Search in sources :

Example 1 with TokenMetadataRepresentation

use of org.keycloak.representations.oidc.TokenMetadataRepresentation in project keycloak by keycloak.

the class RefreshableKeycloakSecurityContextTest method sameIssuedAtAsNotBeforeIsActiveKEYCLOAK10013.

@Test
public void sameIssuedAtAsNotBeforeIsActiveKEYCLOAK10013() {
    KeycloakDeployment keycloakDeployment = new KeycloakDeployment();
    keycloakDeployment.setNotBefore(5000);
    TokenMetadataRepresentation token = new TokenMetadataRepresentation();
    token.setActive(true);
    token.issuedAt(4999);
    RefreshableKeycloakSecurityContext sut = new RefreshableKeycloakSecurityContext(keycloakDeployment, null, null, token, null, null, null);
    assertFalse(sut.isActive());
    token.issuedAt(5000);
    assertTrue(sut.isActive());
}
Also used : TokenMetadataRepresentation(org.keycloak.representations.oidc.TokenMetadataRepresentation) Test(org.junit.Test)

Example 2 with TokenMetadataRepresentation

use of org.keycloak.representations.oidc.TokenMetadataRepresentation in project keycloak by keycloak.

the class RefreshableKeycloakSecurityContextTest method isActive.

@Test
public void isActive() {
    TokenMetadataRepresentation token = new TokenMetadataRepresentation();
    token.setActive(true);
    token.issuedNow();
    RefreshableKeycloakSecurityContext sut = new RefreshableKeycloakSecurityContext(null, null, null, token, null, null, null);
    // verify false if null deployment (KEYCLOAK-3050; yielded a npe)
    assertFalse(sut.isActive());
}
Also used : TokenMetadataRepresentation(org.keycloak.representations.oidc.TokenMetadataRepresentation) Test(org.junit.Test)

Example 3 with TokenMetadataRepresentation

use of org.keycloak.representations.oidc.TokenMetadataRepresentation in project keycloak by keycloak.

the class TokenIntrospectionTest method testUnsupportedToken.

@Test
public void testUnsupportedToken() throws Exception {
    oauth.doLogin("test-user@localhost", "password");
    String inactiveAccessToken = "unsupported";
    String tokenResponse = oauth.introspectAccessTokenWithClientCredential("confidential-cli", "secret1", inactiveAccessToken);
    ObjectMapper objectMapper = new ObjectMapper();
    JsonNode jsonNode = objectMapper.readTree(tokenResponse);
    assertFalse(jsonNode.get("active").asBoolean());
    TokenMetadataRepresentation rep = objectMapper.readValue(tokenResponse, TokenMetadataRepresentation.class);
    assertFalse(rep.isActive());
    assertNull(rep.getUserName());
    assertNull(rep.getClientId());
    assertNull(rep.getSubject());
}
Also used : TokenMetadataRepresentation(org.keycloak.representations.oidc.TokenMetadataRepresentation) JsonNode(com.fasterxml.jackson.databind.JsonNode) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) AbstractOIDCScopeTest(org.keycloak.testsuite.oidc.AbstractOIDCScopeTest) OIDCScopeTest(org.keycloak.testsuite.oidc.OIDCScopeTest) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Example 4 with TokenMetadataRepresentation

use of org.keycloak.representations.oidc.TokenMetadataRepresentation in project keycloak by keycloak.

the class TokenIntrospectionTest method testIntrospectAccessToken.

private void testIntrospectAccessToken(String jwaAlgorithm) throws Exception {
    try {
        TokenSignatureUtil.changeClientAccessTokenSignatureProvider(ApiUtil.findClientByClientId(adminClient.realm("test"), "test-app"), jwaAlgorithm);
        oauth.doLogin("test-user@localhost", "password");
        String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
        EventRepresentation loginEvent = events.expectLogin().assertEvent();
        AccessTokenResponse accessTokenResponse = oauth.doAccessTokenRequest(code, "password");
        assertEquals(jwaAlgorithm, new JWSInput(accessTokenResponse.getAccessToken()).getHeader().getAlgorithm().name());
        String tokenResponse = oauth.introspectAccessTokenWithClientCredential("confidential-cli", "secret1", accessTokenResponse.getAccessToken());
        TokenMetadataRepresentation rep = JsonSerialization.readValue(tokenResponse, TokenMetadataRepresentation.class);
        assertTrue(rep.isActive());
        assertEquals("test-user@localhost", rep.getUserName());
        assertEquals("test-app", rep.getClientId());
        assertEquals(loginEvent.getUserId(), rep.getSubject());
        // Assert expected scope
        OIDCScopeTest.assertScopes("openid email profile", rep.getScope());
    } finally {
        TokenSignatureUtil.changeClientAccessTokenSignatureProvider(ApiUtil.findClientByClientId(adminClient.realm("test"), "test-app"), Algorithm.RS256);
    }
}
Also used : TokenMetadataRepresentation(org.keycloak.representations.oidc.TokenMetadataRepresentation) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) JWSInput(org.keycloak.jose.jws.JWSInput) AccessTokenResponse(org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse)

Example 5 with TokenMetadataRepresentation

use of org.keycloak.representations.oidc.TokenMetadataRepresentation in project keycloak by keycloak.

the class TokenIntrospectionTest method testIntrospectRefreshToken.

@Test
public void testIntrospectRefreshToken() throws Exception {
    oauth.doLogin("test-user@localhost", "password");
    String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
    EventRepresentation loginEvent = events.expectLogin().assertEvent();
    String sessionId = loginEvent.getSessionId();
    AccessTokenResponse accessTokenResponse = oauth.doAccessTokenRequest(code, "password");
    String tokenResponse = oauth.introspectRefreshTokenWithClientCredential("confidential-cli", "secret1", accessTokenResponse.getRefreshToken());
    ObjectMapper objectMapper = new ObjectMapper();
    JsonNode jsonNode = objectMapper.readTree(tokenResponse);
    assertTrue(jsonNode.get("active").asBoolean());
    assertEquals(sessionId, jsonNode.get("session_state").asText());
    assertEquals("test-app", jsonNode.get("client_id").asText());
    assertTrue(jsonNode.has("exp"));
    assertTrue(jsonNode.has("iat"));
    assertFalse(jsonNode.has("nbf"));
    assertTrue(jsonNode.has("sub"));
    assertTrue(jsonNode.has("aud"));
    assertTrue(jsonNode.has("iss"));
    assertTrue(jsonNode.has("jti"));
    assertTrue(jsonNode.has("typ"));
    TokenMetadataRepresentation rep = objectMapper.readValue(tokenResponse, TokenMetadataRepresentation.class);
    assertTrue(rep.isActive());
    assertEquals("test-app", rep.getClientId());
    assertEquals(jsonNode.get("session_state").asText(), rep.getSessionState());
    assertEquals(jsonNode.get("exp").asInt(), rep.getExpiration());
    assertEquals(jsonNode.get("iat").asInt(), rep.getIssuedAt());
    assertEquals(jsonNode.get("nbf"), rep.getNbf());
    assertEquals(jsonNode.get("iss").asText(), rep.getIssuer());
    assertEquals(jsonNode.get("jti").asText(), rep.getId());
    assertEquals(jsonNode.get("typ").asText(), "Refresh");
}
Also used : TokenMetadataRepresentation(org.keycloak.representations.oidc.TokenMetadataRepresentation) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) JsonNode(com.fasterxml.jackson.databind.JsonNode) AccessTokenResponse(org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) AbstractOIDCScopeTest(org.keycloak.testsuite.oidc.AbstractOIDCScopeTest) OIDCScopeTest(org.keycloak.testsuite.oidc.OIDCScopeTest) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Aggregations

TokenMetadataRepresentation (org.keycloak.representations.oidc.TokenMetadataRepresentation)21 AccessTokenResponse (org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse)14 Test (org.junit.Test)13 AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)12 AbstractOIDCScopeTest (org.keycloak.testsuite.oidc.AbstractOIDCScopeTest)11 OIDCScopeTest (org.keycloak.testsuite.oidc.OIDCScopeTest)11 JsonNode (com.fasterxml.jackson.databind.JsonNode)6 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)5 EventRepresentation (org.keycloak.representations.idm.EventRepresentation)5 OAuthClient (org.keycloak.testsuite.util.OAuthClient)3 IOException (java.io.IOException)2 CloseableHttpResponse (org.apache.http.client.methods.CloseableHttpResponse)2 CloseableHttpClient (org.apache.http.impl.client.CloseableHttpClient)2 JWSInput (org.keycloak.jose.jws.JWSInput)2 TextNode (com.fasterxml.jackson.databind.node.TextNode)1 ArrayList (java.util.ArrayList)1 NotAuthorizedException (javax.ws.rs.NotAuthorizedException)1 Response (javax.ws.rs.core.Response)1 Matchers.containsString (org.hamcrest.Matchers.containsString)1 Keycloak (org.keycloak.admin.client.Keycloak)1