Examples with JwtAuthorizationRequest org.xdi.oxauth.client.model.authorize.JwtAuthorizationRequest used on opensource projects

Search in sources :

Example 81 with JwtAuthorizationRequest

use of org.xdi.oxauth.client.model.authorize.JwtAuthorizationRequest in project oxAuth by GluuFederation.

the class OpenIDRequestObjectEmbeddedTest method requestParameterMethodFail2.

@Parameters({ "authorizePath", "userId", "userSecret", "redirectUri" })
@Test(dependsOnMethods = "dynamicClientRegistration")
public void requestParameterMethodFail2(final String authorizePath, final String userId, final String userSecret, final String redirectUri) throws Exception {
    final String state = UUID.randomUUID().toString();
    Builder request = null;
    try {
        List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
        List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
        String nonce = UUID.randomUUID().toString();
        AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
        authorizationRequest.setState(state);
        authorizationRequest.setAuthUsername(userId);
        authorizationRequest.setAuthPassword(userSecret);
        OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider();
        JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, SignatureAlgorithm.HS256, clientSecret, cryptoProvider);
        jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NAME, ClaimValue.createNull()));
        jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NICKNAME, ClaimValue.createEssential(false)));
        jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull()));
        jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL_VERIFIED, ClaimValue.createNull()));
        jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.PICTURE, ClaimValue.createEssential(false)));
        jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createNull()));
        jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_CONTEXT_CLASS_REFERENCE, ClaimValue.createValueList(new String[] { "2" })));
        jwtAuthorizationRequest.getIdTokenMember().setMaxAge(86400);
        String authJwt = jwtAuthorizationRequest.getEncodedJwt();
        authorizationRequest.setRequest(authJwt + "INVALID_SIGNATURE");
        System.out.println("Request JWT: " + authJwt);
        request = ResteasyClientBuilder.newClient().target(url.toString() + authorizePath + "?" + authorizationRequest.getQueryString()).request();
        request.header("Authorization", "Basic " + authorizationRequest.getEncodedCredentials());
        request.header("Accept", MediaType.TEXT_PLAIN);
    } catch (Exception e) {
        fail(e.getMessage(), e);
    }
    Response response = request.get();
    String entity = response.readEntity(String.class);
    showResponse("requestParameterMethodFail2 (Invalid OpenID Request Object, due to invalid signature)", response, entity);
    assertEquals(response.getStatus(), 302, "Unexpected response code.");
    assertNotNull(response.getLocation(), "Unexpected result: " + response.getLocation());
    if (response.getLocation() != null) {
        try {
            URI uri = new URI(response.getLocation().toString());
            assertNotNull(uri.getFragment(), "Fragment is null");
            Map<String, String> params = QueryStringDecoder.decode(uri.getFragment());
            assertNotNull(params.get("error"), "The error value is null");
            assertNotNull(params.get("error_description"), "The errorDescription value is null");
            assertNotNull(params.get(AuthorizeResponseParam.STATE), "The state is null");
            assertEquals(params.get(AuthorizeResponseParam.STATE), state);
        } catch (URISyntaxException e) {
            e.printStackTrace();
            fail("Response URI is not well formed");
        }
    }
}
Also used : AuthorizationRequest(org.xdi.oxauth.client.AuthorizationRequest) JwtAuthorizationRequest(org.xdi.oxauth.client.model.authorize.JwtAuthorizationRequest) Builder(javax.ws.rs.client.Invocation.Builder) ResteasyClientBuilder(org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder) URISyntaxException(java.net.URISyntaxException) REGISTRATION_CLIENT_URI(org.xdi.oxauth.model.register.RegisterResponseParam.REGISTRATION_CLIENT_URI) URI(java.net.URI) URISyntaxException(java.net.URISyntaxException) JSONException(org.codehaus.jettison.json.JSONException) ResponseType(org.xdi.oxauth.model.common.ResponseType) OxAuthCryptoProvider(org.xdi.oxauth.model.crypto.OxAuthCryptoProvider) RegisterResponse(org.xdi.oxauth.client.RegisterResponse) Response(javax.ws.rs.core.Response) JwtAuthorizationRequest(org.xdi.oxauth.client.model.authorize.JwtAuthorizationRequest) Claim(org.xdi.oxauth.client.model.authorize.Claim) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(org.xdi.oxauth.BaseTest)

Example 82 with JwtAuthorizationRequest

use of org.xdi.oxauth.client.model.authorize.JwtAuthorizationRequest in project oxAuth by GluuFederation.

the class UserInfoRestWebServiceHttpTest method requestUserInfoAdditionalClaims.

@Parameters({ "userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri" })
@Test
public void requestUserInfoAdditionalClaims(final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri) throws Exception {
    showTitle("requestUserInfoAdditionalClaims");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN);
    RegisterResponse registerResponse = registerClient(redirectUris, responseTypes, sectorIdentifierUri);
    String clientId = registerResponse.getClientId();
    String clientSecret = registerResponse.getClientSecret();
    // 2. Request authorization
    OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider();
    List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
    String nonce = UUID.randomUUID().toString();
    String state = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    authorizationRequest.setState(state);
    JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, SignatureAlgorithm.HS256, clientSecret, cryptoProvider);
    jwtAuthorizationRequest.addUserInfoClaim(new Claim("invalid", ClaimValue.createEssential(false)));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim("iname", ClaimValue.createNull()));
    //jwtAuthorizationRequest.addUserInfoClaim(new Claim("gluuStatus", ClaimValue.createEssential(true)));
    //jwtAuthorizationRequest.addUserInfoClaim(new Claim("gluuWhitePagesListed", ClaimValue.createEssential(true)));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim("o", ClaimValue.createEssential(true)));
    String authJwt = jwtAuthorizationRequest.getEncodedJwt();
    authorizationRequest.setRequest(authJwt);
    AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
    assertNotNull(authorizationResponse.getLocation(), "The location is null");
    assertNotNull(authorizationResponse.getAccessToken(), "The access token is null");
    assertNotNull(authorizationResponse.getState(), "The state is null");
    assertNotNull(authorizationResponse.getTokenType(), "The token type is null");
    assertNotNull(authorizationResponse.getExpiresIn(), "The expires in value is null");
    assertNotNull(authorizationResponse.getScope(), "The scope must be null");
    String accessToken = authorizationResponse.getAccessToken();
    // 3. Request user info (AUTHORIZATION_REQUEST_HEADER_FIELD)
    UserInfoRequest userInfoRequest = new UserInfoRequest(accessToken);
    userInfoRequest.setAuthorizationMethod(AuthorizationMethod.AUTHORIZATION_REQUEST_HEADER_FIELD);
    UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
    userInfoClient.setRequest(userInfoRequest);
    UserInfoResponse userInfoResponse = userInfoClient.exec();
    showClient(userInfoClient);
    assertEquals(userInfoResponse.getStatus(), 200, "Unexpected response code: " + userInfoResponse.getStatus());
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.SUBJECT_IDENTIFIER));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.NAME));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.GIVEN_NAME));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.FAMILY_NAME));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.EMAIL));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.ZONEINFO));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.LOCALE));
    // Custom Claims
    assertNotNull(userInfoResponse.getClaim("iname"), "Unexpected result: iname not found");
    //assertNotNull(response2.getClaim("gluuStatus"), "Unexpected result: gluuStatus not found");
    //assertNotNull(response2.getClaim("gluuWhitePagesListed"), "Unexpected result: gluuWhitePagesListed not found");
    assertNotNull(userInfoResponse.getClaim("o"), "Unexpected result: organization not found");
    // 4. Request user info (FORM_ENCODED_BODY_PARAMETER)
    UserInfoRequest userInfoRequest2 = new UserInfoRequest(accessToken);
    userInfoRequest2.setAuthorizationMethod(AuthorizationMethod.FORM_ENCODED_BODY_PARAMETER);
    UserInfoClient userInfoClient2 = new UserInfoClient(userInfoEndpoint);
    userInfoClient2.setRequest(userInfoRequest2);
    UserInfoResponse response3 = userInfoClient2.exec();
    showClient(userInfoClient2);
    assertEquals(response3.getStatus(), 200, "Unexpected response code: " + response3.getStatus());
    assertNotNull(response3.getClaim(JwtClaimName.SUBJECT_IDENTIFIER));
    assertNotNull(response3.getClaim(JwtClaimName.NAME));
    assertNotNull(response3.getClaim(JwtClaimName.GIVEN_NAME));
    assertNotNull(response3.getClaim(JwtClaimName.FAMILY_NAME));
    assertNotNull(response3.getClaim(JwtClaimName.EMAIL));
    assertNotNull(response3.getClaim(JwtClaimName.ZONEINFO));
    assertNotNull(response3.getClaim(JwtClaimName.LOCALE));
    // 5. Request user info (URL_QUERY_PARAMETER)
    UserInfoRequest userInfoRequest3 = new UserInfoRequest(accessToken);
    userInfoRequest3.setAuthorizationMethod(AuthorizationMethod.URL_QUERY_PARAMETER);
    UserInfoClient userInfoClient3 = new UserInfoClient(userInfoEndpoint);
    userInfoClient3.setRequest(userInfoRequest3);
    UserInfoResponse response4 = userInfoClient3.exec();
    showClient(userInfoClient3);
    assertEquals(response4.getStatus(), 200, "Unexpected response code: " + response4.getStatus());
    assertNotNull(response4.getClaim(JwtClaimName.SUBJECT_IDENTIFIER));
    assertNotNull(response4.getClaim(JwtClaimName.NAME));
    assertNotNull(response4.getClaim(JwtClaimName.GIVEN_NAME));
    assertNotNull(response4.getClaim(JwtClaimName.FAMILY_NAME));
    assertNotNull(response4.getClaim(JwtClaimName.EMAIL));
    assertNotNull(response4.getClaim(JwtClaimName.ZONEINFO));
    assertNotNull(response4.getClaim(JwtClaimName.LOCALE));
}
Also used : JwtAuthorizationRequest(org.xdi.oxauth.client.model.authorize.JwtAuthorizationRequest) ResponseType(org.xdi.oxauth.model.common.ResponseType) OxAuthCryptoProvider(org.xdi.oxauth.model.crypto.OxAuthCryptoProvider) JwtAuthorizationRequest(org.xdi.oxauth.client.model.authorize.JwtAuthorizationRequest) Claim(org.xdi.oxauth.client.model.authorize.Claim) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(org.xdi.oxauth.BaseTest)

Example 83 with JwtAuthorizationRequest

use of org.xdi.oxauth.client.model.authorize.JwtAuthorizationRequest in project oxAuth by GluuFederation.

the class AuthorizationAction method exec.

public void exec() {
    try {
        AuthorizationRequest req = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
        req.setState(state);
        req.setRequestUri(requestUri);
        req.setMaxAge(maxAge);
        req.setUiLocales(StringUtils.spaceSeparatedToList(uiLocales));
        req.setClaimsLocales(StringUtils.spaceSeparatedToList(claimsLocales));
        req.setIdTokenHint(idTokenHint);
        req.setLoginHint(loginHint);
        req.setAcrValues(StringUtils.spaceSeparatedToList(acrValues));
        if (org.apache.commons.lang.StringUtils.isNotBlank(claims)) {
            req.setClaims(new JSONObject(claims));
        }
        req.setRegistration(registration);
        req.setDisplay(display);
        req.getPrompts().addAll(prompt);
        if (useOpenIdRequestObject) {
            JwtAuthorizationRequest jwtAuthorizationRequest = null;
            if (isJWSSelected()) {
                if (isKeyIdRequired()) {
                    OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, null);
                    jwtAuthorizationRequest = new JwtAuthorizationRequest(req, requestObjectSigningAlg, cryptoProvider);
                    jwtAuthorizationRequest.setKeyId(keyId);
                } else {
                    OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider();
                    jwtAuthorizationRequest = new JwtAuthorizationRequest(req, requestObjectSigningAlg, clientSecret, cryptoProvider);
                }
                req.setRequest(jwtAuthorizationRequest.getEncodedJwt());
            } else {
                if (isKeyIdRequired()) {
                    JSONObject jwks = JwtUtil.getJSONWebKeys(jwksUri);
                    OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider();
                    jwtAuthorizationRequest = new JwtAuthorizationRequest(req, requestObjectEncryptionAlg, requestObjectEncryptionEnc, cryptoProvider);
                    jwtAuthorizationRequest.setKeyId(keyId);
                    req.setRequest(jwtAuthorizationRequest.getEncodedJwt(jwks));
                } else {
                    jwtAuthorizationRequest = new JwtAuthorizationRequest(req, requestObjectEncryptionAlg, requestObjectEncryptionEnc, clientSecret);
                    req.setRequest(jwtAuthorizationRequest.getEncodedJwt());
                }
            }
        }
        String authorizationRequest = authorizationEndpoint + "?" + req.getQueryString();
        FacesContext.getCurrentInstance().getExternalContext().redirect(authorizationRequest);
    } catch (Exception e) {
        log.error(e.getMessage(), e);
    }
}
Also used : OxAuthCryptoProvider(org.xdi.oxauth.model.crypto.OxAuthCryptoProvider) AuthorizationRequest(org.xdi.oxauth.client.AuthorizationRequest) JwtAuthorizationRequest(org.xdi.oxauth.client.model.authorize.JwtAuthorizationRequest) JSONObject(org.codehaus.jettison.json.JSONObject) JwtAuthorizationRequest(org.xdi.oxauth.client.model.authorize.JwtAuthorizationRequest)

Example 84 with JwtAuthorizationRequest

use of org.xdi.oxauth.client.model.authorize.JwtAuthorizationRequest in project oxAuth by GluuFederation.

the class AuthorizationAction method getOpenIdRequestObject.

public String getOpenIdRequestObject() {
    openIdRequestObject = "";
    try {
        if (useOpenIdRequestObject) {
            AuthorizationRequest req = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
            req.setState(state);
            req.setRequestUri(requestUri);
            req.setMaxAge(maxAge);
            req.setUiLocales(StringUtils.spaceSeparatedToList(uiLocales));
            req.setClaimsLocales(StringUtils.spaceSeparatedToList(claimsLocales));
            req.setIdTokenHint(idTokenHint);
            req.setLoginHint(loginHint);
            req.setAcrValues(StringUtils.spaceSeparatedToList(acrValues));
            req.setRegistration(registration);
            req.setDisplay(display);
            req.getPrompts().addAll(prompt);
            OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider();
            JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(req, SignatureAlgorithm.NONE, (String) null, cryptoProvider);
            jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NAME, ClaimValue.createNull()));
            jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NICKNAME, ClaimValue.createEssential(false)));
            jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull()));
            jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL_VERIFIED, ClaimValue.createNull()));
            jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.PICTURE, ClaimValue.createEssential(false)));
            jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createNull()));
            jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_CONTEXT_CLASS_REFERENCE, ClaimValue.createValueList(new String[] { "2" })));
            jwtAuthorizationRequest.getIdTokenMember().setMaxAge(86400);
            openIdRequestObject = jwtAuthorizationRequest.getDecodedJwt();
        }
    } catch (Exception e) {
        log.error(e.getMessage(), e);
    }
    return openIdRequestObject;
}
Also used : OxAuthCryptoProvider(org.xdi.oxauth.model.crypto.OxAuthCryptoProvider) AuthorizationRequest(org.xdi.oxauth.client.AuthorizationRequest) JwtAuthorizationRequest(org.xdi.oxauth.client.model.authorize.JwtAuthorizationRequest) JwtAuthorizationRequest(org.xdi.oxauth.client.model.authorize.JwtAuthorizationRequest) Claim(org.xdi.oxauth.client.model.authorize.Claim)

Aggregations

JwtAuthorizationRequest (org.xdi.oxauth.client.model.authorize.JwtAuthorizationRequest)84 Parameters (org.testng.annotations.Parameters)82 Test (org.testng.annotations.Test)82 BaseTest (org.xdi.oxauth.BaseTest)82 ResponseType (org.xdi.oxauth.model.common.ResponseType)82 OxAuthCryptoProvider (org.xdi.oxauth.model.crypto.OxAuthCryptoProvider)82 Claim (org.xdi.oxauth.client.model.authorize.Claim)81 AuthorizationRequest (org.xdi.oxauth.client.AuthorizationRequest)41 URI (java.net.URI)39 URISyntaxException (java.net.URISyntaxException)39 Builder (javax.ws.rs.client.Invocation.Builder)39 Response (javax.ws.rs.core.Response)39 ResteasyClientBuilder (org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder)39 REGISTRATION_CLIENT_URI (org.xdi.oxauth.model.register.RegisterResponseParam.REGISTRATION_CLIENT_URI)39 JSONException (org.codehaus.jettison.json.JSONException)36 RegisterResponse (org.xdi.oxauth.client.RegisterResponse)13 IOException (java.io.IOException)12 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)11 NoSuchProviderException (java.security.NoSuchProviderException)11 Jwt (org.xdi.oxauth.model.jwt.Jwt)10
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial