use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.
the class OAuthProofKeyForCodeExchangeTest method accessTokenRequestInPKCEValidPlainCodeChallengeMethod.
@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void accessTokenRequestInPKCEValidPlainCodeChallengeMethod() throws Exception {
// test case : success : A-1-3
oauth.codeChallenge(".234567890-234567890~234567890_234567890123");
oauth.codeChallengeMethod(OAuth2Constants.PKCE_METHOD_PLAIN);
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
String sessionId = loginEvent.getSessionId();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
oauth.codeVerifier(".234567890-234567890~234567890_234567890123");
expectSuccessfulResponseFromTokenEndpoint(codeId, sessionId, code);
}
use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.
the class OAuthProofKeyForCodeExchangeTest method accessTokenRequestInPKCEWIthoutCodeVerifierWithS256CodeChallengeMethod.
@Test
public void accessTokenRequestInPKCEWIthoutCodeVerifierWithS256CodeChallengeMethod() throws Exception {
// test case : failure : A-1-12
String codeVerifier = "1234567890123456789012345678901234567890123";
String codeChallenge = codeVerifier;
oauth.codeChallenge(codeChallenge);
oauth.codeChallengeMethod(OAuth2Constants.PKCE_METHOD_S256);
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
String sessionId = loginEvent.getSessionId();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
OAuthClient.AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
assertEquals(400, response.getStatusCode());
assertEquals(OAuthErrorException.INVALID_GRANT, response.getError());
assertEquals("PKCE code verifier not specified", response.getErrorDescription());
events.expectCodeToToken(codeId, sessionId).error(Errors.CODE_VERIFIER_MISSING).clearDetails().assertEvent();
}
use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.
the class OAuthProofKeyForCodeExchangeTest method accessTokenRequestInPKCEUnmachedCodeVerifierWithPlainCodeChallengeMethod.
@Test
public void accessTokenRequestInPKCEUnmachedCodeVerifierWithPlainCodeChallengeMethod() throws Exception {
// test case : failure : A-1-6
oauth.codeChallenge("1234567890123456789012345678901234567890123");
oauth.codeChallengeMethod(OAuth2Constants.PKCE_METHOD_PLAIN);
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
String sessionId = loginEvent.getSessionId();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
oauth.codeVerifier("aZ_-.~1234567890123456789012345678901234567890123Za");
OAuthClient.AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
assertEquals(400, response.getStatusCode());
assertEquals(OAuthErrorException.INVALID_GRANT, response.getError());
assertEquals("PKCE verification failed", response.getErrorDescription());
events.expectCodeToToken(codeId, sessionId).error(Errors.PKCE_VERIFICATION_FAILED).clearDetails().assertEvent();
}
use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.
the class OAuthProofKeyForCodeExchangeTest method accessTokenRequestValidPlainCodeChallengeMethodPkceEnforced.
@Test
// unstable
@AuthServerContainerExclude(AuthServer.REMOTE)
public // but: a value equal to or greater than <1799> <1798> was less than <1799>
void accessTokenRequestValidPlainCodeChallengeMethodPkceEnforced() throws Exception {
try {
setPkceActivationSettings("test-app", OAuth2Constants.PKCE_METHOD_PLAIN);
// 43
String codeVerifier = "12E45r78901d3456789G12y45G78901234B67v901u3";
String codeChallenge = codeVerifier;
oauth.codeChallenge(codeChallenge);
oauth.codeChallengeMethod(OAuth2Constants.PKCE_METHOD_PLAIN);
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
String sessionId = loginEvent.getSessionId();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
oauth.codeVerifier(codeVerifier);
expectSuccessfulResponseFromTokenEndpoint(codeId, sessionId, code);
} finally {
setPkceActivationSettings("test-app", null);
}
}
use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.
the class OAuthProofKeyForCodeExchangeTest method accessTokenRequestWithoutCodeVerifierPkceEnforced.
@Test
public void accessTokenRequestWithoutCodeVerifierPkceEnforced() throws Exception {
try {
setPkceActivationSettings("test-app", OAuth2Constants.PKCE_METHOD_S256);
String codeVerifier = "1234567890123456789012345678901234567890123";
String codeChallenge = generateS256CodeChallenge(codeVerifier);
oauth.codeChallenge(codeChallenge);
oauth.codeChallengeMethod(OAuth2Constants.PKCE_METHOD_S256);
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
String sessionId = loginEvent.getSessionId();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
OAuthClient.AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
assertEquals(400, response.getStatusCode());
assertEquals(OAuthErrorException.INVALID_GRANT, response.getError());
assertEquals("PKCE code verifier not specified", response.getErrorDescription());
events.expectCodeToToken(codeId, sessionId).error(Errors.CODE_VERIFIER_MISSING).clearDetails().assertEvent();
} finally {
setPkceActivationSettings("test-app", null);
}
}
Aggregations