Examples with ParResponse org.keycloak.testsuite.util.OAuthClient.ParResponse used on opensource projects

Search in sources :

Example 16 with ParResponse

use of org.keycloak.testsuite.util.OAuthClient.ParResponse in project keycloak by keycloak.

the class ParTest method testExtendedClientPolicyIntefacesForPar.

@Test
public void testExtendedClientPolicyIntefacesForPar() throws Exception {
    // create client dynamically
    String clientId = createClientDynamically(generateSuffixedName(CLIENT_NAME), (OIDCClientRepresentation clientRep) -> {
        clientRep.setRequirePushedAuthorizationRequests(Boolean.TRUE);
        clientRep.setRedirectUris(new ArrayList<String>(Arrays.asList(CLIENT_REDIRECT_URI)));
    });
    OIDCClientRepresentation oidcCRep = getClientDynamically(clientId);
    String clientSecret = oidcCRep.getClientSecret();
    assertEquals(Boolean.TRUE, oidcCRep.getRequirePushedAuthorizationRequests());
    assertTrue(oidcCRep.getRedirectUris().contains(CLIENT_REDIRECT_URI));
    assertEquals(OIDCLoginProtocol.CLIENT_SECRET_BASIC, oidcCRep.getTokenEndpointAuthMethod());
    // register profiles
    String json = (new ClientProfilesBuilder()).addProfile((new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Den Forste Profilen").addExecutor(TestRaiseExeptionExecutorFactory.PROVIDER_ID, null).toRepresentation()).toString();
    updateProfiles(json);
    // register role policy
    String roleName = "sample-client-role-alpha";
    json = (new ClientPoliciesBuilder()).addPolicy((new ClientPolicyBuilder()).createPolicy(POLICY_NAME, "Den Forste Politikken", Boolean.TRUE).addCondition(ClientRolesConditionFactory.PROVIDER_ID, createClientRolesConditionConfig(Arrays.asList(roleName))).addProfile(PROFILE_NAME).toRepresentation()).toString();
    updatePolicies(json);
    // Add role to the client
    ClientResource clientResource = ApiUtil.findClientByClientId(adminClient.realm(REALM_NAME), clientId);
    clientResource.roles().create(RoleBuilder.create().name(roleName).build());
    // Pushed Authorization Request
    oauth.clientId(clientId);
    oauth.redirectUri(CLIENT_REDIRECT_URI);
    ParResponse response = oauth.doPushedAuthorizationRequest(clientId, clientSecret);
    assertEquals(400, response.getStatusCode());
    assertEquals(ClientPolicyEvent.PUSHED_AUTHORIZATION_REQUEST.toString(), response.getError());
    assertEquals("Exception thrown intentionally", response.getErrorDescription());
}
Also used : ClientProfileBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfileBuilder) ParResponse(org.keycloak.testsuite.util.OAuthClient.ParResponse) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) ClientProfilesBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfilesBuilder) ClientPoliciesBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPoliciesBuilder) ClientPolicyBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPolicyBuilder) ClientResource(org.keycloak.admin.client.resource.ClientResource) AbstractClientPoliciesTest(org.keycloak.testsuite.client.AbstractClientPoliciesTest) Test(org.junit.Test)

Example 17 with ParResponse

use of org.keycloak.testsuite.util.OAuthClient.ParResponse in project keycloak by keycloak.

the class ParTest method testFailureParIncludesRequestUri.

// PAR including request_uri
@Test
public void testFailureParIncludesRequestUri() throws Exception {
    // create client dynamically
    String clientId = createClientDynamically(generateSuffixedName(CLIENT_NAME), (OIDCClientRepresentation clientRep) -> {
        clientRep.setRequirePushedAuthorizationRequests(Boolean.FALSE);
        clientRep.setRedirectUris(new ArrayList<String>(Arrays.asList(CLIENT_REDIRECT_URI)));
    });
    OIDCClientRepresentation oidcCRep = getClientDynamically(clientId);
    String clientSecret = oidcCRep.getClientSecret();
    assertEquals(Boolean.FALSE, oidcCRep.getRequirePushedAuthorizationRequests());
    assertTrue(oidcCRep.getRedirectUris().contains(CLIENT_REDIRECT_URI));
    // Pushed Authorization Request
    oauth.clientId(clientId);
    oauth.redirectUri(CLIENT_REDIRECT_URI);
    oauth.requestUri(IMAGINARY_REQUEST_URI);
    ParResponse pResp = oauth.doPushedAuthorizationRequest(clientId, clientSecret);
    assertEquals(400, pResp.getStatusCode());
    assertEquals(OAuthErrorException.INVALID_REQUEST, pResp.getError());
    assertEquals("It is not allowed to include request_uri to PAR.", pResp.getErrorDescription());
}
Also used : ParResponse(org.keycloak.testsuite.util.OAuthClient.ParResponse) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) AbstractClientPoliciesTest(org.keycloak.testsuite.client.AbstractClientPoliciesTest) Test(org.junit.Test)

Example 18 with ParResponse

use of org.keycloak.testsuite.util.OAuthClient.ParResponse in project keycloak by keycloak.

the class ParTest method testWrongSigningAlgorithmForRequestObject.

@Test
public void testWrongSigningAlgorithmForRequestObject() throws Exception {
    try {
        // setup PAR realm settings
        int requestUriLifespan = 45;
        setParRealmSettings(requestUriLifespan);
        // create client dynamically
        String clientId = createClientDynamically(generateSuffixedName(CLIENT_NAME), (OIDCClientRepresentation clientRep) -> {
            clientRep.setRequirePushedAuthorizationRequests(Boolean.TRUE);
            clientRep.setRedirectUris(new ArrayList<>(Arrays.asList(CLIENT_REDIRECT_URI)));
            clientRep.setRequestObjectSigningAlg(Algorithm.PS256);
        });
        oauth.clientId(clientId);
        OIDCClientRepresentation oidcCRep = getClientDynamically(clientId);
        String clientSecret = oidcCRep.getClientSecret();
        assertEquals(Boolean.TRUE, oidcCRep.getRequirePushedAuthorizationRequests());
        assertTrue(oidcCRep.getRedirectUris().contains(CLIENT_REDIRECT_URI));
        assertEquals(OIDCLoginProtocol.CLIENT_SECRET_BASIC, oidcCRep.getTokenEndpointAuthMethod());
        TestingOIDCEndpointsApplicationResource.AuthorizationEndpointRequestObject requestObject = new TestingOIDCEndpointsApplicationResource.AuthorizationEndpointRequestObject();
        requestObject.id(KeycloakModelUtils.generateId());
        requestObject.iat(Long.valueOf(Time.currentTime()));
        requestObject.exp(requestObject.getIat() + Long.valueOf(300));
        requestObject.nbf(requestObject.getIat());
        requestObject.setClientId(oauth.getClientId());
        requestObject.setResponseType("code");
        requestObject.setRedirectUriParam(CLIENT_REDIRECT_URI);
        requestObject.setScope("openid");
        requestObject.setNonce(KeycloakModelUtils.generateId());
        byte[] contentBytes = JsonSerialization.writeValueAsBytes(requestObject);
        String encodedRequestObject = Base64Url.encode(contentBytes);
        TestOIDCEndpointsApplicationResource client = testingClient.testApp().oidcClientEndpoints();
        // use and set jwks_url
        ClientResource clientResource = ApiUtil.findClientByClientId(adminClient.realm(oauth.getRealm()), oauth.getClientId());
        ClientRepresentation clientRep = clientResource.toRepresentation();
        OIDCAdvancedConfigWrapper.fromClientRepresentation(clientRep).setUseJwksUrl(true);
        OIDCAdvancedConfigWrapper.fromClientRepresentation(clientRep).setJwksUrl(TestApplicationResourceUrls.clientJwksUri());
        clientResource.update(clientRep);
        client.generateKeys(org.keycloak.crypto.Algorithm.RS256);
        client.registerOIDCRequest(encodedRequestObject, org.keycloak.crypto.Algorithm.RS256);
        // do not send any other parameter but the request request parameter
        oauth.request(client.getOIDCRequest());
        oauth.responseType(null);
        oauth.redirectUri(null);
        oauth.scope(null);
        ParResponse pResp = oauth.doPushedAuthorizationRequest(clientId, clientSecret);
        assertEquals(400, pResp.getStatusCode());
        assertEquals(OAuthErrorException.INVALID_REQUEST_OBJECT, pResp.getError());
    } finally {
        restoreParRealmSettings();
    }
}
Also used : TestOIDCEndpointsApplicationResource(org.keycloak.testsuite.client.resources.TestOIDCEndpointsApplicationResource) ParResponse(org.keycloak.testsuite.util.OAuthClient.ParResponse) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) ClientResource(org.keycloak.admin.client.resource.ClientResource) TestingOIDCEndpointsApplicationResource(org.keycloak.testsuite.rest.resource.TestingOIDCEndpointsApplicationResource) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) AbstractClientPoliciesTest(org.keycloak.testsuite.client.AbstractClientPoliciesTest) Test(org.junit.Test)

Example 19 with ParResponse

use of org.keycloak.testsuite.util.OAuthClient.ParResponse in project keycloak by keycloak.

the class ParTest method testRequestParameterPrecedenceOverOtherParameters.

@Test
public void testRequestParameterPrecedenceOverOtherParameters() throws Exception {
    try {
        // setup PAR realm settings
        int requestUriLifespan = 45;
        setParRealmSettings(requestUriLifespan);
        // create client dynamically
        String clientId = createClientDynamically(generateSuffixedName(CLIENT_NAME), (OIDCClientRepresentation clientRep) -> {
            clientRep.setRequirePushedAuthorizationRequests(Boolean.TRUE);
            clientRep.setRedirectUris(new ArrayList<>(Arrays.asList(CLIENT_REDIRECT_URI)));
        });
        oauth.clientId(clientId);
        OIDCClientRepresentation oidcCRep = getClientDynamically(clientId);
        String clientSecret = oidcCRep.getClientSecret();
        assertEquals(Boolean.TRUE, oidcCRep.getRequirePushedAuthorizationRequests());
        assertTrue(oidcCRep.getRedirectUris().contains(CLIENT_REDIRECT_URI));
        assertEquals(OIDCLoginProtocol.CLIENT_SECRET_BASIC, oidcCRep.getTokenEndpointAuthMethod());
        TestingOIDCEndpointsApplicationResource.AuthorizationEndpointRequestObject requestObject = new TestingOIDCEndpointsApplicationResource.AuthorizationEndpointRequestObject();
        requestObject.id(KeycloakModelUtils.generateId());
        requestObject.iat(Long.valueOf(Time.currentTime()));
        requestObject.exp(requestObject.getIat() + Long.valueOf(300));
        requestObject.nbf(requestObject.getIat());
        requestObject.setClientId(oauth.getClientId());
        requestObject.setResponseType("code");
        requestObject.setRedirectUriParam(CLIENT_REDIRECT_URI);
        requestObject.setScope("openid");
        requestObject.setNonce(KeycloakModelUtils.generateId());
        requestObject.setState(oauth.stateParamRandom().getState());
        byte[] contentBytes = JsonSerialization.writeValueAsBytes(requestObject);
        String encodedRequestObject = Base64Url.encode(contentBytes);
        TestOIDCEndpointsApplicationResource client = testingClient.testApp().oidcClientEndpoints();
        // use and set jwks_url
        ClientResource clientResource = ApiUtil.findClientByClientId(adminClient.realm(oauth.getRealm()), oauth.getClientId());
        ClientRepresentation clientRep = clientResource.toRepresentation();
        OIDCAdvancedConfigWrapper.fromClientRepresentation(clientRep).setUseJwksUrl(true);
        OIDCAdvancedConfigWrapper.fromClientRepresentation(clientRep).setJwksUrl(TestApplicationResourceUrls.clientJwksUri());
        clientResource.update(clientRep);
        client.generateKeys(org.keycloak.crypto.Algorithm.RS256);
        client.registerOIDCRequest(encodedRequestObject, org.keycloak.crypto.Algorithm.RS256);
        // do not send any other parameter but the request request parameter
        oauth.request(client.getOIDCRequest());
        oauth.responseType("code id_token");
        oauth.redirectUri("http://invalid");
        oauth.scope(null);
        oauth.nonce("12345");
        ParResponse pResp = oauth.doPushedAuthorizationRequest(clientId, clientSecret);
        assertEquals(201, pResp.getStatusCode());
        String requestUri = pResp.getRequestUri();
        assertEquals(requestUriLifespan, pResp.getExpiresIn());
        oauth.scope("invalid");
        oauth.redirectUri("http://invalid");
        oauth.responseType("invalid");
        oauth.redirectUri(null);
        oauth.nonce("12345");
        oauth.request(null);
        oauth.requestUri(requestUri);
        String wrongState = oauth.stateParamRandom().getState();
        oauth.stateParamHardcoded(wrongState);
        OAuthClient.AuthorizationEndpointResponse loginResponse = oauth.doLogin(TEST_USER_NAME, TEST_USER_PASSWORD);
        assertEquals(requestObject.getState(), loginResponse.getState());
        assertNotEquals(requestObject.getState(), wrongState);
        // Token Request
        // get tokens, it needed. https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.3
        oauth.redirectUri(CLIENT_REDIRECT_URI);
        OAuthClient.AccessTokenResponse res = oauth.doAccessTokenRequest(loginResponse.getCode(), clientSecret);
        assertEquals(200, res.getStatusCode());
        oauth.verifyToken(res.getAccessToken());
        IDToken idToken = oauth.verifyIDToken(res.getIdToken());
        assertEquals(requestObject.getNonce(), idToken.getNonce());
    } finally {
        restoreParRealmSettings();
    }
}
Also used : TestOIDCEndpointsApplicationResource(org.keycloak.testsuite.client.resources.TestOIDCEndpointsApplicationResource) OAuthClient(org.keycloak.testsuite.util.OAuthClient) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) ParResponse(org.keycloak.testsuite.util.OAuthClient.ParResponse) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) ClientResource(org.keycloak.admin.client.resource.ClientResource) IDToken(org.keycloak.representations.IDToken) TestingOIDCEndpointsApplicationResource(org.keycloak.testsuite.rest.resource.TestingOIDCEndpointsApplicationResource) AbstractClientPoliciesTest(org.keycloak.testsuite.client.AbstractClientPoliciesTest) Test(org.junit.Test)

Example 20 with ParResponse

use of org.keycloak.testsuite.util.OAuthClient.ParResponse in project keycloak by keycloak.

the class ParTest method testParCorsRequestWithValidUrl.

// CORS test
@Test
public void testParCorsRequestWithValidUrl() throws Exception {
    try {
        // create client dynamically
        String clientId = createClientDynamically(generateSuffixedName(CLIENT_NAME), (OIDCClientRepresentation clientRep) -> {
            clientRep.setRequirePushedAuthorizationRequests(Boolean.FALSE);
            clientRep.setRedirectUris(new ArrayList<String>(Arrays.asList(CLIENT_REDIRECT_URI, VALID_CORS_URL + "/realms/master/app")));
        });
        OIDCClientRepresentation oidcCRep = getClientDynamically(clientId);
        String clientSecret = oidcCRep.getClientSecret();
        assertEquals(Boolean.FALSE, oidcCRep.getRequirePushedAuthorizationRequests());
        assertTrue(oidcCRep.getRedirectUris().contains(CLIENT_REDIRECT_URI));
        assertEquals(OIDCLoginProtocol.CLIENT_SECRET_BASIC, oidcCRep.getTokenEndpointAuthMethod());
        updateClientByAdmin(clientId, (ClientRepresentation cRep) -> {
            cRep.setOrigin(VALID_CORS_URL);
        });
        // Pushed Authorization Request
        oauth.clientId(clientId);
        oauth.redirectUri(VALID_CORS_URL + "/realms/master/app");
        oauth.origin(VALID_CORS_URL);
        ParResponse pResp = oauth.doPushedAuthorizationRequest(clientId, clientSecret, (CloseableHttpResponse c) -> {
            assertCors(c);
        });
        assertEquals(201, pResp.getStatusCode());
        String requestUri = pResp.getRequestUri();
        doNormalAuthzProcess(requestUri, VALID_CORS_URL + "/realms/master/app", clientId, clientSecret);
    } finally {
        oauth.origin(null);
    }
}
Also used : ParResponse(org.keycloak.testsuite.util.OAuthClient.ParResponse) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) AbstractClientPoliciesTest(org.keycloak.testsuite.client.AbstractClientPoliciesTest) Test(org.junit.Test)

Aggregations

Test (org.junit.Test)21 OIDCClientRepresentation (org.keycloak.representations.oidc.OIDCClientRepresentation)21 AbstractClientPoliciesTest (org.keycloak.testsuite.client.AbstractClientPoliciesTest)21 ParResponse (org.keycloak.testsuite.util.OAuthClient.ParResponse)21 OAuthClient (org.keycloak.testsuite.util.OAuthClient)10 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)8 ClientResource (org.keycloak.admin.client.resource.ClientResource)5 UriBuilder (javax.ws.rs.core.UriBuilder)4 TestOIDCEndpointsApplicationResource (org.keycloak.testsuite.client.resources.TestOIDCEndpointsApplicationResource)4 TestingOIDCEndpointsApplicationResource (org.keycloak.testsuite.rest.resource.TestingOIDCEndpointsApplicationResource)4 AccessToken (org.keycloak.representations.AccessToken)3 IDToken (org.keycloak.representations.IDToken)3 CloseableHttpResponse (org.apache.http.client.methods.CloseableHttpResponse)2 RefreshToken (org.keycloak.representations.RefreshToken)1 ClientPoliciesBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPoliciesBuilder)1 ClientPolicyBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPolicyBuilder)1 ClientProfileBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfileBuilder)1 ClientProfilesBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfilesBuilder)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial