Examples with ParResponse org.keycloak.testsuite.util.OAuthClient.ParResponse used on opensource projects

Search in sources :

Example 6 with ParResponse

use of org.keycloak.testsuite.util.OAuthClient.ParResponse in project keycloak by keycloak.

the class ParTest method testFailureParIncludesInvalidScope.

// PAR including invalid scope
@Test
public void testFailureParIncludesInvalidScope() throws Exception {
    // create client dynamically
    String clientId = createClientDynamically(generateSuffixedName(CLIENT_NAME), (OIDCClientRepresentation clientRep) -> {
        clientRep.setRedirectUris(new ArrayList<String>(Arrays.asList(CLIENT_REDIRECT_URI)));
    });
    OIDCClientRepresentation oidcCRep = getClientDynamically(clientId);
    String clientSecret = oidcCRep.getClientSecret();
    assertEquals(Boolean.FALSE, oidcCRep.getRequirePushedAuthorizationRequests());
    assertTrue(oidcCRep.getRedirectUris().contains(CLIENT_REDIRECT_URI));
    // Pushed Authorization Request
    oauth.clientId(clientId);
    oauth.redirectUri(CLIENT_REDIRECT_URI);
    oauth.scope("not_registered_scope");
    ParResponse pResp = oauth.doPushedAuthorizationRequest(clientId, clientSecret);
    assertEquals(400, pResp.getStatusCode());
    assertEquals(OAuthErrorException.INVALID_REQUEST, pResp.getError());
    assertEquals("Invalid scopes: openid not_registered_scope", pResp.getErrorDescription());
}
Also used : ParResponse(org.keycloak.testsuite.util.OAuthClient.ParResponse) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) AbstractClientPoliciesTest(org.keycloak.testsuite.client.AbstractClientPoliciesTest) Test(org.junit.Test)

Example 7 with ParResponse

use of org.keycloak.testsuite.util.OAuthClient.ParResponse in project keycloak by keycloak.

the class ParTest method testFailureParInvalidPkceSetting.

// PAR invalid PKCE setting
@Test
public void testFailureParInvalidPkceSetting() throws Exception {
    // create client dynamically
    String clientId = createClientDynamically(generateSuffixedName(CLIENT_NAME), (OIDCClientRepresentation clientRep) -> {
        clientRep.setRequirePushedAuthorizationRequests(Boolean.TRUE);
        clientRep.setRedirectUris(new ArrayList<String>(Arrays.asList(CLIENT_REDIRECT_URI)));
    });
    OIDCClientRepresentation oidcCRep = getClientDynamically(clientId);
    String clientSecret = oidcCRep.getClientSecret();
    assertEquals(Boolean.TRUE, oidcCRep.getRequirePushedAuthorizationRequests());
    assertTrue(oidcCRep.getRedirectUris().contains(CLIENT_REDIRECT_URI));
    updateClientByAdmin(clientId, (ClientRepresentation cRep) -> {
        OIDCAdvancedConfigWrapper.fromClientRepresentation(cRep).setPkceCodeChallengeMethod("S256");
    });
    // Pushed Authorization Request
    oauth.clientId(clientId);
    oauth.redirectUri(CLIENT_REDIRECT_URI);
    ParResponse pResp = oauth.doPushedAuthorizationRequest(clientId, clientSecret);
    assertEquals(400, pResp.getStatusCode());
    assertEquals(OAuthErrorException.INVALID_REQUEST, pResp.getError());
    assertEquals("Missing parameter: code_challenge_method", pResp.getErrorDescription());
}
Also used : ParResponse(org.keycloak.testsuite.util.OAuthClient.ParResponse) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) AbstractClientPoliciesTest(org.keycloak.testsuite.client.AbstractClientPoliciesTest) Test(org.junit.Test)

Example 8 with ParResponse

use of org.keycloak.testsuite.util.OAuthClient.ParResponse in project keycloak by keycloak.

the class ParTest method testFailureClientAuthnFailed.

// client authentication failed
@Test
public void testFailureClientAuthnFailed() throws Exception {
    // create client dynamically
    String clientId = createClientDynamically(generateSuffixedName(CLIENT_NAME), (OIDCClientRepresentation clientRep) -> {
        clientRep.setRequirePushedAuthorizationRequests(Boolean.TRUE);
        clientRep.setRedirectUris(new ArrayList<String>(Arrays.asList(CLIENT_REDIRECT_URI)));
    });
    OIDCClientRepresentation oidcCRep = getClientDynamically(clientId);
    String clientSecret = oidcCRep.getClientSecret();
    assertEquals(Boolean.TRUE, oidcCRep.getRequirePushedAuthorizationRequests());
    assertTrue(oidcCRep.getRedirectUris().contains(CLIENT_REDIRECT_URI));
    assertEquals(OIDCLoginProtocol.CLIENT_SECRET_BASIC, oidcCRep.getTokenEndpointAuthMethod());
    // Pushed Authorization Request
    oauth.clientId(clientId);
    oauth.redirectUri(CLIENT_REDIRECT_URI);
    ParResponse pResp = oauth.doPushedAuthorizationRequest(clientId, clientSecret + "abc");
    assertEquals(401, pResp.getStatusCode());
    assertEquals(OAuthErrorException.INVALID_REQUEST, pResp.getError());
    assertEquals("Authentication failed.", pResp.getErrorDescription());
}
Also used : ParResponse(org.keycloak.testsuite.util.OAuthClient.ParResponse) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) AbstractClientPoliciesTest(org.keycloak.testsuite.client.AbstractClientPoliciesTest) Test(org.junit.Test)

Example 9 with ParResponse

use of org.keycloak.testsuite.util.OAuthClient.ParResponse in project keycloak by keycloak.

the class ParTest method testSuccessfulSinglePar.

// success with one client conducting one authz request
@Test
public void testSuccessfulSinglePar() throws Exception {
    try {
        // setup PAR realm settings
        int requestUriLifespan = 45;
        setParRealmSettings(requestUriLifespan);
        // create client dynamically
        String clientId = createClientDynamically(generateSuffixedName(CLIENT_NAME), (OIDCClientRepresentation clientRep) -> {
            clientRep.setRequirePushedAuthorizationRequests(Boolean.TRUE);
            clientRep.setRedirectUris(new ArrayList<String>(Arrays.asList(CLIENT_REDIRECT_URI)));
        });
        OIDCClientRepresentation oidcCRep = getClientDynamically(clientId);
        String clientSecret = oidcCRep.getClientSecret();
        assertEquals(Boolean.TRUE, oidcCRep.getRequirePushedAuthorizationRequests());
        assertTrue(oidcCRep.getRedirectUris().contains(CLIENT_REDIRECT_URI));
        assertEquals(OIDCLoginProtocol.CLIENT_SECRET_BASIC, oidcCRep.getTokenEndpointAuthMethod());
        // Pushed Authorization Request
        oauth.clientId(clientId);
        oauth.redirectUri(CLIENT_REDIRECT_URI);
        ParResponse pResp = oauth.doPushedAuthorizationRequest(clientId, clientSecret);
        assertEquals(201, pResp.getStatusCode());
        String requestUri = pResp.getRequestUri();
        assertEquals(requestUriLifespan, pResp.getExpiresIn());
        // Authorization Request with request_uri of PAR
        // remove parameters as query strings of uri
        oauth.redirectUri(null);
        oauth.scope(null);
        oauth.responseType(null);
        oauth.requestUri(requestUri);
        String state = oauth.stateParamRandom().getState();
        oauth.stateParamHardcoded(state);
        OAuthClient.AuthorizationEndpointResponse loginResponse = oauth.doLogin(TEST_USER_NAME, TEST_USER_PASSWORD);
        assertEquals(state, loginResponse.getState());
        String code = loginResponse.getCode();
        String sessionId = loginResponse.getSessionState();
        // Token Request
        // get tokens, it needed. https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.3
        oauth.redirectUri(CLIENT_REDIRECT_URI);
        OAuthClient.AccessTokenResponse res = oauth.doAccessTokenRequest(code, clientSecret);
        assertEquals(200, res.getStatusCode());
        AccessToken token = oauth.verifyToken(res.getAccessToken());
        String userId = findUserByUsername(adminClient.realm(REALM_NAME), TEST_USER_NAME).getId();
        assertEquals(userId, token.getSubject());
        assertEquals(sessionId, token.getSessionState());
        Assert.assertNotEquals(TEST_USER_NAME, token.getSubject());
        assertEquals(clientId, token.getIssuedFor());
        // Token Refresh
        String refreshTokenString = res.getRefreshToken();
        RefreshToken refreshToken = oauth.parseRefreshToken(refreshTokenString);
        assertEquals(sessionId, refreshToken.getSessionState());
        assertEquals(clientId, refreshToken.getIssuedFor());
        OAuthClient.AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(refreshTokenString, clientSecret);
        assertEquals(200, refreshResponse.getStatusCode());
        AccessToken refreshedToken = oauth.verifyToken(refreshResponse.getAccessToken());
        RefreshToken refreshedRefreshToken = oauth.parseRefreshToken(refreshResponse.getRefreshToken());
        assertEquals(sessionId, refreshedToken.getSessionState());
        assertEquals(sessionId, refreshedRefreshToken.getSessionState());
        assertEquals(findUserByUsername(adminClient.realm(REALM_NAME), TEST_USER_NAME).getId(), refreshedToken.getSubject());
        // Logout
        oauth.doLogout(refreshResponse.getRefreshToken(), clientSecret);
        refreshResponse = oauth.doRefreshTokenRequest(refreshResponse.getRefreshToken(), clientSecret);
        assertEquals(400, refreshResponse.getStatusCode());
    } finally {
        restoreParRealmSettings();
    }
}
Also used : RefreshToken(org.keycloak.representations.RefreshToken) ParResponse(org.keycloak.testsuite.util.OAuthClient.ParResponse) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) OAuthClient(org.keycloak.testsuite.util.OAuthClient) AccessToken(org.keycloak.representations.AccessToken) AbstractClientPoliciesTest(org.keycloak.testsuite.client.AbstractClientPoliciesTest) Test(org.junit.Test)

Example 10 with ParResponse

use of org.keycloak.testsuite.util.OAuthClient.ParResponse in project keycloak by keycloak.

the class ParTest method testFailureInvalidPar.

// invalid PAR
@Test
public void testFailureInvalidPar() throws Exception {
    // create client dynamically
    String clientId = createClientDynamically(generateSuffixedName(CLIENT_NAME), (OIDCClientRepresentation clientRep) -> {
        clientRep.setRedirectUris(new ArrayList<String>(Arrays.asList(CLIENT_REDIRECT_URI)));
    });
    OIDCClientRepresentation oidcCRep = getClientDynamically(clientId);
    String clientSecret = oidcCRep.getClientSecret();
    assertEquals(Boolean.FALSE, oidcCRep.getRequirePushedAuthorizationRequests());
    assertTrue(oidcCRep.getRedirectUris().contains(CLIENT_REDIRECT_URI));
    updateClientByAdmin(clientId, (ClientRepresentation cRep) -> {
        OIDCAdvancedConfigWrapper.fromClientRepresentation(cRep).setRequestObjectRequired(OIDCConfigAttributes.REQUEST_OBJECT_REQUIRED_REQUEST);
    });
    // Pushed Authorization Request
    oauth.clientId(clientId);
    oauth.redirectUri(CLIENT_REDIRECT_URI);
    ParResponse pResp = oauth.doPushedAuthorizationRequest(clientId, clientSecret);
    assertEquals(400, pResp.getStatusCode());
    assertEquals(OAuthErrorException.INVALID_REQUEST_OBJECT, pResp.getError());
}
Also used : ParResponse(org.keycloak.testsuite.util.OAuthClient.ParResponse) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) AbstractClientPoliciesTest(org.keycloak.testsuite.client.AbstractClientPoliciesTest) Test(org.junit.Test)

Aggregations

Test (org.junit.Test)21 OIDCClientRepresentation (org.keycloak.representations.oidc.OIDCClientRepresentation)21 AbstractClientPoliciesTest (org.keycloak.testsuite.client.AbstractClientPoliciesTest)21 ParResponse (org.keycloak.testsuite.util.OAuthClient.ParResponse)21 OAuthClient (org.keycloak.testsuite.util.OAuthClient)10 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)8 ClientResource (org.keycloak.admin.client.resource.ClientResource)5 UriBuilder (javax.ws.rs.core.UriBuilder)4 TestOIDCEndpointsApplicationResource (org.keycloak.testsuite.client.resources.TestOIDCEndpointsApplicationResource)4 TestingOIDCEndpointsApplicationResource (org.keycloak.testsuite.rest.resource.TestingOIDCEndpointsApplicationResource)4 AccessToken (org.keycloak.representations.AccessToken)3 IDToken (org.keycloak.representations.IDToken)3 CloseableHttpResponse (org.apache.http.client.methods.CloseableHttpResponse)2 RefreshToken (org.keycloak.representations.RefreshToken)1 ClientPoliciesBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPoliciesBuilder)1 ClientPolicyBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPolicyBuilder)1 ClientProfileBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfileBuilder)1 ClientProfilesBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfilesBuilder)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial