use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.
the class FAPICIBATest method doAuthenticationChannelCallback.
private EventRepresentation doAuthenticationChannelCallback(TestAuthenticationChannelRequest request) throws Exception {
int statusCode = oauth.doAuthenticationChannelCallback(request.getBearerToken(), SUCCEED);
assertThat(statusCode, is(equalTo(200)));
// check login event : ignore user id and other details except for username
EventRepresentation representation = new EventRepresentation();
representation.setDetails(Collections.emptyMap());
return representation;
}
use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.
the class AccessTokenTest method accessTokenInvalidClientCredentials.
@Test
public void accessTokenInvalidClientCredentials() throws Exception {
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
OAuthClient.AccessTokenResponse response = oauth.doAccessTokenRequest(code, "invalid");
assertEquals(401, response.getStatusCode());
AssertEvents.ExpectedEvent expectedEvent = events.expectCodeToToken(codeId, loginEvent.getSessionId()).error("invalid_client_credentials").clearDetails().user((String) null).session((String) null);
expectedEvent.assertEvent();
}
use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.
the class AccessTokenTest method tokenRequest.
private void tokenRequest(String expectedRefreshAlg, String expectedAccessAlg, String expectedIdTokenAlg) throws Exception {
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
String sessionId = loginEvent.getSessionId();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
OAuthClient.AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
assertEquals(200, response.getStatusCode());
assertEquals("Bearer", response.getTokenType());
JWSHeader header = new JWSInput(response.getAccessToken()).getHeader();
assertEquals(expectedAccessAlg, header.getAlgorithm().name());
assertEquals("JWT", header.getType());
assertNull(header.getContentType());
header = new JWSInput(response.getIdToken()).getHeader();
assertEquals(expectedIdTokenAlg, header.getAlgorithm().name());
assertEquals("JWT", header.getType());
assertNull(header.getContentType());
header = new JWSInput(response.getRefreshToken()).getHeader();
assertEquals(expectedRefreshAlg, header.getAlgorithm().name());
assertEquals("JWT", header.getType());
assertNull(header.getContentType());
AccessToken token = oauth.verifyToken(response.getAccessToken());
assertEquals(findUserByUsername(adminClient.realm("test"), "test-user@localhost").getId(), token.getSubject());
assertNotEquals("test-user@localhost", token.getSubject());
assertEquals(sessionId, token.getSessionState());
EventRepresentation event = events.expectCodeToToken(codeId, sessionId).assertEvent();
assertEquals(token.getId(), event.getDetails().get(Details.TOKEN_ID));
assertEquals(oauth.parseRefreshToken(response.getRefreshToken()).getId(), event.getDetails().get(Details.REFRESH_TOKEN_ID));
assertEquals(sessionId, token.getSessionState());
}
use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.
the class AccessTokenTest method accessTokenCodeUsed.
@Test
public void accessTokenCodeUsed() throws IOException {
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
loginEvent.getSessionId();
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
OAuthClient.AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
Assert.assertEquals(200, response.getStatusCode());
String accessToken = response.getAccessToken();
Client jaxrsClient = AdminClientUtil.createResteasyClient();
try {
// Check that userInfo can be invoked
Response userInfoResponse = UserInfoClientUtil.executeUserInfoRequest_getMethod(jaxrsClient, accessToken);
UserInfoClientUtil.testSuccessfulUserInfoResponse(userInfoResponse, "test-user@localhost", "test-user@localhost");
// Check that tokenIntrospection can be invoked
String introspectionResponse = oauth.introspectAccessTokenWithClientCredential("test-app", "password", accessToken);
ObjectMapper objectMapper = new ObjectMapper();
JsonNode jsonNode = objectMapper.readTree(introspectionResponse);
Assert.assertEquals(true, jsonNode.get("active").asBoolean());
Assert.assertEquals("test-user@localhost", jsonNode.get("email").asText());
events.clear();
// Repeating attempt to exchange code should be refused and invalidate previous clientSession
response = oauth.doAccessTokenRequest(code, "password");
Assert.assertEquals(400, response.getStatusCode());
AssertEvents.ExpectedEvent expectedEvent = events.expectCodeToToken(codeId, codeId);
expectedEvent.error("invalid_code").removeDetail(Details.TOKEN_ID).removeDetail(Details.REFRESH_TOKEN_ID).removeDetail(Details.REFRESH_TOKEN_TYPE).user((String) null);
expectedEvent.assertEvent();
// Check that userInfo can't be invoked with invalidated accessToken
userInfoResponse = UserInfoClientUtil.executeUserInfoRequest_getMethod(jaxrsClient, accessToken);
assertEquals(Response.Status.UNAUTHORIZED.getStatusCode(), userInfoResponse.getStatus());
userInfoResponse.close();
// Check that tokenIntrospection can't be invoked with invalidated accessToken
introspectionResponse = oauth.introspectAccessTokenWithClientCredential("test-app", "password", accessToken);
objectMapper = new ObjectMapper();
jsonNode = objectMapper.readTree(introspectionResponse);
Assert.assertEquals(false, jsonNode.get("active").asBoolean());
Assert.assertNull(jsonNode.get("email"));
events.clear();
RealmManager.realm(adminClient.realm("test")).accessCodeLifeSpan(60);
} finally {
jaxrsClient.close();
}
}
use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.
the class AccessTokenTest method accessTokenCodeRoleMissing.
@Test
public void accessTokenCodeRoleMissing() {
RealmResource realmResource = adminClient.realm("test");
RoleRepresentation role = RoleBuilder.create().name("tmp-role").build();
realmResource.roles().create(role);
UserResource user = findUserByUsernameId(realmResource, "test-user@localhost");
UserManager.realm(realmResource).user(user).assignRoles(role.getName());
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
loginEvent.getDetails().get(Details.CODE_ID);
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
realmResource.roles().deleteRole("tmp-role");
OAuthClient.AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
Assert.assertEquals(200, response.getStatusCode());
AccessToken token = oauth.verifyToken(response.getAccessToken());
Assert.assertEquals(1, token.getRealmAccess().getRoles().size());
assertTrue(token.getRealmAccess().isUserInRole("user"));
events.clear();
}
Aggregations