Examples with AuthorizationRequest org.xdi.oxauth.client.AuthorizationRequest used on opensource projects

Search in sources :

Example 6 with AuthorizationRequest

use of org.xdi.oxauth.client.AuthorizationRequest in project oxAuth by GluuFederation.

the class ObtainAccessTokenLoadTest method obtainAccessToken.

// Think twice before invoking this test ;). Leads to OpenDJ (Berkley DB) failure
// Caused by: LDAPSearchException(resultCode=80 (other), numEntries=0, numReferences=0, errorMessage='Database exception: (JE 4.1.10) JAVA_ERROR: Java Error occurred, recovery may not be possible.')
// http://ox.gluu.org/doku.php?id=oxauth:profiling#obtain_access_token_-_2000_invocations_within_200_concurrent_threads
@Parameters({ "userId", "userSecret", "redirectUris" })
@Test(invocationCount = 1000, threadPoolSize = 100)
public void obtainAccessToken(final String userId, final String userSecret, String redirectUris) throws Exception {
    showTitle("requestClientAssociate1");
    redirectUris = "https://client.example.com/cb";
    final List<ResponseType> responseTypes = new ArrayList<ResponseType>();
    responseTypes.add(ResponseType.CODE);
    responseTypes.add(ResponseType.ID_TOKEN);
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setResponseTypes(responseTypes);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse response = registerClient.exec();
    showClient(registerClient);
    assertEquals(response.getStatus(), 200, "Unexpected response code: " + response.getEntity());
    assertNotNull(response.getClientId());
    assertNotNull(response.getClientSecret());
    assertNotNull(response.getRegistrationAccessToken());
    assertNotNull(response.getClientSecretExpiresAt());
    final String clientId = response.getClientId();
    final String clientSecret = response.getClientSecret();
    // 1. Request authorization and receive the authorization code.
    final List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
    final AuthorizationRequest request = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUris, null);
    request.setState("af0ifjsldkj");
    request.setAuthUsername(userId);
    request.setAuthPassword(userSecret);
    request.getPrompts().add(Prompt.NONE);
    final AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
    authorizeClient.setRequest(request);
    final AuthorizationResponse response1 = authorizeClient.exec();
    ClientUtils.showClient(authorizeClient);
    final String scope = response1.getScope();
    final String authorizationCode = response1.getCode();
    assertTrue(Util.allNotBlank(authorizationCode));
    // 2. Request access token using the authorization code.
    final TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
    tokenRequest.setCode(authorizationCode);
    tokenRequest.setRedirectUri(redirectUris);
    tokenRequest.setAuthUsername(clientId);
    tokenRequest.setAuthPassword(clientSecret);
    tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_BASIC);
    tokenRequest.setScope(scope);
    final TokenClient tokenClient1 = new TokenClient(tokenEndpoint);
    tokenClient1.setRequest(tokenRequest);
    final TokenResponse response2 = tokenClient1.exec();
    ClientUtils.showClient(authorizeClient);
    assertTrue(response2.getStatus() == 200);
    final String patToken = response2.getAccessToken();
    final String patRefreshToken = response2.getRefreshToken();
    assertTrue(Util.allNotBlank(patToken, patRefreshToken));
}
Also used : RegisterRequest(org.xdi.oxauth.client.RegisterRequest) AuthorizationRequest(org.xdi.oxauth.client.AuthorizationRequest) ArrayList(java.util.ArrayList) ResponseType(org.xdi.oxauth.model.common.ResponseType) AuthorizationResponse(org.xdi.oxauth.client.AuthorizationResponse) RegisterResponse(org.xdi.oxauth.client.RegisterResponse) TokenResponse(org.xdi.oxauth.client.TokenResponse) RegisterClient(org.xdi.oxauth.client.RegisterClient) TokenRequest(org.xdi.oxauth.client.TokenRequest) AuthorizeClient(org.xdi.oxauth.client.AuthorizeClient) TokenClient(org.xdi.oxauth.client.TokenClient) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(org.xdi.oxauth.BaseTest)

Example 7 with AuthorizationRequest

use of org.xdi.oxauth.client.AuthorizationRequest in project oxAuth by GluuFederation.

the class RejectRequestWithoutResponseType method rejectRequestWithoutResponseType.

@Parameters({ "userId", "userSecret" })
@Test
public void rejectRequestWithoutResponseType(final String userId, final String userSecret) throws Exception {
    showTitle("OC5:FeatureTest-Reject Request Without response type");
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(null, null, null, null, null);
    authorizationRequest.setAuthUsername(userId);
    authorizationRequest.setAuthPassword(userSecret);
    AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
    authorizeClient.setRequest(authorizationRequest);
    AuthorizationResponse authorizationResponse = authorizeClient.exec();
    showClient(authorizeClient);
    assertEquals(authorizationResponse.getStatus(), 400, "Unexpected response code: " + authorizationResponse.getStatus());
    assertNotNull(authorizationResponse.getErrorType(), "The error type is null");
    assertNotNull(authorizationResponse.getErrorDescription(), "The error description is null");
}
Also used : AuthorizationRequest(org.xdi.oxauth.client.AuthorizationRequest) AuthorizeClient(org.xdi.oxauth.client.AuthorizeClient) AuthorizationResponse(org.xdi.oxauth.client.AuthorizationResponse) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(org.xdi.oxauth.BaseTest)

Example 8 with AuthorizationRequest

use of org.xdi.oxauth.client.AuthorizationRequest in project oxAuth by GluuFederation.

the class RequestObjectSigningAlgRestrictionEmbeddedTest method omittedRequestObjectSigningAlgStep3NONE.

/**
	 * Request authorization with Request Object Signing Alg <code>NONE</code>.
	 */
@Parameters({ "authorizePath", "userId", "userSecret", "redirectUri" })
@Test(dependsOnMethods = "omittedRequestObjectSigningAlgStep2")
public void omittedRequestObjectSigningAlgStep3NONE(final String authorizePath, final String userId, final String userSecret, final String redirectUri) throws Exception {
    Builder request = null;
    try {
        List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
        List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
        String nonce = UUID.randomUUID().toString();
        String state = UUID.randomUUID().toString();
        AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId1, scopes, redirectUri, nonce);
        authorizationRequest.setState(state);
        authorizationRequest.getPrompts().add(Prompt.NONE);
        authorizationRequest.setAuthUsername(userId);
        authorizationRequest.setAuthPassword(userSecret);
        OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider();
        JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, SignatureAlgorithm.NONE, cryptoProvider);
        jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NAME, ClaimValue.createNull()));
        jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NICKNAME, ClaimValue.createEssential(false)));
        jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull()));
        jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL_VERIFIED, ClaimValue.createNull()));
        jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.PICTURE, ClaimValue.createEssential(false)));
        jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createNull()));
        jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_CONTEXT_CLASS_REFERENCE, ClaimValue.createValueList(new String[] { "2" })));
        String authJwt = jwtAuthorizationRequest.getEncodedJwt();
        authorizationRequest.setRequest(authJwt);
        System.out.println("Request JWT: " + authJwt);
        request = ResteasyClientBuilder.newClient().target(url.toString() + authorizePath + "?" + authorizationRequest.getQueryString()).request();
        request.header("Authorization", "Basic " + authorizationRequest.getEncodedCredentials());
        request.header("Accept", MediaType.TEXT_PLAIN);
    } catch (Exception e) {
        fail(e.getMessage(), e);
    }
    Response response = request.get();
    String entity = response.readEntity(String.class);
    showResponse("omittedRequestObjectSigningAlgStep3NONE", response, entity);
    assertEquals(response.getStatus(), 302, "Unexpected response code.");
    assertNotNull(response.getLocation(), "Unexpected result: " + response.getLocation());
    try {
        URI uri = new URI(response.getLocation().toString());
        assertNotNull(uri.getFragment(), "Query string is null");
        Map<String, String> params = QueryStringDecoder.decode(uri.getFragment());
        assertNotNull(params.get("access_token"), "The accessToken is null");
        assertNotNull(params.get("id_token"), "The idToken is null");
        assertNotNull(params.get("scope"), "The scope is null");
        assertNotNull(params.get("state"), "The state is null");
    } catch (URISyntaxException e) {
        e.printStackTrace();
        fail("Response URI is not well formed");
    }
}
Also used : AuthorizationRequest(org.xdi.oxauth.client.AuthorizationRequest) JwtAuthorizationRequest(org.xdi.oxauth.client.model.authorize.JwtAuthorizationRequest) ResteasyClientBuilder(org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder) Builder(javax.ws.rs.client.Invocation.Builder) URISyntaxException(java.net.URISyntaxException) REGISTRATION_CLIENT_URI(org.xdi.oxauth.model.register.RegisterResponseParam.REGISTRATION_CLIENT_URI) URI(java.net.URI) URISyntaxException(java.net.URISyntaxException) JSONException(org.codehaus.jettison.json.JSONException) ResponseType(org.xdi.oxauth.model.common.ResponseType) OxAuthCryptoProvider(org.xdi.oxauth.model.crypto.OxAuthCryptoProvider) Response(javax.ws.rs.core.Response) JwtAuthorizationRequest(org.xdi.oxauth.client.model.authorize.JwtAuthorizationRequest) Claim(org.xdi.oxauth.client.model.authorize.Claim) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(org.xdi.oxauth.BaseTest)

Example 9 with AuthorizationRequest

use of org.xdi.oxauth.client.AuthorizationRequest in project oxAuth by GluuFederation.

the class RequestObjectSigningAlgRestrictionEmbeddedTest method omittedRequestObjectSigningAlgStep3ES512.

/**
	 * Request authorization with Request Object Signing Alg <code>ES512</code>.
	 */
@Parameters({ "authorizePath", "userId", "userSecret", "redirectUri", "ES512_keyId", "dnName", "keyStoreFile", "keyStoreSecret" })
@Test(dependsOnMethods = "omittedRequestObjectSigningAlgStep2")
public void omittedRequestObjectSigningAlgStep3ES512(final String authorizePath, final String userId, final String userSecret, final String redirectUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws Exception {
    Builder request = null;
    try {
        OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
        List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN);
        List<String> scopes = Arrays.asList("openid");
        String nonce = UUID.randomUUID().toString();
        String state = UUID.randomUUID().toString();
        AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId1, scopes, redirectUri, nonce);
        authorizationRequest.setState(state);
        authorizationRequest.getPrompts().add(Prompt.NONE);
        authorizationRequest.setAuthUsername(userId);
        authorizationRequest.setAuthPassword(userSecret);
        JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, SignatureAlgorithm.ES512, cryptoProvider);
        jwtAuthorizationRequest.setKeyId(keyId);
        jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NAME, ClaimValue.createNull()));
        jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NICKNAME, ClaimValue.createEssential(false)));
        jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull()));
        jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL_VERIFIED, ClaimValue.createNull()));
        jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.PICTURE, ClaimValue.createEssential(false)));
        jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createNull()));
        jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_CONTEXT_CLASS_REFERENCE, ClaimValue.createValueList(new String[] { "2" })));
        String authJwt = jwtAuthorizationRequest.getEncodedJwt();
        authorizationRequest.setRequest(authJwt);
        System.out.println("Request JWT: " + authJwt);
        request = ResteasyClientBuilder.newClient().target(url.toString() + authorizePath + "?" + authorizationRequest.getQueryString()).request();
        request.header("Authorization", "Basic " + authorizationRequest.getEncodedCredentials());
        request.header("Accept", MediaType.TEXT_PLAIN);
    } catch (Exception e) {
        fail(e.getMessage(), e);
    }
    Response response = request.get();
    String entity = response.readEntity(String.class);
    showResponse("omittedRequestObjectSigningAlgStep3ES512", response, entity);
    assertEquals(response.getStatus(), 302, "Unexpected response code.");
    assertNotNull(response.getLocation(), "Unexpected result: " + response.getLocation());
    try {
        URI uri = new URI(response.getLocation().toString());
        assertNotNull(uri.getFragment(), "Query string is null");
        Map<String, String> params = QueryStringDecoder.decode(uri.getFragment());
        assertNotNull(params.get("access_token"), "The accessToken is null");
        assertNotNull(params.get("scope"), "The scope is null");
        assertNotNull(params.get("state"), "The state is null");
    } catch (URISyntaxException e) {
        e.printStackTrace();
        fail("Response URI is not well formed");
    }
}
Also used : AuthorizationRequest(org.xdi.oxauth.client.AuthorizationRequest) JwtAuthorizationRequest(org.xdi.oxauth.client.model.authorize.JwtAuthorizationRequest) ResteasyClientBuilder(org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder) Builder(javax.ws.rs.client.Invocation.Builder) URISyntaxException(java.net.URISyntaxException) REGISTRATION_CLIENT_URI(org.xdi.oxauth.model.register.RegisterResponseParam.REGISTRATION_CLIENT_URI) URI(java.net.URI) URISyntaxException(java.net.URISyntaxException) JSONException(org.codehaus.jettison.json.JSONException) ResponseType(org.xdi.oxauth.model.common.ResponseType) OxAuthCryptoProvider(org.xdi.oxauth.model.crypto.OxAuthCryptoProvider) Response(javax.ws.rs.core.Response) JwtAuthorizationRequest(org.xdi.oxauth.client.model.authorize.JwtAuthorizationRequest) Claim(org.xdi.oxauth.client.model.authorize.Claim) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(org.xdi.oxauth.BaseTest)

Example 10 with AuthorizationRequest

use of org.xdi.oxauth.client.AuthorizationRequest in project oxAuth by GluuFederation.

the class RequestObjectSigningAlgRestrictionEmbeddedTest method omittedRequestObjectSigningAlgStep3HS384.

/**
	 * Request authorization with Request Object Signing Alg <code>HS384</code>.
	 */
@Parameters({ "authorizePath", "userId", "userSecret", "redirectUri" })
@Test(dependsOnMethods = "omittedRequestObjectSigningAlgStep2")
public void omittedRequestObjectSigningAlgStep3HS384(final String authorizePath, final String userId, final String userSecret, final String redirectUri) throws Exception {
    Builder request = null;
    try {
        List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
        List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
        String nonce = UUID.randomUUID().toString();
        String state = UUID.randomUUID().toString();
        AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId1, scopes, redirectUri, nonce);
        authorizationRequest.setState(state);
        authorizationRequest.getPrompts().add(Prompt.NONE);
        authorizationRequest.setAuthUsername(userId);
        authorizationRequest.setAuthPassword(userSecret);
        OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider();
        JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, SignatureAlgorithm.HS384, clientSecret1, cryptoProvider);
        jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NAME, ClaimValue.createNull()));
        jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NICKNAME, ClaimValue.createEssential(false)));
        jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull()));
        jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL_VERIFIED, ClaimValue.createNull()));
        jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.PICTURE, ClaimValue.createEssential(false)));
        jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createNull()));
        jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_CONTEXT_CLASS_REFERENCE, ClaimValue.createValueList(new String[] { "2" })));
        String authJwt = jwtAuthorizationRequest.getEncodedJwt();
        authorizationRequest.setRequest(authJwt);
        System.out.println("Request JWT: " + authJwt);
        request = ResteasyClientBuilder.newClient().target(url.toString() + authorizePath + "?" + authorizationRequest.getQueryString()).request();
        request.header("Authorization", "Basic " + authorizationRequest.getEncodedCredentials());
        request.header("Accept", MediaType.TEXT_PLAIN);
    } catch (Exception e) {
        fail(e.getMessage(), e);
    }
    Response response = request.get();
    String entity = response.readEntity(String.class);
    showResponse("omittedRequestObjectSigningAlgStep3HS384", response, entity);
    assertEquals(response.getStatus(), 302, "Unexpected response code.");
    assertNotNull(response.getLocation(), "Unexpected result: " + response.getLocation());
    try {
        URI uri = new URI(response.getLocation().toString());
        assertNotNull(uri.getFragment(), "Query string is null");
        Map<String, String> params = QueryStringDecoder.decode(uri.getFragment());
        assertNotNull(params.get("access_token"), "The accessToken is null");
        assertNotNull(params.get("id_token"), "The idToken is null");
        assertNotNull(params.get("scope"), "The scope is null");
        assertNotNull(params.get("state"), "The state is null");
    } catch (URISyntaxException e) {
        e.printStackTrace();
        fail("Response URI is not well formed");
    }
}
Also used : AuthorizationRequest(org.xdi.oxauth.client.AuthorizationRequest) JwtAuthorizationRequest(org.xdi.oxauth.client.model.authorize.JwtAuthorizationRequest) ResteasyClientBuilder(org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder) Builder(javax.ws.rs.client.Invocation.Builder) URISyntaxException(java.net.URISyntaxException) REGISTRATION_CLIENT_URI(org.xdi.oxauth.model.register.RegisterResponseParam.REGISTRATION_CLIENT_URI) URI(java.net.URI) URISyntaxException(java.net.URISyntaxException) JSONException(org.codehaus.jettison.json.JSONException) ResponseType(org.xdi.oxauth.model.common.ResponseType) OxAuthCryptoProvider(org.xdi.oxauth.model.crypto.OxAuthCryptoProvider) Response(javax.ws.rs.core.Response) JwtAuthorizationRequest(org.xdi.oxauth.client.model.authorize.JwtAuthorizationRequest) Claim(org.xdi.oxauth.client.model.authorize.Claim) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(org.xdi.oxauth.BaseTest)

Aggregations

AuthorizationRequest (org.xdi.oxauth.client.AuthorizationRequest)93 Test (org.testng.annotations.Test)89 BaseTest (org.xdi.oxauth.BaseTest)89 Builder (javax.ws.rs.client.Invocation.Builder)88 Response (javax.ws.rs.core.Response)88 ResteasyClientBuilder (org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder)88 Parameters (org.testng.annotations.Parameters)86 ResponseType (org.xdi.oxauth.model.common.ResponseType)85 URI (java.net.URI)79 URISyntaxException (java.net.URISyntaxException)79 REGISTRATION_CLIENT_URI (org.xdi.oxauth.model.register.RegisterResponseParam.REGISTRATION_CLIENT_URI)73 JSONException (org.codehaus.jettison.json.JSONException)62 RegisterResponse (org.xdi.oxauth.client.RegisterResponse)50 JwtAuthorizationRequest (org.xdi.oxauth.client.model.authorize.JwtAuthorizationRequest)46 OxAuthCryptoProvider (org.xdi.oxauth.model.crypto.OxAuthCryptoProvider)41 Claim (org.xdi.oxauth.client.model.authorize.Claim)40 ArrayList (java.util.ArrayList)11 JSONObject (org.codehaus.jettison.json.JSONObject)10 InvalidJwtException (org.xdi.oxauth.model.exception.InvalidJwtException)4 BufferedWriter (java.io.BufferedWriter)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial