Examples with AccessTokenResponse org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse used on opensource projects

Search in sources :

Example 16 with AccessTokenResponse

use of org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse in project keycloak by keycloak.

the class HoKTest method getUserInfoByHoKAccessTokenWithoutClientCertificate.

@Test
public void getUserInfoByHoKAccessTokenWithoutClientCertificate() throws Exception {
    // get an access token
    oauth.doLogin("test-user@localhost", "password");
    EventRepresentation loginEvent = events.expectLogin().assertEvent();
    String sessionId = loginEvent.getSessionId();
    String codeId = loginEvent.getDetails().get(Details.CODE_ID);
    String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
    AccessTokenResponse tokenResponse = null;
    try (CloseableHttpClient client = MutualTLSUtils.newCloseableHttpClientWithDefaultKeyStoreAndTrustStore()) {
        tokenResponse = oauth.doAccessTokenRequest(code, "password", client);
    } catch (IOException ioe) {
        throw new RuntimeException(ioe);
    }
    verifyHoKTokenDefaultCertThumbPrint(tokenResponse);
    events.expectCodeToToken(codeId, sessionId).assertEvent();
    // execute the access token to get UserInfo without token binded client certificate in mutual authentication TLS
    ClientBuilder clientBuilder = ClientBuilder.newBuilder();
    Client client = clientBuilder.build();
    WebTarget userInfoTarget = null;
    Response response = null;
    try {
        userInfoTarget = UserInfoClientUtil.getUserInfoWebTarget(client);
        response = userInfoTarget.request().header(HttpHeaders.AUTHORIZATION, "Bearer " + tokenResponse.getAccessToken()).get();
        assertEquals(401, response.getStatus());
    } finally {
        response.close();
        client.close();
    }
}
Also used : AccessTokenResponse(org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse) Response(javax.ws.rs.core.Response) CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse) CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) IOException(java.io.IOException) WebTarget(javax.ws.rs.client.WebTarget) OAuthClient(org.keycloak.testsuite.util.OAuthClient) Client(javax.ws.rs.client.Client) CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) AccessTokenResponse(org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse) ClientBuilder(javax.ws.rs.client.ClientBuilder) RefreshTokenTest(org.keycloak.testsuite.oauth.RefreshTokenTest) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Example 17 with AccessTokenResponse

use of org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse in project keycloak by keycloak.

the class HoKTest method refreshTokenRequestByHoKRefreshTokenWithClientCertificate.

@Test
public void refreshTokenRequestByHoKRefreshTokenWithClientCertificate() throws Exception {
    oauth.doLogin("test-user@localhost", "password");
    EventRepresentation loginEvent = events.expectLogin().assertEvent();
    String sessionId = loginEvent.getSessionId();
    String codeId = loginEvent.getDetails().get(Details.CODE_ID);
    String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
    AccessTokenResponse tokenResponse = null;
    try (CloseableHttpClient client = MutualTLSUtils.newCloseableHttpClientWithDefaultKeyStoreAndTrustStore()) {
        tokenResponse = oauth.doAccessTokenRequest(code, "password", client);
    } catch (IOException ioe) {
        throw new RuntimeException(ioe);
    }
    verifyHoKTokenDefaultCertThumbPrint(tokenResponse);
    AccessToken token = oauth.verifyToken(tokenResponse.getAccessToken());
    String refreshTokenString = tokenResponse.getRefreshToken();
    RefreshToken refreshToken = oauth.parseRefreshToken(refreshTokenString);
    EventRepresentation tokenEvent = events.expectCodeToToken(codeId, sessionId).assertEvent();
    Assert.assertNotNull(refreshTokenString);
    assertEquals("Bearer", tokenResponse.getTokenType());
    Assert.assertThat(token.getExpiration() - getCurrentTime(), allOf(greaterThanOrEqualTo(200), lessThanOrEqualTo(350)));
    int actual = refreshToken.getExpiration() - getCurrentTime();
    Assert.assertThat(actual, allOf(greaterThanOrEqualTo(1799 - RefreshTokenTest.ALLOWED_CLOCK_SKEW), lessThanOrEqualTo(1800 + RefreshTokenTest.ALLOWED_CLOCK_SKEW)));
    assertEquals(sessionId, refreshToken.getSessionState());
    setTimeOffset(2);
    AccessTokenResponse response = null;
    try (CloseableHttpClient client = MutualTLSUtils.newCloseableHttpClientWithDefaultKeyStoreAndTrustStore()) {
        response = oauth.doRefreshTokenRequest(refreshTokenString, "password", client);
    } catch (IOException ioe) {
        throw new RuntimeException(ioe);
    }
    // Success Pattern
    expectSuccessfulResponseFromTokenEndpoint(response, sessionId, token, refreshToken, tokenEvent);
    verifyHoKTokenDefaultCertThumbPrint(response);
}
Also used : CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) RefreshToken(org.keycloak.representations.RefreshToken) AccessToken(org.keycloak.representations.AccessToken) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) IOException(java.io.IOException) AccessTokenResponse(org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse) RefreshTokenTest(org.keycloak.testsuite.oauth.RefreshTokenTest) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Example 18 with AccessTokenResponse

use of org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse in project keycloak by keycloak.

the class HoKTest method getUserInfoByHoKAccessTokenWithClientCertificate.

// verify HoK Token - Get UserInfo
@Test
public void getUserInfoByHoKAccessTokenWithClientCertificate() throws Exception {
    // get an access token
    oauth.doLogin("test-user@localhost", "password");
    EventRepresentation loginEvent = events.expectLogin().assertEvent();
    String sessionId = loginEvent.getSessionId();
    String codeId = loginEvent.getDetails().get(Details.CODE_ID);
    String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
    AccessTokenResponse tokenResponse = null;
    try (CloseableHttpClient client = MutualTLSUtils.newCloseableHttpClientWithDefaultKeyStoreAndTrustStore()) {
        tokenResponse = oauth.doAccessTokenRequest(code, "password", client);
    } catch (IOException ioe) {
        throw new RuntimeException(ioe);
    }
    verifyHoKTokenDefaultCertThumbPrint(tokenResponse);
    events.expectCodeToToken(codeId, sessionId).assertEvent();
    // execute the access token to get UserInfo with token binded client certificate in mutual authentication TLS
    ClientBuilder clientBuilder = ClientBuilder.newBuilder();
    KeyStore keystore = null;
    keystore = KeystoreUtil.loadKeyStore(MutualTLSUtils.DEFAULT_KEYSTOREPATH, MutualTLSUtils.DEFAULT_KEYSTOREPASSWORD);
    clientBuilder.keyStore(keystore, MutualTLSUtils.DEFAULT_KEYSTOREPASSWORD);
    Client client = clientBuilder.build();
    WebTarget userInfoTarget = null;
    Response response = null;
    try {
        userInfoTarget = UserInfoClientUtil.getUserInfoWebTarget(client);
        response = userInfoTarget.request().header(HttpHeaders.AUTHORIZATION, "Bearer " + tokenResponse.getAccessToken()).get();
        testSuccessfulUserInfoResponse(response);
    } finally {
        response.close();
        client.close();
    }
}
Also used : AccessTokenResponse(org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse) Response(javax.ws.rs.core.Response) CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse) CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) IOException(java.io.IOException) WebTarget(javax.ws.rs.client.WebTarget) OAuthClient(org.keycloak.testsuite.util.OAuthClient) Client(javax.ws.rs.client.Client) CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) AccessTokenResponse(org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse) KeyStore(java.security.KeyStore) ClientBuilder(javax.ws.rs.client.ClientBuilder) RefreshTokenTest(org.keycloak.testsuite.oauth.RefreshTokenTest) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Example 19 with AccessTokenResponse

use of org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse in project keycloak by keycloak.

the class ConsentsTest method clientConsentRequiredAfterLogin.

@Test
public void clientConsentRequiredAfterLogin() {
    oauth.realm(TEST_REALM_NAME).clientId("test-app");
    AuthorizationEndpointResponse response = oauth.doLogin("test-user@localhost", "password");
    AccessTokenResponse accessTokenResponse = oauth.doAccessTokenRequest(response.getCode(), "password");
    Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
    Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE));
    EventRepresentation loginEvent = events.expectLogin().detail(Details.USERNAME, "test-user@localhost").assertEvent();
    String sessionId = loginEvent.getSessionId();
    ClientRepresentation clientRepresentation = adminClient.realm(TEST_REALM_NAME).clients().findByClientId("test-app").get(0);
    try {
        clientRepresentation.setConsentRequired(true);
        adminClient.realm(TEST_REALM_NAME).clients().get(clientRepresentation.getId()).update(clientRepresentation);
        events.clear();
        // try to refresh the token
        // this fails as client no longer has requested consent from user
        AccessTokenResponse refreshTokenResponse = oauth.doRefreshTokenRequest(accessTokenResponse.getRefreshToken(), "password");
        Assert.assertEquals(OAuthErrorException.INVALID_SCOPE, refreshTokenResponse.getError());
        Assert.assertEquals("Client no longer has requested consent from user", refreshTokenResponse.getErrorDescription());
        events.expectRefresh(accessTokenResponse.getRefreshToken(), sessionId).clearDetails().error(Errors.INVALID_TOKEN).assertEvent();
    } finally {
        clientRepresentation.setConsentRequired(false);
        adminClient.realm(TEST_REALM_NAME).clients().get(clientRepresentation.getId()).update(clientRepresentation);
    }
}
Also used : AuthorizationEndpointResponse(org.keycloak.testsuite.util.OAuthClient.AuthorizationEndpointResponse) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) AccessTokenResponse(org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) Test(org.junit.Test) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)

Example 20 with AccessTokenResponse

use of org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse in project keycloak by keycloak.

the class RealmTest method clientSessionStats.

@Test
public void clientSessionStats() {
    setupTestAppAndUser();
    List<Map<String, String>> sessionStats = realm.getClientSessionStats();
    assertTrue(sessionStats.isEmpty());
    System.out.println(sessionStats.size());
    oauth.doLogin("testuser", "password");
    AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(oauth.getCurrentQuery().get(OAuth2Constants.CODE), "secret");
    assertEquals(200, tokenResponse.getStatusCode());
    sessionStats = realm.getClientSessionStats();
    assertEquals(1, sessionStats.size());
    assertEquals("test-app", sessionStats.get(0).get("clientId"));
    assertEquals("1", sessionStats.get(0).get("active"));
    String clientUuid = sessionStats.get(0).get("id");
    realm.clients().get(clientUuid).remove();
    sessionStats = realm.getClientSessionStats();
    assertEquals(0, sessionStats.size());
}
Also used : AccessTokenResponse(org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse) AbstractAdminTest(org.keycloak.testsuite.admin.AbstractAdminTest) Test(org.junit.Test)

Aggregations

AccessTokenResponse (org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse)45 Test (org.junit.Test)29 AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)24 AccessToken (org.keycloak.representations.AccessToken)14 AbstractOIDCScopeTest (org.keycloak.testsuite.oidc.AbstractOIDCScopeTest)14 OIDCScopeTest (org.keycloak.testsuite.oidc.OIDCScopeTest)14 TokenMetadataRepresentation (org.keycloak.representations.oidc.TokenMetadataRepresentation)13 EventRepresentation (org.keycloak.representations.idm.EventRepresentation)12 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)10 IOException (java.io.IOException)9 CloseableHttpClient (org.apache.http.impl.client.CloseableHttpClient)9 RefreshTokenTest (org.keycloak.testsuite.oauth.RefreshTokenTest)9 OAuthClient (org.keycloak.testsuite.util.OAuthClient)8 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)5 JsonNode (com.fasterxml.jackson.databind.JsonNode)4 RefreshToken (org.keycloak.representations.RefreshToken)4 Response (javax.ws.rs.core.Response)3 JWSInput (org.keycloak.jose.jws.JWSInput)3 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)3 OAuth2ErrorRepresentation (org.keycloak.representations.idm.OAuth2ErrorRepresentation)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial