Example 11 with AccessTokenResponse
use of org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse in project keycloak by keycloak.
the class TokenIntrospectionTest method testPublicClientCredentialsNotAllowed.
@Test
public void testPublicClientCredentialsNotAllowed() throws Exception {
oauth.doLogin("test-user@localhost", "password");
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
AccessTokenResponse accessTokenResponse = oauth.doAccessTokenRequest(code, "password");
String tokenResponse = oauth.introspectAccessTokenWithClientCredential("public-cli", "it_doesnt_matter", accessTokenResponse.getAccessToken());
OAuth2ErrorRepresentation errorRep = JsonSerialization.readValue(tokenResponse, OAuth2ErrorRepresentation.class);
Assert.assertEquals("Client not allowed.", errorRep.getErrorDescription());
Assert.assertEquals(OAuthErrorException.INVALID_REQUEST, errorRep.getError());
}
Also used :
OAuth2ErrorRepresentation(org.keycloak.representations.idm.OAuth2ErrorRepresentation)
AccessTokenResponse(org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse)
AbstractOIDCScopeTest(org.keycloak.testsuite.oidc.AbstractOIDCScopeTest)
OIDCScopeTest(org.keycloak.testsuite.oidc.OIDCScopeTest)
Test(org.junit.Test)
AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)
Example 12 with AccessTokenResponse
use of org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse in project keycloak by keycloak.
the class TokenIntrospectionTest method testIntrospectAccessToken.
private void testIntrospectAccessToken(String jwaAlgorithm) throws Exception {
try {
TokenSignatureUtil.changeClientAccessTokenSignatureProvider(ApiUtil.findClientByClientId(adminClient.realm("test"), "test-app"), jwaAlgorithm);
oauth.doLogin("test-user@localhost", "password");
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
EventRepresentation loginEvent = events.expectLogin().assertEvent();
AccessTokenResponse accessTokenResponse = oauth.doAccessTokenRequest(code, "password");
assertEquals(jwaAlgorithm, new JWSInput(accessTokenResponse.getAccessToken()).getHeader().getAlgorithm().name());
String tokenResponse = oauth.introspectAccessTokenWithClientCredential("confidential-cli", "secret1", accessTokenResponse.getAccessToken());
TokenMetadataRepresentation rep = JsonSerialization.readValue(tokenResponse, TokenMetadataRepresentation.class);
assertTrue(rep.isActive());
assertEquals("test-user@localhost", rep.getUserName());
assertEquals("test-app", rep.getClientId());
assertEquals(loginEvent.getUserId(), rep.getSubject());
// Assert expected scope
OIDCScopeTest.assertScopes("openid email profile", rep.getScope());
} finally {
TokenSignatureUtil.changeClientAccessTokenSignatureProvider(ApiUtil.findClientByClientId(adminClient.realm("test"), "test-app"), Algorithm.RS256);
}
}
Also used :
TokenMetadataRepresentation(org.keycloak.representations.oidc.TokenMetadataRepresentation)
EventRepresentation(org.keycloak.representations.idm.EventRepresentation)
JWSInput(org.keycloak.jose.jws.JWSInput)
AccessTokenResponse(org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse)
Example 13 with AccessTokenResponse
use of org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse in project keycloak by keycloak.
the class TokenIntrospectionTest method testIntrospectRefreshToken.
@Test
public void testIntrospectRefreshToken() throws Exception {
oauth.doLogin("test-user@localhost", "password");
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
EventRepresentation loginEvent = events.expectLogin().assertEvent();
String sessionId = loginEvent.getSessionId();
AccessTokenResponse accessTokenResponse = oauth.doAccessTokenRequest(code, "password");
String tokenResponse = oauth.introspectRefreshTokenWithClientCredential("confidential-cli", "secret1", accessTokenResponse.getRefreshToken());
ObjectMapper objectMapper = new ObjectMapper();
JsonNode jsonNode = objectMapper.readTree(tokenResponse);
assertTrue(jsonNode.get("active").asBoolean());
assertEquals(sessionId, jsonNode.get("session_state").asText());
assertEquals("test-app", jsonNode.get("client_id").asText());
assertTrue(jsonNode.has("exp"));
assertTrue(jsonNode.has("iat"));
assertFalse(jsonNode.has("nbf"));
assertTrue(jsonNode.has("sub"));
assertTrue(jsonNode.has("aud"));
assertTrue(jsonNode.has("iss"));
assertTrue(jsonNode.has("jti"));
assertTrue(jsonNode.has("typ"));
TokenMetadataRepresentation rep = objectMapper.readValue(tokenResponse, TokenMetadataRepresentation.class);
assertTrue(rep.isActive());
assertEquals("test-app", rep.getClientId());
assertEquals(jsonNode.get("session_state").asText(), rep.getSessionState());
assertEquals(jsonNode.get("exp").asInt(), rep.getExpiration());
assertEquals(jsonNode.get("iat").asInt(), rep.getIssuedAt());
assertEquals(jsonNode.get("nbf"), rep.getNbf());
assertEquals(jsonNode.get("iss").asText(), rep.getIssuer());
assertEquals(jsonNode.get("jti").asText(), rep.getId());
assertEquals(jsonNode.get("typ").asText(), "Refresh");
}
Also used :
TokenMetadataRepresentation(org.keycloak.representations.oidc.TokenMetadataRepresentation)
EventRepresentation(org.keycloak.representations.idm.EventRepresentation)
JsonNode(com.fasterxml.jackson.databind.JsonNode)
AccessTokenResponse(org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse)
ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)
AbstractOIDCScopeTest(org.keycloak.testsuite.oidc.AbstractOIDCScopeTest)
OIDCScopeTest(org.keycloak.testsuite.oidc.OIDCScopeTest)
Test(org.junit.Test)
AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)
Example 14 with AccessTokenResponse
use of org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse in project keycloak by keycloak.
the class TokenIntrospectionTest method testIntrospectWithSamlClient.
/**
* Test covers the same scenario from different endpoints like TokenEndpoint and LogoutEndpoint.
*/
@Test
public void testIntrospectWithSamlClient() throws Exception {
oauth.doLogin("test-user@localhost", "password");
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
events.expectLogin().assertEvent();
AccessTokenResponse accessTokenResponse = oauth.doAccessTokenRequest(code, "password");
String tokenResponse = oauth.introspectAccessTokenWithClientCredential("saml-client", "secret2", accessTokenResponse.getAccessToken());
TokenMetadataRepresentation rep = JsonSerialization.readValue(tokenResponse, TokenMetadataRepresentation.class);
assertEquals(Errors.INVALID_CLIENT, rep.getOtherClaims().get("error"));
assertNull(rep.getSubject());
}
Also used :
TokenMetadataRepresentation(org.keycloak.representations.oidc.TokenMetadataRepresentation)
AccessTokenResponse(org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse)
AbstractOIDCScopeTest(org.keycloak.testsuite.oidc.AbstractOIDCScopeTest)
OIDCScopeTest(org.keycloak.testsuite.oidc.OIDCScopeTest)
Test(org.junit.Test)
AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)
Example 15 with AccessTokenResponse
use of org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse in project keycloak by keycloak.
the class HoKTest method accessTokenRequestWithClientCertificate.
// Authorization Code Flow
// Bind HoK Token
@Test
public void accessTokenRequestWithClientCertificate() throws Exception {
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
String sessionId = loginEvent.getSessionId();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
AccessTokenResponse response;
try (CloseableHttpClient client = MutualTLSUtils.newCloseableHttpClientWithDefaultKeyStoreAndTrustStore()) {
response = oauth.doAccessTokenRequest(code, "password", client);
} catch (IOException ioe) {
throw new RuntimeException(ioe);
}
// Success Pattern
expectSuccessfulResponseFromTokenEndpoint(sessionId, codeId, response);
verifyHoKTokenDefaultCertThumbPrint(response);
}
Also used :
CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient)
EventRepresentation(org.keycloak.representations.idm.EventRepresentation)
IOException(java.io.IOException)
AccessTokenResponse(org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse)
RefreshTokenTest(org.keycloak.testsuite.oauth.RefreshTokenTest)
AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)
AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)
Aggregations
AccessTokenResponse (org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse)45
Test (org.junit.Test)29
AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)24
AccessToken (org.keycloak.representations.AccessToken)14
AbstractOIDCScopeTest (org.keycloak.testsuite.oidc.AbstractOIDCScopeTest)14
OIDCScopeTest (org.keycloak.testsuite.oidc.OIDCScopeTest)14
TokenMetadataRepresentation (org.keycloak.representations.oidc.TokenMetadataRepresentation)13
EventRepresentation (org.keycloak.representations.idm.EventRepresentation)12
AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)10
IOException (java.io.IOException)9
CloseableHttpClient (org.apache.http.impl.client.CloseableHttpClient)9
RefreshTokenTest (org.keycloak.testsuite.oauth.RefreshTokenTest)9
OAuthClient (org.keycloak.testsuite.util.OAuthClient)8
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)5
JsonNode (com.fasterxml.jackson.databind.JsonNode)4
RefreshToken (org.keycloak.representations.RefreshToken)4
Response (javax.ws.rs.core.Response)3
JWSInput (org.keycloak.jose.jws.JWSInput)3
ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)3
OAuth2ErrorRepresentation (org.keycloak.representations.idm.OAuth2ErrorRepresentation)3
