Examples with TokenRequest org.xdi.oxauth.client.TokenRequest used on opensource projects

Example 11 with TokenRequest

use of org.xdi.oxauth.client.TokenRequest in project oxAuth by GluuFederation.

the class TokenRestWebServiceWithESAlgEmbeddedTest method requestAccessTokenWithClientSecretJwtES512X509CertStep2.

@Parameters({ "tokenPath", "userId", "userSecret", "audience", "ES512_keyId", "keyStoreFile", "keyStoreSecret" })
@Test(dependsOnMethods = "requestAccessTokenWithClientSecretJwtES512X509CertStep1")
public void requestAccessTokenWithClientSecretJwtES512X509CertStep2(final String tokenPath, final String userId, final String userSecret, final String audience, final String keyId, final String keyStoreFile, final String keyStoreSecret) throws Exception {
    Builder request = ResteasyClientBuilder.newClient().target(url.toString() + tokenPath).request();
    request.header("Content-Type", MediaType.APPLICATION_FORM_URLENCODED);
    OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, null);
    TokenRequest tokenRequest = new TokenRequest(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS);
    tokenRequest.setUsername(userId);
    tokenRequest.setPassword(userSecret);
    tokenRequest.setScope("email read_stream manage_pages");
    tokenRequest.setAuthUsername(clientId6);
    tokenRequest.setAuthPassword(clientSecret6);
    tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_JWT);
    tokenRequest.setAlgorithm(SignatureAlgorithm.ES512);
    tokenRequest.setKeyId(keyId);
    tokenRequest.setCryptoProvider(cryptoProvider);
    tokenRequest.setAudience(audience);
    Response response = request.post(Entity.form(new MultivaluedHashMap<String, String>(tokenRequest.getParameters())));
    String entity = response.readEntity(String.class);
    showResponse("requestAccessTokenWithClientSecretJwtES512X509CertStep2", response, entity);
    assertEquals(response.getStatus(), 200, "Unexpected response code.");
    assertTrue(response.getHeaderString("Cache-Control") != null && response.getHeaderString("Cache-Control").equals("no-store"), "Unexpected result: " + response.getHeaderString("Cache-Control"));
    assertTrue(response.getHeaderString("Pragma") != null && response.getHeaderString("Pragma").equals("no-cache"), "Unexpected result: " + response.getHeaderString("Pragma"));
    assertNotNull(entity, "Unexpected result: " + entity);
    try {
        JSONObject jsonObj = new JSONObject(entity);
        assertTrue(jsonObj.has("access_token"), "Unexpected result: access_token not found");
        assertTrue(jsonObj.has("token_type"), "Unexpected result: token_type not found");
        assertTrue(jsonObj.has("refresh_token"), "Unexpected result: refresh_token not found");
        assertTrue(jsonObj.has("scope"), "Unexpected result: scope not found");
    } catch (JSONException e) {
        e.printStackTrace();
        fail(e.getMessage() + "\nResponse was: " + entity);
    }
}

Example 12 with TokenRequest

use of org.xdi.oxauth.client.TokenRequest in project oxAuth by GluuFederation.

the class TokenAction method exec.

public void exec() {
    try {
        TokenRequest request = new TokenRequest(grantType);
        request.setAuthUsername(clientId);
        request.setAuthPassword(clientSecret);
        request.setCode(code);
        request.setRedirectUri(redirectUri);
        request.setUsername(username);
        request.setPassword(password);
        request.setScope(scope);
        request.setAssertion(assertion);
        request.setRefreshToken(refreshToken);
        request.setAuthenticationMethod(authenticationMethod);
        if (authenticationMethod.equals(AuthenticationMethod.CLIENT_SECRET_JWT)) {
            request.setAudience(tokenEndpoint);
        }
        TokenClient client = new TokenClient(tokenEndpoint);
        client.setRequest(request);
        TokenResponse response = client.exec();
        if (response.getStatus() == 200) {
            userInfoAction.setAccessToken(response.getAccessToken());
        }
        showResults = true;
        requestString = client.getRequestAsString();
        responseString = client.getResponseAsString();
    } catch (Exception e) {
        log.error(e.getMessage(), e);
    }
}

Example 13 with TokenRequest

use of org.xdi.oxauth.client.TokenRequest in project oxAuth by GluuFederation.

the class ObtainAccessTokenLoadTest method obtainAccessToken.

// Think twice before invoking this test ;). Leads to OpenDJ (Berkley DB) failure
// Caused by: LDAPSearchException(resultCode=80 (other), numEntries=0, numReferences=0, errorMessage='Database exception: (JE 4.1.10) JAVA_ERROR: Java Error occurred, recovery may not be possible.')
// http://ox.gluu.org/doku.php?id=oxauth:profiling#obtain_access_token_-_2000_invocations_within_200_concurrent_threads
@Parameters({ "userId", "userSecret", "redirectUris" })
@Test(invocationCount = 1000, threadPoolSize = 100)
public void obtainAccessToken(final String userId, final String userSecret, String redirectUris) throws Exception {
    showTitle("requestClientAssociate1");
    redirectUris = "https://client.example.com/cb";
    final List<ResponseType> responseTypes = new ArrayList<ResponseType>();
    responseTypes.add(ResponseType.CODE);
    responseTypes.add(ResponseType.ID_TOKEN);
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setResponseTypes(responseTypes);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse response = registerClient.exec();
    showClient(registerClient);
    assertEquals(response.getStatus(), 200, "Unexpected response code: " + response.getEntity());
    assertNotNull(response.getClientId());
    assertNotNull(response.getClientSecret());
    assertNotNull(response.getRegistrationAccessToken());
    assertNotNull(response.getClientSecretExpiresAt());
    final String clientId = response.getClientId();
    final String clientSecret = response.getClientSecret();
    // 1. Request authorization and receive the authorization code.
    final List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
    final AuthorizationRequest request = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUris, null);
    request.setState("af0ifjsldkj");
    request.setAuthUsername(userId);
    request.setAuthPassword(userSecret);
    request.getPrompts().add(Prompt.NONE);
    final AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
    authorizeClient.setRequest(request);
    final AuthorizationResponse response1 = authorizeClient.exec();
    ClientUtils.showClient(authorizeClient);
    final String scope = response1.getScope();
    final String authorizationCode = response1.getCode();
    assertTrue(Util.allNotBlank(authorizationCode));
    // 2. Request access token using the authorization code.
    final TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
    tokenRequest.setCode(authorizationCode);
    tokenRequest.setRedirectUri(redirectUris);
    tokenRequest.setAuthUsername(clientId);
    tokenRequest.setAuthPassword(clientSecret);
    tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_BASIC);
    tokenRequest.setScope(scope);
    final TokenClient tokenClient1 = new TokenClient(tokenEndpoint);
    tokenClient1.setRequest(tokenRequest);
    final TokenResponse response2 = tokenClient1.exec();
    ClientUtils.showClient(authorizeClient);
    assertTrue(response2.getStatus() == 200);
    final String patToken = response2.getAccessToken();
    final String patRefreshToken = response2.getRefreshToken();
    assertTrue(Util.allNotBlank(patToken, patRefreshToken));
}

Example 14 with TokenRequest

use of org.xdi.oxauth.client.TokenRequest in project oxAuth by GluuFederation.

the class ResponseTypesRestrictionEmbeddedTest method omittedResponseTypesStep3b.

@Parameters({ "tokenPath", "redirectUri" })
@Test(dependsOnMethods = { "omittedResponseTypesStep3a" })
public void omittedResponseTypesStep3b(final String tokenPath, final String redirectUri) throws Exception {
    Builder request = ResteasyClientBuilder.newClient().target(url.toString() + tokenPath).request();
    TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
    tokenRequest.setCode(authorizationCode1);
    tokenRequest.setRedirectUri(redirectUri);
    tokenRequest.setAuthUsername(clientId1);
    tokenRequest.setAuthPassword(clientSecret1);
    request.header("Authorization", "Basic " + tokenRequest.getEncodedCredentials());
    request.header("Content-Type", MediaType.APPLICATION_FORM_URLENCODED);
    Response response = request.post(Entity.form(new MultivaluedHashMap<String, String>(tokenRequest.getParameters())));
    String entity = response.readEntity(String.class);
    showResponse("omittedResponseTypesStep3b", response, entity);
    assertEquals(response.getStatus(), 200, "Unexpected response code.");
    assertTrue(response.getHeaderString("Cache-Control") != null && response.getHeaderString("Cache-Control").equals("no-store"), "Unexpected result: " + response.getHeaderString("Cache-Control"));
    assertTrue(response.getHeaderString("Pragma") != null && response.getHeaderString("Pragma").equals("no-cache"), "Unexpected result: " + response.getHeaderString("Pragma"));
    assertNotNull(entity, "Unexpected result: " + entity);
    try {
        JSONObject jsonObj = new JSONObject(entity);
        assertTrue(jsonObj.has("access_token"), "Unexpected result: access_token not found");
        assertTrue(jsonObj.has("token_type"), "Unexpected result: token_type not found");
        assertTrue(jsonObj.has("refresh_token"), "Unexpected result: refresh_token not found");
        assertTrue(jsonObj.has("id_token"));
    } catch (JSONException e) {
        e.printStackTrace();
        fail(e.getMessage() + "\nResponse was: " + entity);
    } catch (Exception e) {
        e.printStackTrace();
        fail(e.getMessage());
    }
}

Example 15 with TokenRequest

use of org.xdi.oxauth.client.TokenRequest in project oxAuth by GluuFederation.

the class ResponseTypesRestrictionEmbeddedTest method responseTypesCodeIdTokenStep3b.

@Parameters({ "tokenPath", "redirectUri" })
@Test(dependsOnMethods = { "responseTypesCodeIdTokenStep3a" })
public void responseTypesCodeIdTokenStep3b(final String tokenPath, final String redirectUri) throws Exception {
    Builder request = ResteasyClientBuilder.newClient().target(url.toString() + tokenPath).request();
    TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
    tokenRequest.setCode(authorizationCode2);
    tokenRequest.setRedirectUri(redirectUri);
    tokenRequest.setAuthUsername(clientId2);
    tokenRequest.setAuthPassword(clientSecret2);
    request.header("Authorization", "Basic " + tokenRequest.getEncodedCredentials());
    request.header("Content-Type", MediaType.APPLICATION_FORM_URLENCODED);
    Response response = request.post(Entity.form(new MultivaluedHashMap<String, String>(tokenRequest.getParameters())));
    String entity = response.readEntity(String.class);
    showResponse("responseTypesCodeIdTokenStep3b", response, entity);
    assertEquals(response.getStatus(), 200, "Unexpected response code.");
    assertTrue(response.getHeaderString("Cache-Control") != null && response.getHeaderString("Cache-Control").equals("no-store"), "Unexpected result: " + response.getHeaderString("Cache-Control"));
    assertTrue(response.getHeaderString("Pragma") != null && response.getHeaderString("Pragma").equals("no-cache"), "Unexpected result: " + response.getHeaderString("Pragma"));
    assertNotNull(entity, "Unexpected result: " + entity);
    try {
        JSONObject jsonObj = new JSONObject(entity);
        assertTrue(jsonObj.has("access_token"), "Unexpected result: access_token not found");
        assertTrue(jsonObj.has("token_type"), "Unexpected result: token_type not found");
        assertTrue(jsonObj.has("refresh_token"), "Unexpected result: refresh_token not found");
        assertTrue(jsonObj.has("id_token"));
    } catch (JSONException e) {
        e.printStackTrace();
        fail(e.getMessage() + "\nResponse was: " + entity);
    } catch (Exception e) {
        e.printStackTrace();
        fail(e.getMessage());
    }
}