Example 31 with OIDCClientRepresentation
use of org.keycloak.representations.oidc.OIDCClientRepresentation in project keycloak by keycloak.
the class KcRegCreateTest method testCreateThoroughly.
@Test
public void testCreateThoroughly() throws IOException {
FileConfigHandler handler = initCustomConfigFile();
try (TempFileResource configFile = new TempFileResource(handler.getConfigFile())) {
// set initial access token in config
String token = issueInitialAccessToken("test");
final String realm = "test";
KcRegExec exe = execute("config initial-token -x --config '" + configFile.getName() + "' --insecure --server " + oauth.AUTH_SERVER_ROOT + " --realm " + realm + " " + token);
assertExitCodeAndStreamSizes(exe, 0, 0, 0);
// check that current server, realm, and initial token are saved in the file
ConfigData config = handler.loadConfig();
Assert.assertEquals("Config serverUrl", oauth.AUTH_SERVER_ROOT, config.getServerUrl());
Assert.assertEquals("Config realm", realm, config.getRealm());
Assert.assertEquals("Config initial access token", token, config.ensureRealmConfigData(oauth.AUTH_SERVER_ROOT, realm).getInitialToken());
// create configuration from file using stdin redirect ... output an object
String content = "{\n" + " \"clientId\": \"my_client\",\n" + " \"enabled\": true,\n" + " \"redirectUris\": [\"http://localhost:8980/myapp/*\"],\n" + " \"serviceAccountsEnabled\": true,\n" + " \"name\": \"My Client App\",\n" + " \"implicitFlowEnabled\": false,\n" + " \"publicClient\": true,\n" + " \"protocol\": \"openid-connect\",\n" + " \"webOrigins\": [\"http://localhost:8980/myapp\"],\n" + " \"consentRequired\": false,\n" + " \"baseUrl\": \"http://localhost:8980/myapp\",\n" + " \"rootUrl\": \"http://localhost:8980/myapp\",\n" + " \"bearerOnly\": true,\n" + " \"standardFlowEnabled\": true\n" + "}";
try (TempFileResource tmpFile = new TempFileResource(initTempFile(".json", content))) {
exe = execute("create --insecure --config '" + configFile.getName() + "' -o -f - < '" + tmpFile.getName() + "'");
assertExitCodeAndStdErrSize(exe, 0, 2);
ClientRepresentation client = JsonSerialization.readValue(exe.stdout(), ClientRepresentation.class);
Assert.assertNotNull("id", client.getId());
Assert.assertEquals("clientId", "my_client", client.getClientId());
Assert.assertEquals("enabled", true, client.isEnabled());
Assert.assertEquals("redirectUris", Arrays.asList("http://localhost:8980/myapp/*"), client.getRedirectUris());
Assert.assertEquals("serviceAccountsEnabled", true, client.isServiceAccountsEnabled());
Assert.assertEquals("name", "My Client App", client.getName());
Assert.assertEquals("implicitFlowEnabled", false, client.isImplicitFlowEnabled());
Assert.assertEquals("publicClient", true, client.isPublicClient());
// note there is no server-side check if protocol is supported
Assert.assertEquals("protocol", "openid-connect", client.getProtocol());
Assert.assertEquals("webOrigins", Arrays.asList("http://localhost:8980/myapp"), client.getWebOrigins());
Assert.assertEquals("consentRequired", false, client.isConsentRequired());
Assert.assertEquals("baseUrl", "http://localhost:8980/myapp", client.getBaseUrl());
Assert.assertEquals("rootUrl", "http://localhost:8980/myapp", client.getRootUrl());
Assert.assertEquals("bearerOnly", true, client.isStandardFlowEnabled());
Assert.assertNull("mappers are null", client.getProtocolMappers());
// create configuration from file as a template and override clientId and other attributes ... output an object
exe = execute("create --insecure --config '" + configFile.getName() + "' -o -f '" + tmpFile.getName() + "' -s clientId=my_client2 -s enabled=false -s 'redirectUris=[\"http://localhost:8980/myapp2/*\"]'" + " -s 'name=My Client App II' -s protocol=openid-connect -s 'webOrigins=[\"http://localhost:8980/myapp2\"]'" + " -s baseUrl=http://localhost:8980/myapp2 -s rootUrl=http://localhost:8980/myapp2");
assertExitCodeAndStdErrSize(exe, 0, 2);
ClientRepresentation client2 = JsonSerialization.readValue(exe.stdout(), ClientRepresentation.class);
Assert.assertNotNull("id", client2.getId());
Assert.assertEquals("clientId", "my_client2", client2.getClientId());
Assert.assertEquals("enabled", false, client2.isEnabled());
Assert.assertEquals("redirectUris", Arrays.asList("http://localhost:8980/myapp2/*"), client2.getRedirectUris());
Assert.assertEquals("serviceAccountsEnabled", true, client2.isServiceAccountsEnabled());
Assert.assertEquals("name", "My Client App II", client2.getName());
Assert.assertEquals("implicitFlowEnabled", false, client2.isImplicitFlowEnabled());
Assert.assertEquals("publicClient", true, client2.isPublicClient());
Assert.assertEquals("protocol", "openid-connect", client2.getProtocol());
Assert.assertEquals("webOrigins", Arrays.asList("http://localhost:8980/myapp2"), client2.getWebOrigins());
Assert.assertEquals("consentRequired", false, client2.isConsentRequired());
Assert.assertEquals("baseUrl", "http://localhost:8980/myapp2", client2.getBaseUrl());
Assert.assertEquals("rootUrl", "http://localhost:8980/myapp2", client2.getRootUrl());
Assert.assertEquals("bearerOnly", true, client2.isStandardFlowEnabled());
Assert.assertNull("mappers are null", client2.getProtocolMappers());
// check that using an invalid attribute key is not ignored
exe = execute("create --config '" + configFile.getName() + "' -o -f '" + tmpFile.getName() + "' -s client_id=my_client3");
assertExitCodeAndStreamSizes(exe, 1, 0, 1);
Assert.assertEquals("Failed to set attribute 'client_id' on document type 'default'", exe.stderrLines().get(0));
}
// simple create, output an id
exe = execute("create --insecure --config '" + configFile.getName() + "' -i -s clientId=my_client3");
assertExitCodeAndStreamSizes(exe, 0, 1, 2);
Assert.assertEquals("only clientId returned", "my_client3", exe.stdoutLines().get(0));
// simple create, default output
exe = execute("create --insecure --config '" + configFile.getName() + "' -s clientId=my_client4");
assertExitCodeAndStreamSizes(exe, 0, 0, 3);
Assert.assertEquals("only clientId returned", "Registered new client with client_id 'my_client4'", exe.stderrLines().get(2));
// create using oidc endpoint - autodetect format
content = " {\n" + " \"redirect_uris\" : [ \"http://localhost:8980/myapp/*\" ],\n" + " \"grant_types\" : [ \"authorization_code\", \"client_credentials\", \"refresh_token\" ],\n" + " \"response_types\" : [ \"code\", \"none\" ],\n" + " \"client_name\" : \"My Client App\",\n" + " \"client_uri\" : \"http://localhost:8980/myapp\"\n" + " }";
try (TempFileResource tmpFile = new TempFileResource(initTempFile(".json", content))) {
exe = execute("create --insecure --config '" + configFile.getName() + "' -s 'client_name=My Client App V' " + " -s 'redirect_uris=[\"http://localhost:8980/myapp5/*\"]' -s client_uri=http://localhost:8980/myapp5" + " -o -f - < '" + tmpFile.getName() + "'");
assertExitCodeAndStdErrSize(exe, 0, 2);
OIDCClientRepresentation client = JsonSerialization.readValue(exe.stdout(), OIDCClientRepresentation.class);
Assert.assertNotNull("clientId", client.getClientId());
Assert.assertEquals("redirect_uris", Arrays.asList("http://localhost:8980/myapp5/*"), client.getRedirectUris());
Assert.assertEquals("grant_types", Arrays.asList("authorization_code", "client_credentials", "refresh_token"), client.getGrantTypes());
Assert.assertEquals("response_types", Arrays.asList("code", "none"), client.getResponseTypes());
Assert.assertEquals("client_name", "My Client App V", client.getClientName());
Assert.assertEquals("client_uri", "http://localhost:8980/myapp5", client.getClientUri());
// try use incompatible endpoint override
exe = execute("create --config '" + configFile.getName() + "' -e default -f '" + tmpFile.getName() + "'");
assertExitCodeAndStreamSizes(exe, 1, 0, 1);
Assert.assertEquals("Error message", "Attribute 'redirect_uris' not supported on document type 'default'", exe.stderrLines().get(0));
}
// test create saml formated xml - format autodetection
File samlSpMetaFile = new File(System.getProperty("user.dir") + "/src/test/resources/cli/kcreg/saml-sp-metadata.xml");
Assert.assertTrue("saml-sp-metadata.xml exists", samlSpMetaFile.isFile());
exe = execute("create --insecure --config '" + configFile.getName() + "' -o -f - < '" + samlSpMetaFile.getAbsolutePath() + "'");
assertExitCodeAndStdErrSize(exe, 0, 2);
ClientRepresentation client = JsonSerialization.readValue(exe.stdout(), ClientRepresentation.class);
Assert.assertNotNull("id", client.getId());
Assert.assertEquals("clientId", "http://localhost:8080/sales-post-enc/", client.getClientId());
Assert.assertEquals("redirectUris", Arrays.asList("http://localhost:8081/sales-post-enc/saml"), client.getRedirectUris());
Assert.assertEquals("attributes.saml_name_id_format", "username", client.getAttributes().get("saml_name_id_format"));
Assert.assertEquals("attributes.saml_assertion_consumer_url_post", "http://localhost:8081/sales-post-enc/saml", client.getAttributes().get("saml_assertion_consumer_url_post"));
Assert.assertEquals("attributes.saml.signature.algorithm", "RSA_SHA256", client.getAttributes().get("saml.signature.algorithm"));
// delete initial token
exe = execute("config initial-token --config '" + configFile.getName() + "' --insecure --server " + serverUrl + " --realm " + realm + " --delete");
assertExitCodeAndStreamSizes(exe, 0, 0, 0);
config = handler.loadConfig();
Assert.assertNull("initial token == null", config.ensureRealmConfigData(serverUrl, realm).getInitialToken());
}
}
Also used :
FileConfigHandler(org.keycloak.client.registration.cli.config.FileConfigHandler)
OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation)
ConfigData(org.keycloak.client.registration.cli.config.ConfigData)
KcRegExec(org.keycloak.testsuite.cli.KcRegExec)
File(java.io.File)
TempFileResource(org.keycloak.testsuite.util.TempFileResource)
OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation)
ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)
Test(org.junit.Test)
Example 32 with OIDCClientRepresentation
use of org.keycloak.representations.oidc.OIDCClientRepresentation in project keycloak by keycloak.
the class OIDCClientRegistrationTest method updateClient.
@Test
public void updateClient() throws ClientRegistrationException {
OIDCClientRepresentation response = create();
reg.auth(Auth.token(response));
response.setRedirectUris(Collections.singletonList("http://newredirect"));
response.setResponseTypes(Arrays.asList("code", "id_token token", "code id_token token"));
response.setGrantTypes(Arrays.asList(OAuth2Constants.AUTHORIZATION_CODE, OAuth2Constants.REFRESH_TOKEN, OAuth2Constants.PASSWORD));
OIDCClientRepresentation updated = reg.oidc().update(response);
assertTrue(CollectionUtil.collectionEquals(Collections.singletonList("http://newredirect"), updated.getRedirectUris()));
assertTrue(CollectionUtil.collectionEquals(Arrays.asList(OAuth2Constants.AUTHORIZATION_CODE, OAuth2Constants.IMPLICIT, OAuth2Constants.REFRESH_TOKEN, OAuth2Constants.PASSWORD), updated.getGrantTypes()));
assertTrue(CollectionUtil.collectionEquals(Arrays.asList(OAuth2Constants.CODE, OIDCResponseType.NONE, OIDCResponseType.ID_TOKEN, "id_token token", "code id_token", "code token", "code id_token token"), updated.getResponseTypes()));
}
Also used :
OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation)
Test(org.junit.Test)
Example 33 with OIDCClientRepresentation
use of org.keycloak.representations.oidc.OIDCClientRepresentation in project keycloak by keycloak.
the class OIDCClientRegistrationTest method testMtlsHoKTokenEnabled.
// KEYCLOAK-6771 Certificate Bound Token
// https://tools.ietf.org/html/draft-ietf-oauth-mtls-08#section-6.5
@Test
public void testMtlsHoKTokenEnabled() throws Exception {
// create (no specification)
OIDCClientRepresentation clientRep = createRep();
OIDCClientRepresentation response = reg.oidc().create(clientRep);
Assert.assertEquals(Boolean.FALSE, response.getTlsClientCertificateBoundAccessTokens());
Assert.assertNotNull(response.getClientSecret());
// Test Keycloak representation
ClientRepresentation kcClient = getClient(response.getClientId());
OIDCAdvancedConfigWrapper config = OIDCAdvancedConfigWrapper.fromClientRepresentation(kcClient);
assertTrue(!config.isUseMtlsHokToken());
// update (true)
reg.auth(Auth.token(response));
response.setTlsClientCertificateBoundAccessTokens(Boolean.TRUE);
OIDCClientRepresentation updated = reg.oidc().update(response);
assertTrue(updated.getTlsClientCertificateBoundAccessTokens().booleanValue());
// Test Keycloak representation
kcClient = getClient(updated.getClientId());
config = OIDCAdvancedConfigWrapper.fromClientRepresentation(kcClient);
assertTrue(config.isUseMtlsHokToken());
// update (false)
reg.auth(Auth.token(updated));
updated.setTlsClientCertificateBoundAccessTokens(Boolean.FALSE);
OIDCClientRepresentation reUpdated = reg.oidc().update(updated);
assertTrue(!reUpdated.getTlsClientCertificateBoundAccessTokens().booleanValue());
// Test Keycloak representation
kcClient = getClient(reUpdated.getClientId());
config = OIDCAdvancedConfigWrapper.fromClientRepresentation(kcClient);
assertTrue(!config.isUseMtlsHokToken());
}
Also used :
OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation)
OIDCAdvancedConfigWrapper(org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper)
OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation)
ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)
Test(org.junit.Test)
Example 34 with OIDCClientRepresentation
use of org.keycloak.representations.oidc.OIDCClientRepresentation in project keycloak by keycloak.
the class OIDCClientRegistrationTest method create.
public OIDCClientRepresentation create() throws ClientRegistrationException {
OIDCClientRepresentation client = createRep();
OIDCClientRepresentation response = reg.oidc().create(client);
return response;
}
Also used :
OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation)
Example 35 with OIDCClientRepresentation
use of org.keycloak.representations.oidc.OIDCClientRepresentation in project keycloak by keycloak.
the class OIDCClientRegistrationTest method testIdTokenEncryptedResponse.
@Test
public void testIdTokenEncryptedResponse() throws Exception {
OIDCClientRepresentation response = null;
OIDCClientRepresentation updated = null;
try {
// create (no specification)
OIDCClientRepresentation clientRep = createRep();
response = reg.oidc().create(clientRep);
Assert.assertEquals(Boolean.FALSE, response.getTlsClientCertificateBoundAccessTokens());
Assert.assertNotNull(response.getClientSecret());
// Test Keycloak representation
ClientRepresentation kcClient = getClient(response.getClientId());
OIDCAdvancedConfigWrapper config = OIDCAdvancedConfigWrapper.fromClientRepresentation(kcClient);
Assert.assertNull(config.getIdTokenEncryptedResponseAlg());
Assert.assertNull(config.getIdTokenEncryptedResponseEnc());
// update (alg RSA1_5, enc A128CBC-HS256)
reg.auth(Auth.token(response));
response.setIdTokenEncryptedResponseAlg(JWEConstants.RSA1_5);
response.setIdTokenEncryptedResponseEnc(JWEConstants.A128CBC_HS256);
updated = reg.oidc().update(response);
Assert.assertEquals(JWEConstants.RSA1_5, updated.getIdTokenEncryptedResponseAlg());
Assert.assertEquals(JWEConstants.A128CBC_HS256, updated.getIdTokenEncryptedResponseEnc());
// Test Keycloak representation
kcClient = getClient(updated.getClientId());
config = OIDCAdvancedConfigWrapper.fromClientRepresentation(kcClient);
Assert.assertEquals(JWEConstants.RSA1_5, config.getIdTokenEncryptedResponseAlg());
Assert.assertEquals(JWEConstants.A128CBC_HS256, config.getIdTokenEncryptedResponseEnc());
} finally {
// revert
reg.auth(Auth.token(updated));
updated.setIdTokenEncryptedResponseAlg(null);
updated.setIdTokenEncryptedResponseEnc(null);
reg.oidc().update(updated);
}
}
Also used :
OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation)
OIDCAdvancedConfigWrapper(org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper)
OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation)
ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)
Test(org.junit.Test)
Aggregations
OIDCClientRepresentation (org.keycloak.representations.oidc.OIDCClientRepresentation)118
Test (org.junit.Test)95
ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)44
AbstractClientPoliciesTest (org.keycloak.testsuite.client.AbstractClientPoliciesTest)22
ParResponse (org.keycloak.testsuite.util.OAuthClient.ParResponse)21
TestOIDCEndpointsApplicationResource (org.keycloak.testsuite.client.resources.TestOIDCEndpointsApplicationResource)16
OAuthClient (org.keycloak.testsuite.util.OAuthClient)16
OIDCAdvancedConfigWrapper (org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper)15
ClientRegistrationException (org.keycloak.client.registration.ClientRegistrationException)11
IOException (java.io.IOException)10
ClientResource (org.keycloak.admin.client.resource.ClientResource)9
ArrayList (java.util.ArrayList)8
ClientPoliciesBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPoliciesBuilder)7
ClientPolicyBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPolicyBuilder)7
ClientProfileBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfileBuilder)7
ClientProfilesBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfilesBuilder)7
AuthServerContainerExclude (org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)6
ClientsResource (org.keycloak.admin.client.resource.ClientsResource)4
InputStream (java.io.InputStream)3
Produces (javax.ws.rs.Produces)3
