Examples with OIDCClientRepresentation org.keycloak.representations.oidc.OIDCClientRepresentation used on opensource projects

Example 96 with OIDCClientRepresentation

use of org.keycloak.representations.oidc.OIDCClientRepresentation in project keycloak by keycloak.

the class OIDCJwksClientRegistrationTest method createClientWithJWKS_customKid.

// The "kid" is set manually to some custom value
@Test
public void createClientWithJWKS_customKid() throws Exception {
    OIDCClientRepresentation response = createClientWithManuallySetKid("a1");
    Map<String, String> generatedKeys = testingClient.testApp().oidcClientEndpoints().getKeysAsPem();
    // Tries to authenticate client with privateKey JWT
    assertAuthenticateClientSuccess(generatedKeys, response, "a1");
}

Example 97 with OIDCClientRepresentation

use of org.keycloak.representations.oidc.OIDCClientRepresentation in project keycloak by keycloak.

the class OIDCJwksClientRegistrationTest method testPublicKeyCacheInvalidatedWhenUpdatingClient.

@Test
public void testPublicKeyCacheInvalidatedWhenUpdatingClient() throws Exception {
    OIDCClientRepresentation response = createClientWithManuallySetKid("a1");
    Map<String, String> generatedKeys = testingClient.testApp().oidcClientEndpoints().getKeysAsPem();
    // Tries to authenticate client with privateKey JWT
    assertAuthenticateClientSuccess(generatedKeys, response, "a1");
    // Assert item in publicKey cache for client1
    String expectedCacheKey = PublicKeyStorageUtils.getClientModelCacheKey(REALM_NAME, response.getClientId());
    Assert.assertTrue(testingClient.testing().cache(InfinispanConnectionProvider.KEYS_CACHE_NAME).contains(expectedCacheKey));
    // Update client with some bad JWKS_URI
    response.setJwksUri("http://localhost:4321/non-existent");
    response.setJwks(null);
    reg.auth(Auth.token(response.getRegistrationAccessToken())).oidc().update(response);
    // Assert item not any longer for client1
    Assert.assertFalse(testingClient.testing().cache(InfinispanConnectionProvider.KEYS_CACHE_NAME).contains(expectedCacheKey));
    // Assert it's not possible to authenticate as client1
    assertAuthenticateClientError(generatedKeys, response, "a1");
}

Example 98 with OIDCClientRepresentation

use of org.keycloak.representations.oidc.OIDCClientRepresentation in project keycloak by keycloak.

the class OIDCJwksClientRegistrationTest method createClientWithJWKS_nullKid.

// The "kid" is null in the signed JWT. This is backwards compatibility test as in versions prior to 2.3.0, the "kid" wasn't set by JWTClientCredentialsProvider
@Test
public void createClientWithJWKS_nullKid() throws Exception {
    OIDCClientRepresentation clientRep = createRep();
    clientRep.setGrantTypes(Collections.singletonList(OAuth2Constants.CLIENT_CREDENTIALS));
    clientRep.setTokenEndpointAuthMethod(OIDCLoginProtocol.PRIVATE_KEY_JWT);
    // Generate keys for client
    TestOIDCEndpointsApplicationResource oidcClientEndpointsResource = testingClient.testApp().oidcClientEndpoints();
    Map<String, String> generatedKeys = oidcClientEndpointsResource.generateKeys("RS256");
    JSONWebKeySet keySet = oidcClientEndpointsResource.getJwks();
    clientRep.setJwks(keySet);
    OIDCClientRepresentation response = reg.oidc().create(clientRep);
    // Tries to authenticate client with privateKey JWT
    assertAuthenticateClientSuccess(generatedKeys, response, null);
}

Example 99 with OIDCClientRepresentation

use of org.keycloak.representations.oidc.OIDCClientRepresentation in project keycloak by keycloak.

the class OIDCJwksClientRegistrationTest method createClientWithManuallySetKid.

private OIDCClientRepresentation createClientWithManuallySetKid(String kid) throws Exception {
    OIDCClientRepresentation clientRep = createRep();
    clientRep.setGrantTypes(Collections.singletonList(OAuth2Constants.CLIENT_CREDENTIALS));
    clientRep.setTokenEndpointAuthMethod(OIDCLoginProtocol.PRIVATE_KEY_JWT);
    // Generate keys for client
    TestOIDCEndpointsApplicationResource oidcClientEndpointsResource = testingClient.testApp().oidcClientEndpoints();
    oidcClientEndpointsResource.generateKeys("RS256");
    JSONWebKeySet keySet = oidcClientEndpointsResource.getJwks();
    // Override kid with custom value
    keySet.getKeys()[0].setKeyId(kid);
    clientRep.setJwks(keySet);
    return reg.oidc().create(clientRep);
}

Example 100 with OIDCClientRepresentation

use of org.keycloak.representations.oidc.OIDCClientRepresentation in project keycloak by keycloak.

the class ClientRegistrationPoliciesTest method testAnonCreateWithTrustedHost.

@Test
// We would need to do domain name -> ip address to set trusted host
@AuthServerContainerExclude(AuthServer.REMOTE)
public void testAnonCreateWithTrustedHost() throws Exception {
    // Failed to create client (untrusted host)
    OIDCClientRepresentation client = createRepOidc("http://root", "http://redirect");
    assertOidcFail(ClientRegOp.CREATE, client, 403, "Host not trusted");
    // Should still fail (bad redirect_uri)
    setTrustedHost("localhost");
    assertOidcFail(ClientRegOp.CREATE, client, 403, "URL doesn't match");
    // Should still fail (bad base_uri)
    client.setRedirectUris(Collections.singletonList("http://localhost:8080/foo"));
    assertOidcFail(ClientRegOp.CREATE, client, 403, "URL doesn't match");
    // Success create client
    client.setClientUri("http://localhost:8080/foo");
    OIDCClientRepresentation oidcClientRep = reg.oidc().create(client);
    // Test registration access token
    assertRegAccessToken(oidcClientRep.getRegistrationAccessToken(), RegistrationAuth.ANONYMOUS);
}