Example 36 with OAuthClient
use of org.keycloak.testsuite.util.OAuthClient in project keycloak by keycloak.
the class ConcurrentLoginTest method concurrentCodeReuseShouldFail.
@Test
public void concurrentCodeReuseShouldFail() throws Throwable {
log.info("*********************************************");
long start = System.currentTimeMillis();
for (int i = 0; i < 10; i++) {
OAuthClient oauth1 = new OAuthClient();
oauth1.init(driver);
oauth1.clientId("client0");
OAuthClient.AuthorizationEndpointResponse resp = oauth1.doLogin("test-user@localhost", "password");
String code = resp.getCode();
Assert.assertNotNull(code);
String codeURL = driver.getCurrentUrl();
AtomicInteger codeToTokenSuccessCount = new AtomicInteger(0);
AtomicInteger codeToTokenErrorsCount = new AtomicInteger(0);
KeycloakRunnable codeToTokenTask = new KeycloakRunnable() {
@Override
public void run(int threadIndex, Keycloak keycloak, RealmResource realm) throws Throwable {
log.infof("Trying to execute codeURL: %s, threadIndex: %d", codeURL, threadIndex);
OAuthClient.AccessTokenResponse resp = oauth1.doAccessTokenRequest(code, "password");
if (resp.getAccessToken() != null && resp.getError() == null) {
codeToTokenSuccessCount.incrementAndGet();
} else if (resp.getAccessToken() == null && resp.getError() != null) {
codeToTokenErrorsCount.incrementAndGet();
}
}
};
run(DEFAULT_THREADS, DEFAULT_THREADS, codeToTokenTask);
oauth1.openLogout();
// Code should be successfully exchanged for the token at max once. In some cases (EG. Cross-DC) it may not be even successfully exchanged
Assert.assertThat(codeToTokenSuccessCount.get(), Matchers.lessThanOrEqualTo(1));
Assert.assertThat(codeToTokenErrorsCount.get(), Matchers.greaterThanOrEqualTo(DEFAULT_THREADS - 1));
log.infof("Iteration %d passed successfully", i);
}
long end = System.currentTimeMillis() - start;
log.info("concurrentCodeReuseShouldFail took " + (end / 1000) + "s");
log.info("*********************************************");
}
Also used :
OAuthClient(org.keycloak.testsuite.util.OAuthClient)
AtomicInteger(java.util.concurrent.atomic.AtomicInteger)
RealmResource(org.keycloak.admin.client.resource.RealmResource)
Matchers.containsString(org.hamcrest.Matchers.containsString)
Keycloak(org.keycloak.admin.client.Keycloak)
Test(org.junit.Test)
Example 37 with OAuthClient
use of org.keycloak.testsuite.util.OAuthClient in project keycloak by keycloak.
the class SSOTest method multipleSessions.
@Test
public void multipleSessions() {
loginPage.open();
loginPage.login("test-user@localhost", "password");
Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE));
EventRepresentation login1 = events.expectLogin().assertEvent();
try {
// OAuthClient oauth2 = new OAuthClient(driver2);
OAuthClient oauth2 = new OAuthClient();
oauth2.init(driver2);
oauth2.doLogin("test-user@localhost", "password");
EventRepresentation login2 = events.expectLogin().assertEvent();
Assert.assertEquals(RequestType.AUTH_RESPONSE, RequestType.valueOf(driver2.getTitle()));
Assert.assertNotNull(oauth2.getCurrentQuery().get(OAuth2Constants.CODE));
assertNotEquals(login1.getSessionId(), login2.getSessionId());
oauth.openLogout();
events.expectLogout(login1.getSessionId()).assertEvent();
oauth.openLoginForm();
assertTrue(loginPage.isCurrent());
oauth2.openLoginForm();
events.expectLogin().session(login2.getSessionId()).removeDetail(Details.USERNAME).assertEvent();
Assert.assertEquals(RequestType.AUTH_RESPONSE, RequestType.valueOf(driver2.getTitle()));
Assert.assertNotNull(oauth2.getCurrentQuery().get(OAuth2Constants.CODE));
oauth2.openLogout();
events.expectLogout(login2.getSessionId()).assertEvent();
oauth2.openLoginForm();
assertTrue(driver2.getTitle().equals("Sign in to test"));
} finally {
driver2.close();
}
}
Also used :
OAuthClient(org.keycloak.testsuite.util.OAuthClient)
EventRepresentation(org.keycloak.representations.idm.EventRepresentation)
Test(org.junit.Test)
AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)
Example 38 with OAuthClient
use of org.keycloak.testsuite.util.OAuthClient in project keycloak by keycloak.
the class HoKTest method refreshTokenRequestByHoKRefreshTokenByOtherClient.
// verify HoK Token - Token Refresh
@Test
public void refreshTokenRequestByHoKRefreshTokenByOtherClient() throws Exception {
// first client user login
oauth.doLogin("test-user@localhost", "password");
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
AccessTokenResponse tokenResponse = null;
try (CloseableHttpClient client = MutualTLSUtils.newCloseableHttpClientWithDefaultKeyStoreAndTrustStore()) {
tokenResponse = oauth.doAccessTokenRequest(code, "password", client);
} catch (IOException ioe) {
throw new RuntimeException(ioe);
}
verifyHoKTokenDefaultCertThumbPrint(tokenResponse);
String refreshTokenString = tokenResponse.getRefreshToken();
// second client user login
OAuthClient oauth2 = new OAuthClient();
oauth2.init(driver2);
oauth2.doLogin("john-doh@localhost", "password");
String code2 = oauth2.getCurrentQuery().get(OAuth2Constants.CODE);
AccessTokenResponse tokenResponse2 = null;
try (CloseableHttpClient client = MutualTLSUtils.newCloseableHttpClientWithOtherKeyStoreAndTrustStore()) {
tokenResponse2 = oauth2.doAccessTokenRequest(code2, "password", client);
} catch (IOException ioe) {
throw new RuntimeException(ioe);
}
verifyHoKTokenOtherCertThumbPrint(tokenResponse2);
// token refresh by second client by first client's refresh token
AccessTokenResponse response = null;
try (CloseableHttpClient client = MutualTLSUtils.newCloseableHttpClientWithOtherKeyStoreAndTrustStore()) {
response = oauth2.doRefreshTokenRequest(refreshTokenString, "password", client);
} catch (IOException ioe) {
throw new RuntimeException(ioe);
}
// Error Pattern
assertEquals(401, response.getStatusCode());
assertEquals(OAuthErrorException.UNAUTHORIZED_CLIENT, response.getError());
assertEquals("Client certificate missing, or its thumbprint and one in the refresh token did NOT match", response.getErrorDescription());
}
Also used :
CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient)
OAuthClient(org.keycloak.testsuite.util.OAuthClient)
IOException(java.io.IOException)
AccessTokenResponse(org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse)
RefreshTokenTest(org.keycloak.testsuite.oauth.RefreshTokenTest)
AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)
AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)
Aggregations
OAuthClient (org.keycloak.testsuite.util.OAuthClient)38
Test (org.junit.Test)30
AuthorizationRequest (org.keycloak.representations.idm.authorization.AuthorizationRequest)19
AuthorizationResponse (org.keycloak.representations.idm.authorization.AuthorizationResponse)19
AuthzClient (org.keycloak.authorization.client.AuthzClient)18
AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)17
ClientResource (org.keycloak.admin.client.resource.ClientResource)17
ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)16
JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)15
Response (javax.ws.rs.core.Response)12
TokenIntrospectionResponse (org.keycloak.authorization.client.representation.TokenIntrospectionResponse)12
AccessTokenResponse (org.keycloak.representations.AccessTokenResponse)12
PermissionResponse (org.keycloak.representations.idm.authorization.PermissionResponse)12
Permission (org.keycloak.representations.idm.authorization.Permission)11
ScopePermissionRepresentation (org.keycloak.representations.idm.authorization.ScopePermissionRepresentation)11
ResourcePermissionRepresentation (org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation)10
HttpResponseException (org.keycloak.authorization.client.util.HttpResponseException)9
AccessToken (org.keycloak.representations.AccessToken)5
IOException (java.io.IOException)4
EventRepresentation (org.keycloak.representations.idm.EventRepresentation)4
