Example 21 with OIDCClientRepresentation
use of org.keycloak.representations.oidc.OIDCClientRepresentation in project keycloak by keycloak.
the class DescriptionConverter method toInternal.
public static ClientRepresentation toInternal(KeycloakSession session, OIDCClientRepresentation clientOIDC) throws ClientRegistrationException {
ClientRepresentation client = new ClientRepresentation();
client.setClientId(clientOIDC.getClientId());
client.setName(clientOIDC.getClientName());
client.setRedirectUris(clientOIDC.getRedirectUris());
client.setBaseUrl(clientOIDC.getClientUri());
client.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
String scopeParam = clientOIDC.getScope();
if (scopeParam != null)
client.setOptionalClientScopes(new ArrayList<>(Arrays.asList(scopeParam.split(" "))));
List<String> oidcResponseTypes = clientOIDC.getResponseTypes();
if (oidcResponseTypes == null || oidcResponseTypes.isEmpty()) {
oidcResponseTypes = Collections.singletonList(OIDCResponseType.CODE);
}
List<String> oidcGrantTypes = clientOIDC.getGrantTypes();
try {
OIDCResponseType responseType = OIDCResponseType.parse(oidcResponseTypes);
client.setStandardFlowEnabled(responseType.hasResponseType(OIDCResponseType.CODE));
client.setImplicitFlowEnabled(responseType.isImplicitOrHybridFlow());
if (oidcGrantTypes != null) {
client.setDirectAccessGrantsEnabled(oidcGrantTypes.contains(OAuth2Constants.PASSWORD));
client.setServiceAccountsEnabled(oidcGrantTypes.contains(OAuth2Constants.CLIENT_CREDENTIALS));
setOidcCibaGrantEnabled(client, oidcGrantTypes.contains(OAuth2Constants.CIBA_GRANT_TYPE));
}
} catch (IllegalArgumentException iae) {
throw new ClientRegistrationException(iae.getMessage(), iae);
}
String authMethod = clientOIDC.getTokenEndpointAuthMethod();
client.setPublicClient(Boolean.FALSE);
if ("none".equals(authMethod)) {
client.setClientAuthenticatorType("none");
client.setPublicClient(Boolean.TRUE);
} else {
ClientAuthenticatorFactory clientAuthFactory;
if (authMethod == null) {
clientAuthFactory = (ClientAuthenticatorFactory) session.getKeycloakSessionFactory().getProviderFactory(ClientAuthenticator.class, KeycloakModelUtils.getDefaultClientAuthenticatorType());
} else {
clientAuthFactory = AuthorizeClientUtil.findClientAuthenticatorForOIDCAuthMethod(session, authMethod);
}
if (clientAuthFactory == null) {
throw new ClientRegistrationException("Not found clientAuthenticator for requested token_endpoint_auth_method");
}
client.setClientAuthenticatorType(clientAuthFactory.getId());
}
boolean publicKeySet = setPublicKey(clientOIDC, client);
if (authMethod != null && authMethod.equals(OIDCLoginProtocol.PRIVATE_KEY_JWT) && !publicKeySet) {
throw new ClientRegistrationException("Didn't find key of supported keyType for use " + JWK.Use.SIG.asString());
}
OIDCAdvancedConfigWrapper configWrapper = OIDCAdvancedConfigWrapper.fromClientRepresentation(client);
if (clientOIDC.getUserinfoSignedResponseAlg() != null) {
Algorithm algorithm = Enum.valueOf(Algorithm.class, clientOIDC.getUserinfoSignedResponseAlg());
configWrapper.setUserInfoSignedResponseAlg(algorithm);
}
if (clientOIDC.getRequestObjectSigningAlg() != null) {
Algorithm algorithm = Enum.valueOf(Algorithm.class, clientOIDC.getRequestObjectSigningAlg());
configWrapper.setRequestObjectSignatureAlg(algorithm);
}
// KEYCLOAK-6771 Certificate Bound Token
// https://tools.ietf.org/html/draft-ietf-oauth-mtls-08#section-6.5
Boolean tlsClientCertificateBoundAccessTokens = clientOIDC.getTlsClientCertificateBoundAccessTokens();
if (tlsClientCertificateBoundAccessTokens != null) {
if (tlsClientCertificateBoundAccessTokens.booleanValue())
configWrapper.setUseMtlsHoKToken(true);
else
configWrapper.setUseMtlsHoKToken(false);
}
if (clientOIDC.getTlsClientAuthSubjectDn() != null) {
configWrapper.setTlsClientAuthSubjectDn(clientOIDC.getTlsClientAuthSubjectDn());
// According to specification, attribute tls_client_auth_subject_dn has subject DN in the exact expected format. There is no reason for support regex comparisons
configWrapper.setAllowRegexPatternComparison(false);
}
if (clientOIDC.getIdTokenSignedResponseAlg() != null) {
configWrapper.setIdTokenSignedResponseAlg(clientOIDC.getIdTokenSignedResponseAlg());
}
if (clientOIDC.getIdTokenEncryptedResponseAlg() != null) {
configWrapper.setIdTokenEncryptedResponseAlg(clientOIDC.getIdTokenEncryptedResponseAlg());
}
if (clientOIDC.getIdTokenEncryptedResponseEnc() != null) {
configWrapper.setIdTokenEncryptedResponseEnc(clientOIDC.getIdTokenEncryptedResponseEnc());
}
configWrapper.setAuthorizationSignedResponseAlg(clientOIDC.getAuthorizationSignedResponseAlg());
configWrapper.setAuthorizationEncryptedResponseAlg(clientOIDC.getAuthorizationEncryptedResponseAlg());
configWrapper.setAuthorizationEncryptedResponseEnc(clientOIDC.getAuthorizationEncryptedResponseEnc());
if (clientOIDC.getRequestUris() != null) {
configWrapper.setRequestUris(clientOIDC.getRequestUris());
}
configWrapper.setTokenEndpointAuthSigningAlg(clientOIDC.getTokenEndpointAuthSigningAlg());
configWrapper.setBackchannelLogoutUrl(clientOIDC.getBackchannelLogoutUri());
if (clientOIDC.getBackchannelLogoutSessionRequired() == null) {
configWrapper.setBackchannelLogoutSessionRequired(true);
} else {
configWrapper.setBackchannelLogoutSessionRequired(clientOIDC.getBackchannelLogoutSessionRequired());
}
if (clientOIDC.getBackchannelLogoutRevokeOfflineTokens() == null) {
configWrapper.setBackchannelLogoutRevokeOfflineTokens(false);
} else {
configWrapper.setBackchannelLogoutRevokeOfflineTokens(clientOIDC.getBackchannelLogoutRevokeOfflineTokens());
}
if (clientOIDC.getLogoUri() != null) {
configWrapper.setLogoUri(clientOIDC.getLogoUri());
}
if (clientOIDC.getPolicyUri() != null) {
configWrapper.setPolicyUri(clientOIDC.getPolicyUri());
}
if (clientOIDC.getTosUri() != null) {
configWrapper.setTosUri(clientOIDC.getTosUri());
}
// CIBA
String backchannelTokenDeliveryMode = clientOIDC.getBackchannelTokenDeliveryMode();
if (backchannelTokenDeliveryMode != null) {
Map<String, String> attr = Optional.ofNullable(client.getAttributes()).orElse(new HashMap<>());
attr.put(CibaConfig.CIBA_BACKCHANNEL_TOKEN_DELIVERY_MODE_PER_CLIENT, backchannelTokenDeliveryMode);
client.setAttributes(attr);
}
String backchannelClientNotificationEndpoint = clientOIDC.getBackchannelClientNotificationEndpoint();
if (backchannelClientNotificationEndpoint != null) {
Map<String, String> attr = Optional.ofNullable(client.getAttributes()).orElse(new HashMap<>());
attr.put(CibaConfig.CIBA_BACKCHANNEL_CLIENT_NOTIFICATION_ENDPOINT, backchannelClientNotificationEndpoint);
client.setAttributes(attr);
}
String backchannelAuthenticationRequestSigningAlg = clientOIDC.getBackchannelAuthenticationRequestSigningAlg();
if (backchannelAuthenticationRequestSigningAlg != null) {
Map<String, String> attr = Optional.ofNullable(client.getAttributes()).orElse(new HashMap<>());
attr.put(CibaConfig.CIBA_BACKCHANNEL_AUTH_REQUEST_SIGNING_ALG, backchannelAuthenticationRequestSigningAlg);
client.setAttributes(attr);
}
// PAR
Boolean requirePushedAuthorizationRequests = clientOIDC.getRequirePushedAuthorizationRequests();
if (requirePushedAuthorizationRequests != null) {
Map<String, String> attr = Optional.ofNullable(client.getAttributes()).orElse(new HashMap<>());
attr.put(ParConfig.REQUIRE_PUSHED_AUTHORIZATION_REQUESTS, requirePushedAuthorizationRequests.toString());
client.setAttributes(attr);
}
configWrapper.setFrontChannelLogoutUrl(Optional.ofNullable(clientOIDC.getFrontChannelLogoutUri()).orElse(null));
if (clientOIDC.getDefaultAcrValues() != null) {
configWrapper.setAttributeMultivalued(Constants.DEFAULT_ACR_VALUES, clientOIDC.getDefaultAcrValues());
}
return client;
}
Also used :
OIDCAdvancedConfigWrapper(org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper)
ArrayList(java.util.ArrayList)
OIDCResponseType(org.keycloak.protocol.oidc.utils.OIDCResponseType)
Algorithm(org.keycloak.jose.jws.Algorithm)
OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation)
ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)
ClientAuthenticatorFactory(org.keycloak.authentication.ClientAuthenticatorFactory)
ClientRegistrationException(org.keycloak.services.clientregistration.ClientRegistrationException)
Example 22 with OIDCClientRepresentation
use of org.keycloak.representations.oidc.OIDCClientRepresentation in project keycloak by keycloak.
the class ParTest method testSuccessfulMultipleParBySameClient.
// success with the same client conducting multiple authz requests + PAR simultaneously
@Test
public void testSuccessfulMultipleParBySameClient() throws Exception {
// create client dynamically
String clientId = createClientDynamically(generateSuffixedName(CLIENT_NAME), (OIDCClientRepresentation clientRep) -> {
clientRep.setRequirePushedAuthorizationRequests(Boolean.FALSE);
clientRep.setRedirectUris(new ArrayList<String>(Arrays.asList(CLIENT_REDIRECT_URI)));
});
OIDCClientRepresentation oidcCRep = getClientDynamically(clientId);
String clientSecret = oidcCRep.getClientSecret();
assertEquals(Boolean.FALSE, oidcCRep.getRequirePushedAuthorizationRequests());
assertTrue(oidcCRep.getRedirectUris().contains(CLIENT_REDIRECT_URI));
assertEquals(OIDCLoginProtocol.CLIENT_SECRET_BASIC, oidcCRep.getTokenEndpointAuthMethod());
// Pushed Authorization Request #1
oauth.clientId(clientId);
oauth.redirectUri(CLIENT_REDIRECT_URI);
ParResponse pResp = oauth.doPushedAuthorizationRequest(clientId, clientSecret);
assertEquals(201, pResp.getStatusCode());
String requestUriOne = pResp.getRequestUri();
// Pushed Authorization Request #2
oauth.clientId(clientId);
oauth.scope("microprofile-jwt" + " " + "profile");
oauth.redirectUri(CLIENT_REDIRECT_URI);
pResp = oauth.doPushedAuthorizationRequest(clientId, clientSecret);
assertEquals(201, pResp.getStatusCode());
String requestUriTwo = pResp.getRequestUri();
// Authorization Request with request_uri of PAR #2
// remove parameters as query strings of uri
oauth.redirectUri(null);
oauth.scope(null);
oauth.responseType(null);
oauth.requestUri(requestUriTwo);
String state = oauth.stateParamRandom().getState();
oauth.stateParamHardcoded(state);
OAuthClient.AuthorizationEndpointResponse loginResponse = oauth.doLogin(TEST_USER2_NAME, TEST_USER2_PASSWORD);
assertEquals(state, loginResponse.getState());
String code = loginResponse.getCode();
String sessionId = loginResponse.getSessionState();
// Token Request #2
// get tokens, it needed. https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.3
oauth.redirectUri(CLIENT_REDIRECT_URI);
OAuthClient.AccessTokenResponse res = oauth.doAccessTokenRequest(code, clientSecret);
assertEquals(200, res.getStatusCode());
AccessToken token = oauth.verifyToken(res.getAccessToken());
String userId = findUserByUsername(adminClient.realm(REALM_NAME), TEST_USER2_NAME).getId();
assertEquals(userId, token.getSubject());
assertEquals(sessionId, token.getSessionState());
Assert.assertNotEquals(TEST_USER2_NAME, token.getSubject());
assertEquals(clientId, token.getIssuedFor());
assertTrue(token.getScope().contains("openid"));
assertTrue(token.getScope().contains("microprofile-jwt"));
assertTrue(token.getScope().contains("profile"));
// Logout
// same oauth instance is used so that this logout is needed to send authz request consecutively.
oauth.doLogout(res.getRefreshToken(), clientSecret);
// Authorization Request with request_uri of PAR #1
// remove parameters as query strings of uri
oauth.redirectUri(null);
oauth.scope(null);
oauth.responseType(null);
oauth.requestUri(requestUriOne);
state = oauth.stateParamRandom().getState();
oauth.stateParamHardcoded(state);
loginResponse = oauth.doLogin(TEST_USER_NAME, TEST_USER_PASSWORD);
assertEquals(state, loginResponse.getState());
code = loginResponse.getCode();
sessionId = loginResponse.getSessionState();
// Token Request #1
// get tokens, it needed. https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.3
oauth.redirectUri(CLIENT_REDIRECT_URI);
res = oauth.doAccessTokenRequest(code, clientSecret);
assertEquals(200, res.getStatusCode());
token = oauth.verifyToken(res.getAccessToken());
userId = findUserByUsername(adminClient.realm(REALM_NAME), TEST_USER_NAME).getId();
assertEquals(userId, token.getSubject());
assertEquals(sessionId, token.getSessionState());
Assert.assertNotEquals(TEST_USER_NAME, token.getSubject());
assertEquals(clientId, token.getIssuedFor());
assertFalse(token.getScope().contains("microprofile-jwt"));
assertTrue(token.getScope().contains("openid"));
}
Also used :
ParResponse(org.keycloak.testsuite.util.OAuthClient.ParResponse)
OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation)
OAuthClient(org.keycloak.testsuite.util.OAuthClient)
AccessToken(org.keycloak.representations.AccessToken)
AbstractClientPoliciesTest(org.keycloak.testsuite.client.AbstractClientPoliciesTest)
Test(org.junit.Test)
Example 23 with OIDCClientRepresentation
use of org.keycloak.representations.oidc.OIDCClientRepresentation in project keycloak by keycloak.
the class ParTest method testFailureNotIssuedParUsed.
// not issued PAR request_uri used
@Test
public void testFailureNotIssuedParUsed() throws Exception {
// create client dynamically
String clientId = createClientDynamically(generateSuffixedName(CLIENT_NAME), (OIDCClientRepresentation clientRep) -> {
clientRep.setRedirectUris(new ArrayList<String>(Arrays.asList(CLIENT_REDIRECT_URI)));
});
OIDCClientRepresentation oidcCRep = getClientDynamically(clientId);
String clientSecret = oidcCRep.getClientSecret();
assertEquals(Boolean.FALSE, oidcCRep.getRequirePushedAuthorizationRequests());
assertTrue(oidcCRep.getRedirectUris().contains(CLIENT_REDIRECT_URI));
assertEquals(OIDCLoginProtocol.CLIENT_SECRET_BASIC, oidcCRep.getTokenEndpointAuthMethod());
// Pushed Authorization Request
// but not use issued request_uri
oauth.clientId(clientId);
oauth.redirectUri(CLIENT_REDIRECT_URI);
ParResponse pResp = oauth.doPushedAuthorizationRequest(clientId, clientSecret);
assertEquals(201, pResp.getStatusCode());
// Authorization Request with request_uri of PAR
// remove parameters as query strings of uri
// use not issued request_uri
oauth.redirectUri(null);
oauth.scope(null);
oauth.responseType(null);
oauth.requestUri(IMAGINARY_REQUEST_URI);
String state = oauth.stateParamRandom().getState();
oauth.stateParamHardcoded(state);
UriBuilder b = UriBuilder.fromUri(oauth.getLoginFormUrl());
driver.navigate().to(b.build().toURL());
OAuthClient.AuthorizationEndpointResponse errorResponse = new OAuthClient.AuthorizationEndpointResponse(oauth);
Assert.assertFalse(errorResponse.isRedirected());
}
Also used :
ParResponse(org.keycloak.testsuite.util.OAuthClient.ParResponse)
OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation)
OAuthClient(org.keycloak.testsuite.util.OAuthClient)
UriBuilder(javax.ws.rs.core.UriBuilder)
AbstractClientPoliciesTest(org.keycloak.testsuite.client.AbstractClientPoliciesTest)
Test(org.junit.Test)
Example 24 with OIDCClientRepresentation
use of org.keycloak.representations.oidc.OIDCClientRepresentation in project keycloak by keycloak.
the class ParTest method testSuccessfulUsingRequestParameter.
@Test
public void testSuccessfulUsingRequestParameter() throws Exception {
try {
// setup PAR realm settings
int requestUriLifespan = 45;
setParRealmSettings(requestUriLifespan);
// create client dynamically
String clientId = createClientDynamically(generateSuffixedName(CLIENT_NAME), (OIDCClientRepresentation clientRep) -> {
clientRep.setRequirePushedAuthorizationRequests(Boolean.TRUE);
clientRep.setRedirectUris(new ArrayList<>(Arrays.asList(CLIENT_REDIRECT_URI)));
});
oauth.clientId(clientId);
OIDCClientRepresentation oidcCRep = getClientDynamically(clientId);
String clientSecret = oidcCRep.getClientSecret();
assertEquals(Boolean.TRUE, oidcCRep.getRequirePushedAuthorizationRequests());
assertTrue(oidcCRep.getRedirectUris().contains(CLIENT_REDIRECT_URI));
assertEquals(OIDCLoginProtocol.CLIENT_SECRET_BASIC, oidcCRep.getTokenEndpointAuthMethod());
TestingOIDCEndpointsApplicationResource.AuthorizationEndpointRequestObject requestObject = new TestingOIDCEndpointsApplicationResource.AuthorizationEndpointRequestObject();
requestObject.id(KeycloakModelUtils.generateId());
requestObject.iat(Long.valueOf(Time.currentTime()));
requestObject.exp(requestObject.getIat() + Long.valueOf(300));
requestObject.nbf(requestObject.getIat());
requestObject.setClientId(oauth.getClientId());
requestObject.setResponseType("code");
requestObject.setRedirectUriParam(CLIENT_REDIRECT_URI);
requestObject.setScope("openid");
requestObject.setNonce(KeycloakModelUtils.generateId());
byte[] contentBytes = JsonSerialization.writeValueAsBytes(requestObject);
String encodedRequestObject = Base64Url.encode(contentBytes);
TestOIDCEndpointsApplicationResource client = testingClient.testApp().oidcClientEndpoints();
// use and set jwks_url
ClientResource clientResource = ApiUtil.findClientByClientId(adminClient.realm(oauth.getRealm()), oauth.getClientId());
ClientRepresentation clientRep = clientResource.toRepresentation();
OIDCAdvancedConfigWrapper.fromClientRepresentation(clientRep).setUseJwksUrl(true);
OIDCAdvancedConfigWrapper.fromClientRepresentation(clientRep).setJwksUrl(TestApplicationResourceUrls.clientJwksUri());
clientResource.update(clientRep);
client.generateKeys(org.keycloak.crypto.Algorithm.RS256);
client.registerOIDCRequest(encodedRequestObject, org.keycloak.crypto.Algorithm.RS256);
// do not send any other parameter but the request request parameter
oauth.request(client.getOIDCRequest());
oauth.responseType(null);
oauth.redirectUri(null);
oauth.scope(null);
ParResponse pResp = oauth.doPushedAuthorizationRequest(clientId, clientSecret);
assertEquals(201, pResp.getStatusCode());
String requestUri = pResp.getRequestUri();
assertEquals(requestUriLifespan, pResp.getExpiresIn());
// Authorization Request with request_uri of PAR
// remove parameters as query strings of uri
oauth.redirectUri(null);
oauth.scope(null);
oauth.responseType(null);
oauth.request(null);
oauth.requestUri(requestUri);
OAuthClient.AuthorizationEndpointResponse loginResponse = oauth.doLogin(TEST_USER_NAME, TEST_USER_PASSWORD);
// Token Request
// get tokens, it needed. https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.3
oauth.redirectUri(CLIENT_REDIRECT_URI);
OAuthClient.AccessTokenResponse res = oauth.doAccessTokenRequest(loginResponse.getCode(), clientSecret);
assertEquals(200, res.getStatusCode());
oauth.verifyToken(res.getAccessToken());
IDToken idToken = oauth.verifyIDToken(res.getIdToken());
assertEquals(requestObject.getNonce(), idToken.getNonce());
} finally {
restoreParRealmSettings();
}
}
Also used :
TestOIDCEndpointsApplicationResource(org.keycloak.testsuite.client.resources.TestOIDCEndpointsApplicationResource)
OAuthClient(org.keycloak.testsuite.util.OAuthClient)
OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation)
ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)
ParResponse(org.keycloak.testsuite.util.OAuthClient.ParResponse)
OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation)
ClientResource(org.keycloak.admin.client.resource.ClientResource)
IDToken(org.keycloak.representations.IDToken)
TestingOIDCEndpointsApplicationResource(org.keycloak.testsuite.rest.resource.TestingOIDCEndpointsApplicationResource)
AbstractClientPoliciesTest(org.keycloak.testsuite.client.AbstractClientPoliciesTest)
Test(org.junit.Test)
Example 25 with OIDCClientRepresentation
use of org.keycloak.representations.oidc.OIDCClientRepresentation in project keycloak by keycloak.
the class ParTest method testFailureParUsedTwice.
// PAR request_uri used twice
@Test
public void testFailureParUsedTwice() throws Exception {
// create client dynamically
String clientId = createClientDynamically(generateSuffixedName(CLIENT_NAME), (OIDCClientRepresentation clientRep) -> {
clientRep.setRequirePushedAuthorizationRequests(Boolean.TRUE);
clientRep.setRedirectUris(new ArrayList<String>(Arrays.asList(CLIENT_REDIRECT_URI)));
});
OIDCClientRepresentation oidcCRep = getClientDynamically(clientId);
String clientSecret = oidcCRep.getClientSecret();
assertEquals(Boolean.TRUE, oidcCRep.getRequirePushedAuthorizationRequests());
assertTrue(oidcCRep.getRedirectUris().contains(CLIENT_REDIRECT_URI));
assertEquals(OIDCLoginProtocol.CLIENT_SECRET_BASIC, oidcCRep.getTokenEndpointAuthMethod());
// Pushed Authorization Request
oauth.clientId(clientId);
oauth.redirectUri(CLIENT_REDIRECT_URI);
ParResponse pResp = oauth.doPushedAuthorizationRequest(clientId, clientSecret);
assertEquals(201, pResp.getStatusCode());
String requestUri = pResp.getRequestUri();
// Authorization Request with request_uri of PAR
// remove parameters as query strings of uri
oauth.redirectUri(null);
oauth.scope(null);
oauth.responseType(null);
oauth.requestUri(requestUri);
String state = oauth.stateParamRandom().getState();
oauth.stateParamHardcoded(state);
OAuthClient.AuthorizationEndpointResponse loginResponse = oauth.doLogin(TEST_USER_NAME, TEST_USER_PASSWORD);
assertEquals(state, loginResponse.getState());
String code = loginResponse.getCode();
// Token Request
// get tokens, it needed. https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.3
oauth.redirectUri(CLIENT_REDIRECT_URI);
OAuthClient.AccessTokenResponse res = oauth.doAccessTokenRequest(code, clientSecret);
assertEquals(200, res.getStatusCode());
// Authorization Request with request_uri of PAR
// use same redirect_uri
state = oauth.stateParamRandom().getState();
oauth.stateParamHardcoded(state);
UriBuilder b = UriBuilder.fromUri(oauth.getLoginFormUrl());
driver.navigate().to(b.build().toURL());
OAuthClient.AuthorizationEndpointResponse errorResponse = new OAuthClient.AuthorizationEndpointResponse(oauth);
Assert.assertFalse(errorResponse.isRedirected());
}
Also used :
ParResponse(org.keycloak.testsuite.util.OAuthClient.ParResponse)
OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation)
OAuthClient(org.keycloak.testsuite.util.OAuthClient)
UriBuilder(javax.ws.rs.core.UriBuilder)
AbstractClientPoliciesTest(org.keycloak.testsuite.client.AbstractClientPoliciesTest)
Test(org.junit.Test)
Aggregations
OIDCClientRepresentation (org.keycloak.representations.oidc.OIDCClientRepresentation)118
Test (org.junit.Test)95
ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)44
AbstractClientPoliciesTest (org.keycloak.testsuite.client.AbstractClientPoliciesTest)22
ParResponse (org.keycloak.testsuite.util.OAuthClient.ParResponse)21
TestOIDCEndpointsApplicationResource (org.keycloak.testsuite.client.resources.TestOIDCEndpointsApplicationResource)16
OAuthClient (org.keycloak.testsuite.util.OAuthClient)16
OIDCAdvancedConfigWrapper (org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper)15
ClientRegistrationException (org.keycloak.client.registration.ClientRegistrationException)11
IOException (java.io.IOException)10
ClientResource (org.keycloak.admin.client.resource.ClientResource)9
ArrayList (java.util.ArrayList)8
ClientPoliciesBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPoliciesBuilder)7
ClientPolicyBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPolicyBuilder)7
ClientProfileBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfileBuilder)7
ClientProfilesBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfilesBuilder)7
AuthServerContainerExclude (org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)6
ClientsResource (org.keycloak.admin.client.resource.ClientsResource)4
InputStream (java.io.InputStream)3
Produces (javax.ws.rs.Produces)3
