Search in sources :

Example 46 with Claim

use of org.xdi.oxauth.client.model.authorize.Claim in project oxAuth by GluuFederation.

the class SupportRequestFile method requestFileMethod.

@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "sectorIdentifierUri", "requestFileBasePath", "requestFileBaseUrl" })
// This tests requires a place to publish a request object via HTTPS
@Test
public void requestFileMethod(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String sectorIdentifierUri, final String requestFileBasePath, final String requestFileBaseUrl) throws Exception {
    showTitle("OC5:FeatureTest-Support Request File");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setResponseTypes(responseTypes);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
    assertNotNull(registerResponse.getClientId());
    assertNotNull(registerResponse.getClientSecret());
    assertNotNull(registerResponse.getRegistrationAccessToken());
    assertNotNull(registerResponse.getClientIdIssuedAt());
    assertNotNull(registerResponse.getClientSecretExpiresAt());
    String clientId = registerResponse.getClientId();
    String clientSecret = registerResponse.getClientSecret();
    // 2. Writing a request object in a file
    List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
    String nonce = UUID.randomUUID().toString();
    String state = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    authorizationRequest.setState(state);
    try {
        OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider();
        JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, SignatureAlgorithm.HS256, clientSecret, cryptoProvider);
        jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NAME, ClaimValue.createNull()));
        jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NICKNAME, ClaimValue.createEssential(false)));
        jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull()));
        jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL_VERIFIED, ClaimValue.createNull()));
        jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.PICTURE, ClaimValue.createEssential(false)));
        jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createNull()));
        jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_CONTEXT_CLASS_REFERENCE, ClaimValue.createValueList(new String[] { "2" })));
        jwtAuthorizationRequest.getIdTokenMember().setMaxAge(86400);
        String authJwt = jwtAuthorizationRequest.getEncodedJwt();
        String hash = Base64Util.base64urlencode(JwtUtil.getMessageDigestSHA256(authJwt));
        String fileName = UUID.randomUUID().toString() + ".txt";
        String filePath = requestFileBasePath + File.separator + fileName;
        String fileUrl = requestFileBaseUrl + "/" + fileName + "#" + hash;
        FileWriter fw = new FileWriter(filePath);
        BufferedWriter bw = new BufferedWriter(fw);
        bw.write(authJwt);
        bw.close();
        fw.close();
        authorizationRequest.setRequestUri(fileUrl);
        System.out.println("Request JWT: " + authJwt);
        System.out.println("Request File Path: " + filePath);
        System.out.println("Request File URL: " + fileUrl);
    } catch (IOException e) {
        e.printStackTrace();
        fail(e.getMessage());
    } catch (NoSuchAlgorithmException e) {
        e.printStackTrace();
        fail(e.getMessage());
    } catch (NoSuchProviderException e) {
        e.printStackTrace();
        fail(e.getMessage());
    }
    // 3. Request authorization
    AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
    authorizeClient.setRequest(authorizationRequest);
    AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
    assertNotNull(authorizationResponse.getLocation());
    assertNotNull(authorizationResponse.getAccessToken());
    assertNotNull(authorizationResponse.getState());
}
Also used : JwtAuthorizationRequest(org.xdi.oxauth.client.model.authorize.JwtAuthorizationRequest) FileWriter(java.io.FileWriter) IOException(java.io.IOException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) ResponseType(org.xdi.oxauth.model.common.ResponseType) BufferedWriter(java.io.BufferedWriter) OxAuthCryptoProvider(org.xdi.oxauth.model.crypto.OxAuthCryptoProvider) JwtAuthorizationRequest(org.xdi.oxauth.client.model.authorize.JwtAuthorizationRequest) NoSuchProviderException(java.security.NoSuchProviderException) Claim(org.xdi.oxauth.client.model.authorize.Claim) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(org.xdi.oxauth.BaseTest)

Example 47 with Claim

use of org.xdi.oxauth.client.model.authorize.Claim in project oxAuth by GluuFederation.

the class CanRequestAndUseClaimsInIdToken method canRequestAndUseClaimsInIdToken.

@Parameters({ "redirectUris", "userId", "userSecret", "redirectUri", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
@Test
public void canRequestAndUseClaimsInIdToken(final String redirectUris, final String userId, final String userSecret, final String redirectUri, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
    showTitle("OC5:FeatureTest-Can Request and Use Claims in id token");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
    // 1. Registration
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setResponseTypes(responseTypes);
    registerRequest.setIdTokenSignedResponseAlg(SignatureAlgorithm.HS256);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
    assertNotNull(registerResponse.getClientId());
    assertNotNull(registerResponse.getClientSecret());
    assertNotNull(registerResponse.getRegistrationAccessToken());
    assertNotNull(registerResponse.getClientSecretExpiresAt());
    String clientId = registerResponse.getClientId();
    String clientSecret = registerResponse.getClientSecret();
    // 2. Request Authorization
    OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
    String nonce = UUID.randomUUID().toString();
    String state = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    authorizationRequest.setState(state);
    JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, SignatureAlgorithm.HS256, clientSecret, cryptoProvider);
    jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.NAME, ClaimValue.createEssential(true)));
    jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull()));
    String authJwt = jwtAuthorizationRequest.getEncodedJwt();
    authorizationRequest.setRequest(authJwt);
    AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
    assertNotNull(authorizationResponse.getLocation());
    assertNotNull(authorizationResponse.getIdToken());
    assertNotNull(authorizationResponse.getState());
    String idToken = authorizationResponse.getIdToken();
    // 3. Validate id_token
    Jwt jwt = Jwt.parse(idToken);
    assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.TYPE));
    assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUER));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUDIENCE));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ACCESS_TOKEN_HASH));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUTHENTICATION_TIME));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.NAME));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.EMAIL));
    HMACSigner hmacSigner = new HMACSigner(SignatureAlgorithm.HS256, clientSecret);
    assertTrue(hmacSigner.validate(jwt));
}
Also used : JwtAuthorizationRequest(org.xdi.oxauth.client.model.authorize.JwtAuthorizationRequest) Jwt(org.xdi.oxauth.model.jwt.Jwt) ResponseType(org.xdi.oxauth.model.common.ResponseType) OxAuthCryptoProvider(org.xdi.oxauth.model.crypto.OxAuthCryptoProvider) HMACSigner(org.xdi.oxauth.model.jws.HMACSigner) JwtAuthorizationRequest(org.xdi.oxauth.client.model.authorize.JwtAuthorizationRequest) Claim(org.xdi.oxauth.client.model.authorize.Claim) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(org.xdi.oxauth.BaseTest)

Example 48 with Claim

use of org.xdi.oxauth.client.model.authorize.Claim in project oxAuth by GluuFederation.

the class UserInfoRestWebServiceEmbeddedTest method requestUserInfoAdditionalClaims.

@Parameters({ "authorizePath", "userId", "userSecret", "redirectUri" })
@Test(dependsOnMethods = "dynamicClientRegistration")
public void requestUserInfoAdditionalClaims(final String authorizePath, final String userId, final String userSecret, final String redirectUri) throws Exception {
    final String state = UUID.randomUUID().toString();
    List<ResponseType> responseTypes = new ArrayList<ResponseType>();
    responseTypes.add(ResponseType.TOKEN);
    List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
    String nonce = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    authorizationRequest.setState(state);
    authorizationRequest.getPrompts().add(Prompt.NONE);
    authorizationRequest.setAuthUsername(userId);
    authorizationRequest.setAuthPassword(userSecret);
    OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider();
    JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, SignatureAlgorithm.HS256, clientSecret, cryptoProvider);
    jwtAuthorizationRequest.addUserInfoClaim(new Claim("invalid", ClaimValue.createEssential(false)));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim("iname", ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim("o", ClaimValue.createEssential(true)));
    String authJwt = jwtAuthorizationRequest.getEncodedJwt();
    authorizationRequest.setRequest(authJwt);
    System.out.println("Request JWT: " + authJwt);
    Builder request = ResteasyClientBuilder.newClient().target(url.toString() + authorizePath + "?" + authorizationRequest.getQueryString()).request();
    request.header("Authorization", "Basic " + authorizationRequest.getEncodedCredentials());
    request.header("Accept", MediaType.TEXT_PLAIN);
    Response response = request.get();
    String entity = response.readEntity(String.class);
    showResponse("requestUserInfoAdditionalClaims step 1", response, entity);
    assertEquals(response.getStatus(), 302, "Unexpected response code.");
    assertNotNull(response.getLocation(), "Unexpected result: " + response.getLocation());
    if (response.getLocation() != null) {
        try {
            URI uri = new URI(response.getLocation().toString());
            assertNotNull(uri.getFragment(), "Fragment is null");
            Map<String, String> params = QueryStringDecoder.decode(uri.getFragment());
            assertNotNull(params.get(AuthorizeResponseParam.ACCESS_TOKEN), "The access token is null");
            assertNotNull(params.get(AuthorizeResponseParam.TOKEN_TYPE), "The token type is null");
            assertNotNull(params.get(AuthorizeResponseParam.EXPIRES_IN), "The expires in value is null");
            assertNotNull(params.get(AuthorizeResponseParam.SCOPE), "The scope must be null");
            assertNull(params.get("refresh_token"), "The refresh_token must be null");
            assertNotNull(params.get(AuthorizeResponseParam.STATE), "The state is null");
            assertEquals(params.get(AuthorizeResponseParam.STATE), state);
            accessToken3 = params.get(AuthorizeResponseParam.ACCESS_TOKEN);
        } catch (URISyntaxException e) {
            e.printStackTrace();
            fail("Response URI is not well formed");
        } catch (Exception e) {
            e.printStackTrace();
            fail(e.getMessage());
        }
    }
}
Also used : AuthorizationRequest(org.xdi.oxauth.client.AuthorizationRequest) JwtAuthorizationRequest(org.xdi.oxauth.client.model.authorize.JwtAuthorizationRequest) Builder(javax.ws.rs.client.Invocation.Builder) ResteasyClientBuilder(org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder) ArrayList(java.util.ArrayList) URISyntaxException(java.net.URISyntaxException) REGISTRATION_CLIENT_URI(org.xdi.oxauth.model.register.RegisterResponseParam.REGISTRATION_CLIENT_URI) URI(java.net.URI) URISyntaxException(java.net.URISyntaxException) InvalidJwtException(org.xdi.oxauth.model.exception.InvalidJwtException) JSONException(org.codehaus.jettison.json.JSONException) ResponseType(org.xdi.oxauth.model.common.ResponseType) OxAuthCryptoProvider(org.xdi.oxauth.model.crypto.OxAuthCryptoProvider) RegisterResponse(org.xdi.oxauth.client.RegisterResponse) Response(javax.ws.rs.core.Response) JwtAuthorizationRequest(org.xdi.oxauth.client.model.authorize.JwtAuthorizationRequest) Claim(org.xdi.oxauth.client.model.authorize.Claim) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(org.xdi.oxauth.BaseTest)

Example 49 with Claim

use of org.xdi.oxauth.client.model.authorize.Claim in project oxAuth by GluuFederation.

the class OpenIDRequestObjectHttpTest method requestParameterMethodES256.

@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "clientJwksUri", "ES256_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
@Test
public void requestParameterMethodES256(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String jwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
    showTitle("requestParameterMethodES256");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
    // 1. Dynamic Client Registration
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setResponseTypes(responseTypes);
    registerRequest.setJwksUri(jwksUri);
    registerRequest.setRequestObjectSigningAlg(SignatureAlgorithm.ES256);
    registerRequest.addCustomAttribute("oxAuthTrustedClient", "true");
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse response = registerClient.exec();
    showClient(registerClient);
    assertEquals(response.getStatus(), 200, "Unexpected response code: " + response.getEntity());
    assertNotNull(response.getClientId());
    assertNotNull(response.getClientSecret());
    assertNotNull(response.getRegistrationAccessToken());
    assertNotNull(response.getClientSecretExpiresAt());
    String clientId = response.getClientId();
    // 2. Request authorization
    OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
    String nonce = UUID.randomUUID().toString();
    String state = UUID.randomUUID().toString();
    AuthorizationRequest request = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    request.setState(state);
    request.setAuthUsername(userId);
    request.setAuthPassword(userSecret);
    request.getPrompts().add(Prompt.NONE);
    JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(request, SignatureAlgorithm.ES256, cryptoProvider);
    jwtAuthorizationRequest.setKeyId(keyId);
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NAME, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NICKNAME, ClaimValue.createEssential(false)));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL_VERIFIED, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.PICTURE, ClaimValue.createEssential(false)));
    jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createNull()));
    jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_CONTEXT_CLASS_REFERENCE, ClaimValue.createValueList(new String[] { "2" })));
    jwtAuthorizationRequest.getIdTokenMember().setMaxAge(86400);
    String authJwt = jwtAuthorizationRequest.getEncodedJwt();
    request.setRequest(authJwt);
    AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
    authorizeClient.setRequest(request);
    AuthorizationResponse response1 = authorizeClient.exec();
    showClient(authorizeClient);
    assertEquals(response1.getStatus(), 302, "Unexpected response code: " + response1.getStatus());
    assertNotNull(response1.getLocation(), "The location is null");
    assertNotNull(response1.getAccessToken(), "The accessToken is null");
    assertNotNull(response1.getTokenType(), "The tokenType is null");
    assertNotNull(response1.getIdToken(), "The idToken is null");
    assertNotNull(response1.getState(), "The state is null");
    String accessToken = response1.getAccessToken();
    // 3. Request user info
    UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
    UserInfoResponse response3 = userInfoClient.execUserInfo(accessToken);
    showClient(userInfoClient);
    assertEquals(response3.getStatus(), 200, "Unexpected response code: " + response3.getStatus());
    assertNotNull(response3.getClaim(JwtClaimName.SUBJECT_IDENTIFIER));
    assertNotNull(response3.getClaim(JwtClaimName.NAME));
    assertNotNull(response3.getClaim(JwtClaimName.GIVEN_NAME));
    assertNotNull(response3.getClaim(JwtClaimName.FAMILY_NAME));
    assertNotNull(response3.getClaim(JwtClaimName.EMAIL));
    assertNotNull(response3.getClaim(JwtClaimName.ZONEINFO));
    assertNotNull(response3.getClaim(JwtClaimName.LOCALE));
    assertNotNull(response3.getClaim(JwtClaimName.ADDRESS));
}
Also used : JwtAuthorizationRequest(org.xdi.oxauth.client.model.authorize.JwtAuthorizationRequest) ResponseType(org.xdi.oxauth.model.common.ResponseType) OxAuthCryptoProvider(org.xdi.oxauth.model.crypto.OxAuthCryptoProvider) JwtAuthorizationRequest(org.xdi.oxauth.client.model.authorize.JwtAuthorizationRequest) Claim(org.xdi.oxauth.client.model.authorize.Claim) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(org.xdi.oxauth.BaseTest)

Example 50 with Claim

use of org.xdi.oxauth.client.model.authorize.Claim in project oxAuth by GluuFederation.

the class OpenIDRequestObjectHttpTest method requestParameterMethodAlgRSA15EncA256CBCPLUSHS512.

@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "sectorIdentifierUri" })
@Test
public void requestParameterMethodAlgRSA15EncA256CBCPLUSHS512(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String sectorIdentifierUri) {
    try {
        showTitle("requestParameterMethodAlgRSA15EncA256CBCPLUSHS512");
        List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
        // 1. Dynamic Client Registration
        RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
        registerRequest.setResponseTypes(responseTypes);
        registerRequest.addCustomAttribute("oxAuthTrustedClient", "true");
        registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
        RegisterClient registerClient = new RegisterClient(registrationEndpoint);
        registerClient.setRequest(registerRequest);
        RegisterResponse response = registerClient.exec();
        showClient(registerClient);
        assertEquals(response.getStatus(), 200, "Unexpected response code: " + response.getEntity());
        assertNotNull(response.getClientId());
        assertNotNull(response.getClientSecret());
        assertNotNull(response.getRegistrationAccessToken());
        assertNotNull(response.getClientSecretExpiresAt());
        String clientId = response.getClientId();
        // 2. Choose encryption key
        JwkClient jwkClient = new JwkClient(jwksUri);
        JwkResponse jwkResponse = jwkClient.exec();
        String keyId = jwkResponse.getKeyId(SignatureAlgorithm.RS256);
        assertNotNull(keyId);
        // 3. Request authorization
        JSONObject jwks = JwtUtil.getJSONWebKeys(jwksUri);
        OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider();
        List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
        String nonce = UUID.randomUUID().toString();
        String state = UUID.randomUUID().toString();
        AuthorizationRequest request = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
        request.setState(state);
        request.setAuthUsername(userId);
        request.setAuthPassword(userSecret);
        request.getPrompts().add(Prompt.NONE);
        JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(request, KeyEncryptionAlgorithm.RSA1_5, BlockEncryptionAlgorithm.A256CBC_PLUS_HS512, cryptoProvider);
        jwtAuthorizationRequest.setKeyId(keyId);
        jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NAME, ClaimValue.createNull()));
        jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NICKNAME, ClaimValue.createEssential(false)));
        jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull()));
        jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL_VERIFIED, ClaimValue.createNull()));
        jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.PICTURE, ClaimValue.createEssential(false)));
        jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createNull()));
        jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_CONTEXT_CLASS_REFERENCE, ClaimValue.createValueList(new String[] { "2" })));
        jwtAuthorizationRequest.getIdTokenMember().setMaxAge(86400);
        String authJwt = jwtAuthorizationRequest.getEncodedJwt(jwks);
        request.setRequest(authJwt);
        AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
        authorizeClient.setRequest(request);
        AuthorizationResponse response1 = authorizeClient.exec();
        showClient(authorizeClient);
        assertEquals(response1.getStatus(), 302, "Unexpected response code: " + response1.getStatus());
        assertNotNull(response1.getLocation(), "The location is null");
        assertNotNull(response1.getAccessToken(), "The accessToken is null");
        assertNotNull(response1.getTokenType(), "The tokenType is null");
        assertNotNull(response1.getIdToken(), "The idToken is null");
        assertNotNull(response1.getState(), "The state is null");
        String accessToken = response1.getAccessToken();
        // 4. Request user info
        UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
        UserInfoResponse response3 = userInfoClient.execUserInfo(accessToken);
        showClient(userInfoClient);
        assertEquals(response3.getStatus(), 200, "Unexpected response code: " + response3.getStatus());
        assertNotNull(response3.getClaim(JwtClaimName.SUBJECT_IDENTIFIER));
        assertNotNull(response3.getClaim(JwtClaimName.NAME));
        assertNotNull(response3.getClaim(JwtClaimName.GIVEN_NAME));
        assertNotNull(response3.getClaim(JwtClaimName.FAMILY_NAME));
        assertNotNull(response3.getClaim(JwtClaimName.EMAIL));
        assertNotNull(response3.getClaim(JwtClaimName.ZONEINFO));
        assertNotNull(response3.getClaim(JwtClaimName.LOCALE));
        assertNotNull(response3.getClaim(JwtClaimName.ADDRESS));
    } catch (Exception e) {
        fail(e.getMessage(), e);
    }
}
Also used : JwtAuthorizationRequest(org.xdi.oxauth.client.model.authorize.JwtAuthorizationRequest) IOException(java.io.IOException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) NoSuchProviderException(java.security.NoSuchProviderException) ResponseType(org.xdi.oxauth.model.common.ResponseType) OxAuthCryptoProvider(org.xdi.oxauth.model.crypto.OxAuthCryptoProvider) JSONObject(org.codehaus.jettison.json.JSONObject) JwtAuthorizationRequest(org.xdi.oxauth.client.model.authorize.JwtAuthorizationRequest) Claim(org.xdi.oxauth.client.model.authorize.Claim) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(org.xdi.oxauth.BaseTest)

Aggregations

Claim (org.xdi.oxauth.client.model.authorize.Claim)81 JwtAuthorizationRequest (org.xdi.oxauth.client.model.authorize.JwtAuthorizationRequest)81 Parameters (org.testng.annotations.Parameters)80 Test (org.testng.annotations.Test)80 BaseTest (org.xdi.oxauth.BaseTest)80 ResponseType (org.xdi.oxauth.model.common.ResponseType)80 OxAuthCryptoProvider (org.xdi.oxauth.model.crypto.OxAuthCryptoProvider)79 AuthorizationRequest (org.xdi.oxauth.client.AuthorizationRequest)40 URI (java.net.URI)39 URISyntaxException (java.net.URISyntaxException)39 Builder (javax.ws.rs.client.Invocation.Builder)39 Response (javax.ws.rs.core.Response)39 ResteasyClientBuilder (org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder)39 REGISTRATION_CLIENT_URI (org.xdi.oxauth.model.register.RegisterResponseParam.REGISTRATION_CLIENT_URI)39 JSONException (org.codehaus.jettison.json.JSONException)36 RegisterResponse (org.xdi.oxauth.client.RegisterResponse)13 IOException (java.io.IOException)12 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)11 NoSuchProviderException (java.security.NoSuchProviderException)11 Jwt (org.xdi.oxauth.model.jwt.Jwt)9