Example 36 with AccessTokenResponse
use of org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse in project keycloak by keycloak.
the class CompositeImportRoleTest method testRealmOnlyWithUserCompositeAppComposite.
@Test
public void testRealmOnlyWithUserCompositeAppComposite() throws Exception {
oauth.realm("test");
oauth.clientId("REALM_COMPOSITE_1_APPLICATION");
oauth.doLogin("REALM_COMPOSITE_1_USER", "password");
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
Assert.assertEquals(200, response.getStatusCode());
Assert.assertEquals("Bearer", response.getTokenType());
AccessToken token = oauth.verifyToken(response.getAccessToken());
Assert.assertEquals(getUserId("REALM_COMPOSITE_1_USER"), token.getSubject());
Assert.assertEquals(2, token.getRealmAccess().getRoles().size());
Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_COMPOSITE_1"));
Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
}
Also used :
AccessToken(org.keycloak.representations.AccessToken)
AccessTokenResponse(org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse)
Test(org.junit.Test)
Example 37 with AccessTokenResponse
use of org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse in project keycloak by keycloak.
the class HoKTest method refreshTokenRequestByRefreshTokenWithoutClientCertificate.
@Test
public void refreshTokenRequestByRefreshTokenWithoutClientCertificate() throws Exception {
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
String sessionId = loginEvent.getSessionId();
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
AccessTokenResponse tokenResponse = null;
tokenResponse = oauth.doAccessTokenRequest(code, "password");
verifyHoKTokenDefaultCertThumbPrint(tokenResponse);
AccessToken token = oauth.verifyToken(tokenResponse.getAccessToken());
String refreshTokenString = tokenResponse.getRefreshToken();
RefreshToken refreshToken = oauth.parseRefreshToken(refreshTokenString);
Assert.assertNotNull(refreshTokenString);
assertEquals("Bearer", tokenResponse.getTokenType());
Assert.assertThat(token.getExpiration() - getCurrentTime(), allOf(greaterThanOrEqualTo(200), lessThanOrEqualTo(350)));
int actual = refreshToken.getExpiration() - getCurrentTime();
Assert.assertThat(actual, allOf(greaterThanOrEqualTo(1799 - RefreshTokenTest.ALLOWED_CLOCK_SKEW), lessThanOrEqualTo(1800 + RefreshTokenTest.ALLOWED_CLOCK_SKEW)));
assertEquals(sessionId, refreshToken.getSessionState());
setTimeOffset(2);
AccessTokenResponse response = null;
try (CloseableHttpClient client = MutualTLSUtils.newCloseableHttpClientWithoutKeyStoreAndTrustStore()) {
response = oauth.doRefreshTokenRequest(refreshTokenString, "password", client);
} catch (IOException ioe) {
throw new RuntimeException(ioe);
}
// Error Pattern
assertEquals(401, response.getStatusCode());
assertEquals(OAuthErrorException.UNAUTHORIZED_CLIENT, response.getError());
assertEquals("Client certificate missing, or its thumbprint and one in the refresh token did NOT match", response.getErrorDescription());
}
Also used :
CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient)
RefreshToken(org.keycloak.representations.RefreshToken)
AccessToken(org.keycloak.representations.AccessToken)
EventRepresentation(org.keycloak.representations.idm.EventRepresentation)
IOException(java.io.IOException)
AccessTokenResponse(org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse)
RefreshTokenTest(org.keycloak.testsuite.oauth.RefreshTokenTest)
AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)
AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)
Example 38 with AccessTokenResponse
use of org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse in project keycloak by keycloak.
the class HoKTest method accessTokenRequestWithoutClientCertificate.
@Test
public void accessTokenRequestWithoutClientCertificate() throws Exception {
oauth.doLogin("test-user@localhost", "password");
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
AccessTokenResponse response;
try (CloseableHttpClient client = MutualTLSUtils.newCloseableHttpClientWithoutKeyStoreAndTrustStore()) {
response = oauth.doAccessTokenRequest(code, "password", client);
} catch (IOException ioe) {
throw new RuntimeException(ioe);
}
// Error Pattern
assertEquals(400, response.getStatusCode());
assertEquals(OAuthErrorException.INVALID_REQUEST, response.getError());
assertEquals("Client Certification missing for MTLS HoK Token Binding", response.getErrorDescription());
}
Also used :
CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient)
IOException(java.io.IOException)
AccessTokenResponse(org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse)
RefreshTokenTest(org.keycloak.testsuite.oauth.RefreshTokenTest)
AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)
AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)
Example 39 with AccessTokenResponse
use of org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse in project keycloak by keycloak.
the class HoKTest method refreshTokenRequestByHoKRefreshTokenByOtherClient.
// verify HoK Token - Token Refresh
@Test
public void refreshTokenRequestByHoKRefreshTokenByOtherClient() throws Exception {
// first client user login
oauth.doLogin("test-user@localhost", "password");
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
AccessTokenResponse tokenResponse = null;
try (CloseableHttpClient client = MutualTLSUtils.newCloseableHttpClientWithDefaultKeyStoreAndTrustStore()) {
tokenResponse = oauth.doAccessTokenRequest(code, "password", client);
} catch (IOException ioe) {
throw new RuntimeException(ioe);
}
verifyHoKTokenDefaultCertThumbPrint(tokenResponse);
String refreshTokenString = tokenResponse.getRefreshToken();
// second client user login
OAuthClient oauth2 = new OAuthClient();
oauth2.init(driver2);
oauth2.doLogin("john-doh@localhost", "password");
String code2 = oauth2.getCurrentQuery().get(OAuth2Constants.CODE);
AccessTokenResponse tokenResponse2 = null;
try (CloseableHttpClient client = MutualTLSUtils.newCloseableHttpClientWithOtherKeyStoreAndTrustStore()) {
tokenResponse2 = oauth2.doAccessTokenRequest(code2, "password", client);
} catch (IOException ioe) {
throw new RuntimeException(ioe);
}
verifyHoKTokenOtherCertThumbPrint(tokenResponse2);
// token refresh by second client by first client's refresh token
AccessTokenResponse response = null;
try (CloseableHttpClient client = MutualTLSUtils.newCloseableHttpClientWithOtherKeyStoreAndTrustStore()) {
response = oauth2.doRefreshTokenRequest(refreshTokenString, "password", client);
} catch (IOException ioe) {
throw new RuntimeException(ioe);
}
// Error Pattern
assertEquals(401, response.getStatusCode());
assertEquals(OAuthErrorException.UNAUTHORIZED_CLIENT, response.getError());
assertEquals("Client certificate missing, or its thumbprint and one in the refresh token did NOT match", response.getErrorDescription());
}
Also used :
CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient)
OAuthClient(org.keycloak.testsuite.util.OAuthClient)
IOException(java.io.IOException)
AccessTokenResponse(org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse)
RefreshTokenTest(org.keycloak.testsuite.oauth.RefreshTokenTest)
AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)
AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)
Example 40 with AccessTokenResponse
use of org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse in project keycloak by keycloak.
the class HoKTest method execPreProcessPostLogout.
private String execPreProcessPostLogout() throws Exception {
oauth.doLogin("test-user@localhost", "password");
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
oauth.clientSessionState("client-session");
AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code, "password");
verifyHoKTokenDefaultCertThumbPrint(tokenResponse);
return tokenResponse.getRefreshToken();
}
Also used :
AccessTokenResponse(org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse)
Aggregations
AccessTokenResponse (org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse)45
Test (org.junit.Test)29
AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)24
AccessToken (org.keycloak.representations.AccessToken)14
AbstractOIDCScopeTest (org.keycloak.testsuite.oidc.AbstractOIDCScopeTest)14
OIDCScopeTest (org.keycloak.testsuite.oidc.OIDCScopeTest)14
TokenMetadataRepresentation (org.keycloak.representations.oidc.TokenMetadataRepresentation)13
EventRepresentation (org.keycloak.representations.idm.EventRepresentation)12
AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)10
IOException (java.io.IOException)9
CloseableHttpClient (org.apache.http.impl.client.CloseableHttpClient)9
RefreshTokenTest (org.keycloak.testsuite.oauth.RefreshTokenTest)9
OAuthClient (org.keycloak.testsuite.util.OAuthClient)8
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)5
JsonNode (com.fasterxml.jackson.databind.JsonNode)4
RefreshToken (org.keycloak.representations.RefreshToken)4
Response (javax.ws.rs.core.Response)3
JWSInput (org.keycloak.jose.jws.JWSInput)3
ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)3
OAuth2ErrorRepresentation (org.keycloak.representations.idm.OAuth2ErrorRepresentation)3
