Search in sources :

Example 41 with EventRepresentation

use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.

the class OAuthProofKeyForCodeExchangeTest method accessTokenRequestInPKCEInvalidUnderCodeVerifierWithS256CodeChallengeMethod.

@Test
public void accessTokenRequestInPKCEInvalidUnderCodeVerifierWithS256CodeChallengeMethod() throws Exception {
    // test case : success : A-1-10
    // 42
    String codeVerifier = "ABCDEFGabcdefg1234567ABCDEFGabcdefg1234567";
    String codeChallenge = generateS256CodeChallenge(codeVerifier);
    oauth.codeChallenge(codeChallenge);
    oauth.codeChallengeMethod(OAuth2Constants.PKCE_METHOD_S256);
    oauth.doLogin("test-user@localhost", "password");
    EventRepresentation loginEvent = events.expectLogin().assertEvent();
    String sessionId = loginEvent.getSessionId();
    String codeId = loginEvent.getDetails().get(Details.CODE_ID);
    String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
    oauth.codeVerifier(codeVerifier);
    OAuthClient.AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
    assertEquals(400, response.getStatusCode());
    assertEquals(OAuthErrorException.INVALID_GRANT, response.getError());
    assertEquals("PKCE invalid code verifier", response.getErrorDescription());
    events.expectCodeToToken(codeId, sessionId).error(Errors.INVALID_CODE_VERIFIER).clearDetails().assertEvent();
}
Also used : OAuthClient(org.keycloak.testsuite.util.OAuthClient) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) Test(org.junit.Test) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)

Example 42 with EventRepresentation

use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.

the class AbstractOIDCScopeTest method sendTokenRequest.

protected AbstractOIDCScopeTest.Tokens sendTokenRequest(EventRepresentation loginEvent, String userId, String expectedScope, String clientId) {
    String sessionId = loginEvent.getSessionId();
    String codeId = loginEvent.getDetails().get(Details.CODE_ID);
    String code = new OAuthClient.AuthorizationEndpointResponse(oauth).getCode();
    OAuthClient.AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
    Assert.assertEquals(200, response.getStatusCode());
    // Test scopes
    log.info("expectedScopes = " + expectedScope);
    log.info("responseScopes = " + response.getScope());
    assertScopes(expectedScope, response.getScope());
    IDToken idToken = oauth.verifyIDToken(response.getIdToken());
    AccessToken accessToken = oauth.verifyToken(response.getAccessToken());
    // Test scope in the access token
    assertScopes(expectedScope, accessToken.getScope());
    EventRepresentation codeToTokenEvent = events.expectCodeToToken(codeId, sessionId).user(userId).client(clientId).assertEvent();
    // Test scope in the event
    assertScopes(expectedScope, codeToTokenEvent.getDetails().get(Details.SCOPE));
    return new AbstractOIDCScopeTest.Tokens(idToken, accessToken, response.getRefreshToken());
}
Also used : OAuthClient(org.keycloak.testsuite.util.OAuthClient) AccessToken(org.keycloak.representations.AccessToken) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) IDToken(org.keycloak.representations.IDToken)

Example 43 with EventRepresentation

use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.

the class OIDCBackwardsCompatibilityTest method testExcludeSessionStateParameter.

// KEYCLOAK-6286
@Test
public void testExcludeSessionStateParameter() {
    // Open login form and login successfully. Assert session_state is present
    OAuthClient.AuthorizationEndpointResponse authzResponse = oauth.doLogin("test-user@localhost", "password");
    EventRepresentation loginEvent = events.expectLogin().assertEvent();
    Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
    Assert.assertNotNull(authzResponse.getSessionState());
    // Switch "exclude session_state" to on
    ClientResource client = ApiUtil.findClientByClientId(adminClient.realm("test"), "test-app");
    ClientRepresentation clientRep = client.toRepresentation();
    OIDCAdvancedConfigWrapper config = OIDCAdvancedConfigWrapper.fromClientRepresentation(clientRep);
    config.setExcludeSessionStateFromAuthResponse(true);
    client.update(clientRep);
    // Open login again and assert session_state not present
    driver.navigate().to(oauth.getLoginFormUrl());
    org.keycloak.testsuite.Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
    loginEvent = events.expectLogin().detail(Details.USERNAME, "test-user@localhost").assertEvent();
    authzResponse = new OAuthClient.AuthorizationEndpointResponse(oauth);
    Assert.assertNull(authzResponse.getSessionState());
    // Revert
    config.setExcludeSessionStateFromAuthResponse(false);
    client.update(clientRep);
}
Also used : OAuthClient(org.keycloak.testsuite.util.OAuthClient) OIDCAdvancedConfigWrapper(org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) ClientResource(org.keycloak.admin.client.resource.ClientResource) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Example 44 with EventRepresentation

use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.

the class OIDCPublicClientTest method accessTokenRequest.

// KEYCLOAK-18258
@Test
public void accessTokenRequest() throws Exception {
    // Update client to use custom client authenticator
    ClientResource clientResource = ApiUtil.findClientByClientId(adminClient.realms().realm("test"), "test-app");
    ClientRepresentation clientRep = clientResource.toRepresentation();
    clientRep.setClientAuthenticatorType(JWTClientAuthenticator.PROVIDER_ID);
    clientResource.update(clientRep);
    // Switch client to public client now
    clientRep = clientResource.toRepresentation();
    Assert.assertEquals(JWTClientAuthenticator.PROVIDER_ID, clientRep.getClientAuthenticatorType());
    clientRep.setPublicClient(true);
    clientResource.update(clientRep);
    // It should be possible to authenticate
    oauth.doLogin("test-user@localhost", "password");
    EventRepresentation loginEvent = events.expectLogin().assertEvent();
    String sessionId = loginEvent.getSessionId();
    String codeId = loginEvent.getDetails().get(Details.CODE_ID);
    String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
    OAuthClient.AccessTokenResponse response = oauth.doAccessTokenRequest(code, null);
    assertEquals(200, response.getStatusCode());
    assertNotNull(response.getAccessToken());
    EventRepresentation event = events.expectCodeToToken(codeId, sessionId).assertEvent();
}
Also used : OAuthClient(org.keycloak.testsuite.util.OAuthClient) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) ClientResource(org.keycloak.admin.client.resource.ClientResource) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) Test(org.junit.Test) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)

Example 45 with EventRepresentation

use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.

the class OIDCAdvancedRequestParamsTest method testMaxAge10000.

@Test
public void testMaxAge10000() {
    // Open login form and login successfully
    oauth.doLogin("test-user@localhost", "password");
    EventRepresentation loginEvent = events.expectLogin().assertEvent();
    IDToken idToken = sendTokenRequestAndGetIDToken(loginEvent);
    // Check that authTime is available and set to current time
    int authTime = idToken.getAuthTime();
    int currentTime = Time.currentTime();
    Assert.assertTrue(authTime <= currentTime && authTime + 3 >= currentTime);
    // Set time offset
    setTimeOffset(10);
    // Now open login form with maxAge=10000
    oauth.maxAge("10000");
    // Assert that I will be automatically logged through cookie
    oauth.openLoginForm();
    loginEvent = events.expectLogin().assertEvent();
    idToken = sendTokenRequestAndGetIDToken(loginEvent);
    // Assert that authTime is still the same
    int authTimeUpdated = idToken.getAuthTime();
    Assert.assertEquals(authTime, authTimeUpdated);
}
Also used : EventRepresentation(org.keycloak.representations.idm.EventRepresentation) IDToken(org.keycloak.representations.IDToken) AbstractAdminTest(org.keycloak.testsuite.admin.AbstractAdminTest) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Aggregations

EventRepresentation (org.keycloak.representations.idm.EventRepresentation)164 Test (org.junit.Test)124 OAuthClient (org.keycloak.testsuite.util.OAuthClient)93 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)60 AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)44 RefreshToken (org.keycloak.representations.RefreshToken)27 ClientResource (org.keycloak.admin.client.resource.ClientResource)26 AccessToken (org.keycloak.representations.AccessToken)26 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)25 IDToken (org.keycloak.representations.IDToken)23 Matchers.containsString (org.hamcrest.Matchers.containsString)15 AbstractAdminTest (org.keycloak.testsuite.admin.AbstractAdminTest)15 Response (javax.ws.rs.core.Response)13 OIDCClientRepresentation (org.keycloak.representations.oidc.OIDCClientRepresentation)13 AccessTokenResponse (org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse)12 IOException (java.io.IOException)11 RealmResource (org.keycloak.admin.client.resource.RealmResource)11 AssertEvents (org.keycloak.testsuite.AssertEvents)10 JWSInput (org.keycloak.jose.jws.JWSInput)9 TestAuthenticationChannelRequest (org.keycloak.testsuite.rest.representation.TestAuthenticationChannelRequest)9