Search in sources :

Example 66 with AuthorizationResponse

use of org.keycloak.representations.idm.authorization.AuthorizationResponse in project keycloak by keycloak.

the class AuthorizationAPITest method testAccessTokenWithUmaAuthorization.

public void testAccessTokenWithUmaAuthorization(String authzConfigFile) {
    AuthzClient authzClient = getAuthzClient(authzConfigFile);
    PermissionRequest request = new PermissionRequest("Resource A");
    String ticket = authzClient.protection().permission().create(request).getTicket();
    AuthorizationResponse response = authzClient.authorization("marta", "password").authorize(new AuthorizationRequest(ticket));
    assertNotNull(response.getToken());
}
Also used : PermissionRequest(org.keycloak.representations.idm.authorization.PermissionRequest) AuthzClient(org.keycloak.authorization.client.AuthzClient) AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest) AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse)

Example 67 with AuthorizationResponse

use of org.keycloak.representations.idm.authorization.AuthorizationResponse in project keycloak by keycloak.

the class AuthzClientCredentialsTest method testNoRefreshToken.

@Test
public void testNoRefreshToken() throws Exception {
    ClientsResource clients = getAdminClient().realm("authz-test-no-rt").clients();
    AuthzClient authzClient = getAuthzClient("default-session-keycloak-no-rt.json");
    org.keycloak.authorization.client.resource.AuthorizationResource authorization = authzClient.authorization();
    AuthorizationResponse response = authorization.authorize();
    AccessToken accessToken = toAccessToken(response.getToken());
    assertEquals(1, accessToken.getAuthorization().getPermissions().size());
    assertEquals("Default Resource", accessToken.getAuthorization().getPermissions().iterator().next().getResourceName());
    ProtectionResource protection = authzClient.protection();
    assertEquals(1, protection.resource().findAll().length);
    try {
        // force token expiration on the client side
        Time.setOffset(1000);
        // should refresh tokens by doing client credentials again
        assertEquals(1, protection.resource().findAll().length);
    } finally {
        Time.setOffset(0);
    }
}
Also used : ProtectionResource(org.keycloak.authorization.client.resource.ProtectionResource) AuthzClient(org.keycloak.authorization.client.AuthzClient) AccessToken(org.keycloak.representations.AccessToken) ClientsResource(org.keycloak.admin.client.resource.ClientsResource) AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse) Test(org.junit.Test)

Example 68 with AuthorizationResponse

use of org.keycloak.representations.idm.authorization.AuthorizationResponse in project keycloak by keycloak.

the class AuthzClientCredentialsTest method testSingleSessionPerUser.

@Test
public void testSingleSessionPerUser() throws Exception {
    ClientsResource clients = getAdminClient().realm("authz-test-session").clients();
    ClientRepresentation clientRepresentation = clients.findByClientId("resource-server-test").get(0);
    List<UserSessionRepresentation> userSessions = clients.get(clientRepresentation.getId()).getUserSessions(-1, -1);
    assertEquals(0, userSessions.size());
    AuthzClient authzClient = getAuthzClient("default-session-keycloak.json");
    org.keycloak.authorization.client.resource.AuthorizationResource authorization = authzClient.authorization("marta", "password");
    AuthorizationResponse response = authorization.authorize();
    AccessToken accessToken = toAccessToken(response.getToken());
    String sessionState = accessToken.getSessionState();
    assertEquals(1, accessToken.getAuthorization().getPermissions().size());
    assertEquals("Default Resource", accessToken.getAuthorization().getPermissions().iterator().next().getResourceName());
    userSessions = clients.get(clientRepresentation.getId()).getUserSessions(null, null);
    assertEquals(1, userSessions.size());
    for (int i = 0; i < 3; i++) {
        response = authorization.authorize();
        accessToken = toAccessToken(response.getToken());
        assertEquals(sessionState, accessToken.getSessionState());
        Thread.sleep(1000);
    }
    userSessions = clients.get(clientRepresentation.getId()).getUserSessions(null, null);
    assertEquals(1, userSessions.size());
}
Also used : UserSessionRepresentation(org.keycloak.representations.idm.UserSessionRepresentation) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse) AuthzClient(org.keycloak.authorization.client.AuthzClient) AccessToken(org.keycloak.representations.AccessToken) ClientsResource(org.keycloak.admin.client.resource.ClientsResource) Test(org.junit.Test)

Example 69 with AuthorizationResponse

use of org.keycloak.representations.idm.authorization.AuthorizationResponse in project keycloak by keycloak.

the class AuthzClientCredentialsTest method testSuccessfulAuthorizationRequest.

@Test
public void testSuccessfulAuthorizationRequest() throws Exception {
    AuthzClient authzClient = getAuthzClient("keycloak-with-jwt-authentication.json");
    ProtectionResource protection = authzClient.protection();
    PermissionRequest request = new PermissionRequest("Default Resource");
    PermissionResponse ticketResponse = protection.permission().create(request);
    String ticket = ticketResponse.getTicket();
    AuthorizationResponse authorizationResponse = authzClient.authorization("marta", "password").authorize(new AuthorizationRequest(ticket));
    String rpt = authorizationResponse.getToken();
    assertNotNull(rpt);
    AccessToken accessToken = new JWSInput(rpt).readJsonContent(AccessToken.class);
    AccessToken.Authorization authorization = accessToken.getAuthorization();
    assertNotNull(authorization);
    List<Permission> permissions = new ArrayList<>(authorization.getPermissions());
    assertFalse(permissions.isEmpty());
    assertEquals("Default Resource", permissions.get(0).getResourceName());
}
Also used : PermissionRequest(org.keycloak.representations.idm.authorization.PermissionRequest) ProtectionResource(org.keycloak.authorization.client.resource.ProtectionResource) AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest) ArrayList(java.util.ArrayList) PermissionResponse(org.keycloak.representations.idm.authorization.PermissionResponse) JWSInput(org.keycloak.jose.jws.JWSInput) AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse) AuthzClient(org.keycloak.authorization.client.AuthzClient) AccessToken(org.keycloak.representations.AccessToken) Permission(org.keycloak.representations.idm.authorization.Permission) Test(org.junit.Test)

Aggregations

AuthorizationResponse (org.keycloak.representations.idm.authorization.AuthorizationResponse)69 Test (org.junit.Test)58 AccessToken (org.keycloak.representations.AccessToken)43 Permission (org.keycloak.representations.idm.authorization.Permission)43 AuthorizationRequest (org.keycloak.representations.idm.authorization.AuthorizationRequest)41 AuthzClient (org.keycloak.authorization.client.AuthzClient)35 ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)30 ResourcePermissionRepresentation (org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation)22 AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)20 ClientResource (org.keycloak.admin.client.resource.ClientResource)20 PermissionRequest (org.keycloak.representations.idm.authorization.PermissionRequest)20 AuthorizationDeniedException (org.keycloak.authorization.client.AuthorizationDeniedException)19 OAuthClient (org.keycloak.testsuite.util.OAuthClient)17 AccessTokenResponse (org.keycloak.representations.AccessTokenResponse)15 JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)14 PermissionResponse (org.keycloak.representations.idm.authorization.PermissionResponse)14 ScopePermissionRepresentation (org.keycloak.representations.idm.authorization.ScopePermissionRepresentation)14 Response (javax.ws.rs.core.Response)13 TokenIntrospectionResponse (org.keycloak.authorization.client.representation.TokenIntrospectionResponse)12 ArrayList (java.util.ArrayList)11