Example 56 with Parameters
use of org.testng.annotations.Parameters in project oxAuth by GluuFederation.
the class TokenEncryptionHttpTest method requestIdTokenAlgA256KWEncA256GCM.
@Parameters({ "userId", "userSecret", "redirectUris", "sectorIdentifierUri" })
@Test
public void requestIdTokenAlgA256KWEncA256GCM(final String userId, final String userSecret, final String redirectUris, final String sectorIdentifierUri) {
try {
showTitle("requestIdTokenAlgA256KWEncA256GCM");
// 1. Dynamic Client Registration
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setIdTokenEncryptedResponseAlg(KeyEncryptionAlgorithm.A256KW);
registerRequest.setIdTokenEncryptedResponseEnc(BlockEncryptionAlgorithm.A256GCM);
registerRequest.addCustomAttribute("oxAuthTrustedClient", "true");
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse response = registerClient.exec();
showClient(registerClient);
assertEquals(response.getStatus(), 200, "Unexpected response code: " + response.getEntity());
assertNotNull(response.getClientId());
assertNotNull(response.getClientSecret());
assertNotNull(response.getRegistrationAccessToken());
assertNotNull(response.getClientSecretExpiresAt());
String clientId = response.getClientId();
String clientSecret = response.getClientSecret();
// 2. Request authorization
TokenRequest tokenRequest = new TokenRequest(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS);
tokenRequest.setUsername(userId);
tokenRequest.setPassword(userSecret);
tokenRequest.setScope("openid");
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword(clientSecret);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus());
assertNotNull(tokenResponse.getEntity(), "The entity is null");
assertNotNull(tokenResponse.getAccessToken(), "The access token is null");
assertNotNull(tokenResponse.getTokenType(), "The token type is null");
assertNotNull(tokenResponse.getRefreshToken(), "The refresh token is null");
assertNotNull(tokenResponse.getScope(), "The scope is null");
assertNotNull(tokenResponse.getIdToken(), "The id token is null");
String idToken = tokenResponse.getIdToken();
// 3. Read Encrypted ID Token
Jwe jwe = Jwe.parse(idToken, null, clientSecret.getBytes(Util.UTF8_STRING_ENCODING));
assertNotNull(jwe.getHeader().getClaimAsString(JwtHeaderName.TYPE));
assertNotNull(jwe.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ISSUER));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.AUDIENCE));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.OX_OPENID_CONNECT_VERSION));
} catch (Exception ex) {
fail(ex.getMessage(), ex);
}
}
Also used :
Jwe(org.xdi.oxauth.model.jwe.Jwe)
Parameters(org.testng.annotations.Parameters)
Test(org.testng.annotations.Test)
BaseTest(org.xdi.oxauth.BaseTest)
Example 57 with Parameters
use of org.testng.annotations.Parameters in project oxAuth by GluuFederation.
the class TokenEncryptionHttpTest method requestIdTokenAlgRSA15EncA128CBCPLUSHS256.
@Parameters({ "userId", "userSecret", "redirectUris", "clientJwksUri", "RS256_keyId", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
@Test
public void requestIdTokenAlgRSA15EncA128CBCPLUSHS256(final String userId, final String userSecret, final String redirectUris, final String jwksUri, final String keyId, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) {
try {
showTitle("requestIdTokenAlgRSA15EncA128CBCPLUSHS256");
// 1. Dynamic Client Registration
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setJwksUri(jwksUri);
registerRequest.setIdTokenEncryptedResponseAlg(KeyEncryptionAlgorithm.RSA1_5);
registerRequest.setIdTokenEncryptedResponseEnc(BlockEncryptionAlgorithm.A128CBC_PLUS_HS256);
registerRequest.addCustomAttribute("oxAuthTrustedClient", "true");
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse response = registerClient.exec();
showClient(registerClient);
assertEquals(response.getStatus(), 200, "Unexpected response code: " + response.getEntity());
assertNotNull(response.getClientId());
assertNotNull(response.getClientSecret());
assertNotNull(response.getRegistrationAccessToken());
assertNotNull(response.getClientSecretExpiresAt());
String clientId = response.getClientId();
String clientSecret = response.getClientSecret();
// 2. Request authorization
TokenRequest tokenRequest = new TokenRequest(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS);
tokenRequest.setUsername(userId);
tokenRequest.setPassword(userSecret);
tokenRequest.setScope("openid");
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword(clientSecret);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus());
assertNotNull(tokenResponse.getEntity(), "The entity is null");
assertNotNull(tokenResponse.getAccessToken(), "The access token is null");
assertNotNull(tokenResponse.getTokenType(), "The token type is null");
assertNotNull(tokenResponse.getRefreshToken(), "The refresh token is null");
assertNotNull(tokenResponse.getScope(), "The scope is null");
assertNotNull(tokenResponse.getIdToken(), "The id token is null");
String idToken = tokenResponse.getIdToken();
// 3. Read Encrypted ID Token
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, null);
PrivateKey privateKey = cryptoProvider.getPrivateKey(keyId);
Jwe jwe = Jwe.parse(idToken, privateKey, null);
assertNotNull(jwe.getHeader().getClaimAsString(JwtHeaderName.TYPE));
assertNotNull(jwe.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ISSUER));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.AUDIENCE));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.OX_OPENID_CONNECT_VERSION));
} catch (Exception ex) {
fail(ex.getMessage(), ex);
}
}
Also used :
OxAuthCryptoProvider(org.xdi.oxauth.model.crypto.OxAuthCryptoProvider)
PrivateKey(java.security.PrivateKey)
Jwe(org.xdi.oxauth.model.jwe.Jwe)
Parameters(org.testng.annotations.Parameters)
Test(org.testng.annotations.Test)
BaseTest(org.xdi.oxauth.BaseTest)
Example 58 with Parameters
use of org.testng.annotations.Parameters in project oxAuth by GluuFederation.
the class TokenEndpointAuthMethodRestrictionHttpTest method tokenEndpointAuthMethodPrivateKeyJwt.
/**
* Register a client with Token Endpoint Auth Method <code>private_key_jwt</code>.
* Read client to check whether it is using the Token Endpoint Auth Method <code>private_key_jwt</code>.
* Request authorization code.
* Call to Token Endpoint with Auth Method <code>private_key_jwt</code>.
*/
@Parameters({ "redirectUris", "redirectUri", "userId", "userSecret", "clientJwksUri", "RS256_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
@Test
public void tokenEndpointAuthMethodPrivateKeyJwt(final String redirectUris, final String redirectUri, final String userId, final String userSecret, final String clientJwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
showTitle("tokenEndpointAuthMethodPrivateKeyJwt");
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
registerRequest.setJwksUri(clientJwksUri);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
String registrationAccessToken = registerResponse.getRegistrationAccessToken();
String registrationClientUri = registerResponse.getRegistrationClientUri();
// 2. Client read
RegisterRequest readClientRequest = new RegisterRequest(registrationAccessToken);
RegisterClient readClient = new RegisterClient(registrationClientUri);
readClient.setRequest(readClientRequest);
RegisterResponse readClientResponse = readClient.exec();
showClient(readClient);
assertEquals(readClientResponse.getStatus(), 200, "Unexpected response code: " + readClientResponse.getEntity());
assertNotNull(readClientResponse.getClientId());
assertNotNull(readClientResponse.getClientSecret());
assertNotNull(readClientResponse.getClientIdIssuedAt());
assertNotNull(readClientResponse.getClientSecretExpiresAt());
assertTrue(readClientResponse.getClaims().containsKey(TOKEN_ENDPOINT_AUTH_METHOD.toString()));
assertEquals(readClientResponse.getClaims().get(TOKEN_ENDPOINT_AUTH_METHOD.toString()), AuthenticationMethod.PRIVATE_KEY_JWT.toString());
assertNotNull(readClientResponse.getClaims().get(RESPONSE_TYPES.toString()));
assertNotNull(readClientResponse.getClaims().get(REDIRECT_URIS.toString()));
assertNotNull(readClientResponse.getClaims().get(APPLICATION_TYPE.toString()));
assertNotNull(readClientResponse.getClaims().get(CLIENT_NAME.toString()));
assertNotNull(readClientResponse.getClaims().get(ID_TOKEN_SIGNED_RESPONSE_ALG.toString()));
assertNotNull(readClientResponse.getClaims().get("scopes"));
// 3. Request authorization
List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE);
List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, null);
authorizationRequest.setState(state);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
assertNotNull(authorizationResponse.getLocation(), "The location is null");
assertNotNull(authorizationResponse.getCode(), "The authorization code is null");
assertNotNull(authorizationResponse.getState(), "The state is null");
assertNotNull(authorizationResponse.getScope(), "The scope is null");
assertNull(authorizationResponse.getIdToken(), "The id token is not null");
String authorizationCode = authorizationResponse.getCode();
// 4. Get Access Token
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
tokenRequest.setAlgorithm(SignatureAlgorithm.RS256);
tokenRequest.setCryptoProvider(cryptoProvider);
tokenRequest.setKeyId(keyId);
tokenRequest.setAudience(tokenEndpoint);
tokenRequest.setCode(authorizationCode);
tokenRequest.setRedirectUri(redirectUri);
tokenRequest.setAuthUsername(clientId);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus());
assertNotNull(tokenResponse.getEntity(), "The entity is null");
assertNotNull(tokenResponse.getAccessToken(), "The access token is null");
assertNotNull(tokenResponse.getExpiresIn(), "The expires in value is null");
assertNotNull(tokenResponse.getTokenType(), "The token type is null");
assertNotNull(tokenResponse.getRefreshToken(), "The refresh token is null");
}
Also used :
ResponseType(org.xdi.oxauth.model.common.ResponseType)
OxAuthCryptoProvider(org.xdi.oxauth.model.crypto.OxAuthCryptoProvider)
Parameters(org.testng.annotations.Parameters)
Test(org.testng.annotations.Test)
BaseTest(org.xdi.oxauth.BaseTest)
Example 59 with Parameters
use of org.testng.annotations.Parameters in project oxAuth by GluuFederation.
the class TokenEndpointAuthMethodRestrictionHttpTest method tokenEndpointAuthMethodClientSecretPostFail3.
/**
* Fail 3: Call to Token Endpoint with Auth Method <code>private_key_jwt</code> should fail.
*/
@Parameters({ "redirectUris", "redirectUri", "userId", "userSecret", "RS256_keyId", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
@Test
public void tokenEndpointAuthMethodClientSecretPostFail3(final String redirectUris, final String redirectUri, final String userId, final String userSecret, final String keyId, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
showTitle("tokenEndpointAuthMethodClientSecretPostFail3");
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.CLIENT_SECRET_POST);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
String clientSecret = registerResponse.getClientSecret();
String registrationAccessToken = registerResponse.getRegistrationAccessToken();
String registrationClientUri = registerResponse.getRegistrationClientUri();
// 2. Client read
RegisterRequest readClientRequest = new RegisterRequest(registrationAccessToken);
RegisterClient readClient = new RegisterClient(registrationClientUri);
readClient.setRequest(readClientRequest);
RegisterResponse readClientResponse = readClient.exec();
showClient(readClient);
assertEquals(readClientResponse.getStatus(), 200, "Unexpected response code: " + readClientResponse.getEntity());
assertNotNull(readClientResponse.getClientId());
assertNotNull(readClientResponse.getClientSecret());
assertNotNull(readClientResponse.getClientIdIssuedAt());
assertNotNull(readClientResponse.getClientSecretExpiresAt());
assertTrue(readClientResponse.getClaims().containsKey(TOKEN_ENDPOINT_AUTH_METHOD.toString()));
assertEquals(readClientResponse.getClaims().get(TOKEN_ENDPOINT_AUTH_METHOD.toString()), AuthenticationMethod.CLIENT_SECRET_POST.toString());
assertNotNull(readClientResponse.getClaims().get(RESPONSE_TYPES.toString()));
assertNotNull(readClientResponse.getClaims().get(REDIRECT_URIS.toString()));
assertNotNull(readClientResponse.getClaims().get(APPLICATION_TYPE.toString()));
assertNotNull(readClientResponse.getClaims().get(CLIENT_NAME.toString()));
assertNotNull(readClientResponse.getClaims().get(ID_TOKEN_SIGNED_RESPONSE_ALG.toString()));
assertNotNull(readClientResponse.getClaims().get("scopes"));
// 3. Request authorization
List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE);
List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, null);
authorizationRequest.setState(state);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
assertNotNull(authorizationResponse.getLocation(), "The location is null");
assertNotNull(authorizationResponse.getCode(), "The authorization code is null");
assertNotNull(authorizationResponse.getState(), "The state is null");
assertNotNull(authorizationResponse.getScope(), "The scope is null");
assertNull(authorizationResponse.getIdToken(), "The id token is not null");
String authorizationCode = authorizationResponse.getCode();
// 4. Get Access Token
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, null);
TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
tokenRequest.setAlgorithm(SignatureAlgorithm.RS256);
tokenRequest.setKeyId(keyId);
tokenRequest.setCryptoProvider(cryptoProvider);
tokenRequest.setAudience(tokenEndpoint);
tokenRequest.setCode(authorizationCode);
tokenRequest.setRedirectUri(redirectUri);
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword(clientSecret);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertEquals(tokenResponse.getStatus(), 401, "Unexpected response code: " + tokenResponse.getStatus());
assertNotNull(tokenResponse.getErrorType(), "The error type is null");
assertNotNull(tokenResponse.getErrorDescription(), "The error description is null");
}
Also used :
ResponseType(org.xdi.oxauth.model.common.ResponseType)
OxAuthCryptoProvider(org.xdi.oxauth.model.crypto.OxAuthCryptoProvider)
Parameters(org.testng.annotations.Parameters)
Test(org.testng.annotations.Test)
BaseTest(org.xdi.oxauth.BaseTest)
Example 60 with Parameters
use of org.testng.annotations.Parameters in project oxAuth by GluuFederation.
the class TokenEndpointAuthMethodRestrictionHttpTest method tokenEndpointAuthMethodClientSecretJwt.
/**
* Register a client with Token Endpoint Auth Method <code>client_secret_jwt</code>.
* Read client to check whether it is using the Token Endpoint Auth Method <code>client_secret_jwt</code>.
* Request authorization code.
* Call to Token Endpoint with Auth Method <code>client_secret_Jwt</code>.
*/
@Parameters({ "redirectUris", "redirectUri", "userId", "userSecret", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
@Test
public void tokenEndpointAuthMethodClientSecretJwt(final String redirectUris, final String redirectUri, final String userId, final String userSecret, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
showTitle("tokenEndpointAuthMethodClientSecretJwt");
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.CLIENT_SECRET_JWT);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
String clientSecret = registerResponse.getClientSecret();
String registrationAccessToken = registerResponse.getRegistrationAccessToken();
String registrationClientUri = registerResponse.getRegistrationClientUri();
// 2. Client read
RegisterRequest readClientRequest = new RegisterRequest(registrationAccessToken);
RegisterClient readClient = new RegisterClient(registrationClientUri);
readClient.setRequest(readClientRequest);
RegisterResponse readClientResponse = readClient.exec();
showClient(readClient);
assertEquals(readClientResponse.getStatus(), 200, "Unexpected response code: " + readClientResponse.getEntity());
assertNotNull(readClientResponse.getClientId());
assertNotNull(readClientResponse.getClientSecret());
assertNotNull(readClientResponse.getClientIdIssuedAt());
assertNotNull(readClientResponse.getClientSecretExpiresAt());
assertTrue(readClientResponse.getClaims().containsKey(TOKEN_ENDPOINT_AUTH_METHOD.toString()));
assertEquals(readClientResponse.getClaims().get(TOKEN_ENDPOINT_AUTH_METHOD.toString()), AuthenticationMethod.CLIENT_SECRET_JWT.toString());
assertNotNull(readClientResponse.getClaims().get(RESPONSE_TYPES.toString()));
assertNotNull(readClientResponse.getClaims().get(REDIRECT_URIS.toString()));
assertNotNull(readClientResponse.getClaims().get(APPLICATION_TYPE.toString()));
assertNotNull(readClientResponse.getClaims().get(CLIENT_NAME.toString()));
assertNotNull(readClientResponse.getClaims().get(ID_TOKEN_SIGNED_RESPONSE_ALG.toString()));
assertNotNull(readClientResponse.getClaims().get("scopes"));
// 3. Request authorization
List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE);
List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, null);
authorizationRequest.setState(state);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
assertNotNull(authorizationResponse.getLocation(), "The location is null");
assertNotNull(authorizationResponse.getCode(), "The authorization code is null");
assertNotNull(authorizationResponse.getState(), "The state is null");
assertNotNull(authorizationResponse.getScope(), "The scope is null");
assertNull(authorizationResponse.getIdToken(), "The id token is not null");
String authorizationCode = authorizationResponse.getCode();
// 4. Get Access Token
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
tokenRequest.setAudience(tokenEndpoint);
tokenRequest.setCode(authorizationCode);
tokenRequest.setRedirectUri(redirectUri);
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword(clientSecret);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_JWT);
tokenRequest.setCryptoProvider(cryptoProvider);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus());
assertNotNull(tokenResponse.getEntity(), "The entity is null");
assertNotNull(tokenResponse.getAccessToken(), "The access token is null");
assertNotNull(tokenResponse.getExpiresIn(), "The expires in value is null");
assertNotNull(tokenResponse.getTokenType(), "The token type is null");
assertNotNull(tokenResponse.getRefreshToken(), "The refresh token is null");
}
Also used :
ResponseType(org.xdi.oxauth.model.common.ResponseType)
OxAuthCryptoProvider(org.xdi.oxauth.model.crypto.OxAuthCryptoProvider)
Parameters(org.testng.annotations.Parameters)
Test(org.testng.annotations.Test)
BaseTest(org.xdi.oxauth.BaseTest)
Aggregations
Parameters (org.testng.annotations.Parameters)1840
Test (org.testng.annotations.Test)1766
BaseTest (org.gluu.oxauth.BaseTest)1103
RegisterRequest (org.gluu.oxauth.client.RegisterRequest)781
RegisterResponse (org.gluu.oxauth.client.RegisterResponse)771
RegisterClient (org.gluu.oxauth.client.RegisterClient)717
ResponseType (org.gluu.oxauth.model.common.ResponseType)648
Response (javax.ws.rs.core.Response)537
Builder (javax.ws.rs.client.Invocation.Builder)532
ResteasyClientBuilder (org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder)532
AuthorizationResponse (org.gluu.oxauth.client.AuthorizationResponse)530
AuthorizationRequest (org.gluu.oxauth.client.AuthorizationRequest)525
BaseTest (org.xdi.oxauth.BaseTest)511
OxAuthCryptoProvider (org.gluu.oxauth.model.crypto.OxAuthCryptoProvider)418
TokenRequest (org.gluu.oxauth.client.TokenRequest)265
ResponseType (org.xdi.oxauth.model.common.ResponseType)259
TokenResponse (org.gluu.oxauth.client.TokenResponse)247
TokenClient (org.gluu.oxauth.client.TokenClient)242
JSONException (org.codehaus.jettison.json.JSONException)238
URISyntaxException (java.net.URISyntaxException)235
