Java Code Examples for org.gluu.oxauth.client.TokenRequest#setAuthPassword()
The following examples show how to use
org.gluu.oxauth.client.TokenRequest#setAuthPassword() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: TokenRestWebServiceEmbeddedTest.java From oxAuth with MIT License | 6 votes |
@Parameters({"tokenPath", "userId", "userSecret", "audience"}) @Test public void requestAccessTokenWithClientSecretJwtFail(final String tokenPath, final String userId, final String userSecret, final String audience) throws Exception { Builder request = ResteasyClientBuilder.newClient().target(url.toString() + tokenPath).request(); request.header("Content-Type", MediaType.APPLICATION_FORM_URLENCODED); TokenRequest tokenRequest = new TokenRequest(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS); tokenRequest.setUsername(userId); tokenRequest.setPassword(userSecret); tokenRequest.setScope("email read_stream manage_pages"); tokenRequest.setAuthPassword("INVALID_SECRET"); tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_JWT); tokenRequest.setAudience(audience); Response response = request .post(Entity.form(new MultivaluedHashMap<String, String>(tokenRequest.getParameters()))); String entity = response.readEntity(String.class); showResponse("requestAccessTokenWithClientSecretJwt Fail", response, entity); assertEquals(response.getStatus(), 401, "Unexpected response code."); assertNotNull(entity, "Unexpected result: " + entity); try { JSONObject jsonObj = new JSONObject(entity); assertTrue(jsonObj.has("error"), "The error type is null"); assertTrue(jsonObj.has("error_description"), "The error description is null"); } catch (JSONException e) { e.printStackTrace(); fail(e.getMessage() + "\nResponse was: " + entity); } }
Example 2
Source File: TokenEndpointAuthMethodRestrictionEmbeddedTest.java From oxAuth with MIT License | 5 votes |
/** * Fail 1: Call to Token Endpoint with Auth Method * <code>client_secret_basic</code> should fail. */ @Parameters({"tokenPath", "userId", "userSecret"}) @Test(dependsOnMethods = "tokenEndpointAuthMethodClientSecretJwtStep2") public void tokenEndpointAuthMethodClientSecretJwtFail1(final String tokenPath, final String userId, final String userSecret) throws Exception { Builder request = ResteasyClientBuilder.newClient().target(url.toString() + tokenPath).request(); TokenRequest tokenRequest = new TokenRequest(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS); tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_BASIC); tokenRequest.setUsername(userId); tokenRequest.setPassword(userSecret); tokenRequest.setScope("email read_stream manage_pages"); tokenRequest.setAuthUsername(clientId4); tokenRequest.setAuthPassword(clientSecret4); request.header("Authorization", "Basic " + tokenRequest.getEncodedCredentials()); request.header("Content-Type", MediaType.APPLICATION_FORM_URLENCODED); Response response = request .post(Entity.form(new MultivaluedHashMap<String, String>(tokenRequest.getParameters()))); String entity = response.readEntity(String.class); showResponse("tokenEndpointAuthMethodClientSecretJwtFail1", response, entity); assertEquals(response.getStatus(), 401, "Unexpected response code."); assertNotNull(entity, "Unexpected result: " + entity); try { JSONObject jsonObj = new JSONObject(entity); assertTrue(jsonObj.has("error"), "The error type is null"); assertTrue(jsonObj.has("error_description"), "The error description is null"); } catch (JSONException e) { e.printStackTrace(); fail(e.getMessage() + "\nResponse was: " + entity); } }
Example 3
Source File: TokenEndpointAuthMethodRestrictionEmbeddedTest.java From oxAuth with MIT License | 5 votes |
/** * Fail 1: Call to Token Endpoint with Auth Method * <code>client_secret_basic</code> should fail. */ @Parameters({"tokenPath", "userId", "userSecret"}) @Test(dependsOnMethods = "tokenEndpointAuthMethodPrivateKeyJwtStep2") public void tokenEndpointAuthMethodPrivateKeyJwtFail1(final String tokenPath, final String userId, final String userSecret) throws Exception { Builder request = ResteasyClientBuilder.newClient().target(url.toString() + tokenPath).request(); TokenRequest tokenRequest = new TokenRequest(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS); tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_BASIC); tokenRequest.setUsername(userId); tokenRequest.setPassword(userSecret); tokenRequest.setScope("email read_stream manage_pages"); tokenRequest.setAuthUsername(clientId5); tokenRequest.setAuthPassword(clientSecret5); request.header("Authorization", "Basic " + tokenRequest.getEncodedCredentials()); request.header("Content-Type", MediaType.APPLICATION_FORM_URLENCODED); Response response = request .post(Entity.form(new MultivaluedHashMap<String, String>(tokenRequest.getParameters()))); String entity = response.readEntity(String.class); showResponse("tokenEndpointAuthMethodPrivateKeyJwtFail1", response, entity); assertEquals(response.getStatus(), 401, "Unexpected response code."); assertNotNull(entity, "Unexpected result: " + entity); try { JSONObject jsonObj = new JSONObject(entity); assertTrue(jsonObj.has("error"), "The error type is null"); assertTrue(jsonObj.has("error_description"), "The error description is null"); } catch (JSONException e) { e.printStackTrace(); fail(e.getMessage() + "\nResponse was: " + entity); } }
Example 4
Source File: TokenEndpointAuthMethodRestrictionEmbeddedTest.java From oxAuth with MIT License | 5 votes |
/** * Fail 1: Call to Token Endpoint with Auth Method * <code>client_secret_basic</code> should fail. */ @Parameters({"tokenPath", "userId", "userSecret"}) @Test(dependsOnMethods = "tokenEndpointAuthMethodClientSecretPostStep2") public void tokenEndpointAuthMethodClientSecretPostFail1(final String tokenPath, final String userId, final String userSecret) throws Exception { Builder request = ResteasyClientBuilder.newClient().target(url.toString() + tokenPath).request(); TokenRequest tokenRequest = new TokenRequest(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS); tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_BASIC); tokenRequest.setUsername(userId); tokenRequest.setPassword(userSecret); tokenRequest.setScope("email read_stream manage_pages"); tokenRequest.setAuthUsername(clientId3); tokenRequest.setAuthPassword(clientSecret3); request.header("Authorization", "Basic " + tokenRequest.getEncodedCredentials()); request.header("Content-Type", MediaType.APPLICATION_FORM_URLENCODED); Response response = request .post(Entity.form(new MultivaluedHashMap<String, String>(tokenRequest.getParameters()))); String entity = response.readEntity(String.class); showResponse("tokenEndpointAuthMethodClientSecretPostFail1", response, entity); assertEquals(response.getStatus(), 401, "Unexpected response code."); assertNotNull(entity, "Unexpected result: " + entity); try { JSONObject jsonObj = new JSONObject(entity); assertTrue(jsonObj.has("error"), "The error type is null"); assertTrue(jsonObj.has("error_description"), "The error description is null"); } catch (JSONException e) { e.printStackTrace(); fail(e.getMessage() + "\nResponse was: " + entity); } }
Example 5
Source File: TokenEndpointAuthMethodRestrictionEmbeddedTest.java From oxAuth with MIT License | 5 votes |
/** * Fail 2: Call to Token Endpoint with Auth Method * <code>client_secret_jwt</code> should fail. */ @Parameters({"tokenPath", "audience", "userId", "userSecret"}) @Test(dependsOnMethods = "tokenEndpointAuthMethodClientSecretBasicStep2") public void tokenEndpointAuthMethodClientSecretBasicFail2(final String tokenPath, final String audience, final String userId, final String userSecret) throws Exception { Builder request = ResteasyClientBuilder.newClient().target(url.toString() + tokenPath).request(); TokenRequest tokenRequest = new TokenRequest(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS); tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_JWT); tokenRequest.setAudience(audience); tokenRequest.setUsername(userId); tokenRequest.setPassword(userSecret); tokenRequest.setScope("email read_stream manage_pages"); tokenRequest.setAuthUsername(clientId2); tokenRequest.setAuthPassword(clientSecret2); request.header("Content-Type", MediaType.APPLICATION_FORM_URLENCODED); Response response = request .post(Entity.form(new MultivaluedHashMap<String, String>(tokenRequest.getParameters()))); String entity = response.readEntity(String.class); showResponse("tokenEndpointAuthMethodClientSecretBasicFail2", response, entity); assertEquals(response.getStatus(), 401, "Unexpected response code."); assertNotNull(entity, "Unexpected result: " + entity); try { JSONObject jsonObj = new JSONObject(entity); assertTrue(jsonObj.has("error"), "The error type is null"); assertTrue(jsonObj.has("error_description"), "The error description is null"); } catch (JSONException e) { e.printStackTrace(); fail(e.getMessage() + "\nResponse was: " + entity); } }
Example 6
Source File: TokenEndpointAuthMethodRestrictionEmbeddedTest.java From oxAuth with MIT License | 5 votes |
/** * Fail 3: Call to Token Endpoint with Auth Method * <code>client_secret_jwt</code> should fail. */ @Parameters({"tokenPath", "audience", "userId", "userSecret"}) @Test(dependsOnMethods = "tokenEndpointAuthMethodPrivateKeyJwtStep2") public void tokenEndpointAuthMethodPrivateKeyJwtFail3(final String tokenPath, final String audience, final String userId, final String userSecret) throws Exception { Builder request = ResteasyClientBuilder.newClient().target(url.toString() + tokenPath).request(); TokenRequest tokenRequest = new TokenRequest(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS); tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_JWT); tokenRequest.setAudience(audience); tokenRequest.setUsername(userId); tokenRequest.setPassword(userSecret); tokenRequest.setScope("email read_stream manage_pages"); tokenRequest.setAuthUsername(clientId5); tokenRequest.setAuthPassword(clientSecret5); Response response = request .post(Entity.form(new MultivaluedHashMap<String, String>(tokenRequest.getParameters()))); String entity = response.readEntity(String.class); showResponse("tokenEndpointAuthMethodPrivateKeyJwtFail3", response, entity); assertEquals(response.getStatus(), 401, "Unexpected response code."); assertNotNull(entity, "Unexpected result: " + entity); try { JSONObject jsonObj = new JSONObject(entity); assertTrue(jsonObj.has("error"), "The error type is null"); assertTrue(jsonObj.has("error_description"), "The error description is null"); } catch (JSONException e) { e.printStackTrace(); fail(e.getMessage() + "\nResponse was: " + entity); } }
Example 7
Source File: TokenRestWebServiceEmbeddedTest.java From oxAuth with MIT License | 5 votes |
@Parameters({"tokenPath"}) @Test(dependsOnMethods = "dynamicClientRegistration") public void refreshingAccessTokenFail(final String tokenPath) throws Exception { Builder request = ResteasyClientBuilder.newClient().target(url.toString() + tokenPath).request(); TokenRequest tokenRequest = new TokenRequest(GrantType.REFRESH_TOKEN); tokenRequest.setRefreshToken("tGzv3JOkF0XG5Qx2TlKWIA"); tokenRequest.setScope("email read_stream manage_pages"); tokenRequest.setAuthUsername(clientId); tokenRequest.setAuthPassword(clientSecret); request.header("Authorization", "Basic " + tokenRequest.getEncodedCredentials()); request.header("Content-Type", MediaType.APPLICATION_FORM_URLENCODED); Response response = request .post(Entity.form(new MultivaluedHashMap<String, String>(tokenRequest.getParameters()))); String entity = response.readEntity(String.class); showResponse("refreshingAccessTokenFail", response, entity); assertEquals(response.getStatus(), 400, "Unexpected response code."); assertNotNull(entity, "Unexpected result: " + entity); try { JSONObject jsonObj = new JSONObject(entity); assertTrue(jsonObj.has("error"), "The error type is null"); assertTrue(jsonObj.has("error_description"), "The error description is null"); } catch (JSONException e) { e.printStackTrace(); fail(e.getMessage() + "\nResponse was: " + entity); } }
Example 8
Source File: TokenEndpointAuthMethodRestrictionEmbeddedTest.java From oxAuth with MIT License | 5 votes |
/** * Fail 2: Call to Token Endpoint with Auth Method * <code>client_secret_post</code> should fail. */ @Parameters({"tokenPath", "userId", "userSecret"}) @Test(dependsOnMethods = "tokenEndpointAuthMethodPrivateKeyJwtStep2") public void tokenEndpointAuthMethodPrivateKeyJwtFail2(final String tokenPath, final String userId, final String userSecret) throws Exception { Builder request = ResteasyClientBuilder.newClient().target(url.toString() + tokenPath).request(); TokenRequest tokenRequest = new TokenRequest(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS); tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_POST); tokenRequest.setUsername(userId); tokenRequest.setPassword(userSecret); tokenRequest.setScope("email read_stream manage_pages"); tokenRequest.setAuthUsername(clientId5); tokenRequest.setAuthPassword(clientSecret5); request.header("Content-Type", MediaType.APPLICATION_FORM_URLENCODED); Response response = request .post(Entity.form(new MultivaluedHashMap<String, String>(tokenRequest.getParameters()))); String entity = response.readEntity(String.class); showResponse("tokenEndpointAuthMethodPrivateKeyJwtFail2", response, entity); assertEquals(response.getStatus(), 401, "Unexpected response code."); assertNotNull(entity, "Unexpected result: " + entity); try { JSONObject jsonObj = new JSONObject(entity); assertTrue(jsonObj.has("error"), "The error type is null"); assertTrue(jsonObj.has("error_description"), "The error description is null"); } catch (JSONException e) { e.printStackTrace(); fail(e.getMessage() + "\nResponse was: " + entity); } }
Example 9
Source File: TokenRestWebServiceEmbeddedTest.java From oxAuth with MIT License | 5 votes |
@Parameters({"tokenPath", "redirectUri"}) @Test(dependsOnMethods = "dynamicClientRegistration") public void requestAccessToken(final String tokenPath, final String redirectUri) throws Exception { Builder request = ResteasyClientBuilder.newClient().target(url.toString() + tokenPath).request(); TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE); tokenRequest.setCode("6f6f3f01-a034-4336-bf31-2e74868e5838"); tokenRequest.setRedirectUri(redirectUri); tokenRequest.setAuthUsername(clientId); tokenRequest.setAuthPassword(clientSecret); request.header("Authorization", "Basic " + tokenRequest.getEncodedCredentials()); request.header("Content-Type", MediaType.APPLICATION_FORM_URLENCODED); Response response = request .post(Entity.form(new MultivaluedHashMap<String, String>(tokenRequest.getParameters()))); String entity = response.readEntity(String.class); showResponse("requestAccessToken", response, entity); assertEquals(response.getStatus(), 400, "Unexpected response code."); assertNotNull(entity, "Unexpected result: " + entity); try { JSONObject jsonObj = new JSONObject(entity); assertTrue(jsonObj.has("error"), "The error type is null"); assertTrue(jsonObj.has("error_description"), "The error description is null"); } catch (JSONException e) { e.printStackTrace(); fail(e.getMessage() + "\nResponse was: " + entity); } }
Example 10
Source File: TokenRestWebServiceWithESAlgEmbeddedTest.java From oxAuth with MIT License | 4 votes |
@Parameters({"tokenPath", "userId", "userSecret", "audience", "ES256_keyId", "keyStoreFile", "keyStoreSecret"}) @Test(dependsOnMethods = "requestAccessTokenWithClientSecretJwtES256Step1") public void requestAccessTokenWithClientSecretJwtES256Step2(final String tokenPath, final String userId, final String userSecret, final String audience, final String keyId, final String keyStoreFile, final String keyStoreSecret) throws Exception { Builder request = ResteasyClientBuilder.newClient().target(url.toString() + tokenPath).request(); request.header("Content-Type", MediaType.APPLICATION_FORM_URLENCODED); OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, null); TokenRequest tokenRequest = new TokenRequest(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS); tokenRequest.setUsername(userId); tokenRequest.setPassword(userSecret); tokenRequest.setScope("email read_stream manage_pages"); tokenRequest.setAuthUsername(clientId1); tokenRequest.setAuthPassword(clientSecret1); tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_JWT); tokenRequest.setAlgorithm(SignatureAlgorithm.ES256); tokenRequest.setKeyId(keyId); tokenRequest.setCryptoProvider(cryptoProvider); tokenRequest.setAudience(audience); Response response = request .post(Entity.form(new MultivaluedHashMap<String, String>(tokenRequest.getParameters()))); String entity = response.readEntity(String.class); showResponse("requestAccessTokenWithClientSecretJwtES256Step2", response, entity); assertEquals(response.getStatus(), 200, "Unexpected response code."); assertTrue( response.getHeaderString("Cache-Control") != null && response.getHeaderString("Cache-Control").equals("no-store"), "Unexpected result: " + response.getHeaderString("Cache-Control")); assertTrue(response.getHeaderString("Pragma") != null && response.getHeaderString("Pragma").equals("no-cache"), "Unexpected result: " + response.getHeaderString("Pragma")); assertNotNull(entity, "Unexpected result: " + entity); try { JSONObject jsonObj = new JSONObject(entity); assertTrue(jsonObj.has("access_token"), "Unexpected result: access_token not found"); assertTrue(jsonObj.has("token_type"), "Unexpected result: token_type not found"); assertTrue(jsonObj.has("scope"), "Unexpected result: scope not found"); } catch (JSONException e) { e.printStackTrace(); fail(e.getMessage() + "\nResponse was: " + entity); } }
Example 11
Source File: TokenRestWebServiceEmbeddedTest.java From oxAuth with MIT License | 4 votes |
@Parameters({"tokenPath", "userId", "userSecret"}) @Test(dependsOnMethods = "dynamicClientRegistration") public void requestAccessTokenPassword(final String tokenPath, final String userId, final String userSecret) throws Exception { // Testing with valid parameters Builder request = ResteasyClientBuilder.newClient().target(url.toString() + tokenPath).request(); TokenRequest tokenRequest = new TokenRequest(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS); tokenRequest.setUsername(userId); tokenRequest.setPassword(userSecret); tokenRequest.setScope("email read_stream manage_pages"); tokenRequest.setAuthUsername(clientId); tokenRequest.setAuthPassword(clientSecret); request.header("Authorization", "Basic " + tokenRequest.getEncodedCredentials()); request.header("Content-Type", MediaType.APPLICATION_FORM_URLENCODED); Response response = request .post(Entity.form(new MultivaluedHashMap<String, String>(tokenRequest.getParameters()))); String entity = response.readEntity(String.class); showResponse("requestAccessTokenPassword", response, entity); assertEquals(response.getStatus(), 200, "Unexpected response code."); assertTrue( response.getHeaderString("Cache-Control") != null && response.getHeaderString("Cache-Control").equals("no-store"), "Unexpected result: " + response.getHeaderString("Cache-Control")); assertTrue(response.getHeaderString("Pragma") != null && response.getHeaderString("Pragma").equals("no-cache"), "Unexpected result: " + response.getHeaderString("Pragma")); assertNotNull(entity, "Unexpected result: " + entity); try { JSONObject jsonObj = new JSONObject(entity); assertTrue(jsonObj.has("access_token"), "Unexpected result: access_token not found"); assertTrue(jsonObj.has("token_type"), "Unexpected result: token_type not found"); assertTrue(jsonObj.has("refresh_token"), "Unexpected result: refresh_token not found"); assertTrue(jsonObj.has("scope"), "Unexpected result: scope not found"); } catch (JSONException e) { e.printStackTrace(); fail(e.getMessage() + "\nResponse was: " + entity); } }
Example 12
Source File: TokenRestWebServiceWithRSAlgEmbeddedTest.java From oxAuth with MIT License | 4 votes |
@Parameters({"tokenPath", "userId", "userSecret", "audience", "RS384_keyId", "keyStoreFile", "keyStoreSecret"}) @Test(dependsOnMethods = "requestAccessTokenWithClientSecretJwtRS384Step1") public void requestAccessTokenWithClientSecretJwtRS384Step2(final String tokenPath, final String userId, final String userSecret, final String audience, final String keyId, final String keyStoreFile, final String keyStoreSecret) throws Exception { Builder request = ResteasyClientBuilder.newClient().target(url.toString() + tokenPath).request(); request.header("Content-Type", MediaType.APPLICATION_FORM_URLENCODED); OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, null); TokenRequest tokenRequest = new TokenRequest(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS); tokenRequest.setUsername(userId); tokenRequest.setPassword(userSecret); tokenRequest.setScope("email read_stream manage_pages"); tokenRequest.setAuthUsername(clientId2); tokenRequest.setAuthPassword(clientSecret2); tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_JWT); tokenRequest.setAlgorithm(SignatureAlgorithm.RS384); tokenRequest.setKeyId(keyId); tokenRequest.setCryptoProvider(cryptoProvider); tokenRequest.setAudience(audience); Response response = request .post(Entity.form(new MultivaluedHashMap<String, String>(tokenRequest.getParameters()))); String entity = response.readEntity(String.class); showResponse("requestAccessTokenWithClientSecretJwtRS384Step2", response, entity); assertEquals(response.getStatus(), 200, "Unexpected response code."); assertTrue( response.getHeaderString("Cache-Control") != null && response.getHeaderString("Cache-Control").equals("no-store"), "Unexpected result: " + response.getHeaderString("Cache-Control")); assertTrue(response.getHeaderString("Pragma") != null && response.getHeaderString("Pragma").equals("no-cache"), "Unexpected result: " + response.getHeaderString("Pragma")); assertNotNull(entity, "Unexpected result: " + entity); try { JSONObject jsonObj = new JSONObject(entity); assertTrue(jsonObj.has("access_token"), "Unexpected result: access_token not found"); assertTrue(jsonObj.has("token_type"), "Unexpected result: token_type not found"); assertTrue(jsonObj.has("scope"), "Unexpected result: scope not found"); } catch (JSONException e) { e.printStackTrace(); fail(e.getMessage() + "\nResponse was: " + entity); } }
Example 13
Source File: TokenEndpointAuthMethodRestrictionEmbeddedTest.java From oxAuth with MIT License | 4 votes |
/** * Fail 3: Call to Token Endpoint with Auth Method * <code>private_key_jwt</code> should fail. */ @Parameters({"tokenPath", "userId", "userSecret", "audience", "RS256_keyId", "keyStoreFile", "keyStoreSecret"}) @Test(dependsOnMethods = "tokenEndpointAuthMethodClientSecretJwtStep2") public void tokenEndpointAuthMethodClientSecretJwtFail3(final String tokenPath, final String userId, final String userSecret, final String audience, final String keyId, final String keyStoreFile, final String keyStoreSecret) throws Exception { Builder request = ResteasyClientBuilder.newClient().target(url.toString() + tokenPath).request(); OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, null); TokenRequest tokenRequest = new TokenRequest(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS); tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT); tokenRequest.setAlgorithm(SignatureAlgorithm.RS256); tokenRequest.setKeyId(keyId); tokenRequest.setCryptoProvider(cryptoProvider); tokenRequest.setAudience(audience); tokenRequest.setUsername(userId); tokenRequest.setPassword(userSecret); tokenRequest.setScope("email read_stream manage_pages"); tokenRequest.setAuthUsername(clientId4); tokenRequest.setAuthPassword(clientSecret4); request.header("Content-Type", MediaType.APPLICATION_FORM_URLENCODED); Response response = request .post(Entity.form(new MultivaluedHashMap<String, String>(tokenRequest.getParameters()))); String entity = response.readEntity(String.class); showResponse("tokenEndpointAuthMethodClientSecretJwtFail3", response, entity); assertEquals(response.getStatus(), 401, "Unexpected response code."); assertNotNull(entity, "Unexpected result: " + entity); try { JSONObject jsonObj = new JSONObject(entity); assertTrue(jsonObj.has("error"), "The error type is null"); assertTrue(jsonObj.has("error_description"), "The error description is null"); } catch (JSONException e) { e.printStackTrace(); fail(e.getMessage() + "\nResponse was: " + entity); } }
Example 14
Source File: TokenRestWebServiceWithHSAlgEmbeddedTest.java From oxAuth with MIT License | 4 votes |
@Parameters({"tokenPath", "userId", "userSecret", "audience"}) @Test(dependsOnMethods = "requestAccessTokenWithClientSecretJwtHS384Step1") public void requestAccessTokenWithClientSecretJwtHS384Step2(final String tokenPath, final String userId, final String userSecret, final String audience) throws Exception { Builder request = ResteasyClientBuilder.newClient().target(url.toString() + tokenPath).request(); request.header("Content-Type", MediaType.APPLICATION_FORM_URLENCODED); OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(); TokenRequest tokenRequest = new TokenRequest(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS); tokenRequest.setUsername(userId); tokenRequest.setPassword(userSecret); tokenRequest.setScope("email read_stream manage_pages"); tokenRequest.setAuthUsername(clientId2); tokenRequest.setAuthPassword(clientSecret2); tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_JWT); tokenRequest.setCryptoProvider(cryptoProvider); tokenRequest.setAlgorithm(SignatureAlgorithm.HS384); tokenRequest.setAudience(audience); Response response = request .post(Entity.form(new MultivaluedHashMap<String, String>(tokenRequest.getParameters()))); String entity = response.readEntity(String.class); showResponse("requestAccessTokenWithClientSecretJwtHS384Step2", response, entity); assertEquals(response.getStatus(), 200, "Unexpected response code."); assertTrue( response.getHeaderString("Cache-Control") != null && response.getHeaderString("Cache-Control").equals("no-store"), "Unexpected result: " + response.getHeaderString("Cache-Control")); assertTrue(response.getHeaderString("Pragma") != null && response.getHeaderString("Pragma").equals("no-cache"), "Unexpected result: " + response.getHeaderString("Pragma")); assertNotNull(entity, "Unexpected result: " + entity); try { JSONObject jsonObj = new JSONObject(entity); assertTrue(jsonObj.has("access_token"), "Unexpected result: access_token not found"); assertTrue(jsonObj.has("token_type"), "Unexpected result: token_type not found"); assertTrue(jsonObj.has("scope"), "Unexpected result: scope not found"); } catch (Exception e) { fail(e.getMessage(), e); } }
Example 15
Source File: TokenRestWebServiceWithHSAlgEmbeddedTest.java From oxAuth with MIT License | 4 votes |
@Parameters({"tokenPath", "userId", "userSecret", "audience"}) @Test(dependsOnMethods = "requestAccessTokenWithClientSecretJwtHS256Step1") public void requestAccessTokenWithClientSecretJwtHS256Step2(final String tokenPath, final String userId, final String userSecret, final String audience) throws Exception { Builder request = ResteasyClientBuilder.newClient().target(url.toString() + tokenPath).request(); request.header("Content-Type", MediaType.APPLICATION_FORM_URLENCODED); OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(); TokenRequest tokenRequest = new TokenRequest(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS); tokenRequest.setUsername(userId); tokenRequest.setPassword(userSecret); tokenRequest.setScope("email read_stream manage_pages"); tokenRequest.setAuthUsername(clientId1); tokenRequest.setAuthPassword(clientSecret1); tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_JWT); tokenRequest.setCryptoProvider(cryptoProvider); tokenRequest.setAudience(audience); Response response = request .post(Entity.form(new MultivaluedHashMap<String, String>(tokenRequest.getParameters()))); String entity = response.readEntity(String.class); showResponse("requestAccessTokenWithClientSecretJwtHS256Step2", response, entity); assertEquals(response.getStatus(), 200, "Unexpected response code."); assertTrue( response.getHeaderString("Cache-Control") != null && response.getHeaderString("Cache-Control").equals("no-store"), "Unexpected result: " + response.getHeaderString("Cache-Control")); assertTrue(response.getHeaderString("Pragma") != null && response.getHeaderString("Pragma").equals("no-cache"), "Unexpected result: " + response.getHeaderString("Pragma")); assertNotNull(entity, "Unexpected result: " + entity); try { JSONObject jsonObj = new JSONObject(entity); assertTrue(jsonObj.has("access_token"), "Unexpected result: access_token not found"); assertTrue(jsonObj.has("token_type"), "Unexpected result: token_type not found"); assertTrue(jsonObj.has("scope"), "Unexpected result: scope not found"); } catch (Exception e) { fail(e.getMessage(), e); } }
Example 16
Source File: TokenEndpointAuthMethodRestrictionEmbeddedTest.java From oxAuth with MIT License | 4 votes |
/** * Fail 3: Call to Token Endpoint with Auth Method * <code>private_key_jwt</code> should fail. */ @Parameters({"tokenPath", "userId", "userSecret", "audience", "RS256_keyId", "keyStoreFile", "keyStoreSecret"}) @Test(dependsOnMethods = "tokenEndpointAuthMethodClientSecretBasicStep2") public void tokenEndpointAuthMethodClientSecretBasicFail3(final String tokenPath, final String userId, final String userSecret, final String audience, final String keyId, final String keyStoreFile, final String keyStoreSecret) throws Exception { Builder request = ResteasyClientBuilder.newClient().target(url.toString() + tokenPath).request(); OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, null); TokenRequest tokenRequest = new TokenRequest(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS); tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT); tokenRequest.setAlgorithm(SignatureAlgorithm.RS256); tokenRequest.setKeyId(keyId); tokenRequest.setCryptoProvider(cryptoProvider); tokenRequest.setAudience(audience); tokenRequest.setUsername(userId); tokenRequest.setPassword(userSecret); tokenRequest.setScope("email read_stream manage_pages"); tokenRequest.setAuthUsername(clientId2); tokenRequest.setAuthPassword(clientSecret2); request.header("Content-Type", MediaType.APPLICATION_FORM_URLENCODED); Response response = request .post(Entity.form(new MultivaluedHashMap<String, String>(tokenRequest.getParameters()))); String entity = response.readEntity(String.class); showResponse("tokenEndpointAuthMethodClientSecretBasicFail3", response, entity); assertEquals(response.getStatus(), 401, "Unexpected response code."); assertNotNull(entity, "Unexpected result: " + entity); try { JSONObject jsonObj = new JSONObject(entity); assertTrue(jsonObj.has("error"), "The error type is null"); assertTrue(jsonObj.has("error_description"), "The error description is null"); } catch (JSONException e) { e.printStackTrace(); fail(e.getMessage() + "\nResponse was: " + entity); } }
Example 17
Source File: ObtainAccessTokenLoadTest.java From oxAuth with MIT License | 4 votes |
@Parameters({"userId", "userSecret", "redirectUris"}) @Test(invocationCount = 1000, threadPoolSize = 100) public void obtainAccessToken(final String userId, final String userSecret, String redirectUris) throws Exception { showTitle("requestClientAssociate1"); redirectUris = "https://client.example.com/cb"; final List<ResponseType> responseTypes = new ArrayList<ResponseType>(); responseTypes.add(ResponseType.CODE); responseTypes.add(ResponseType.ID_TOKEN); RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setResponseTypes(responseTypes); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse response = registerClient.exec(); showClient(registerClient); assertEquals(response.getStatus(), 200, "Unexpected response code: " + response.getEntity()); assertNotNull(response.getClientId()); assertNotNull(response.getClientSecret()); assertNotNull(response.getRegistrationAccessToken()); assertNotNull(response.getClientSecretExpiresAt()); final String clientId = response.getClientId(); final String clientSecret = response.getClientSecret(); // 1. Request authorization and receive the authorization code. final List<String> scopes = Arrays.asList("openid", "profile", "address", "email"); final AuthorizationRequest request = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUris, null); request.setState("af0ifjsldkj"); request.setAuthUsername(userId); request.setAuthPassword(userSecret); request.getPrompts().add(Prompt.NONE); final AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint); authorizeClient.setRequest(request); final AuthorizationResponse response1 = authorizeClient.exec(); ClientUtils.showClient(authorizeClient); final String scope = response1.getScope(); final String authorizationCode = response1.getCode(); assertTrue(Util.allNotBlank(authorizationCode)); // 2. Request access token using the authorization code. final TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE); tokenRequest.setCode(authorizationCode); tokenRequest.setRedirectUri(redirectUris); tokenRequest.setAuthUsername(clientId); tokenRequest.setAuthPassword(clientSecret); tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_BASIC); tokenRequest.setScope(scope); final TokenClient tokenClient1 = new TokenClient(tokenEndpoint); tokenClient1.setRequest(tokenRequest); final TokenResponse response2 = tokenClient1.exec(); ClientUtils.showClient(authorizeClient); assertTrue(response2.getStatus() == 200); final String patToken = response2.getAccessToken(); final String patRefreshToken = response2.getRefreshToken(); assertTrue(Util.allNotBlank(patToken, patRefreshToken)); }
Example 18
Source File: TokenRestWebServiceWithRSAlgEmbeddedTest.java From oxAuth with MIT License | 4 votes |
@Parameters({"tokenPath", "userId", "userSecret", "audience", "RS256_keyId", "keyStoreFile", "keyStoreSecret"}) @Test(dependsOnMethods = "requestAccessTokenWithClientSecretJwtRS256X509CertStep1") public void requestAccessTokenWithClientSecretJwtRS256X509CertStep2(final String tokenPath, final String userId, final String userSecret, final String audience, final String keyId, final String keyStoreFile, final String keyStoreSecret) throws Exception { Builder request = ResteasyClientBuilder.newClient().target(url.toString() + tokenPath).request(); request.header("Content-Type", MediaType.APPLICATION_FORM_URLENCODED); OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, null); TokenRequest tokenRequest = new TokenRequest(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS); tokenRequest.setUsername(userId); tokenRequest.setPassword(userSecret); tokenRequest.setScope("email read_stream manage_pages"); tokenRequest.setAuthUsername(clientId4); tokenRequest.setAuthPassword(clientSecret4); tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_JWT); tokenRequest.setAlgorithm(SignatureAlgorithm.RS256); tokenRequest.setKeyId(keyId); tokenRequest.setCryptoProvider(cryptoProvider); tokenRequest.setAudience(audience); Response response = request .post(Entity.form(new MultivaluedHashMap<String, String>(tokenRequest.getParameters()))); String entity = response.readEntity(String.class); showResponse("requestAccessTokenWithClientSecretJwtRS256X509CertStep2", response, entity); assertEquals(response.getStatus(), 200, "Unexpected response code."); assertTrue( response.getHeaderString("Cache-Control") != null && response.getHeaderString("Cache-Control").equals("no-store"), "Unexpected result: " + response.getHeaderString("Cache-Control")); assertTrue(response.getHeaderString("Pragma") != null && response.getHeaderString("Pragma").equals("no-cache"), "Unexpected result: " + response.getHeaderString("Pragma")); assertNotNull(entity, "Unexpected result: " + entity); try { JSONObject jsonObj = new JSONObject(entity); assertTrue(jsonObj.has("access_token"), "Unexpected result: access_token not found"); assertTrue(jsonObj.has("token_type"), "Unexpected result: token_type not found"); assertTrue(jsonObj.has("scope"), "Unexpected result: scope not found"); } catch (JSONException e) { e.printStackTrace(); fail(e.getMessage() + "\nResponse was: " + entity); } }
Example 19
Source File: TokenEndpointAuthMethodRestrictionEmbeddedTest.java From oxAuth with MIT License | 4 votes |
/** * Fail 3: Call to Token Endpoint with Auth Method * <code>private_key_jwt</code> should fail. */ @Parameters({"tokenPath", "userId", "userSecret", "audience", "RS256_keyId", "keyStoreFile", "keyStoreSecret"}) @Test(dependsOnMethods = "tokenEndpointAuthMethodClientSecretPostStep2") public void tokenEndpointAuthMethodClientSecretPostFail3(final String tokenPath, final String userId, final String userSecret, final String audience, final String keyId, final String keyStoreFile, final String keyStoreSecret) throws Exception { Builder request = ResteasyClientBuilder.newClient().target(url.toString() + tokenPath).request(); OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, null); TokenRequest tokenRequest = new TokenRequest(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS); tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT); tokenRequest.setAlgorithm(SignatureAlgorithm.RS256); tokenRequest.setKeyId(keyId); tokenRequest.setCryptoProvider(cryptoProvider); tokenRequest.setAudience(audience); tokenRequest.setUsername(userId); tokenRequest.setPassword(userSecret); tokenRequest.setScope("email read_stream manage_pages"); tokenRequest.setAuthUsername(clientId3); tokenRequest.setAuthPassword(clientSecret3); request.header("Content-Type", MediaType.APPLICATION_FORM_URLENCODED); Response response = request .post(Entity.form(new MultivaluedHashMap<String, String>(tokenRequest.getParameters()))); String entity = response.readEntity(String.class); showResponse("tokenEndpointAuthMethodClientSecretPostFail3", response, entity); assertEquals(response.getStatus(), 401, "Unexpected response code."); assertNotNull(entity, "Unexpected result: " + entity); try { JSONObject jsonObj = new JSONObject(entity); assertTrue(jsonObj.has("error"), "The error type is null"); assertTrue(jsonObj.has("error_description"), "The error description is null"); } catch (JSONException e) { e.printStackTrace(); fail(e.getMessage() + "\nResponse was: " + entity); } }
Example 20
Source File: TokenRestWebServiceWithRSAlgEmbeddedTest.java From oxAuth with MIT License | 4 votes |
@Parameters({"tokenPath", "userId", "userSecret", "audience", "RS384_keyId", "keyStoreFile", "keyStoreSecret"}) @Test(dependsOnMethods = "requestAccessTokenWithClientSecretJwtRS384X509CertStep1") public void requestAccessTokenWithClientSecretJwtRS384X509CertStep2(final String tokenPath, final String userId, final String userSecret, final String audience, final String keyId, final String keyStoreFile, final String keyStoreSecret) throws Exception { Builder request = ResteasyClientBuilder.newClient().target(url.toString() + tokenPath).request(); request.header("Content-Type", MediaType.APPLICATION_FORM_URLENCODED); OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, null); TokenRequest tokenRequest = new TokenRequest(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS); tokenRequest.setUsername(userId); tokenRequest.setPassword(userSecret); tokenRequest.setScope("email read_stream manage_pages"); tokenRequest.setAuthUsername(clientId5); tokenRequest.setAuthPassword(clientSecret5); tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_JWT); tokenRequest.setAlgorithm(SignatureAlgorithm.RS384); tokenRequest.setKeyId(keyId); tokenRequest.setCryptoProvider(cryptoProvider); tokenRequest.setAudience(audience); Response response = request .post(Entity.form(new MultivaluedHashMap<String, String>(tokenRequest.getParameters()))); String entity = response.readEntity(String.class); showResponse("requestAccessTokenWithClientSecretJwtRS384X509CertStep2", response, entity); assertEquals(response.getStatus(), 200, "Unexpected response code."); assertTrue( response.getHeaderString("Cache-Control") != null && response.getHeaderString("Cache-Control").equals("no-store"), "Unexpected result: " + response.getHeaderString("Cache-Control")); assertTrue(response.getHeaderString("Pragma") != null && response.getHeaderString("Pragma").equals("no-cache"), "Unexpected result: " + response.getHeaderString("Pragma")); assertNotNull(entity, "Unexpected result: " + entity); try { JSONObject jsonObj = new JSONObject(entity); assertTrue(jsonObj.has("access_token"), "Unexpected result: access_token not found"); assertTrue(jsonObj.has("token_type"), "Unexpected result: token_type not found"); assertTrue(jsonObj.has("scope"), "Unexpected result: scope not found"); } catch (JSONException e) { e.printStackTrace(); fail(e.getMessage() + "\nResponse was: " + entity); } }