Examples with OIDCClientRepresentation org.keycloak.representations.oidc.OIDCClientRepresentation used on opensource projects

Search in sources :

Example 61 with OIDCClientRepresentation

use of org.keycloak.representations.oidc.OIDCClientRepresentation in project keycloak by keycloak.

the class OIDCPairwiseClientRegistrationTest method createPairwiseClientWithInvalidSectorIdentifierURI.

@Test
public void createPairwiseClientWithInvalidSectorIdentifierURI() throws Exception {
    OIDCClientRepresentation clientRep = createRep();
    clientRep.setSubjectType("pairwise");
    clientRep.setSectorIdentifierUri("malformed");
    assertCreateFail(clientRep, 400, "Invalid Sector Identifier URI.");
}
Also used : OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) Test(org.junit.Test)

Example 62 with OIDCClientRepresentation

use of org.keycloak.representations.oidc.OIDCClientRepresentation in project keycloak by keycloak.

the class OIDCPairwiseClientRegistrationTest method introspectPairwiseAccessToken.

@Test
public void introspectPairwiseAccessToken() throws Exception {
    // Create a pairwise client
    OIDCClientRepresentation pairwiseClient = createPairwise();
    // Login to pairwise client
    OAuthClient.AccessTokenResponse accessTokenResponse = login(pairwiseClient, "test-user@localhost", "password");
    String introspectionResponse = oauth.introspectAccessTokenWithClientCredential(pairwiseClient.getClientId(), pairwiseClient.getClientSecret(), accessTokenResponse.getAccessToken());
    ObjectMapper objectMapper = new ObjectMapper();
    JsonNode jsonNode = objectMapper.readTree(introspectionResponse);
    Assert.assertEquals(true, jsonNode.get("active").asBoolean());
    Assert.assertEquals("test-user@localhost", jsonNode.get("email").asText());
}
Also used : OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) OAuthClient(org.keycloak.testsuite.util.OAuthClient) JsonNode(com.fasterxml.jackson.databind.JsonNode) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) Test(org.junit.Test)

Example 63 with OIDCClientRepresentation

use of org.keycloak.representations.oidc.OIDCClientRepresentation in project keycloak by keycloak.

the class OIDCPairwiseClientRegistrationTest method createRep.

private OIDCClientRepresentation createRep() {
    OIDCClientRepresentation client = new OIDCClientRepresentation();
    client.setClientName("RegistrationAccessTokenTest");
    client.setClientUri(OAuthClient.APP_ROOT);
    client.setRedirectUris(Collections.singletonList(oauth.getRedirectUri()));
    return client;
}
Also used : OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation)

Example 64 with OIDCClientRepresentation

use of org.keycloak.representations.oidc.OIDCClientRepresentation in project keycloak by keycloak.

the class OIDCPairwiseClientRegistrationTest method createPairwiseClientWithSectorIdentifierURIContainingMismatchedRedirectsPublicSubject.

@Test
public void createPairwiseClientWithSectorIdentifierURIContainingMismatchedRedirectsPublicSubject() throws Exception {
    OIDCClientRepresentation clientRep = createRep();
    // Push redirect uris to the sector identifier URI
    List<String> sectorRedirects = new ArrayList<>();
    sectorRedirects.add("http://someotherredirect");
    TestOIDCEndpointsApplicationResource oidcClientEndpointsResource = testingClient.testApp().oidcClientEndpoints();
    oidcClientEndpointsResource.setSectorIdentifierRedirectUris(sectorRedirects);
    clientRep.setSubjectType("public");
    clientRep.setSectorIdentifierUri(TestApplicationResourceUrls.pairwiseSectorIdentifierUri());
    assertCreateFail(clientRep, 400, "Client redirect URIs does not match redirect URIs fetched from the Sector Identifier URI.");
}
Also used : TestOIDCEndpointsApplicationResource(org.keycloak.testsuite.client.resources.TestOIDCEndpointsApplicationResource) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) ArrayList(java.util.ArrayList) Test(org.junit.Test)

Example 65 with OIDCClientRepresentation

use of org.keycloak.representations.oidc.OIDCClientRepresentation in project keycloak by keycloak.

the class OIDCPairwiseClientRegistrationTest method loginUserToPairwiseClient.

@Test
public void loginUserToPairwiseClient() throws Exception {
    // Create public client
    OIDCClientRepresentation publicClient = create();
    // Login to public client
    oauth.clientId(publicClient.getClientId());
    OAuthClient.AuthorizationEndpointResponse loginResponse = oauth.doLogin("test-user@localhost", "password");
    OAuthClient.AccessTokenResponse accessTokenResponse = oauth.doAccessTokenRequest(loginResponse.getCode(), publicClient.getClientSecret());
    AccessToken accessToken = oauth.verifyToken(accessTokenResponse.getAccessToken());
    Assert.assertEquals("test-user", accessToken.getPreferredUsername());
    Assert.assertEquals("test-user@localhost", accessToken.getEmail());
    String tokenUserId = accessToken.getSubject();
    // Assert public client has same subject like userId
    UserRepresentation user = realmsResouce().realm("test").users().search("test-user", 0, 1).get(0);
    Assert.assertEquals(user.getId(), tokenUserId);
    // Create pairwise client
    OIDCClientRepresentation clientRep = createRep();
    clientRep.setSubjectType("pairwise");
    OIDCClientRepresentation pairwiseClient = reg.oidc().create(clientRep);
    Assert.assertEquals("pairwise", pairwiseClient.getSubjectType());
    // Login to pairwise client
    oauth.clientId(pairwiseClient.getClientId());
    oauth.openLoginForm();
    loginResponse = new OAuthClient.AuthorizationEndpointResponse(oauth);
    accessTokenResponse = oauth.doAccessTokenRequest(loginResponse.getCode(), pairwiseClient.getClientSecret());
    // Assert token payloads don't contain more than one "sub"
    String accessTokenPayload = getPayload(accessTokenResponse.getAccessToken());
    Assert.assertEquals(1, StringUtils.countMatches(accessTokenPayload, "\"sub\""));
    String idTokenPayload = getPayload(accessTokenResponse.getIdToken());
    Assert.assertEquals(1, StringUtils.countMatches(idTokenPayload, "\"sub\""));
    String refreshTokenPayload = getPayload(accessTokenResponse.getRefreshToken());
    Assert.assertEquals(1, StringUtils.countMatches(refreshTokenPayload, "\"sub\""));
    accessToken = oauth.verifyToken(accessTokenResponse.getAccessToken());
    Assert.assertEquals("test-user", accessToken.getPreferredUsername());
    Assert.assertEquals("test-user@localhost", accessToken.getEmail());
    // Assert pairwise client has different subject than userId
    String pairwiseUserId = accessToken.getSubject();
    Assert.assertNotEquals(pairwiseUserId, user.getId());
    // Send request to userInfo endpoint
    Client jaxrsClient = AdminClientUtil.createResteasyClient();
    try {
        // Check that userInfo contains pairwise subjectId as well
        Response userInfoResponse = UserInfoClientUtil.executeUserInfoRequest_getMethod(jaxrsClient, accessTokenResponse.getAccessToken());
        UserInfo userInfo = UserInfoClientUtil.testSuccessfulUserInfoResponse(userInfoResponse, "test-user", "test-user@localhost");
        String userInfoSubId = userInfo.getSubject();
        Assert.assertEquals(pairwiseUserId, userInfoSubId);
    } finally {
        jaxrsClient.close();
    }
}
Also used : Response(javax.ws.rs.core.Response) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) OAuthClient(org.keycloak.testsuite.util.OAuthClient) AccessToken(org.keycloak.representations.AccessToken) UserInfo(org.keycloak.representations.UserInfo) Client(javax.ws.rs.client.Client) OAuthClient(org.keycloak.testsuite.util.OAuthClient) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) Test(org.junit.Test)

Aggregations

OIDCClientRepresentation (org.keycloak.representations.oidc.OIDCClientRepresentation)118 Test (org.junit.Test)95 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)44 AbstractClientPoliciesTest (org.keycloak.testsuite.client.AbstractClientPoliciesTest)22 ParResponse (org.keycloak.testsuite.util.OAuthClient.ParResponse)21 TestOIDCEndpointsApplicationResource (org.keycloak.testsuite.client.resources.TestOIDCEndpointsApplicationResource)16 OAuthClient (org.keycloak.testsuite.util.OAuthClient)16 OIDCAdvancedConfigWrapper (org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper)15 ClientRegistrationException (org.keycloak.client.registration.ClientRegistrationException)11 IOException (java.io.IOException)10 ClientResource (org.keycloak.admin.client.resource.ClientResource)9 ArrayList (java.util.ArrayList)8 ClientPoliciesBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPoliciesBuilder)7 ClientPolicyBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPolicyBuilder)7 ClientProfileBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfileBuilder)7 ClientProfilesBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfilesBuilder)7 AuthServerContainerExclude (org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)6 ClientsResource (org.keycloak.admin.client.resource.ClientsResource)4 InputStream (java.io.InputStream)3 Produces (javax.ws.rs.Produces)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial