Examples with OAuthClient org.keycloak.testsuite.util.OAuthClient used on opensource projects

Search in sources :

Example 1 with OAuthClient

use of org.keycloak.testsuite.util.OAuthClient in project keycloak by keycloak.

the class AuthenticationSessionClusterTest method testAuthSessionCookieWithoutRoute.

@Test
public void testAuthSessionCookieWithoutRoute() throws Exception {
    OAuthClient oAuthClient = new OAuthClient();
    oAuthClient.init(driver);
    oAuthClient.baseUrl(UriBuilder.fromUri(backendNode(0).getUriBuilder().build() + "/auth").build("test").toString());
    String testAppLoginNode1URL = oAuthClient.getLoginFormUrl();
    // Disable route on backend server
    getTestingClientFor(backendNode(0)).server().run(session -> {
        InfinispanStickySessionEncoderProviderFactory factory = (InfinispanStickySessionEncoderProviderFactory) session.getKeycloakSessionFactory().getProviderFactory(StickySessionEncoderProvider.class, "infinispan");
        factory.setShouldAttachRoute(false);
    });
    // Test routes
    for (int i = 0; i < 20; i++) {
        driver.navigate().to(testAppLoginNode1URL);
        String authSessionCookie = AuthenticationSessionFailoverClusterTest.getAuthSessionCookieValue(driver);
        Assert.assertEquals(36, authSessionCookie.length());
        // Drop all cookies before continue
        driver.manage().deleteAllCookies();
        // Check that route owner is always node1
        getTestingClientFor(backendNode(0)).server().run(session -> {
            Cache authSessionCache = session.getProvider(InfinispanConnectionProvider.class).getCache(InfinispanConnectionProvider.AUTHENTICATION_SESSIONS_CACHE_NAME);
            String keyOwner = InfinispanUtil.getTopologyInfo(session).getRouteName(authSessionCache, authSessionCookie);
            Assert.assertTrue(keyOwner.startsWith("node1"));
        });
    }
    // Revert route on backend server
    getTestingClientFor(backendNode(0)).server().run(session -> {
        InfinispanStickySessionEncoderProviderFactory factory = (InfinispanStickySessionEncoderProviderFactory) session.getKeycloakSessionFactory().getProviderFactory(StickySessionEncoderProvider.class, "infinispan");
        factory.setShouldAttachRoute(true);
    });
}
Also used : InfinispanStickySessionEncoderProviderFactory(org.keycloak.models.sessions.infinispan.InfinispanStickySessionEncoderProviderFactory) OAuthClient(org.keycloak.testsuite.util.OAuthClient) InfinispanConnectionProvider(org.keycloak.connections.infinispan.InfinispanConnectionProvider) StickySessionEncoderProvider(org.keycloak.sessions.StickySessionEncoderProvider) Cache(org.infinispan.Cache) Test(org.junit.Test)

Example 2 with OAuthClient

use of org.keycloak.testsuite.util.OAuthClient in project keycloak by keycloak.

the class AuthenticationSessionClusterTest method testAuthSessionCookieWithAttachedRoute.

@Test
public void testAuthSessionCookieWithAttachedRoute() throws Exception {
    // TODO Maybe add compatibility between cluster and cross-dc tests regarding route name (jboss.node.name). Cross-dc tests use arquillian container qualifier when cluster tests just 'node1' .
    // String node1Route = backendNode(0).getArquillianContainer().getName();
    // String node2Route = backendNode(1).getArquillianContainer().getName();
    OAuthClient oAuthClient = new OAuthClient();
    oAuthClient.init(driver);
    oAuthClient.baseUrl(UriBuilder.fromUri(backendNode(0).getUriBuilder().build() + "/auth").build("test").toString());
    String testAppLoginNode1URL = oAuthClient.getLoginFormUrl();
    Set<String> visitedRoutes = new HashSet<>();
    for (int i = 0; i < 20; i++) {
        driver.navigate().to(testAppLoginNode1URL);
        String authSessionCookie = AuthenticationSessionFailoverClusterTest.getAuthSessionCookieValue(driver);
        Assert.assertThat(authSessionCookie.length(), Matchers.greaterThan(36));
        String route = authSessionCookie.substring(37);
        visitedRoutes.add(route);
        // Drop all cookies before continue
        driver.manage().deleteAllCookies();
    }
    Assert.assertThat(visitedRoutes, Matchers.containsInAnyOrder(Matchers.startsWith("node1"), Matchers.startsWith("node2")));
}
Also used : OAuthClient(org.keycloak.testsuite.util.OAuthClient) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 3 with OAuthClient

use of org.keycloak.testsuite.util.OAuthClient in project keycloak by keycloak.

the class AccessTokenTest method accessTokenInvalidRedirectUri.

@Test
public void accessTokenInvalidRedirectUri() throws Exception {
    oauth.doLogin("test-user@localhost", "password");
    EventRepresentation loginEvent = events.expectLogin().assertEvent();
    String codeId = loginEvent.getDetails().get(Details.CODE_ID);
    String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
    // @TODO This new and was necesssary to not mess up with other tests cases
    String redirectUri = oauth.getRedirectUri();
    oauth.redirectUri("http://invalid");
    OAuthClient.AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
    assertEquals(400, response.getStatusCode());
    assertEquals("invalid_grant", response.getError());
    assertEquals("Incorrect redirect_uri", response.getErrorDescription());
    events.expectCodeToToken(codeId, loginEvent.getSessionId()).error("invalid_code").removeDetail(Details.TOKEN_ID).removeDetail(Details.REFRESH_TOKEN_ID).removeDetail(Details.REFRESH_TOKEN_TYPE).assertEvent();
    // @TODO Reset back to the original URI. Maybe we should have something to reset to the original state at OAuthClient
    oauth.redirectUri(redirectUri);
}
Also used : OAuthClient(org.keycloak.testsuite.util.OAuthClient) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test)

Example 4 with OAuthClient

use of org.keycloak.testsuite.util.OAuthClient in project keycloak by keycloak.

the class BackchannelLogoutTest method postBackchannelLogoutWithSessionIdMultipleOpenSessionDifferentIdentityProvider.

@Test
public void postBackchannelLogoutWithSessionIdMultipleOpenSessionDifferentIdentityProvider() throws Exception {
    IdentityProviderRepresentation identityProvider2 = addSecondIdentityProviderToConsumerRealm();
    String brokerClientIdProviderRealm = getClientId(nbc.providerRealmName(), BROKER_CLIENT_ID);
    logInAsUserInIDPForFirstTime();
    String userIdConsumerRealm = getUserIdConsumerRealm();
    adminClient.realm(nbc.consumerRealmName()).users().get(userIdConsumerRealm).resetPassword(CredentialBuilder.create().password(USER_PASSWORD_CONSUMER_REALM).build());
    String sessionId1ProviderRealm = assertProviderLoginEventIdpClient(userIdProviderRealm);
    String sessionId1ConsumerRealm = assertConsumerLoginEventAccountManagement(userIdConsumerRealm);
    assertActiveSessionInClient(nbc.consumerRealmName(), accountClientIdConsumerRealm, userIdConsumerRealm, sessionId1ConsumerRealm);
    OAuthClient oauth2 = loginWithSecondBrowser(identityProvider2.getDisplayName());
    linkUsers(oauth2);
    String sessionId2ProviderRealm = assertProviderLoginEventIdpClient(userIdProviderRealm);
    String sessionId2ConsumerRealm = assertConsumerLoginEventAccountManagement(userIdConsumerRealm);
    assertActiveSessionInClient(nbc.consumerRealmName(), accountClientIdConsumerRealm, userIdConsumerRealm, sessionId2ConsumerRealm);
    String logoutTokenEncoded = getLogoutTokenEncodedAndSigned(userIdProviderRealm, sessionId1ProviderRealm);
    oauth.realm(nbc.consumerRealmName());
    try (CloseableHttpResponse response = oauth.doBackchannelLogout(logoutTokenEncoded)) {
        assertThat(response, Matchers.statusCodeIsHC(Response.Status.OK));
    }
    assertConsumerLogoutEvent(sessionId1ConsumerRealm, userIdConsumerRealm);
    assertNoSessionsInClient(nbc.consumerRealmName(), accountClientIdConsumerRealm, userIdConsumerRealm, sessionId1ConsumerRealm);
    assertActiveSessionInClient(nbc.consumerRealmName(), accountClientIdConsumerRealm, userIdConsumerRealm, sessionId2ConsumerRealm);
    assertActiveSessionInClient(nbc.providerRealmName(), brokerClientIdProviderRealm, userIdProviderRealm, sessionId1ProviderRealm);
    assertActiveSessionInClient(nbc.providerRealmName(), brokerClientIdProviderRealm, userIdProviderRealm, sessionId2ProviderRealm);
}
Also used : OAuthClient(org.keycloak.testsuite.util.OAuthClient) IdentityProviderRepresentation(org.keycloak.representations.idm.IdentityProviderRepresentation) CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse) CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString) AbstractNestedBrokerTest(org.keycloak.testsuite.broker.AbstractNestedBrokerTest) Test(org.junit.Test)

Example 5 with OAuthClient

use of org.keycloak.testsuite.util.OAuthClient in project keycloak by keycloak.

the class BackchannelLogoutTest method postBackchannelLogoutWithoutSessionIdMultipleOpenSessionDifferentIdentityProvider.

@Test
public void postBackchannelLogoutWithoutSessionIdMultipleOpenSessionDifferentIdentityProvider() throws Exception {
    IdentityProviderRepresentation identityProvider2 = addSecondIdentityProviderToConsumerRealm();
    String brokerClientIdProviderRealm = getClientId(nbc.providerRealmName(), BROKER_CLIENT_ID);
    logInAsUserInIDPForFirstTime();
    String userIdConsumerRealm = getUserIdConsumerRealm();
    adminClient.realm(nbc.consumerRealmName()).users().get(userIdConsumerRealm).resetPassword(CredentialBuilder.create().password(USER_PASSWORD_CONSUMER_REALM).build());
    String sessionId1ProviderRealm = assertProviderLoginEventIdpClient(userIdProviderRealm);
    String sessionId1ConsumerRealm = assertConsumerLoginEventAccountManagement(userIdConsumerRealm);
    assertActiveSessionInClient(nbc.consumerRealmName(), accountClientIdConsumerRealm, userIdConsumerRealm, sessionId1ConsumerRealm);
    OAuthClient oauth2 = loginWithSecondBrowser(identityProvider2.getDisplayName());
    linkUsers(oauth2);
    String sessionId2ProviderRealm = assertProviderLoginEventIdpClient(userIdProviderRealm);
    String sessionId2ConsumerRealm = assertConsumerLoginEventAccountManagement(userIdConsumerRealm);
    assertActiveSessionInClient(nbc.consumerRealmName(), accountClientIdConsumerRealm, userIdConsumerRealm, sessionId2ConsumerRealm);
    String logoutTokenEncoded = getLogoutTokenEncodedAndSigned(userIdProviderRealm);
    oauth.realm(nbc.consumerRealmName());
    try (CloseableHttpResponse response = oauth.doBackchannelLogout(logoutTokenEncoded)) {
        assertThat(response, Matchers.statusCodeIsHC(Response.Status.OK));
    }
    List<String> expectedSessionIdsInLogoutEvents = Arrays.asList(sessionId1ConsumerRealm, sessionId2ConsumerRealm);
    assertConsumerLogoutEvents(expectedSessionIdsInLogoutEvents, userIdConsumerRealm);
    assertNoSessionsInClient(nbc.consumerRealmName(), accountClientIdConsumerRealm, userIdConsumerRealm, sessionId1ConsumerRealm);
    assertNoSessionsInClient(nbc.consumerRealmName(), accountClientIdConsumerRealm, userIdConsumerRealm, sessionId2ConsumerRealm);
    assertActiveSessionInClient(nbc.providerRealmName(), brokerClientIdProviderRealm, userIdProviderRealm, sessionId1ProviderRealm);
    assertActiveSessionInClient(nbc.providerRealmName(), brokerClientIdProviderRealm, userIdProviderRealm, sessionId2ProviderRealm);
}
Also used : OAuthClient(org.keycloak.testsuite.util.OAuthClient) IdentityProviderRepresentation(org.keycloak.representations.idm.IdentityProviderRepresentation) CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse) CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString) AbstractNestedBrokerTest(org.keycloak.testsuite.broker.AbstractNestedBrokerTest) Test(org.junit.Test)

Aggregations

OAuthClient (org.keycloak.testsuite.util.OAuthClient)38 Test (org.junit.Test)30 AuthorizationRequest (org.keycloak.representations.idm.authorization.AuthorizationRequest)19 AuthorizationResponse (org.keycloak.representations.idm.authorization.AuthorizationResponse)19 AuthzClient (org.keycloak.authorization.client.AuthzClient)18 AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)17 ClientResource (org.keycloak.admin.client.resource.ClientResource)17 ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)16 JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)15 Response (javax.ws.rs.core.Response)12 TokenIntrospectionResponse (org.keycloak.authorization.client.representation.TokenIntrospectionResponse)12 AccessTokenResponse (org.keycloak.representations.AccessTokenResponse)12 PermissionResponse (org.keycloak.representations.idm.authorization.PermissionResponse)12 Permission (org.keycloak.representations.idm.authorization.Permission)11 ScopePermissionRepresentation (org.keycloak.representations.idm.authorization.ScopePermissionRepresentation)11 ResourcePermissionRepresentation (org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation)10 HttpResponseException (org.keycloak.authorization.client.util.HttpResponseException)9 AccessToken (org.keycloak.representations.AccessToken)5 IOException (java.io.IOException)4 EventRepresentation (org.keycloak.representations.idm.EventRepresentation)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial