use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.
the class OAuthProofKeyForCodeExchangeTest method accessTokenRequestInPKCEInvalidUnderCodeVerifierWithS256CodeChallengeMethod.
@Test
public void accessTokenRequestInPKCEInvalidUnderCodeVerifierWithS256CodeChallengeMethod() throws Exception {
// test case : success : A-1-10
// 42
String codeVerifier = "ABCDEFGabcdefg1234567ABCDEFGabcdefg1234567";
String codeChallenge = generateS256CodeChallenge(codeVerifier);
oauth.codeChallenge(codeChallenge);
oauth.codeChallengeMethod(OAuth2Constants.PKCE_METHOD_S256);
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
String sessionId = loginEvent.getSessionId();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
oauth.codeVerifier(codeVerifier);
OAuthClient.AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
assertEquals(400, response.getStatusCode());
assertEquals(OAuthErrorException.INVALID_GRANT, response.getError());
assertEquals("PKCE invalid code verifier", response.getErrorDescription());
events.expectCodeToToken(codeId, sessionId).error(Errors.INVALID_CODE_VERIFIER).clearDetails().assertEvent();
}
use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.
the class AbstractOIDCScopeTest method sendTokenRequest.
protected AbstractOIDCScopeTest.Tokens sendTokenRequest(EventRepresentation loginEvent, String userId, String expectedScope, String clientId) {
String sessionId = loginEvent.getSessionId();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
String code = new OAuthClient.AuthorizationEndpointResponse(oauth).getCode();
OAuthClient.AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
Assert.assertEquals(200, response.getStatusCode());
// Test scopes
log.info("expectedScopes = " + expectedScope);
log.info("responseScopes = " + response.getScope());
assertScopes(expectedScope, response.getScope());
IDToken idToken = oauth.verifyIDToken(response.getIdToken());
AccessToken accessToken = oauth.verifyToken(response.getAccessToken());
// Test scope in the access token
assertScopes(expectedScope, accessToken.getScope());
EventRepresentation codeToTokenEvent = events.expectCodeToToken(codeId, sessionId).user(userId).client(clientId).assertEvent();
// Test scope in the event
assertScopes(expectedScope, codeToTokenEvent.getDetails().get(Details.SCOPE));
return new AbstractOIDCScopeTest.Tokens(idToken, accessToken, response.getRefreshToken());
}
use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.
the class OIDCBackwardsCompatibilityTest method testExcludeSessionStateParameter.
// KEYCLOAK-6286
@Test
public void testExcludeSessionStateParameter() {
// Open login form and login successfully. Assert session_state is present
OAuthClient.AuthorizationEndpointResponse authzResponse = oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
Assert.assertNotNull(authzResponse.getSessionState());
// Switch "exclude session_state" to on
ClientResource client = ApiUtil.findClientByClientId(adminClient.realm("test"), "test-app");
ClientRepresentation clientRep = client.toRepresentation();
OIDCAdvancedConfigWrapper config = OIDCAdvancedConfigWrapper.fromClientRepresentation(clientRep);
config.setExcludeSessionStateFromAuthResponse(true);
client.update(clientRep);
// Open login again and assert session_state not present
driver.navigate().to(oauth.getLoginFormUrl());
org.keycloak.testsuite.Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
loginEvent = events.expectLogin().detail(Details.USERNAME, "test-user@localhost").assertEvent();
authzResponse = new OAuthClient.AuthorizationEndpointResponse(oauth);
Assert.assertNull(authzResponse.getSessionState());
// Revert
config.setExcludeSessionStateFromAuthResponse(false);
client.update(clientRep);
}
use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.
the class OIDCPublicClientTest method accessTokenRequest.
// KEYCLOAK-18258
@Test
public void accessTokenRequest() throws Exception {
// Update client to use custom client authenticator
ClientResource clientResource = ApiUtil.findClientByClientId(adminClient.realms().realm("test"), "test-app");
ClientRepresentation clientRep = clientResource.toRepresentation();
clientRep.setClientAuthenticatorType(JWTClientAuthenticator.PROVIDER_ID);
clientResource.update(clientRep);
// Switch client to public client now
clientRep = clientResource.toRepresentation();
Assert.assertEquals(JWTClientAuthenticator.PROVIDER_ID, clientRep.getClientAuthenticatorType());
clientRep.setPublicClient(true);
clientResource.update(clientRep);
// It should be possible to authenticate
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
String sessionId = loginEvent.getSessionId();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
OAuthClient.AccessTokenResponse response = oauth.doAccessTokenRequest(code, null);
assertEquals(200, response.getStatusCode());
assertNotNull(response.getAccessToken());
EventRepresentation event = events.expectCodeToToken(codeId, sessionId).assertEvent();
}
use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.
the class OIDCAdvancedRequestParamsTest method testMaxAge10000.
@Test
public void testMaxAge10000() {
// Open login form and login successfully
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
IDToken idToken = sendTokenRequestAndGetIDToken(loginEvent);
// Check that authTime is available and set to current time
int authTime = idToken.getAuthTime();
int currentTime = Time.currentTime();
Assert.assertTrue(authTime <= currentTime && authTime + 3 >= currentTime);
// Set time offset
setTimeOffset(10);
// Now open login form with maxAge=10000
oauth.maxAge("10000");
// Assert that I will be automatically logged through cookie
oauth.openLoginForm();
loginEvent = events.expectLogin().assertEvent();
idToken = sendTokenRequestAndGetIDToken(loginEvent);
// Assert that authTime is still the same
int authTimeUpdated = idToken.getAuthTime();
Assert.assertEquals(authTime, authTimeUpdated);
}
Aggregations