Example 71 with OIDCClientRepresentation
use of org.keycloak.representations.oidc.OIDCClientRepresentation in project keycloak by keycloak.
the class OIDCPairwiseClientRegistrationTest method updateClientToPairwise.
@Test
public void updateClientToPairwise() throws Exception {
OIDCClientRepresentation response = create();
Assert.assertEquals("public", response.getSubjectType());
reg.auth(Auth.token(response));
response.setSubjectType("pairwise");
OIDCClientRepresentation updated = reg.oidc().update(response);
Assert.assertEquals("pairwise", updated.getSubjectType());
}
Also used :
OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation)
Test(org.junit.Test)
Example 72 with OIDCClientRepresentation
use of org.keycloak.representations.oidc.OIDCClientRepresentation in project keycloak by keycloak.
the class OIDCPairwiseClientRegistrationTest method updateToPairwiseThroughAdminRESTFailure.
@Test
public void updateToPairwiseThroughAdminRESTFailure() throws Exception {
OIDCClientRepresentation response = create();
Assert.assertEquals("public", response.getSubjectType());
Assert.assertNull(response.getSectorIdentifierUri());
// Push empty list to the sector identifier URI
TestOIDCEndpointsApplicationResource oidcClientEndpointsResource = testingClient.testApp().oidcClientEndpoints();
oidcClientEndpointsResource.setSectorIdentifierRedirectUris(new ArrayList<>());
String sectorIdentifierUri = TestApplicationResourceUrls.pairwiseSectorIdentifierUri();
// Add protocolMapper through admin REST endpoint
String clientId = response.getClientId();
ProtocolMapperRepresentation pairwiseProtMapper = SHA256PairwiseSubMapper.createPairwiseMapper(sectorIdentifierUri, null);
RealmResource realmResource = realmsResouce().realm("test");
ClientResource clientResource = ApiUtil.findClientByClientId(realmsResouce().realm("test"), clientId);
Response resp = clientResource.getProtocolMappers().createMapper(pairwiseProtMapper);
Assert.assertEquals(400, resp.getStatus());
// Assert still public
reg.auth(Auth.token(response));
OIDCClientRepresentation rep = reg.oidc().get(response.getClientId());
Assert.assertEquals("public", rep.getSubjectType());
Assert.assertNull(rep.getSectorIdentifierUri());
}
Also used :
Response(javax.ws.rs.core.Response)
TestOIDCEndpointsApplicationResource(org.keycloak.testsuite.client.resources.TestOIDCEndpointsApplicationResource)
OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation)
RealmResource(org.keycloak.admin.client.resource.RealmResource)
ProtocolMapperRepresentation(org.keycloak.representations.idm.ProtocolMapperRepresentation)
ClientResource(org.keycloak.admin.client.resource.ClientResource)
Test(org.junit.Test)
Example 73 with OIDCClientRepresentation
use of org.keycloak.representations.oidc.OIDCClientRepresentation in project keycloak by keycloak.
the class OIDCPairwiseClientRegistrationTest method refreshPairwiseTokenDisabledUser.
@Test
public void refreshPairwiseTokenDisabledUser() throws Exception {
createUser(REALM_NAME, "disable-me@localhost", "password");
// Create pairwise client
OIDCClientRepresentation pairwiseClient = createPairwise();
// Login to pairwise client
oauth.clientId(pairwiseClient.getClientId());
oauth.clientId(pairwiseClient.getClientId());
OAuthClient.AuthorizationEndpointResponse loginResponse = oauth.doLogin("disable-me@localhost", "password");
OAuthClient.AccessTokenResponse accessTokenResponse = oauth.doAccessTokenRequest(loginResponse.getCode(), pairwiseClient.getClientSecret());
assertEquals(200, accessTokenResponse.getStatusCode());
try {
UserManager.realm(adminClient.realm(REALM_NAME)).username("disable-me@localhost").enabled(false);
OAuthClient.AccessTokenResponse refreshTokenResponse = oauth.doRefreshTokenRequest(accessTokenResponse.getRefreshToken(), pairwiseClient.getClientSecret());
assertEquals(400, refreshTokenResponse.getStatusCode());
assertEquals("invalid_grant", refreshTokenResponse.getError());
assertNull(refreshTokenResponse.getAccessToken());
assertNull(refreshTokenResponse.getIdToken());
assertNull(refreshTokenResponse.getRefreshToken());
} finally {
UserManager.realm(adminClient.realm(REALM_NAME)).username("disable-me@localhost").enabled(true);
}
}
Also used :
OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation)
OAuthClient(org.keycloak.testsuite.util.OAuthClient)
Test(org.junit.Test)
Example 74 with OIDCClientRepresentation
use of org.keycloak.representations.oidc.OIDCClientRepresentation in project keycloak by keycloak.
the class CIBATest method testSecureCibaSessionEnforceExecutor.
@Test
public void testSecureCibaSessionEnforceExecutor() throws Exception {
String clientId = createClientDynamically(generateSuffixedName("valid-CIBA-CD"), (OIDCClientRepresentation clientRep) -> {
List<String> grantTypes = Optional.ofNullable(clientRep.getGrantTypes()).orElse(new ArrayList<>());
grantTypes.add(OAuth2Constants.CIBA_GRANT_TYPE);
clientRep.setGrantTypes(grantTypes);
});
OIDCClientRepresentation rep = getClientDynamically(clientId);
String clientSecret = rep.getClientSecret();
String username = "nutzername-rot";
Map<String, String> additionalParameters = new HashMap<>();
additionalParameters.put("user_device", "mobile");
// register profiles
String json = (new ClientProfilesBuilder()).addProfile((new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Le Premier Profil").addExecutor(SecureCibaSessionEnforceExecutorFactory.PROVIDER_ID, null).toRepresentation()).toString();
updateProfiles(json);
// register policies
json = (new ClientPoliciesBuilder()).addPolicy((new ClientPolicyBuilder()).createPolicy(POLICY_NAME, "La Premiere Politique", Boolean.TRUE).addCondition(AnyClientConditionFactory.PROVIDER_ID, createAnyClientConditionConfig()).addProfile(PROFILE_NAME).toRepresentation()).toString();
updatePolicies(json);
// user Backchannel Authentication Request
AuthenticationRequestAcknowledgement response = oauth.doBackchannelAuthenticationRequest(clientId, clientSecret, username, null, null, null, additionalParameters);
assertThat(response.getStatusCode(), is(equalTo(400)));
assertThat(response.getError(), is(OAuthErrorException.INVALID_REQUEST));
assertThat(response.getErrorDescription(), is("Missing parameter: binding_message"));
}
Also used :
ClientProfileBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfileBuilder)
OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation)
HashMap(java.util.HashMap)
ClientProfilesBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfilesBuilder)
ClientPoliciesBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPoliciesBuilder)
ClientPolicyBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPolicyBuilder)
Matchers.containsString(org.hamcrest.Matchers.containsString)
AuthenticationRequestAcknowledgement(org.keycloak.testsuite.util.OAuthClient.AuthenticationRequestAcknowledgement)
Test(org.junit.Test)
Example 75 with OIDCClientRepresentation
use of org.keycloak.representations.oidc.OIDCClientRepresentation in project keycloak by keycloak.
the class CIBATest method testCibaGrantSettingByDynamicClientRegistration.
@Test
public void testCibaGrantSettingByDynamicClientRegistration() throws Exception {
String clientId = createClientDynamically(generateSuffixedName("valid-CIBA-CD"), (OIDCClientRepresentation clientRep) -> {
});
OIDCClientRepresentation rep = getClientDynamically(clientId);
Assert.assertFalse(rep.getGrantTypes().contains(OAuth2Constants.CIBA_GRANT_TYPE));
Assert.assertNull(rep.getBackchannelAuthenticationRequestSigningAlg());
updateClientDynamically(clientId, (OIDCClientRepresentation clientRep) -> {
List<String> grantTypes = Optional.ofNullable(clientRep.getGrantTypes()).orElse(new ArrayList<>());
grantTypes.add(OAuth2Constants.CIBA_GRANT_TYPE);
clientRep.setGrantTypes(grantTypes);
clientRep.setBackchannelAuthenticationRequestSigningAlg(Algorithm.PS256);
});
rep = getClientDynamically(clientId);
Assert.assertTrue(rep.getGrantTypes().contains(OAuth2Constants.CIBA_GRANT_TYPE));
Assert.assertThat(rep.getBackchannelAuthenticationRequestSigningAlg(), is(Algorithm.PS256));
}
Also used :
OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation)
Matchers.containsString(org.hamcrest.Matchers.containsString)
Test(org.junit.Test)
Aggregations
OIDCClientRepresentation (org.keycloak.representations.oidc.OIDCClientRepresentation)118
Test (org.junit.Test)95
ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)44
AbstractClientPoliciesTest (org.keycloak.testsuite.client.AbstractClientPoliciesTest)22
ParResponse (org.keycloak.testsuite.util.OAuthClient.ParResponse)21
TestOIDCEndpointsApplicationResource (org.keycloak.testsuite.client.resources.TestOIDCEndpointsApplicationResource)16
OAuthClient (org.keycloak.testsuite.util.OAuthClient)16
OIDCAdvancedConfigWrapper (org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper)15
ClientRegistrationException (org.keycloak.client.registration.ClientRegistrationException)11
IOException (java.io.IOException)10
ClientResource (org.keycloak.admin.client.resource.ClientResource)9
ArrayList (java.util.ArrayList)8
ClientPoliciesBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPoliciesBuilder)7
ClientPolicyBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPolicyBuilder)7
ClientProfileBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfileBuilder)7
ClientProfilesBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfilesBuilder)7
AuthServerContainerExclude (org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)6
ClientsResource (org.keycloak.admin.client.resource.ClientsResource)4
InputStream (java.io.InputStream)3
Produces (javax.ws.rs.Produces)3
