use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.
the class AccessTokenTest method accessTokenCodeHasRequiredAction.
@Test
public void accessTokenCodeHasRequiredAction() {
UserResource user = findUserByUsernameId(adminClient.realm("test"), "test-user@localhost");
UserManager.realm(adminClient.realm("test")).user(user).addRequiredAction(UserModel.RequiredAction.UPDATE_PROFILE.toString());
oauth.doLogin("test-user@localhost", "password");
String actionURI = ActionURIUtils.getActionURIFromPageSource(driver.getPageSource());
String code = ActionURIUtils.parseQueryParamsFromActionURI(actionURI).get("code");
OAuthClient.AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
Assert.assertEquals(400, response.getStatusCode());
EventRepresentation event = events.poll();
assertNull(event.getDetails().get(Details.CODE_ID));
UserManager.realm(adminClient.realm("test")).user(user).removeRequiredAction(UserModel.RequiredAction.UPDATE_PROFILE.toString());
}
use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.
the class AccessTokenTest method testAuthorizationNegotiateHeaderIgnored.
// KEYCLOAK-1595 Assert that public client is able to retrieve token even if header "Authorization: Negotiate something" was used (parameter client_id has preference in this case)
@Test
public void testAuthorizationNegotiateHeaderIgnored() throws Exception {
adminClient.realm("test").clients().create(ClientBuilder.create().clientId("sample-public-client").authenticatorType("client-secret").redirectUris(oauth.getRedirectUri() + "/*").publicClient().build());
oauth.clientId("sample-public-client");
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().client("sample-public-client").assertEvent();
String sessionId = loginEvent.getSessionId();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
try (CloseableHttpClient client = HttpClientBuilder.create().build()) {
HttpPost post = new HttpPost(oauth.getAccessTokenUrl());
List<NameValuePair> parameters = new LinkedList<>();
parameters.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, OAuth2Constants.AUTHORIZATION_CODE));
parameters.add(new BasicNameValuePair(OAuth2Constants.CODE, code));
parameters.add(new BasicNameValuePair(OAuth2Constants.REDIRECT_URI, oauth.getRedirectUri()));
parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ID, oauth.getClientId()));
post.setHeader("Authorization", "Negotiate something-which-will-be-ignored");
UrlEncodedFormEntity formEntity = new UrlEncodedFormEntity(parameters, "UTF-8");
post.setEntity(formEntity);
OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(client.execute(post));
Assert.assertEquals(200, response.getStatusCode());
AccessToken token = oauth.verifyToken(response.getAccessToken());
events.expectCodeToToken(codeId, sessionId).client("sample-public-client").assertEvent();
}
}
use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.
the class AccessTokenTest method accessTokenRequest.
@Test
public void accessTokenRequest() throws Exception {
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
String sessionId = loginEvent.getSessionId();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
OAuthClient.AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
assertEquals(200, response.getStatusCode());
Assert.assertThat(response.getExpiresIn(), allOf(greaterThanOrEqualTo(250), lessThanOrEqualTo(300)));
Assert.assertThat(response.getRefreshExpiresIn(), allOf(greaterThanOrEqualTo(1750), lessThanOrEqualTo(1800)));
assertEquals("Bearer", response.getTokenType());
String expectedKid = oauth.doCertsRequest("test").getKeys()[0].getKeyId();
JWSHeader header = new JWSInput(response.getAccessToken()).getHeader();
assertEquals("RS256", header.getAlgorithm().name());
assertEquals("JWT", header.getType());
assertEquals(expectedKid, header.getKeyId());
assertNull(header.getContentType());
header = new JWSInput(response.getIdToken()).getHeader();
assertEquals("RS256", header.getAlgorithm().name());
assertEquals("JWT", header.getType());
assertEquals(expectedKid, header.getKeyId());
assertNull(header.getContentType());
header = new JWSInput(response.getRefreshToken()).getHeader();
assertEquals("HS256", header.getAlgorithm().name());
assertEquals("JWT", header.getType());
assertNull(header.getContentType());
AccessToken token = oauth.verifyToken(response.getAccessToken());
assertEquals(findUserByUsername(adminClient.realm("test"), "test-user@localhost").getId(), token.getSubject());
assertNotEquals("test-user@localhost", token.getSubject());
assertEquals(sessionId, token.getSessionState());
JWSInput idToken = new JWSInput(response.getIdToken());
ObjectMapper mapper = JsonSerialization.mapper;
JsonParser parser = mapper.getFactory().createParser(idToken.readContentAsString());
TreeNode treeNode = mapper.readTree(parser);
String sid = ((TextNode) treeNode.get("sid")).asText();
assertEquals(sessionId, sid);
assertNull(token.getNbf());
assertEquals(0, token.getNotBefore());
assertNotNull(token.getIat());
assertEquals(token.getIat().intValue(), token.getIssuedAt());
assertNotNull(token.getExp());
assertEquals(token.getExp().intValue(), token.getExpiration());
assertEquals(1, token.getRealmAccess().getRoles().size());
assertTrue(token.getRealmAccess().isUserInRole("user"));
assertEquals(1, token.getResourceAccess(oauth.getClientId()).getRoles().size());
assertTrue(token.getResourceAccess(oauth.getClientId()).isUserInRole("customer-user"));
EventRepresentation event = events.expectCodeToToken(codeId, sessionId).assertEvent();
assertEquals(token.getId(), event.getDetails().get(Details.TOKEN_ID));
assertEquals(oauth.parseRefreshToken(response.getRefreshToken()).getId(), event.getDetails().get(Details.REFRESH_TOKEN_ID));
assertEquals(sessionId, token.getSessionState());
}
use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.
the class AccessTokenTest method accessTokenInvalidRedirectUri.
@Test
public void accessTokenInvalidRedirectUri() throws Exception {
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
// @TODO This new and was necesssary to not mess up with other tests cases
String redirectUri = oauth.getRedirectUri();
oauth.redirectUri("http://invalid");
OAuthClient.AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
assertEquals(400, response.getStatusCode());
assertEquals("invalid_grant", response.getError());
assertEquals("Incorrect redirect_uri", response.getErrorDescription());
events.expectCodeToToken(codeId, loginEvent.getSessionId()).error("invalid_code").removeDetail(Details.TOKEN_ID).removeDetail(Details.REFRESH_TOKEN_ID).removeDetail(Details.REFRESH_TOKEN_TYPE).assertEvent();
// @TODO Reset back to the original URI. Maybe we should have something to reset to the original state at OAuthClient
oauth.redirectUri(redirectUri);
}
use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.
the class BackchannelLogoutTest method assertLogoutEvent.
private void assertLogoutEvent(String sessionId, String userId, String realmName) {
String realmId = adminClient.realm(realmName).toRepresentation().getId();
List<EventRepresentation> eventList = adminClient.realm(realmName).getEvents();
Optional<EventRepresentation> logoutEventOptional = eventList.stream().filter(event -> sessionId.equals(event.getSessionId())).findAny();
if (logoutEventOptional.isPresent()) {
EventRepresentation logoutEvent = logoutEventOptional.get();
this.events.expectLogout(sessionId).realm(realmId).user(userId).removeDetail(Details.REDIRECT_URI).assertEvent(logoutEvent);
} else {
fail("No Logout event found for session " + sessionId);
}
}
Aggregations