Search in sources :

Example 36 with EventRepresentation

use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.

the class OAuthProofKeyForCodeExchangeTest method accessTokenRequestInPKCEValidPlainCodeChallengeMethod.

@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void accessTokenRequestInPKCEValidPlainCodeChallengeMethod() throws Exception {
    // test case : success : A-1-3
    oauth.codeChallenge(".234567890-234567890~234567890_234567890123");
    oauth.codeChallengeMethod(OAuth2Constants.PKCE_METHOD_PLAIN);
    oauth.doLogin("test-user@localhost", "password");
    EventRepresentation loginEvent = events.expectLogin().assertEvent();
    String sessionId = loginEvent.getSessionId();
    String codeId = loginEvent.getDetails().get(Details.CODE_ID);
    String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
    oauth.codeVerifier(".234567890-234567890~234567890_234567890123");
    expectSuccessfulResponseFromTokenEndpoint(codeId, sessionId, code);
}
Also used : EventRepresentation(org.keycloak.representations.idm.EventRepresentation) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) Test(org.junit.Test) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)

Example 37 with EventRepresentation

use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.

the class OAuthProofKeyForCodeExchangeTest method accessTokenRequestInPKCEWIthoutCodeVerifierWithS256CodeChallengeMethod.

@Test
public void accessTokenRequestInPKCEWIthoutCodeVerifierWithS256CodeChallengeMethod() throws Exception {
    // test case : failure : A-1-12
    String codeVerifier = "1234567890123456789012345678901234567890123";
    String codeChallenge = codeVerifier;
    oauth.codeChallenge(codeChallenge);
    oauth.codeChallengeMethod(OAuth2Constants.PKCE_METHOD_S256);
    oauth.doLogin("test-user@localhost", "password");
    EventRepresentation loginEvent = events.expectLogin().assertEvent();
    String sessionId = loginEvent.getSessionId();
    String codeId = loginEvent.getDetails().get(Details.CODE_ID);
    String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
    OAuthClient.AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
    assertEquals(400, response.getStatusCode());
    assertEquals(OAuthErrorException.INVALID_GRANT, response.getError());
    assertEquals("PKCE code verifier not specified", response.getErrorDescription());
    events.expectCodeToToken(codeId, sessionId).error(Errors.CODE_VERIFIER_MISSING).clearDetails().assertEvent();
}
Also used : OAuthClient(org.keycloak.testsuite.util.OAuthClient) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) Test(org.junit.Test) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)

Example 38 with EventRepresentation

use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.

the class OAuthProofKeyForCodeExchangeTest method accessTokenRequestInPKCEUnmachedCodeVerifierWithPlainCodeChallengeMethod.

@Test
public void accessTokenRequestInPKCEUnmachedCodeVerifierWithPlainCodeChallengeMethod() throws Exception {
    // test case : failure : A-1-6
    oauth.codeChallenge("1234567890123456789012345678901234567890123");
    oauth.codeChallengeMethod(OAuth2Constants.PKCE_METHOD_PLAIN);
    oauth.doLogin("test-user@localhost", "password");
    EventRepresentation loginEvent = events.expectLogin().assertEvent();
    String sessionId = loginEvent.getSessionId();
    String codeId = loginEvent.getDetails().get(Details.CODE_ID);
    String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
    oauth.codeVerifier("aZ_-.~1234567890123456789012345678901234567890123Za");
    OAuthClient.AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
    assertEquals(400, response.getStatusCode());
    assertEquals(OAuthErrorException.INVALID_GRANT, response.getError());
    assertEquals("PKCE verification failed", response.getErrorDescription());
    events.expectCodeToToken(codeId, sessionId).error(Errors.PKCE_VERIFICATION_FAILED).clearDetails().assertEvent();
}
Also used : OAuthClient(org.keycloak.testsuite.util.OAuthClient) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) Test(org.junit.Test) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)

Example 39 with EventRepresentation

use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.

the class OAuthProofKeyForCodeExchangeTest method accessTokenRequestValidPlainCodeChallengeMethodPkceEnforced.

@Test
// unstable
@AuthServerContainerExclude(AuthServer.REMOTE)
public // but: a value equal to or greater than <1799> <1798> was less than <1799>
void accessTokenRequestValidPlainCodeChallengeMethodPkceEnforced() throws Exception {
    try {
        setPkceActivationSettings("test-app", OAuth2Constants.PKCE_METHOD_PLAIN);
        // 43
        String codeVerifier = "12E45r78901d3456789G12y45G78901234B67v901u3";
        String codeChallenge = codeVerifier;
        oauth.codeChallenge(codeChallenge);
        oauth.codeChallengeMethod(OAuth2Constants.PKCE_METHOD_PLAIN);
        oauth.doLogin("test-user@localhost", "password");
        EventRepresentation loginEvent = events.expectLogin().assertEvent();
        String sessionId = loginEvent.getSessionId();
        String codeId = loginEvent.getDetails().get(Details.CODE_ID);
        String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
        oauth.codeVerifier(codeVerifier);
        expectSuccessfulResponseFromTokenEndpoint(codeId, sessionId, code);
    } finally {
        setPkceActivationSettings("test-app", null);
    }
}
Also used : EventRepresentation(org.keycloak.representations.idm.EventRepresentation) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) Test(org.junit.Test) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)

Example 40 with EventRepresentation

use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.

the class OAuthProofKeyForCodeExchangeTest method accessTokenRequestWithoutCodeVerifierPkceEnforced.

@Test
public void accessTokenRequestWithoutCodeVerifierPkceEnforced() throws Exception {
    try {
        setPkceActivationSettings("test-app", OAuth2Constants.PKCE_METHOD_S256);
        String codeVerifier = "1234567890123456789012345678901234567890123";
        String codeChallenge = generateS256CodeChallenge(codeVerifier);
        oauth.codeChallenge(codeChallenge);
        oauth.codeChallengeMethod(OAuth2Constants.PKCE_METHOD_S256);
        oauth.doLogin("test-user@localhost", "password");
        EventRepresentation loginEvent = events.expectLogin().assertEvent();
        String sessionId = loginEvent.getSessionId();
        String codeId = loginEvent.getDetails().get(Details.CODE_ID);
        String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
        OAuthClient.AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
        assertEquals(400, response.getStatusCode());
        assertEquals(OAuthErrorException.INVALID_GRANT, response.getError());
        assertEquals("PKCE code verifier not specified", response.getErrorDescription());
        events.expectCodeToToken(codeId, sessionId).error(Errors.CODE_VERIFIER_MISSING).clearDetails().assertEvent();
    } finally {
        setPkceActivationSettings("test-app", null);
    }
}
Also used : OAuthClient(org.keycloak.testsuite.util.OAuthClient) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) Test(org.junit.Test) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)

Aggregations

EventRepresentation (org.keycloak.representations.idm.EventRepresentation)164 Test (org.junit.Test)124 OAuthClient (org.keycloak.testsuite.util.OAuthClient)93 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)60 AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)44 RefreshToken (org.keycloak.representations.RefreshToken)27 ClientResource (org.keycloak.admin.client.resource.ClientResource)26 AccessToken (org.keycloak.representations.AccessToken)26 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)25 IDToken (org.keycloak.representations.IDToken)23 Matchers.containsString (org.hamcrest.Matchers.containsString)15 AbstractAdminTest (org.keycloak.testsuite.admin.AbstractAdminTest)15 Response (javax.ws.rs.core.Response)13 OIDCClientRepresentation (org.keycloak.representations.oidc.OIDCClientRepresentation)13 AccessTokenResponse (org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse)12 IOException (java.io.IOException)11 RealmResource (org.keycloak.admin.client.resource.RealmResource)11 AssertEvents (org.keycloak.testsuite.AssertEvents)10 JWSInput (org.keycloak.jose.jws.JWSInput)9 TestAuthenticationChannelRequest (org.keycloak.testsuite.rest.representation.TestAuthenticationChannelRequest)9