Examples with OIDCClientRepresentation org.keycloak.representations.oidc.OIDCClientRepresentation used on opensource projects

Example 76 with OIDCClientRepresentation

use of org.keycloak.representations.oidc.OIDCClientRepresentation in project keycloak by keycloak.

the class CIBATest method testBackchannelAuthenticationFlowNotRegisterSigAlgInAdvanceWithSignedAuthentication.

private void testBackchannelAuthenticationFlowNotRegisterSigAlgInAdvanceWithSignedAuthentication(String clientName, boolean useRequestUri, String requestedSigAlg, String sigAlg, int statusCode, String errorDescription) throws Exception {
    String clientId = createClientDynamically(clientName, (OIDCClientRepresentation clientRep) -> {
        List<String> grantTypes = Optional.ofNullable(clientRep.getGrantTypes()).orElse(new ArrayList<>());
        grantTypes.add(OAuth2Constants.CIBA_GRANT_TYPE);
        clientRep.setGrantTypes(grantTypes);
    });
    OIDCClientRepresentation rep = getClientDynamically(clientId);
    String clientSecret = rep.getClientSecret();
    testBackchannelAuthenticationFlowWithInvalidSignedAuthenticationRequest(useRequestUri, requestedSigAlg, sigAlg, statusCode, OAuthErrorException.INVALID_REQUEST, errorDescription, clientId, clientSecret);
}

Example 77 with OIDCClientRepresentation

use of org.keycloak.representations.oidc.OIDCClientRepresentation in project keycloak by keycloak.

the class AbstractClientPoliciesTest method updateClientDynamically.

protected void updateClientDynamically(String clientId, Consumer<OIDCClientRepresentation> op) throws ClientRegistrationException {
    OIDCClientRepresentation clientRep = reg.oidc().get(clientId);
    op.accept(clientRep);
    OIDCClientRepresentation response = reg.oidc().update(clientRep);
    reg.auth(Auth.token(response));
}

Example 78 with OIDCClientRepresentation

use of org.keycloak.representations.oidc.OIDCClientRepresentation in project keycloak by keycloak.

the class FAPI1Test method testFAPIBaselineOIDCClientRegistration.

@Test
public void testFAPIBaselineOIDCClientRegistration() throws Exception {
    setupPolicyFAPIBaselineForAllClient();
    // Try to register client with clientIdAndSecret - should fail
    try {
        createClientDynamically(generateSuffixedName("foo"), (OIDCClientRepresentation clientRep) -> {
            clientRep.setTokenEndpointAuthMethod(OIDCLoginProtocol.CLIENT_SECRET_BASIC);
        });
        fail();
    } catch (ClientRegistrationException e) {
        assertEquals(ERR_MSG_CLIENT_REG_FAIL, e.getMessage());
    }
    // Try to register client with "client-jwt" - should pass
    String clientUUID = createClientDynamically("client-jwt", (OIDCClientRepresentation clientRep) -> {
        clientRep.setTokenEndpointAuthMethod(OIDCLoginProtocol.PRIVATE_KEY_JWT);
        clientRep.setJwksUri("https://foo");
    });
    ClientRepresentation client = getClientByAdmin(clientUUID);
    Assert.assertEquals(JWTClientAuthenticator.PROVIDER_ID, client.getClientAuthenticatorType());
    Assert.assertFalse(client.isFullScopeAllowed());
    // Set new initialToken for register new clients
    setInitialAccessTokenForDynamicClientRegistration();
    // Try to register client with "client-secret-jwt" - should pass
    clientUUID = createClientDynamically("client-secret-jwt", (OIDCClientRepresentation clientRep) -> {
        clientRep.setTokenEndpointAuthMethod(OIDCLoginProtocol.CLIENT_SECRET_JWT);
    });
    client = getClientByAdmin(clientUUID);
    Assert.assertEquals(JWTClientSecretAuthenticator.PROVIDER_ID, client.getClientAuthenticatorType());
    // Set new initialToken for register new clients
    setInitialAccessTokenForDynamicClientRegistration();
    // Try to register client with "client-x509" - should pass
    clientUUID = createClientDynamically("client-x509", (OIDCClientRepresentation clientRep) -> {
        clientRep.setTokenEndpointAuthMethod(OIDCLoginProtocol.TLS_CLIENT_AUTH);
    });
    client = getClientByAdmin(clientUUID);
    Assert.assertEquals(X509ClientAuthenticator.PROVIDER_ID, client.getClientAuthenticatorType());
    // Check the Consent is enabled, PKCS set to S256
    Assert.assertTrue(client.isConsentRequired());
    Assert.assertEquals(OAuth2Constants.PKCE_METHOD_S256, OIDCAdvancedConfigWrapper.fromClientRepresentation(client).getPkceCodeChallengeMethod());
}

Example 79 with OIDCClientRepresentation

use of org.keycloak.representations.oidc.OIDCClientRepresentation in project keycloak by keycloak.

the class OIDCClientRegistrationTest method testCIBASettings.

@Test
public void testCIBASettings() throws Exception {
    OIDCClientRepresentation clientRep = null;
    OIDCClientRepresentation response = null;
    clientRep = createRep();
    clientRep.setBackchannelTokenDeliveryMode("poll");
    response = reg.oidc().create(clientRep);
    Assert.assertEquals("poll", response.getBackchannelTokenDeliveryMode());
    // Test Keycloak representation
    ClientRepresentation kcClient = getClient(response.getClientId());
    Assert.assertEquals("poll", kcClient.getAttributes().get(CibaConfig.CIBA_BACKCHANNEL_TOKEN_DELIVERY_MODE_PER_CLIENT));
    // Create with ping mode (failes due missing clientNotificationEndpoint)
    clientRep.setBackchannelTokenDeliveryMode("ping");
    try {
        reg.oidc().create(clientRep);
        fail();
    } catch (ClientRegistrationException e) {
        assertEquals(ERR_MSG_CLIENT_REG_FAIL, e.getMessage());
    }
    // Create with ping mode (success)
    clientRep.setBackchannelClientNotificationEndpoint("https://foo/bar");
    response = reg.oidc().create(clientRep);
    Assert.assertEquals("ping", response.getBackchannelTokenDeliveryMode());
    Assert.assertEquals("https://foo/bar", response.getBackchannelClientNotificationEndpoint());
    // Create with push mode (fails)
    clientRep.setBackchannelTokenDeliveryMode("push");
    try {
        reg.oidc().create(clientRep);
        fail();
    } catch (ClientRegistrationException e) {
        assertEquals(ERR_MSG_CLIENT_REG_FAIL, e.getMessage());
    }
}

Example 80 with OIDCClientRepresentation

use of org.keycloak.representations.oidc.OIDCClientRepresentation in project keycloak by keycloak.

the class OIDCClientRegistrationTest method testClientWithoutGrantTypes.

@Test
public void testClientWithoutGrantTypes() throws Exception {
    OIDCClientRepresentation response = create();
    assertTrue(CollectionUtil.collectionEquals(Arrays.asList(OAuth2Constants.AUTHORIZATION_CODE, OAuth2Constants.REFRESH_TOKEN), response.getGrantTypes()));
    // Test Keycloak representation
    ClientRepresentation kcClient = getClient(response.getClientId());
    OIDCAdvancedConfigWrapper config = OIDCAdvancedConfigWrapper.fromClientRepresentation(kcClient);
    Assert.assertTrue(config.isUseRefreshToken());
}