientId(adminClient.realm("test"), "test-app");
        ProtocolMappersResource res = app.getProtocolMappers();
        res.createMapper(ModelToRepresentation.toRepresentation(ClaimsParameterTokenMapper.createMapper("claimsParameterTokenMapper", true, false))).close();
        Map<String, Object> claims = ImmutableMap.of("id_token", ImmutableMap.of("email", ImmutableMap.of("essential", true), "preferred_username", ImmutableMap.of("essential", true), "family_name", ImmutableMap.of("essential", false), "given_name", ImmutableMap.of("wesentlich", true), "name", ImmutableMap.of("essential", true)), "userinfo", ImmutableMap.of("preferred_username", ImmutableMap.of("essential", "Ja"), "family_name", ImmutableMap.of("essential", true), "given_name", ImmutableMap.of("essential", true)));
        Map<String, Object> oidcRequest = new HashMap<>();
        oidcRequest.put(OIDCLoginProtocol.CLIENT_ID_PARAM, "test-app");
        oidcRequest.put(OIDCLoginProtocol.RESPONSE_TYPE_PARAM, OAuth2Constants.CODE);
        oidcRequest.put(OIDCLoginProtocol.REDIRECT_URI_PARAM, oauth.getRedirectUri());
        oidcRequest.put(OIDCLoginProtocol.CLAIMS_PARAM, claims);
        oidcRequest.put(OIDCLoginProtocol.SCOPE_PARAM, "openid");
        String request = new JWSBuilder().jsonContent(oidcRequest).none();
        oauth = oauth.request(request);
        oauth.doLogin("test-user@localhost", "password");
        EventRepresentation loginEvent = events.expectLogin().assertEvent();
        OAuthClient.AccessTokenResponse accessTokenResponse = sendTokenRequestAndGetResponse(loginEvent);
        IDToken idToken = oauth.verifyIDToken(accessTokenResponse.getIdToken());
        assertEquals("test-user@localhost", idToken.getEmail());
        assertEquals("test-user@localhost", idToken.getPreferredUsername());
        assertNull(idToken.getFamilyName());
        assertNull(idToken.getGivenName());
        assertEquals("Tom Brady", idToken.getName());
        Client client = AdminClientUtil.createResteasyClient();
        try {
            Response response = UserInfoClientUtil.executeUserInfoRequest_getMethod(client, accessTokenResponse.getAccessToken());
            UserInfo userInfo = response.readEntity(UserInfo.class);
            assertEquals("test-user@localhost", userInfo.getEmail());
            assertNull(userInfo.getPreferredUsername());
            assertEquals("Brady", userInfo.getFamilyName());
            assertEquals("Tom", userInfo.getGivenName());
            assertNull(userInfo.getName());
        } finally {
            events.expect(EventType.USER_INFO_REQUEST).session(accessTokenResponse.getSessionState()).client("test-app").assertEvent();
            client.close();
        }
        oauth.doLogout(accessTokenResponse.getRefreshToken(), "password");
        events.expectLogout(accessTokenResponse.getSessionState()).client("test-app").clearDetails().assertEvent();
        claims = ImmutableMap.of("id_token", ImmutableMap.of("test_claim", ImmutableMap.of("essential", true)), "access_token", ImmutableMap.of("email", ImmutableMap.of("essential", true), "preferred_username", ImmutableMap.of("essential", true), "family_name", ImmutableMap.of("essential", true), "given_name", ImmutableMap.of("essential", true), "name", ImmutableMap.of("essential", true)));
        oidcRequest = new HashMap<>();
        oidcRequest.put(OIDCLoginProtocol.CLIENT_ID_PARAM, "test-app");
        oidcRequest.put(OIDCLoginProtocol.RESPONSE_TYPE_PARAM, OAuth2Constants.CODE);
        oidcRequest.put(OIDCLoginProtocol.REDIRECT_URI_PARAM, oauth.getRedirectUri());
        oidcRequest.put(OIDCLoginProtocol.CLAIMS_PARAM, claims);
        oidcRequest.put(OIDCLoginProtocol.SCOPE_PARAM, "openid");
        request = new JWSBuilder().jsonContent(oidcRequest).none();
        oauth = oauth.request(request);
        oauth.doLogin("test-user@localhost", "password");
        loginEvent = events.expectLogin().assertEvent();
        accessTokenResponse = sendTokenRequestAndGetResponse(loginEvent);
        idToken = oauth.verifyIDToken(accessTokenResponse.getIdToken());
        // "email" default scope still remains
        assertEquals("test-user@localhost", idToken.getEmail());
        assertNull(idToken.getPreferredUsername());
        assertNull(idToken.getFamilyName());
        assertNull(idToken.getGivenName());
        assertNull(idToken.getName());
        client = AdminClientUtil.createResteasyClient();
        try {
            Response response = UserInfoClientUtil.executeUserInfoRequest_getMethod(client, accessTokenResponse.getAccessToken());
            UserInfo userInfo = response.readEntity(UserInfo.class);
            assertEquals("test-user@localhost", userInfo.getEmail());
            assertNull(userInfo.getPreferredUsername());
            assertNull(userInfo.getFamilyName());
            assertNull(userInfo.getGivenName());
            assertNull(userInfo.getName());
        } finally {
            client.close();
        }
    } finally {
        // revert "profile" default client scope
        findClientResourceByClientId(adminClient.realm("test"), "test-app").addDefaultClientScope(clientScopeId);
    }
}
Also used : HashMap(java.util.HashMap) MultivaluedHashMap(org.keycloak.common.util.MultivaluedHashMap) OAuthClient(org.keycloak.testsuite.util.OAuthClient) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) UserInfo(org.keycloak.representations.UserInfo) JWSBuilder(org.keycloak.jose.jws.JWSBuilder) Response(javax.ws.rs.core.Response) ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation) ClientResource(org.keycloak.admin.client.resource.ClientResource) IDToken(org.keycloak.representations.IDToken) OAuthClient(org.keycloak.testsuite.util.OAuthClient) Client(javax.ws.rs.client.Client) CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) ProtocolMappersResource(org.keycloak.admin.client.resource.ProtocolMappersResource) AbstractAdminTest(org.keycloak.testsuite.admin.AbstractAdminTest) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Example 47 with EventRepresentation

use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.

the class OIDCDynamicScopeTest method testLoginAndClientScopesPermissions.

/**
 * Copying the same method from {@link OIDCScopeTest} to avoid a change in that test class to affect this one
 *
 * @param username
 * @param expectedRoleScopes
 * @param expectedRoles
 */
private void testLoginAndClientScopesPermissions(String username, String expectedRoleScopes, String... expectedRoles) {
    String userId = ApiUtil.findUserByUsername(testRealm(), username).getId();
    oauth.openLoginForm();
    oauth.doLogin(username, "password");
    EventRepresentation loginEvent = events.expectLogin().user(userId).assertEvent();
    Tokens tokens = sendTokenRequest(loginEvent, userId, "openid email profile " + expectedRoleScopes, "test-app");
    Assert.assertNames(tokens.accessToken.getRealmAccess().getRoles(), expectedRoles);
    oauth.doLogout(tokens.refreshToken, "password");
    events.expectLogout(tokens.idToken.getSessionState()).client("test-app").user(userId).removeDetail(Details.REDIRECT_URI).assertEvent();
}
Also used : EventRepresentation(org.keycloak.representations.idm.EventRepresentation)

Example 48 with EventRepresentation

use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.

the class OIDCBasicResponseTypeCodeTest method nonceNotUsed.

@Test
public void nonceNotUsed() {
    EventRepresentation loginEvent = loginUser(null);
    OAuthClient.AuthorizationEndpointResponse authzResponse = new OAuthClient.AuthorizationEndpointResponse(oauth, false);
    List<IDToken> idTokens = testAuthzResponseAndRetrieveIDTokens(authzResponse, loginEvent);
    for (IDToken idToken : idTokens) {
        Assert.assertNull(idToken.getNonce());
    }
}
Also used : OAuthClient(org.keycloak.testsuite.util.OAuthClient) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) IDToken(org.keycloak.representations.IDToken) Test(org.junit.Test)

Example 49 with EventRepresentation

use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.

the class AudienceTest method testAudienceProtocolMapperWithCustomAudience.

@Test
public void testAudienceProtocolMapperWithCustomAudience() throws Exception {
    // Add audience protocol mapper to the clientScope "audience-scope"
    ProtocolMapperRepresentation audienceMapper = ProtocolMapperUtil.createAudienceMapper("audience mapper 1", null, "http://host/service/ctx1", true, false);
    ClientScopeResource clientScope = ApiUtil.findClientScopeByName(testRealm(), "audience-scope");
    Response resp = clientScope.getProtocolMappers().createMapper(audienceMapper);
    String mapper1Id = ApiUtil.getCreatedId(resp);
    resp.close();
    audienceMapper = ProtocolMapperUtil.createAudienceMapper("audience mapper 2", null, "http://host/service/ctx2", true, true);
    resp = clientScope.getProtocolMappers().createMapper(audienceMapper);
    String mapper2Id = ApiUtil.getCreatedId(resp);
    resp.close();
    // Login and check audiences in the token
    oauth.scope("openid audience-scope");
    oauth.doLogin("john", "password");
    EventRepresentation loginEvent = events.expectLogin().user(userId).assertEvent();
    Tokens tokens = sendTokenRequest(loginEvent, userId, "openid profile email audience-scope", "test-app");
    assertAudiences(tokens.accessToken, "http://host/service/ctx1", "http://host/service/ctx2");
    assertAudiences(tokens.idToken, "test-app", "http://host/service/ctx2");
    // Revert
    clientScope.getProtocolMappers().delete(mapper1Id);
    clientScope.getProtocolMappers().delete(mapper2Id);
}
Also used : Response(javax.ws.rs.core.Response) ClientScopeResource(org.keycloak.admin.client.resource.ClientScopeResource) ProtocolMapperRepresentation(org.keycloak.representations.idm.ProtocolMapperRepresentation) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) Test(org.junit.Test)

Example 50 with EventRepresentation

use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.

the class OIDCScopeTest method testClientDisplayedOnConsentScreen.

@Test
public void testClientDisplayedOnConsentScreen() throws Exception {
    // Add "displayOnConsentScreen" to client
    ClientResource thirdParty = ApiUtil.findClientByClientId(testRealm(), "third-party");
    ClientRepresentation thirdPartyRep = thirdParty.toRepresentation();
    thirdPartyRep.getAttributes().put(ClientScopeModel.DISPLAY_ON_CONSENT_SCREEN, "true");
    thirdPartyRep.getAttributes().put(ClientScopeModel.CONSENT_SCREEN_TEXT, "ThirdParty permissions");
    thirdParty.update(thirdPartyRep);
    // Login. Client should be displayed on consent screen
    oauth.clientId("third-party");
    oauth.doLoginGrant("john", "password");
    grantPage.assertCurrent();
    grantPage.assertGrants(OAuthGrantPage.PROFILE_CONSENT_TEXT, OAuthGrantPage.EMAIL_CONSENT_TEXT, OAuthGrantPage.ROLES_CONSENT_TEXT, "ThirdParty permissions");
    grantPage.accept();
    EventRepresentation loginEvent = events.expectLogin().user(userId).client("third-party").detail(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED).assertEvent();
    Tokens tokens = sendTokenRequest(loginEvent, userId, "openid email profile", "third-party");
    IDToken idToken = tokens.idToken;
    assertProfile(idToken, true);
    assertEmail(idToken, true);
    assertAddress(idToken, false);
    assertPhone(idToken, false);
    // Revert
    thirdPartyRep.getAttributes().put(ClientScopeModel.DISPLAY_ON_CONSENT_SCREEN, "false");
    thirdParty.update(thirdPartyRep);
}
Also used : EventRepresentation(org.keycloak.representations.idm.EventRepresentation) ClientResource(org.keycloak.admin.client.resource.ClientResource) IDToken(org.keycloak.representations.IDToken) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) Test(org.junit.Test)

Aggregations

EventRepresentation (org.keycloak.representations.idm.EventRepresentation)164 Test (org.junit.Test)124 OAuthClient (org.keycloak.testsuite.util.OAuthClient)93 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)60 AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)44 RefreshToken (org.keycloak.representations.RefreshToken)27 ClientResource (org.keycloak.admin.client.resource.ClientResource)26 AccessToken (org.keycloak.representations.AccessToken)26 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)25 IDToken (org.keycloak.representations.IDToken)23 Matchers.containsString (org.hamcrest.Matchers.containsString)15 AbstractAdminTest (org.keycloak.testsuite.admin.AbstractAdminTest)15 Response (javax.ws.rs.core.Response)13 OIDCClientRepresentation (org.keycloak.representations.oidc.OIDCClientRepresentation)13 AccessTokenResponse (org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse)12 IOException (java.io.IOException)11 RealmResource (org.keycloak.admin.client.resource.RealmResource)11 AssertEvents (org.keycloak.testsuite.AssertEvents)10 JWSInput (org.keycloak.jose.jws.JWSInput)9 TestAuthenticationChannelRequest (org.keycloak.testsuite.rest.representation.TestAuthenticationChannelRequest)9