Examples with TokenMetadataRepresentation org.keycloak.representations.oidc.TokenMetadataRepresentation used on opensource projects

Search in sources :

Example 16 with TokenMetadataRepresentation

use of org.keycloak.representations.oidc.TokenMetadataRepresentation in project keycloak by keycloak.

the class TokenIntrospectionTest method testIntrospectAccessTokenUserDisabled.

@Test
public void testIntrospectAccessTokenUserDisabled() throws Exception {
    oauth.doLogin("test-user@localhost", "password");
    String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
    AccessTokenResponse accessTokenResponse = oauth.doAccessTokenRequest(code, "password");
    EventRepresentation loginEvent = events.expectLogin().assertEvent();
    UserRepresentation userRep = new UserRepresentation();
    try {
        userRep.setEnabled(false);
        adminClient.realm(oauth.getRealm()).users().get(loginEvent.getUserId()).update(userRep);
        String tokenResponse = oauth.introspectAccessTokenWithClientCredential("confidential-cli", "secret1", accessTokenResponse.getAccessToken());
        TokenMetadataRepresentation rep = JsonSerialization.readValue(tokenResponse, TokenMetadataRepresentation.class);
        assertFalse(rep.isActive());
        assertNull(rep.getUserName());
        assertNull(rep.getClientId());
        assertNull(rep.getSubject());
    } finally {
        userRep.setEnabled(true);
        adminClient.realm(oauth.getRealm()).users().get(loginEvent.getUserId()).update(userRep);
    }
}
Also used : TokenMetadataRepresentation(org.keycloak.representations.oidc.TokenMetadataRepresentation) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) AccessTokenResponse(org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) AbstractOIDCScopeTest(org.keycloak.testsuite.oidc.AbstractOIDCScopeTest) OIDCScopeTest(org.keycloak.testsuite.oidc.OIDCScopeTest) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Example 17 with TokenMetadataRepresentation

use of org.keycloak.representations.oidc.TokenMetadataRepresentation in project keycloak by keycloak.

the class TokenIntrospectionTest method testConfidentialClientCredentialsBasicAuthentication.

@Test
public void testConfidentialClientCredentialsBasicAuthentication() throws Exception {
    oauth.doLogin("test-user@localhost", "password");
    String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
    AccessTokenResponse accessTokenResponse = oauth.doAccessTokenRequest(code, "password");
    String tokenResponse = oauth.introspectAccessTokenWithClientCredential("confidential-cli", "secret1", accessTokenResponse.getAccessToken());
    ObjectMapper objectMapper = new ObjectMapper();
    JsonNode jsonNode = objectMapper.readTree(tokenResponse);
    assertTrue(jsonNode.get("active").asBoolean());
    assertEquals("test-user@localhost", jsonNode.get("username").asText());
    assertEquals("test-app", jsonNode.get("client_id").asText());
    assertTrue(jsonNode.has("exp"));
    assertTrue(jsonNode.has("iat"));
    assertFalse(jsonNode.has("nbf"));
    assertTrue(jsonNode.has("sub"));
    assertTrue(jsonNode.has("aud"));
    assertTrue(jsonNode.has("iss"));
    assertTrue(jsonNode.has("jti"));
    TokenMetadataRepresentation rep = objectMapper.readValue(tokenResponse, TokenMetadataRepresentation.class);
    assertTrue(rep.isActive());
    assertEquals("test-user@localhost", rep.getUserName());
    assertEquals("test-app", rep.getClientId());
    assertEquals(jsonNode.get("exp").asInt(), rep.getExpiration());
    assertEquals(jsonNode.get("iat").asInt(), rep.getIssuedAt());
    assertEquals(jsonNode.get("nbf"), rep.getNbf());
    assertEquals(jsonNode.get("sub").asText(), rep.getSubject());
    List<String> audiences = new ArrayList<>();
    // We have single audience in the token - hence it is simple string
    assertTrue(jsonNode.get("aud") instanceof TextNode);
    audiences.add(jsonNode.get("aud").asText());
    Assert.assertNames(audiences, rep.getAudience());
    assertEquals(jsonNode.get("iss").asText(), rep.getIssuer());
    assertEquals(jsonNode.get("jti").asText(), rep.getId());
}
Also used : TokenMetadataRepresentation(org.keycloak.representations.oidc.TokenMetadataRepresentation) ArrayList(java.util.ArrayList) JsonNode(com.fasterxml.jackson.databind.JsonNode) TextNode(com.fasterxml.jackson.databind.node.TextNode) AccessTokenResponse(org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) AbstractOIDCScopeTest(org.keycloak.testsuite.oidc.AbstractOIDCScopeTest) OIDCScopeTest(org.keycloak.testsuite.oidc.OIDCScopeTest) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Example 18 with TokenMetadataRepresentation

use of org.keycloak.representations.oidc.TokenMetadataRepresentation in project keycloak by keycloak.

the class TokenRevocationCorsTest method isTokenDisabled.

private void isTokenDisabled(AccessTokenResponse tokenResponse, String clientId) throws IOException {
    String introspectionResponse = oauth.introspectAccessTokenWithClientCredential(clientId, "password", tokenResponse.getAccessToken());
    TokenMetadataRepresentation rep = JsonSerialization.readValue(introspectionResponse, TokenMetadataRepresentation.class);
    assertFalse(rep.isActive());
    oauth.clientId(clientId);
    OAuthClient.AccessTokenResponse tokenRefreshResponse = oauth.doRefreshTokenRequest(tokenResponse.getRefreshToken(), "password");
    assertEquals(Status.BAD_REQUEST.getStatusCode(), tokenRefreshResponse.getStatusCode());
}
Also used : TokenMetadataRepresentation(org.keycloak.representations.oidc.TokenMetadataRepresentation) OAuthClient(org.keycloak.testsuite.util.OAuthClient) AccessTokenResponse(org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse)

Example 19 with TokenMetadataRepresentation

use of org.keycloak.representations.oidc.TokenMetadataRepresentation in project keycloak by keycloak.

the class HoKTest method testIntrospectHoKAccessToken.

@Test
public void testIntrospectHoKAccessToken() throws Exception {
    // get an access token with client certificate in mutual authenticate TLS
    // mimic Client
    oauth.doLogin("test-user@localhost", "password");
    String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
    EventRepresentation loginEvent = events.expectLogin().assertEvent();
    AccessTokenResponse accessTokenResponse = null;
    try (CloseableHttpClient client = MutualTLSUtils.newCloseableHttpClientWithDefaultKeyStoreAndTrustStore()) {
        accessTokenResponse = oauth.doAccessTokenRequest(code, "password", client);
    } catch (IOException ioe) {
        throw new RuntimeException(ioe);
    }
    // Do token introspection
    // mimic Resource Server
    String tokenResponse;
    try (CloseableHttpClient client = MutualTLSUtils.newCloseableHttpClientWithoutKeyStoreAndTrustStore()) {
        tokenResponse = oauth.introspectTokenWithClientCredential("confidential-cli", "secret1", "access_token", accessTokenResponse.getAccessToken(), client);
    } catch (IOException ioe) {
        throw new RuntimeException(ioe);
    }
    TokenMetadataRepresentation rep = JsonSerialization.readValue(tokenResponse, TokenMetadataRepresentation.class);
    JWSInput jws = new JWSInput(accessTokenResponse.getAccessToken());
    AccessToken at = jws.readJsonContent(AccessToken.class);
    jws = new JWSInput(accessTokenResponse.getRefreshToken());
    RefreshToken rt = jws.readJsonContent(RefreshToken.class);
    String certThumprintFromAccessToken = at.getCertConf().getCertThumbprint();
    String certThumprintFromRefreshToken = rt.getCertConf().getCertThumbprint();
    String certThumprintFromTokenIntrospection = rep.getCertConf().getCertThumbprint();
    String certThumprintFromBoundClientCertificate = MutualTLSUtils.getThumbprintFromDefaultClientCert();
    assertTrue(rep.isActive());
    assertEquals("test-user@localhost", rep.getUserName());
    assertEquals("test-app", rep.getClientId());
    assertEquals(loginEvent.getUserId(), rep.getSubject());
    assertEquals(certThumprintFromTokenIntrospection, certThumprintFromBoundClientCertificate);
    assertEquals(certThumprintFromBoundClientCertificate, certThumprintFromAccessToken);
    assertEquals(certThumprintFromAccessToken, certThumprintFromRefreshToken);
}
Also used : CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) TokenMetadataRepresentation(org.keycloak.representations.oidc.TokenMetadataRepresentation) RefreshToken(org.keycloak.representations.RefreshToken) AccessToken(org.keycloak.representations.AccessToken) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) IOException(java.io.IOException) JWSInput(org.keycloak.jose.jws.JWSInput) AccessTokenResponse(org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse) RefreshTokenTest(org.keycloak.testsuite.oauth.RefreshTokenTest) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Example 20 with TokenMetadataRepresentation

use of org.keycloak.representations.oidc.TokenMetadataRepresentation in project keycloak by keycloak.

the class TokenRevocationTest method isTokenEnabled.

private void isTokenEnabled(AccessTokenResponse tokenResponse, String clientId) throws IOException {
    String introspectionResponse = oauth.introspectAccessTokenWithClientCredential(clientId, "password", tokenResponse.getAccessToken());
    TokenMetadataRepresentation rep = JsonSerialization.readValue(introspectionResponse, TokenMetadataRepresentation.class);
    assertTrue(rep.isActive());
    oauth.clientId(clientId);
    OAuthClient.AccessTokenResponse tokenRefreshResponse = oauth.doRefreshTokenRequest(tokenResponse.getRefreshToken(), "password");
    assertEquals(Status.OK.getStatusCode(), tokenRefreshResponse.getStatusCode());
}
Also used : TokenMetadataRepresentation(org.keycloak.representations.oidc.TokenMetadataRepresentation) OAuthClient(org.keycloak.testsuite.util.OAuthClient) AccessTokenResponse(org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse)

Aggregations

TokenMetadataRepresentation (org.keycloak.representations.oidc.TokenMetadataRepresentation)21 AccessTokenResponse (org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse)14 Test (org.junit.Test)13 AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)12 AbstractOIDCScopeTest (org.keycloak.testsuite.oidc.AbstractOIDCScopeTest)11 OIDCScopeTest (org.keycloak.testsuite.oidc.OIDCScopeTest)11 JsonNode (com.fasterxml.jackson.databind.JsonNode)6 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)5 EventRepresentation (org.keycloak.representations.idm.EventRepresentation)5 OAuthClient (org.keycloak.testsuite.util.OAuthClient)3 IOException (java.io.IOException)2 CloseableHttpResponse (org.apache.http.client.methods.CloseableHttpResponse)2 CloseableHttpClient (org.apache.http.impl.client.CloseableHttpClient)2 JWSInput (org.keycloak.jose.jws.JWSInput)2 TextNode (com.fasterxml.jackson.databind.node.TextNode)1 ArrayList (java.util.ArrayList)1 NotAuthorizedException (javax.ws.rs.NotAuthorizedException)1 Response (javax.ws.rs.core.Response)1 Matchers.containsString (org.hamcrest.Matchers.containsString)1 Keycloak (org.keycloak.admin.client.Keycloak)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial