use of org.keycloak.representations.oidc.TokenMetadataRepresentation in project keycloak by keycloak.
the class RefreshableKeycloakSecurityContextTest method sameIssuedAtAsNotBeforeIsActiveKEYCLOAK10013.
@Test
public void sameIssuedAtAsNotBeforeIsActiveKEYCLOAK10013() {
KeycloakDeployment keycloakDeployment = new KeycloakDeployment();
keycloakDeployment.setNotBefore(5000);
TokenMetadataRepresentation token = new TokenMetadataRepresentation();
token.setActive(true);
token.issuedAt(4999);
RefreshableKeycloakSecurityContext sut = new RefreshableKeycloakSecurityContext(keycloakDeployment, null, null, token, null, null, null);
assertFalse(sut.isActive());
token.issuedAt(5000);
assertTrue(sut.isActive());
}
use of org.keycloak.representations.oidc.TokenMetadataRepresentation in project keycloak by keycloak.
the class RefreshableKeycloakSecurityContextTest method isActive.
@Test
public void isActive() {
TokenMetadataRepresentation token = new TokenMetadataRepresentation();
token.setActive(true);
token.issuedNow();
RefreshableKeycloakSecurityContext sut = new RefreshableKeycloakSecurityContext(null, null, null, token, null, null, null);
// verify false if null deployment (KEYCLOAK-3050; yielded a npe)
assertFalse(sut.isActive());
}
use of org.keycloak.representations.oidc.TokenMetadataRepresentation in project keycloak by keycloak.
the class TokenIntrospectionTest method testUnsupportedToken.
@Test
public void testUnsupportedToken() throws Exception {
oauth.doLogin("test-user@localhost", "password");
String inactiveAccessToken = "unsupported";
String tokenResponse = oauth.introspectAccessTokenWithClientCredential("confidential-cli", "secret1", inactiveAccessToken);
ObjectMapper objectMapper = new ObjectMapper();
JsonNode jsonNode = objectMapper.readTree(tokenResponse);
assertFalse(jsonNode.get("active").asBoolean());
TokenMetadataRepresentation rep = objectMapper.readValue(tokenResponse, TokenMetadataRepresentation.class);
assertFalse(rep.isActive());
assertNull(rep.getUserName());
assertNull(rep.getClientId());
assertNull(rep.getSubject());
}
use of org.keycloak.representations.oidc.TokenMetadataRepresentation in project keycloak by keycloak.
the class TokenIntrospectionTest method testIntrospectAccessToken.
private void testIntrospectAccessToken(String jwaAlgorithm) throws Exception {
try {
TokenSignatureUtil.changeClientAccessTokenSignatureProvider(ApiUtil.findClientByClientId(adminClient.realm("test"), "test-app"), jwaAlgorithm);
oauth.doLogin("test-user@localhost", "password");
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
EventRepresentation loginEvent = events.expectLogin().assertEvent();
AccessTokenResponse accessTokenResponse = oauth.doAccessTokenRequest(code, "password");
assertEquals(jwaAlgorithm, new JWSInput(accessTokenResponse.getAccessToken()).getHeader().getAlgorithm().name());
String tokenResponse = oauth.introspectAccessTokenWithClientCredential("confidential-cli", "secret1", accessTokenResponse.getAccessToken());
TokenMetadataRepresentation rep = JsonSerialization.readValue(tokenResponse, TokenMetadataRepresentation.class);
assertTrue(rep.isActive());
assertEquals("test-user@localhost", rep.getUserName());
assertEquals("test-app", rep.getClientId());
assertEquals(loginEvent.getUserId(), rep.getSubject());
// Assert expected scope
OIDCScopeTest.assertScopes("openid email profile", rep.getScope());
} finally {
TokenSignatureUtil.changeClientAccessTokenSignatureProvider(ApiUtil.findClientByClientId(adminClient.realm("test"), "test-app"), Algorithm.RS256);
}
}
use of org.keycloak.representations.oidc.TokenMetadataRepresentation in project keycloak by keycloak.
the class TokenIntrospectionTest method testIntrospectRefreshToken.
@Test
public void testIntrospectRefreshToken() throws Exception {
oauth.doLogin("test-user@localhost", "password");
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
EventRepresentation loginEvent = events.expectLogin().assertEvent();
String sessionId = loginEvent.getSessionId();
AccessTokenResponse accessTokenResponse = oauth.doAccessTokenRequest(code, "password");
String tokenResponse = oauth.introspectRefreshTokenWithClientCredential("confidential-cli", "secret1", accessTokenResponse.getRefreshToken());
ObjectMapper objectMapper = new ObjectMapper();
JsonNode jsonNode = objectMapper.readTree(tokenResponse);
assertTrue(jsonNode.get("active").asBoolean());
assertEquals(sessionId, jsonNode.get("session_state").asText());
assertEquals("test-app", jsonNode.get("client_id").asText());
assertTrue(jsonNode.has("exp"));
assertTrue(jsonNode.has("iat"));
assertFalse(jsonNode.has("nbf"));
assertTrue(jsonNode.has("sub"));
assertTrue(jsonNode.has("aud"));
assertTrue(jsonNode.has("iss"));
assertTrue(jsonNode.has("jti"));
assertTrue(jsonNode.has("typ"));
TokenMetadataRepresentation rep = objectMapper.readValue(tokenResponse, TokenMetadataRepresentation.class);
assertTrue(rep.isActive());
assertEquals("test-app", rep.getClientId());
assertEquals(jsonNode.get("session_state").asText(), rep.getSessionState());
assertEquals(jsonNode.get("exp").asInt(), rep.getExpiration());
assertEquals(jsonNode.get("iat").asInt(), rep.getIssuedAt());
assertEquals(jsonNode.get("nbf"), rep.getNbf());
assertEquals(jsonNode.get("iss").asText(), rep.getIssuer());
assertEquals(jsonNode.get("jti").asText(), rep.getId());
assertEquals(jsonNode.get("typ").asText(), "Refresh");
}
Aggregations