org.gluu.oxauth.model.jwt.JwtClaimName Java Examples
The following examples show how to use
org.gluu.oxauth.model.jwt.JwtClaimName.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: TokenBindingHttpTest.java From oxAuth with MIT License | 6 votes |
@Parameters({"userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri"}) @Test public void tokenBindingWithImplicitFlow(final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri) throws Exception { showTitle("tokenBindingWithImplicitFlow"); List<ResponseType> responseTypes = Arrays.asList( ResponseType.TOKEN, ResponseType.ID_TOKEN ); List<GrantType> grantTypes = Arrays.asList( GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS ); // 1. Register client RegisterResponse registerResponse = registerClient(redirectUri, responseTypes, grantTypes, sectorIdentifierUri); String clientId = registerResponse.getClientId(); // 2. Request authorization AuthorizationResponse authorizationResponse = requestAuthorization(userId, userSecret, redirectUri, responseTypes, clientId); Jwt jwt = Jwt.parse(authorizationResponse.getIdToken()); Assert.assertEquals(EXPECTED_ID_HASH, jwt.getClaims().getClaimAsJSON(JwtClaimName.CNF).optString(JwtClaimName.TOKEN_BINDING_HASH)); }
Example #2
Source File: IdTokenFactory.java From oxAuth with MIT License | 6 votes |
private void setAmrClaim(JsonWebResponse jwt, String acrValues) { List<String> amrList = Lists.newArrayList(); CustomScriptConfiguration script = externalAuthenticationService.getCustomScriptConfigurationByName(acrValues); if (script != null) { amrList.add(Integer.toString(script.getLevel())); PersonAuthenticationType externalAuthenticator = (PersonAuthenticationType) script.getExternalType(); int apiVersion = externalAuthenticator.getApiVersion(); if (apiVersion > 3) { Map<String, String> authenticationMethodClaimsOrNull = externalAuthenticator.getAuthenticationMethodClaims(script.getConfigurationAttributes()); if (authenticationMethodClaimsOrNull != null) { for (String key : authenticationMethodClaimsOrNull.keySet()) { amrList.add(key + ":" + authenticationMethodClaimsOrNull.get(key)); } } } } jwt.getClaims().setClaim(JwtClaimName.AUTHENTICATION_METHOD_REFERENCES, amrList); }
Example #3
Source File: AuthorizationAction.java From oxAuth with MIT License | 5 votes |
public String getOpenIdRequestObject() { openIdRequestObject = ""; try { if (useOpenIdRequestObject) { AuthorizationRequest req = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce); req.setState(state); req.setRequestUri(requestUri); req.setMaxAge(maxAge); req.setUiLocales(StringUtils.spaceSeparatedToList(uiLocales)); req.setClaimsLocales(StringUtils.spaceSeparatedToList(claimsLocales)); req.setIdTokenHint(idTokenHint); req.setLoginHint(loginHint); req.setAcrValues(StringUtils.spaceSeparatedToList(acrValues)); req.setRegistration(registration); req.setDisplay(display); req.getPrompts().addAll(prompt); OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(); JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest( req, SignatureAlgorithm.NONE, (String) null, cryptoProvider); jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NAME, ClaimValue.createNull())); jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NICKNAME, ClaimValue.createEssential(false))); jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull())); jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL_VERIFIED, ClaimValue.createNull())); jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.PICTURE, ClaimValue.createEssential(false))); jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createNull())); jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_CONTEXT_CLASS_REFERENCE, ClaimValue.createValueList(new String[]{"basic"}))); jwtAuthorizationRequest.getIdTokenMember().setMaxAge(86400); openIdRequestObject = jwtAuthorizationRequest.getDecodedJwt(); } } catch (Exception e) { log.error(e.getMessage(), e); } return openIdRequestObject; }
Example #4
Source File: Authenticator.java From oxAuth with MIT License | 5 votes |
private void initCustomAuthenticatorVariables(Map<String, String> sessionIdAttributes) { if (sessionIdAttributes == null) { logger.error("Failed to restore attributes from session attributes"); return; } this.authStep = StringHelper.toInteger(sessionIdAttributes.get("auth_step"), null); this.authAcr = sessionIdAttributes.get(JwtClaimName.AUTHENTICATION_CONTEXT_CLASS_REFERENCE); }
Example #5
Source File: SessionIdService.java From oxAuth with MIT License | 5 votes |
public String getAcr(SessionId session) { if (session == null) { return null; } String acr = session.getSessionAttributes().get(JwtClaimName.AUTHENTICATION_CONTEXT_CLASS_REFERENCE); if (StringUtils.isBlank(acr)) { acr = session.getSessionAttributes().get("acr_values"); } return acr; }
Example #6
Source File: AccessTokenAsJwtHttpTest.java From oxAuth with MIT License | 5 votes |
/** * Test for the complete Authorization Code Flow. */ @Parameters({"userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri"}) @Test public void accessTokenAsJwt( final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri) throws Exception { showTitle("accessTokenAsJwt"); List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE, ResponseType.ID_TOKEN, ResponseType.TOKEN); List<String> scopes = Arrays.asList("openid", "profile", "address", "email", "phone", "user_name"); RegisterResponse registerResponse = registerClient(redirectUri, responseTypes, scopes); String clientId = registerResponse.getClientId(); // Request authorization and receive the authorization code. String nonce = UUID.randomUUID().toString(); AuthorizationResponse authorizationResponse = requestAuthorization(userId, userSecret, redirectUri, responseTypes, scopes, clientId, nonce); String accessToken = authorizationResponse.getAccessToken(); // Validate access token as jwt Jwt jwt = Jwt.parse(accessToken); assertEquals(clientId, jwt.getClaims().getClaimAsString(JwtClaimName.AUDIENCE)); assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.TYPE)); assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM)); assertNotNull(jwt.getClaims().getClaimAsString("scope")); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUER)); }
Example #7
Source File: SelectAccountHttpTest.java From oxAuth with MIT License | 5 votes |
private void assertIdToken(String idToken) throws InvalidJwtException { Jwt jwt = Jwt.parse(idToken); assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.TYPE)); assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUER)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUDIENCE)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT)); }
Example #8
Source File: OpenIDRequestObjectHttpTest.java From oxAuth with MIT License | 4 votes |
@Parameters({"userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri"}) @Test public void requestParameterMethodFail2( final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri) { try { showTitle("requestParameterMethodFail2"); List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN); // 1. Dynamic Client Registration RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setResponseTypes(responseTypes); registerRequest.addCustomAttribute("oxAuthTrustedClient", "true"); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse registerResponse = registerClient.exec(); showClient(registerClient); assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getClientId()); assertNotNull(registerResponse.getClientSecret()); assertNotNull(registerResponse.getRegistrationAccessToken()); assertNotNull(registerResponse.getClientSecretExpiresAt()); String clientId = registerResponse.getClientId(); String clientSecret = registerResponse.getClientSecret(); // 2. Authorization Request OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(); List<String> scopes = Arrays.asList("openid", "profile", "address", "email"); String nonce = UUID.randomUUID().toString(); String state = UUID.randomUUID().toString(); AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce); authorizationRequest.setState(state); authorizationRequest.setAuthUsername(userId); authorizationRequest.setAuthPassword(userSecret); JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, SignatureAlgorithm.HS256, clientSecret, cryptoProvider); jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NAME, ClaimValue.createNull())); jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NICKNAME, ClaimValue.createEssential(false))); jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull())); jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL_VERIFIED, ClaimValue.createNull())); jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.PICTURE, ClaimValue.createEssential(false))); jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createNull())); jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_CONTEXT_CLASS_REFERENCE, ClaimValue.createValueList(new String[]{ACR_VALUE}))); jwtAuthorizationRequest.getIdTokenMember().setMaxAge(86400); String authJwt = jwtAuthorizationRequest.getEncodedJwt(); authorizationRequest.setRequest(authJwt + "INVALID_KEY"); AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint); authorizeClient.setRequest(authorizationRequest); AuthorizationResponse response = authorizeClient.exec(); showClient(authorizeClient); assertEquals(response.getStatus(), 302, "Unexpected response code: " + response.getStatus()); assertNotNull(response.getLocation(), "The location is null"); assertNotNull(response.getErrorType(), "The error type is null"); assertNotNull(response.getErrorDescription(), "The error description is null"); assertNotNull(response.getState(), "The state is null"); } catch (Exception e) { fail(e.getMessage(), e); } }
Example #9
Source File: OpenIDRequestObjectHttpTest.java From oxAuth with MIT License | 4 votes |
@Parameters({"userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri"}) @Test public void requestParameterMethod5( final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri) throws Exception { showTitle("requestParameterMethod5"); List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN); // 1. Register client RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setResponseTypes(responseTypes); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse registerResponse = registerClient.exec(); showClient(registerClient); assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getClientId()); assertNotNull(registerResponse.getClientSecret()); assertNotNull(registerResponse.getRegistrationAccessToken()); assertNotNull(registerResponse.getClientIdIssuedAt()); assertNotNull(registerResponse.getClientSecretExpiresAt()); String clientId = registerResponse.getClientId(); String clientSecret = registerResponse.getClientSecret(); // 2. Request authorization OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(); List<String> scopes = Arrays.asList("openid"); String state = UUID.randomUUID().toString(); String nonce = UUID.randomUUID().toString(); AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce); authorizationRequest.setState(state); JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest( authorizationRequest, SignatureAlgorithm.HS512, clientSecret, cryptoProvider); jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.SUBJECT_IDENTIFIER, ClaimValue.createSingleValue(userId))); String authJwt = jwtAuthorizationRequest.getEncodedJwt(); authorizationRequest.setRequest(authJwt); AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess( authorizationEndpoint, authorizationRequest, userId, userSecret); assertNotNull(authorizationResponse.getLocation(), "The location is null"); assertNotNull(authorizationResponse.getAccessToken(), "The accessToken is null"); assertNotNull(authorizationResponse.getTokenType(), "The tokenType is null"); assertNotNull(authorizationResponse.getState(), "The state is null"); }
Example #10
Source File: OpenIDRequestObjectHttpTest.java From oxAuth with MIT License | 4 votes |
@Parameters({"userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri"}) @Test public void requestParameterMethod6( final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri) throws Exception { showTitle("requestParameterMethod6"); List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN); // 1. Register client RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setResponseTypes(responseTypes); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); registerRequest.setClaims(Arrays.asList(JwtClaimName.NAME)); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse registerResponse = registerClient.exec(); showClient(registerClient); assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getClientId()); assertNotNull(registerResponse.getClientSecret()); assertNotNull(registerResponse.getRegistrationAccessToken()); assertNotNull(registerResponse.getClientIdIssuedAt()); assertNotNull(registerResponse.getClientSecretExpiresAt()); String clientId = registerResponse.getClientId(); String clientSecret = registerResponse.getClientSecret(); // 2. Request authorization OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(); List<String> scopes = Arrays.asList("openid"); String nonce = UUID.randomUUID().toString(); String state = UUID.randomUUID().toString(); AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce); authorizationRequest.setState(state); JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, SignatureAlgorithm.HS256, clientSecret, cryptoProvider); jwtAuthorizationRequest.getIdTokenMember().setMaxAge(86400); jwtAuthorizationRequest.addUserInfoClaim(new Claim("name", ClaimValue.createEssential(true))); String authJwt = jwtAuthorizationRequest.getEncodedJwt(); authorizationRequest.setRequest(authJwt); AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess( authorizationEndpoint, authorizationRequest, userId, userSecret); assertNotNull(authorizationResponse.getLocation(), "The location is null"); assertNotNull(authorizationResponse.getAccessToken(), "The accessToken is null"); assertNotNull(authorizationResponse.getTokenType(), "The tokenType is null"); assertNotNull(authorizationResponse.getState(), "The state is null"); String accessToken = authorizationResponse.getAccessToken(); // 3. Request user info UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint); UserInfoResponse userInfoResponse = userInfoClient.execUserInfo(accessToken); showClient(userInfoClient); assertEquals(userInfoResponse.getStatus(), 200, "Unexpected response code: " + userInfoResponse.getStatus()); assertNotNull(userInfoResponse.getClaim(JwtClaimName.SUBJECT_IDENTIFIER)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.NAME)); }
Example #11
Source File: OpenIDRequestObjectHttpTest.java From oxAuth with MIT License | 4 votes |
@Parameters({"userId", "userSecret", "redirectUri", "redirectUris", "clientJwksUri", "RS256_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri"}) @Test public void requestParameterMethodRS256( final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String jwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception { showTitle("requestParameterMethodRS256"); List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN); // 1. Dynamic Client Registration RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setResponseTypes(responseTypes); registerRequest.setJwksUri(jwksUri); registerRequest.setRequestObjectSigningAlg(SignatureAlgorithm.RS256); registerRequest.addCustomAttribute("oxAuthTrustedClient", "true"); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse response = registerClient.exec(); showClient(registerClient); assertEquals(response.getStatus(), 200, "Unexpected response code: " + response.getEntity()); assertNotNull(response.getClientId()); assertNotNull(response.getClientSecret()); assertNotNull(response.getRegistrationAccessToken()); assertNotNull(response.getClientSecretExpiresAt()); String clientId = response.getClientId(); // 2. Request authorization OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName); List<String> scopes = Arrays.asList("openid", "profile", "address", "email"); String nonce = UUID.randomUUID().toString(); String state = UUID.randomUUID().toString(); AuthorizationRequest request = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce); request.setState(state); request.setAuthUsername(userId); request.setAuthPassword(userSecret); request.getPrompts().add(Prompt.NONE); JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(request, SignatureAlgorithm.RS256, cryptoProvider); jwtAuthorizationRequest.setKeyId(keyId); jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NAME, ClaimValue.createNull())); jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NICKNAME, ClaimValue.createEssential(false))); jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull())); jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL_VERIFIED, ClaimValue.createNull())); jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.PICTURE, ClaimValue.createEssential(false))); jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createNull())); jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_CONTEXT_CLASS_REFERENCE, ClaimValue.createValueList(new String[]{ACR_VALUE}))); jwtAuthorizationRequest.getIdTokenMember().setMaxAge(86400); String authJwt = jwtAuthorizationRequest.getEncodedJwt(); request.setRequest(authJwt); AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint); authorizeClient.setRequest(request); AuthorizationResponse response1 = authorizeClient.exec(); showClient(authorizeClient); assertEquals(response1.getStatus(), 302, "Unexpected response code: " + response1.getStatus()); assertNotNull(response1.getLocation(), "The location is null"); assertNotNull(response1.getAccessToken(), "The accessToken is null"); assertNotNull(response1.getTokenType(), "The tokenType is null"); assertNotNull(response1.getIdToken(), "The idToken is null"); assertNotNull(response1.getState(), "The state is null"); String accessToken = response1.getAccessToken(); // 3. Request user info UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint); UserInfoResponse response3 = userInfoClient.execUserInfo(accessToken); showClient(userInfoClient); assertEquals(response3.getStatus(), 200, "Unexpected response code: " + response3.getStatus()); assertNotNull(response3.getClaim(JwtClaimName.SUBJECT_IDENTIFIER)); assertNotNull(response3.getClaim(JwtClaimName.NAME)); assertNotNull(response3.getClaim(JwtClaimName.GIVEN_NAME)); assertNotNull(response3.getClaim(JwtClaimName.FAMILY_NAME)); assertNotNull(response3.getClaim(JwtClaimName.EMAIL)); assertNotNull(response3.getClaim(JwtClaimName.ZONEINFO)); assertNotNull(response3.getClaim(JwtClaimName.LOCALE)); }
Example #12
Source File: CanRequestAndUseSignedUserInfoResponse.java From oxAuth with MIT License | 4 votes |
@Parameters({"userId", "userSecret", "redirectUri", "redirectUris", "sectorIdentifierUri"}) @Test public void canRequestAndUseSignedUserInfoResponse( final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String sectorIdentifierUri) throws Exception { showTitle("OC5:FeatureTest-Can Request and Use Signed UserInfo Response"); List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN); // 1. Register client RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setResponseTypes(responseTypes); registerRequest.setUserInfoSignedResponseAlg(SignatureAlgorithm.HS256); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse registerResponse = registerClient.exec(); showClient(registerClient); assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getClientId()); assertNotNull(registerResponse.getClientSecret()); assertNotNull(registerResponse.getRegistrationAccessToken()); assertNotNull(registerResponse.getClientIdIssuedAt()); assertNotNull(registerResponse.getClientSecretExpiresAt()); String clientId = registerResponse.getClientId(); String clientSecret = registerResponse.getClientSecret(); // 2. Request authorization List<String> scopes = Arrays.asList("openid", "profile", "address", "email"); String nonce = UUID.randomUUID().toString(); String state = UUID.randomUUID().toString(); AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce); authorizationRequest.setState(state); AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint); authorizeClient.setRequest(authorizationRequest); AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess( authorizationEndpoint, authorizationRequest, userId, userSecret); assertNotNull(authorizationResponse.getLocation(), "The location is null"); assertNotNull(authorizationResponse.getAccessToken(), "The accessToken is null"); assertNotNull(authorizationResponse.getTokenType(), "The tokenType is null"); assertNotNull(authorizationResponse.getIdToken(), "The idToken is null"); assertNotNull(authorizationResponse.getState(), "The state is null"); String accessToken = authorizationResponse.getAccessToken(); // 3. Request user info UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint); userInfoClient.setSharedKey(clientSecret); UserInfoResponse userInfoResponse = userInfoClient.execUserInfo(accessToken); showClient(userInfoClient); assertEquals(userInfoResponse.getStatus(), 200, "Unexpected response code: " + userInfoResponse.getStatus()); assertNotNull(userInfoResponse.getClaim(JwtClaimName.SUBJECT_IDENTIFIER)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.NAME)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.GIVEN_NAME)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.FAMILY_NAME)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.PICTURE)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.ZONEINFO)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.EMAIL)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.LOCALE)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.ADDRESS)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.ADDRESS).containsAll(Arrays.asList( JwtClaimName.ADDRESS_STREET_ADDRESS, JwtClaimName.ADDRESS_REGION, JwtClaimName.ADDRESS_LOCALITY, JwtClaimName.ADDRESS_COUNTRY))); }
Example #13
Source File: OpenIDRequestObjectHttpTest.java From oxAuth with MIT License | 4 votes |
@Parameters({"userId", "userSecret", "redirectUri", "redirectUris", "clientJwksUri", "RS512_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri"}) @Test public void requestParameterMethodRS512( final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String jwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception { showTitle("requestParameterMethodRS512"); List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN); // Dynamic Client Registration RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setResponseTypes(responseTypes); registerRequest.setJwksUri(jwksUri); registerRequest.setRequestObjectSigningAlg(SignatureAlgorithm.RS512); registerRequest.addCustomAttribute("oxAuthTrustedClient", "true"); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse response = registerClient.exec(); showClient(registerClient); assertEquals(response.getStatus(), 200, "Unexpected response code: " + response.getEntity()); assertNotNull(response.getClientId()); assertNotNull(response.getClientSecret()); assertNotNull(response.getRegistrationAccessToken()); assertNotNull(response.getClientSecretExpiresAt()); String clientId = response.getClientId(); OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName); List<String> scopes = Arrays.asList("openid", "profile", "address", "email"); String nonce = UUID.randomUUID().toString(); String state = UUID.randomUUID().toString(); AuthorizationRequest request = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce); request.setState(state); request.setAuthUsername(userId); request.setAuthPassword(userSecret); request.getPrompts().add(Prompt.NONE); JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(request, SignatureAlgorithm.RS512, cryptoProvider); jwtAuthorizationRequest.setKeyId(keyId); jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NAME, ClaimValue.createNull())); jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NICKNAME, ClaimValue.createEssential(false))); jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull())); jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL_VERIFIED, ClaimValue.createNull())); jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.PICTURE, ClaimValue.createEssential(false))); jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createNull())); jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_CONTEXT_CLASS_REFERENCE, ClaimValue.createValueList(new String[]{ACR_VALUE}))); jwtAuthorizationRequest.getIdTokenMember().setMaxAge(86400); String authJwt = jwtAuthorizationRequest.getEncodedJwt(); request.setRequest(authJwt); AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint); authorizeClient.setRequest(request); AuthorizationResponse response1 = authorizeClient.exec(); showClient(authorizeClient); assertEquals(response1.getStatus(), 302, "Unexpected response code: " + response1.getStatus()); assertNotNull(response1.getLocation(), "The location is null"); assertNotNull(response1.getAccessToken(), "The accessToken is null"); assertNotNull(response1.getTokenType(), "The tokenType is null"); assertNotNull(response1.getIdToken(), "The idToken is null"); assertNotNull(response1.getState(), "The state is null"); String accessToken = response1.getAccessToken(); // Request user info UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint); UserInfoResponse response3 = userInfoClient.execUserInfo(accessToken); showClient(userInfoClient); assertEquals(response3.getStatus(), 200, "Unexpected response code: " + response3.getStatus()); assertNotNull(response3.getClaim(JwtClaimName.SUBJECT_IDENTIFIER)); assertNotNull(response3.getClaim(JwtClaimName.NAME)); assertNotNull(response3.getClaim(JwtClaimName.GIVEN_NAME)); assertNotNull(response3.getClaim(JwtClaimName.FAMILY_NAME)); assertNotNull(response3.getClaim(JwtClaimName.EMAIL)); assertNotNull(response3.getClaim(JwtClaimName.ZONEINFO)); assertNotNull(response3.getClaim(JwtClaimName.LOCALE)); }
Example #14
Source File: CanRequestAndUseClaimsInIdToken.java From oxAuth with MIT License | 4 votes |
@Parameters({"redirectUris", "userId", "userSecret", "redirectUri", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri"}) @Test public void canRequestAndUseClaimsInIdToken( final String redirectUris, final String userId, final String userSecret, final String redirectUri, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception { showTitle("OC5:FeatureTest-Can Request and Use Claims in id token"); List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN); // 1. Registration RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setResponseTypes(responseTypes); registerRequest.setIdTokenSignedResponseAlg(SignatureAlgorithm.HS256); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse registerResponse = registerClient.exec(); showClient(registerClient); assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getClientId()); assertNotNull(registerResponse.getClientSecret()); assertNotNull(registerResponse.getRegistrationAccessToken()); assertNotNull(registerResponse.getClientSecretExpiresAt()); String clientId = registerResponse.getClientId(); String clientSecret = registerResponse.getClientSecret(); // 2. Request Authorization OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName); List<String> scopes = Arrays.asList("openid", "profile", "address", "email"); String nonce = UUID.randomUUID().toString(); String state = UUID.randomUUID().toString(); AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce); authorizationRequest.setState(state); JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, SignatureAlgorithm.HS256, clientSecret, cryptoProvider); jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.NAME, ClaimValue.createEssential(true))); jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull())); String authJwt = jwtAuthorizationRequest.getEncodedJwt(); authorizationRequest.setRequest(authJwt); AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess( authorizationEndpoint, authorizationRequest, userId, userSecret); assertNotNull(authorizationResponse.getLocation()); assertNotNull(authorizationResponse.getIdToken()); assertNotNull(authorizationResponse.getState()); String idToken = authorizationResponse.getIdToken(); // 3. Validate id_token Jwt jwt = Jwt.parse(idToken); assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.TYPE)); assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUER)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUDIENCE)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ACCESS_TOKEN_HASH)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUTHENTICATION_TIME)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.NAME)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.EMAIL)); HMACSigner hmacSigner = new HMACSigner(SignatureAlgorithm.HS256, clientSecret); assertTrue(hmacSigner.validate(jwt)); }
Example #15
Source File: CanRequestAndUseEncryptedUserInfoResponse.java From oxAuth with MIT License | 4 votes |
@Parameters({"userId", "userSecret", "redirectUri", "redirectUris", "sectorIdentifierUri"}) @Test public void canRequestAndUseEncryptedUserInfoResponse( final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String sectorIdentifierUri) throws Exception { showTitle("OC5:FeatureTest-Can Request and Use Encrypted UserInfo Response"); List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN); // 1. Register client RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setResponseTypes(responseTypes); registerRequest.setUserInfoEncryptedResponseAlg(KeyEncryptionAlgorithm.A128KW); registerRequest.setUserInfoEncryptedResponseEnc(BlockEncryptionAlgorithm.A128GCM); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse registerResponse = registerClient.exec(); showClient(registerClient); assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getClientId()); assertNotNull(registerResponse.getClientSecret()); assertNotNull(registerResponse.getRegistrationAccessToken()); assertNotNull(registerResponse.getClientIdIssuedAt()); assertNotNull(registerResponse.getClientSecretExpiresAt()); String clientId = registerResponse.getClientId(); String clientSecret = registerResponse.getClientSecret(); // 2. Request authorization List<String> scopes = Arrays.asList("openid", "profile", "address", "email"); String nonce = UUID.randomUUID().toString(); String state = UUID.randomUUID().toString(); AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce); authorizationRequest.setState(state); AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint); authorizeClient.setRequest(authorizationRequest); AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess( authorizationEndpoint, authorizationRequest, userId, userSecret); assertNotNull(authorizationResponse.getLocation(), "The location is null"); assertNotNull(authorizationResponse.getAccessToken(), "The accessToken is null"); assertNotNull(authorizationResponse.getTokenType(), "The tokenType is null"); assertNotNull(authorizationResponse.getIdToken(), "The idToken is null"); assertNotNull(authorizationResponse.getState(), "The state is null"); String accessToken = authorizationResponse.getAccessToken(); // 3. Request user info UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint); userInfoClient.setSharedKey(clientSecret); UserInfoResponse userInfoResponse = userInfoClient.execUserInfo(accessToken); showClient(userInfoClient); assertEquals(userInfoResponse.getStatus(), 200, "Unexpected response code: " + userInfoResponse.getStatus()); assertNotNull(userInfoResponse.getClaim(JwtClaimName.SUBJECT_IDENTIFIER)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.NAME)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.GIVEN_NAME)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.FAMILY_NAME)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.PICTURE)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.ZONEINFO)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.EMAIL)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.LOCALE)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.ADDRESS_REGION)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.ADDRESS_STREET_ADDRESS)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.ADDRESS_COUNTRY)); }
Example #16
Source File: OpenIDRequestObjectHttpTest.java From oxAuth with MIT License | 4 votes |
@Parameters({"userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri"}) @Test public void requestParameterMethodFail4( final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri) { try { showTitle("requestParameterMethodFail4"); List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN); // 1. Dynamic Client Registration RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setResponseTypes(responseTypes); registerRequest.addCustomAttribute("oxAuthTrustedClient", "true"); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse registerResponse = registerClient.exec(); showClient(registerClient); assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getClientId()); assertNotNull(registerResponse.getClientSecret()); assertNotNull(registerResponse.getRegistrationAccessToken()); assertNotNull(registerResponse.getClientSecretExpiresAt()); String clientId = registerResponse.getClientId(); String clientSecret = registerResponse.getClientSecret(); // 2. Authorization Request OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(); List<String> scopes = Arrays.asList("openid"); String nonce = UUID.randomUUID().toString(); String state = UUID.randomUUID().toString(); AuthorizationRequest request = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce); request.setState(state); request.setAuthUsername(userId); request.setAuthPassword(userSecret); JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(request, SignatureAlgorithm.HS256, clientSecret, cryptoProvider); jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.SUBJECT_IDENTIFIER, ClaimValue.createSingleValue("INVALID_USER_ID"))); String authJwt = jwtAuthorizationRequest.getEncodedJwt(); request.setRequest(authJwt); AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint); authorizeClient.setRequest(request); AuthorizationResponse response = authorizeClient.exec(); showClient(authorizeClient); assertEquals(response.getStatus(), 302, "Unexpected response code: " + response.getStatus()); assertNotNull(response.getLocation(), "The location is null"); assertNotNull(response.getErrorType(), "The error type is null"); assertNotNull(response.getErrorDescription(), "The error description is null"); assertNotNull(response.getState(), "The state is null"); } catch (Exception e) { fail(e.getMessage(), e); } }
Example #17
Source File: OpenIDRequestObjectHttpTest.java From oxAuth with MIT License | 4 votes |
@Parameters({"userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri"}) @Test public void requestParameterMethodFail3( final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri) { try { showTitle("requestParameterMethodFail3"); List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN); // 1. Dynamic Client Registration RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setResponseTypes(responseTypes); registerRequest.addCustomAttribute("oxAuthTrustedClient", "true"); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse registerResponse = registerClient.exec(); showClient(registerClient); assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getClientId()); assertNotNull(registerResponse.getClientSecret()); assertNotNull(registerResponse.getRegistrationAccessToken()); assertNotNull(registerResponse.getClientSecretExpiresAt()); String clientId = registerResponse.getClientId(); String clientSecret = registerResponse.getClientSecret(); // 2. Authorization Request OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(); List<String> scopes = Arrays.asList("openid", "profile", "address", "email"); String nonce = UUID.randomUUID().toString(); String state = UUID.randomUUID().toString(); AuthorizationRequest request = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce); request.setState(state); request.setAuthUsername(userId); request.setAuthPassword(userSecret); JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(request, SignatureAlgorithm.HS256, clientSecret, cryptoProvider); jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NAME, ClaimValue.createNull())); jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NICKNAME, ClaimValue.createEssential(false))); jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull())); jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL_VERIFIED, ClaimValue.createNull())); jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.PICTURE, ClaimValue.createEssential(false))); jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createNull())); jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_CONTEXT_CLASS_REFERENCE, ClaimValue.createValueList(new String[]{ACR_VALUE}))); jwtAuthorizationRequest.getIdTokenMember().setMaxAge(86400); jwtAuthorizationRequest.setClientId("INVALID_CLIENT_ID"); String authJwt = jwtAuthorizationRequest.getEncodedJwt(); request.setRequest(authJwt); AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint); authorizeClient.setRequest(request); AuthorizationResponse response = authorizeClient.exec(); showClient(authorizeClient); assertEquals(response.getStatus(), 302, "Unexpected response code: " + response.getStatus()); assertNotNull(response.getLocation(), "The location is null"); assertNotNull(response.getErrorType(), "The error type is null"); assertNotNull(response.getErrorDescription(), "The error description is null"); assertNotNull(response.getState(), "The state is null"); } catch (Exception e) { fail(e.getMessage(), e); } }
Example #18
Source File: SupportsReturningClaimsInIdToken.java From oxAuth with MIT License | 4 votes |
@Parameters({"userId", "userSecret", "redirectUri", "redirectUris", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri"}) @Test public void supportsReturningClaimsInIdToken( final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception { showTitle("OC5:FeatureTest-Supports Returning Claims in ID Token"); List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN); // 1. Register client RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setResponseTypes(responseTypes); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); registerRequest.setClaims(Arrays.asList( JwtClaimName.NAME, JwtClaimName.EMAIL)); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse registerResponse = registerClient.exec(); showClient(registerClient); assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getClientId()); assertNotNull(registerResponse.getClientSecret()); assertNotNull(registerResponse.getRegistrationAccessToken()); assertNotNull(registerResponse.getClientIdIssuedAt()); assertNotNull(registerResponse.getClientSecretExpiresAt()); String clientId = registerResponse.getClientId(); String clientSecret = registerResponse.getClientSecret(); // 2. Request authorization OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName); List<String> scopes = Arrays.asList("openid"); String nonce = UUID.randomUUID().toString(); String state = UUID.randomUUID().toString(); AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce); authorizationRequest.setState(state); JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, SignatureAlgorithm.HS256, clientSecret, cryptoProvider); jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.NAME, ClaimValue.createEssential(true))); jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull())); String authJwt = jwtAuthorizationRequest.getEncodedJwt(); authorizationRequest.setRequest(authJwt); AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint); authorizeClient.setRequest(authorizationRequest); AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess( authorizationEndpoint, authorizationRequest, userId, userSecret); assertNotNull(authorizationResponse.getLocation(), "The location is null"); assertNotNull(authorizationResponse.getAccessToken(), "The accessToken is null"); assertNotNull(authorizationResponse.getTokenType(), "The tokenType is null"); assertNotNull(authorizationResponse.getIdToken(), "The idToken is null"); assertNotNull(authorizationResponse.getState(), "The state is null"); String idToken = authorizationResponse.getIdToken(); String accessToken = authorizationResponse.getAccessToken(); // 3. Validate id_token Jwt jwt = Jwt.parse(idToken); assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.TYPE)); assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUER)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUDIENCE)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ACCESS_TOKEN_HASH)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUTHENTICATION_TIME)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.NAME)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.EMAIL)); RSAPublicKey publicKey = JwkClient.getRSAPublicKey( jwksUri, jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID)); RSASigner rsaSigner = new RSASigner(SignatureAlgorithm.RS256, publicKey); assertTrue(rsaSigner.validate(jwt)); // 4. Request user info UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint); UserInfoResponse userInfoResponse = userInfoClient.execUserInfo(accessToken); showClient(userInfoClient); assertEquals(userInfoResponse.getStatus(), 200, "Unexpected response code: " + userInfoResponse.getStatus()); assertNotNull(userInfoResponse.getClaim(JwtClaimName.SUBJECT_IDENTIFIER)); }
Example #19
Source File: SupportsReturningDifferentClaimsInIdTokenAndUserInfoEndpoint.java From oxAuth with MIT License | 4 votes |
@Parameters({"userId", "userSecret", "redirectUri", "redirectUris", "sectorIdentifierUri"}) @Test public void supportsReturningDifferentClaimsInIdTokenAndUserInfoEndpoint( final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String sectorIdentifierUri) throws Exception { showTitle("OC5:FeatureTest-Supports Returning Different Claims in ID Token and UserInfo Endpoint"); List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN); // 1. Register client RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setResponseTypes(responseTypes); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); registerRequest.setClaims(Arrays.asList( JwtClaimName.NAME, JwtClaimName.EMAIL, JwtClaimName.GIVEN_NAME, JwtClaimName.FAMILY_NAME)); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse registerResponse = registerClient.exec(); showClient(registerClient); assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getClientId()); assertNotNull(registerResponse.getClientSecret()); assertNotNull(registerResponse.getRegistrationAccessToken()); assertNotNull(registerResponse.getClientIdIssuedAt()); assertNotNull(registerResponse.getClientSecretExpiresAt()); String clientId = registerResponse.getClientId(); String clientSecret = registerResponse.getClientSecret(); // 2. Request authorization OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(); List<String> scopes = Arrays.asList("openid"); String nonce = UUID.randomUUID().toString(); String state = UUID.randomUUID().toString(); AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce); authorizationRequest.setState(state); JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest( authorizationRequest, SignatureAlgorithm.HS256, clientSecret, cryptoProvider); jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.NAME, ClaimValue.createEssential(true))); jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull())); jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.GIVEN_NAME, ClaimValue.createNull())); jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.FAMILY_NAME, ClaimValue.createNull())); String authJwt = jwtAuthorizationRequest.getEncodedJwt(); authorizationRequest.setRequest(authJwt); AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint); authorizeClient.setRequest(authorizationRequest); AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess( authorizationEndpoint, authorizationRequest, userId, userSecret); assertNotNull(authorizationResponse.getLocation(), "The location is null"); assertNotNull(authorizationResponse.getAccessToken(), "The accessToken is null"); assertNotNull(authorizationResponse.getTokenType(), "The tokenType is null"); assertNotNull(authorizationResponse.getIdToken(), "The idToken is null"); assertNotNull(authorizationResponse.getState(), "The state is null"); String idToken = authorizationResponse.getIdToken(); String accessToken = authorizationResponse.getAccessToken(); // 3. Validate id_token Jwt jwt = Jwt.parse(idToken); assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.TYPE)); assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUER)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUDIENCE)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ACCESS_TOKEN_HASH)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUTHENTICATION_TIME)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.NAME)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.EMAIL)); RSAPublicKey publicKey = JwkClient.getRSAPublicKey( jwksUri, jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID)); RSASigner rsaSigner = new RSASigner(SignatureAlgorithm.RS256, publicKey); assertTrue(rsaSigner.validate(jwt)); // 4. Request user info UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint); UserInfoResponse userInfoResponse = userInfoClient.execUserInfo(accessToken); showClient(userInfoClient); assertEquals(userInfoResponse.getStatus(), 200, "Unexpected response code: " + userInfoResponse.getStatus()); assertNotNull(userInfoResponse.getClaim(JwtClaimName.SUBJECT_IDENTIFIER)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.GIVEN_NAME)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.FAMILY_NAME)); }
Example #20
Source File: OpenIDRequestObjectHttpTest.java From oxAuth with MIT License | 4 votes |
@Parameters({"userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri"}) @Test public void requestParameterMethod4( final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri) throws Exception { showTitle("requestParameterMethod4"); List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN); // 1. Register client RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setResponseTypes(responseTypes); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse registerResponse = registerClient.exec(); showClient(registerClient); assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getClientId()); assertNotNull(registerResponse.getClientSecret()); assertNotNull(registerResponse.getRegistrationAccessToken()); assertNotNull(registerResponse.getClientIdIssuedAt()); assertNotNull(registerResponse.getClientSecretExpiresAt()); String clientId = registerResponse.getClientId(); String clientSecret = registerResponse.getClientSecret(); // 2. Request authorization OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(); List<String> scopes = Arrays.asList("openid"); String state = UUID.randomUUID().toString(); String nonce = UUID.randomUUID().toString(); AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce); authorizationRequest.setState(state); JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest( authorizationRequest, SignatureAlgorithm.HS384, clientSecret, cryptoProvider); jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.SUBJECT_IDENTIFIER, ClaimValue.createSingleValue(userId))); String authJwt = jwtAuthorizationRequest.getEncodedJwt(); authorizationRequest.setRequest(authJwt); AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess( authorizationEndpoint, authorizationRequest, userId, userSecret); assertNotNull(authorizationResponse.getLocation(), "The location is null"); assertNotNull(authorizationResponse.getAccessToken(), "The accessToken is null"); assertNotNull(authorizationResponse.getTokenType(), "The tokenType is null"); assertNotNull(authorizationResponse.getState(), "The state is null"); }
Example #21
Source File: CanProvideEncryptedIdTokenResponse.java From oxAuth with MIT License | 4 votes |
@Parameters({"userId", "userSecret", "redirectUri", "redirectUris", "sectorIdentifierUri"}) @Test public void canProvideEncryptedIdTokenResponseAlgA256KWEncA256GCM( final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String sectorIdentifierUri) { try { showTitle("OC5:FeatureTest-Can Provide Encrypted ID Token Response A256KW A256GCM"); List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN); // 1. Register client RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setResponseTypes(responseTypes); registerRequest.setIdTokenEncryptedResponseAlg(KeyEncryptionAlgorithm.A256KW); registerRequest.setIdTokenEncryptedResponseEnc(BlockEncryptionAlgorithm.A256GCM); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse registerResponse = registerClient.exec(); showClient(registerClient); assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getClientId()); assertNotNull(registerResponse.getClientSecret()); assertNotNull(registerResponse.getRegistrationAccessToken()); assertNotNull(registerResponse.getClientIdIssuedAt()); assertNotNull(registerResponse.getClientSecretExpiresAt()); String clientId = registerResponse.getClientId(); String clientSecret = registerResponse.getClientSecret(); // 2. Request authorization List<String> scopes = Arrays.asList("openid", "profile", "address", "email"); String nonce = UUID.randomUUID().toString(); String state = UUID.randomUUID().toString(); AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce); authorizationRequest.setState(state); AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint); authorizeClient.setRequest(authorizationRequest); AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess( authorizationEndpoint, authorizationRequest, userId, userSecret); assertNotNull(authorizationResponse.getLocation(), "The location is null"); assertNotNull(authorizationResponse.getAccessToken(), "The accessToken is null"); assertNotNull(authorizationResponse.getTokenType(), "The tokenType is null"); assertNotNull(authorizationResponse.getIdToken(), "The idToken is null"); assertNotNull(authorizationResponse.getState(), "The state is null"); String idToken = authorizationResponse.getIdToken(); // 3. Read Encrypted ID Token Jwe jwe = Jwe.parse(idToken, null, clientSecret.getBytes(Util.UTF8_STRING_ENCODING)); assertNotNull(jwe.getHeader().getClaimAsString(JwtHeaderName.TYPE)); assertNotNull(jwe.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM)); assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ISSUER)); assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.AUDIENCE)); assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME)); assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT)); assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER)); } catch (Exception ex) { fail(ex.getMessage(), ex); } }
Example #22
Source File: RequestingUserInfoClaimsWithScopeValues.java From oxAuth with MIT License | 4 votes |
@Parameters({"userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri"}) @Test public void requestingUserInfoClaimsWithScopeValues( final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri) throws Exception { showTitle("OC5:FeatureTest-Requesting UserInfo Claims with scope Values"); List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN); // 1. Register client RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setResponseTypes(responseTypes); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse registerResponse = registerClient.exec(); showClient(registerClient); assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getClientId()); assertNotNull(registerResponse.getClientSecret()); assertNotNull(registerResponse.getRegistrationAccessToken()); assertNotNull(registerResponse.getClientIdIssuedAt()); assertNotNull(registerResponse.getClientSecretExpiresAt()); String clientId = registerResponse.getClientId(); // 2. Request authorization List<String> scopes = Arrays.asList("openid", "profile", "address", "email"); String nonce = UUID.randomUUID().toString(); String state = UUID.randomUUID().toString(); AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce); authorizationRequest.setState(state); AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess( authorizationEndpoint, authorizationRequest, userId, userSecret); assertNotNull(authorizationResponse.getLocation()); assertNotNull(authorizationResponse.getAccessToken()); assertNotNull(authorizationResponse.getIdToken()); assertNotNull(authorizationResponse.getState()); String accessToken = authorizationResponse.getAccessToken(); // 3. Request user info UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint); UserInfoResponse userInfoResponse = userInfoClient.execUserInfo(accessToken); showClient(userInfoClient); assertEquals(userInfoResponse.getStatus(), 200, "Unexpected response code: " + userInfoResponse.getStatus()); assertNotNull(userInfoResponse.getClaim(JwtClaimName.SUBJECT_IDENTIFIER)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.NAME)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.GIVEN_NAME)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.FAMILY_NAME)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.EMAIL)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.ZONEINFO)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.LOCALE)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.PICTURE)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.ADDRESS)); }
Example #23
Source File: ResponseTypesRestrictionHttpTest.java From oxAuth with MIT License | 4 votes |
@Parameters({"redirectUris", "userId", "userSecret", "redirectUri", "sectorIdentifierUri"}) @Test public void responseTypesTokenIdToken( final String redirectUris, final String userId, final String userSecret, final String redirectUri, final String sectorIdentifierUri) throws Exception { showTitle("responseTypesTokenIdToken"); List<ResponseType> responseTypes = Arrays.asList( ResponseType.TOKEN, ResponseType.ID_TOKEN); // 1. Register client RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setResponseTypes(responseTypes); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse registerResponse = registerClient.exec(); showClient(registerClient); assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getClientId()); assertNotNull(registerResponse.getClientSecret()); assertNotNull(registerResponse.getRegistrationAccessToken()); assertNotNull(registerResponse.getClientIdIssuedAt()); assertNotNull(registerResponse.getClientSecretExpiresAt()); String clientId = registerResponse.getClientId(); String registrationAccessToken = registerResponse.getRegistrationAccessToken(); String registrationClientUri = registerResponse.getRegistrationClientUri(); // 2. Client read RegisterRequest readClientRequest = new RegisterRequest(registrationAccessToken); RegisterClient readClient = new RegisterClient(registrationClientUri); readClient.setRequest(readClientRequest); RegisterResponse readClientResponse = readClient.exec(); showClient(readClient); assertEquals(readClientResponse.getStatus(), 200, "Unexpected response code: " + readClientResponse.getEntity()); assertNotNull(readClientResponse.getClientId()); assertNotNull(readClientResponse.getClientSecret()); assertNotNull(readClientResponse.getClientIdIssuedAt()); assertNotNull(readClientResponse.getClientSecretExpiresAt()); assertNotNull(readClientResponse.getClaims().get(RESPONSE_TYPES.toString())); assertNotNull(readClientResponse.getClaims().get(REDIRECT_URIS.toString())); assertNotNull(readClientResponse.getClaims().get(APPLICATION_TYPE.toString())); assertNotNull(readClientResponse.getClaims().get(CLIENT_NAME.toString())); assertNotNull(readClientResponse.getClaims().get(ID_TOKEN_SIGNED_RESPONSE_ALG.toString())); assertNotNull(readClientResponse.getClaims().get(SCOPE.toString())); // 3. Request authorization List<String> scopes = Arrays.asList( "openid", "profile", "address", "email"); String nonce = UUID.randomUUID().toString(); String state = UUID.randomUUID().toString(); AuthorizationRequest authorizationRequest = new AuthorizationRequest( responseTypes, clientId, scopes, redirectUri, nonce); authorizationRequest.setState(state); AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess( authorizationEndpoint, authorizationRequest, userId, userSecret); assertNotNull(authorizationResponse.getLocation(), "The location is null"); assertNull(authorizationResponse.getCode(), "The authorization code is null"); assertNotNull(authorizationResponse.getAccessToken(), "The access token is null"); assertNotNull(authorizationResponse.getIdToken(), "The id token is null"); assertNotNull(authorizationResponse.getState(), "The state is null"); assertNotNull(authorizationResponse.getScope(), "The scope is null"); String accessToken = authorizationResponse.getAccessToken(); String idToken = authorizationResponse.getIdToken(); // 4. Validate code and id_token Jwt jwt = Jwt.parse(idToken); assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.TYPE)); assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUER)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUDIENCE)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ACCESS_TOKEN_HASH)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUTHENTICATION_TIME)); RSAPublicKey publicKey = JwkClient.getRSAPublicKey( jwksUri, jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID)); RSASigner rsaSigner = new RSASigner(SignatureAlgorithm.RS256, publicKey); assertTrue(rsaSigner.validate(jwt)); assertTrue(rsaSigner.validateAccessToken(accessToken, jwt)); }
Example #24
Source File: CanProvideSignedUserInfoResponse.java From oxAuth with MIT License | 4 votes |
@Parameters({"userId", "userSecret", "redirectUri", "redirectUris", "sectorIdentifierUri"}) @Test public void canProvideSignedUserInfoResponseHS384( final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String sectorIdentifierUri) throws Exception { showTitle("OC5:FeatureTest-Can Provide Signed UserInfo Response HS384"); List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN); // 1. Register client RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setResponseTypes(responseTypes); registerRequest.setUserInfoSignedResponseAlg(SignatureAlgorithm.HS384); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse registerResponse = registerClient.exec(); showClient(registerClient); assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getClientId()); assertNotNull(registerResponse.getClientSecret()); assertNotNull(registerResponse.getRegistrationAccessToken()); assertNotNull(registerResponse.getClientIdIssuedAt()); assertNotNull(registerResponse.getClientSecretExpiresAt()); String clientId = registerResponse.getClientId(); String clientSecret = registerResponse.getClientSecret(); // 2. Request authorization List<String> scopes = Arrays.asList("openid", "profile", "address", "email"); String nonce = UUID.randomUUID().toString(); String state = UUID.randomUUID().toString(); AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce); authorizationRequest.setState(state); AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint); authorizeClient.setRequest(authorizationRequest); AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess( authorizationEndpoint, authorizationRequest, userId, userSecret); assertNotNull(authorizationResponse.getLocation(), "The location is null"); assertNotNull(authorizationResponse.getAccessToken(), "The accessToken is null"); assertNotNull(authorizationResponse.getTokenType(), "The tokenType is null"); assertNotNull(authorizationResponse.getIdToken(), "The idToken is null"); assertNotNull(authorizationResponse.getState(), "The state is null"); String accessToken = authorizationResponse.getAccessToken(); // 3. Request user info UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint); userInfoClient.setSharedKey(clientSecret); UserInfoResponse userInfoResponse = userInfoClient.execUserInfo(accessToken); showClient(userInfoClient); assertEquals(userInfoResponse.getStatus(), 200, "Unexpected response code: " + userInfoResponse.getStatus()); assertNotNull(userInfoResponse.getClaim(JwtClaimName.SUBJECT_IDENTIFIER)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.NAME)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.GIVEN_NAME)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.FAMILY_NAME)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.PICTURE)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.ZONEINFO)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.EMAIL)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.LOCALE)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.ADDRESS)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.ADDRESS).containsAll(Arrays.asList( JwtClaimName.ADDRESS_STREET_ADDRESS, JwtClaimName.ADDRESS_REGION, JwtClaimName.ADDRESS_LOCALITY, JwtClaimName.ADDRESS_COUNTRY))); }
Example #25
Source File: SupportScopeRequestingEmailClaims.java From oxAuth with MIT License | 4 votes |
@Parameters({"userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri"}) @Test public void supportScopeRequestingEmailClaims( final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri) throws Exception { showTitle("OC5:FeatureTest-Support scope Requesting email Claims"); List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE); // 1. Register client RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setResponseTypes(responseTypes); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse registerResponse = registerClient.exec(); showClient(registerClient); assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getClientId()); assertNotNull(registerResponse.getClientSecret()); assertNotNull(registerResponse.getRegistrationAccessToken()); assertNotNull(registerResponse.getClientIdIssuedAt()); assertNotNull(registerResponse.getClientSecretExpiresAt()); String clientId = registerResponse.getClientId(); String clientSecret = registerResponse.getClientSecret(); // 2. Request authorization List<String> scopes = Arrays.asList("openid", "email"); String nonce = UUID.randomUUID().toString(); String state = UUID.randomUUID().toString(); AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce); authorizationRequest.setState(state); AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess( authorizationEndpoint, authorizationRequest, userId, userSecret); assertNotNull(authorizationResponse.getLocation()); assertNotNull(authorizationResponse.getCode()); assertNotNull(authorizationResponse.getState()); String authorizationCode = authorizationResponse.getCode(); // 3. Get Access Token TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE); tokenRequest.setCode(authorizationCode); tokenRequest.setRedirectUri(redirectUri); tokenRequest.setAuthUsername(clientId); tokenRequest.setAuthPassword(clientSecret); tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_BASIC); TokenClient tokenClient = new TokenClient(tokenEndpoint); tokenClient.setRequest(tokenRequest); TokenResponse tokenResponse = tokenClient.exec(); showClient(tokenClient); assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus()); assertNotNull(tokenResponse.getEntity(), "The entity is null"); assertNotNull(tokenResponse.getAccessToken(), "The access token is null"); assertNotNull(tokenResponse.getExpiresIn(), "The expires in value is null"); assertNotNull(tokenResponse.getTokenType(), "The token type is null"); assertNotNull(tokenResponse.getRefreshToken(), "The refresh token is null"); String accessToken = tokenResponse.getAccessToken(); // 4. Request user info UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint); UserInfoResponse userInfoResponse = userInfoClient.execUserInfo(accessToken); showClient(userInfoClient); assertEquals(userInfoResponse.getStatus(), 200, "Unexpected response code: " + userInfoResponse.getStatus()); assertNotNull(userInfoResponse.getClaim(JwtClaimName.SUBJECT_IDENTIFIER)); }
Example #26
Source File: UserInfoRestWebServiceHttpTest.java From oxAuth with MIT License | 4 votes |
@Parameters({"redirectUris", "redirectUri", "userId", "userSecret", "sectorIdentifierUri"}) @Test public void requestUserInfoSubjectTypePublic(final String redirectUris, final String redirectUri, final String userId, final String userSecret, final String sectorIdentifierUri) { showTitle("requestUserInfoSubjectTypePublic"); List<ResponseType> responseTypes = Arrays.asList( ResponseType.TOKEN, ResponseType.ID_TOKEN); // 1. Dynamic Registration RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth Test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setResponseTypes(responseTypes); registerRequest.setUserInfoSignedResponseAlg(SignatureAlgorithm.PS512); registerRequest.setSubjectType(SubjectType.PUBLIC); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse registerResponse = registerClient.exec(); showClient(registerClient); assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getClientId()); assertNotNull(registerResponse.getClientSecret()); assertNotNull(registerResponse.getRegistrationAccessToken()); assertNotNull(registerResponse.getClientSecretExpiresAt()); String clientId = registerResponse.getClientId(); AuthorizationResponse authorizationResponse = requestAuthorization(userId, userSecret, redirectUri, responseTypes, clientId); String accessToken = authorizationResponse.getAccessToken(); // 3. Request user info UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint); userInfoClient.setJwksUri(jwksUri); UserInfoResponse userInfoResponse = userInfoClient.execUserInfo(accessToken); showClient(userInfoClient); assertEquals(userInfoResponse.getStatus(), 200, "Unexpected response code: " + userInfoResponse.getStatus()); assertNotNull(userInfoResponse.getClaim(JwtClaimName.SUBJECT_IDENTIFIER)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.ISSUER)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.AUDIENCE)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.NAME)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.GIVEN_NAME)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.FAMILY_NAME)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.PICTURE)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.EMAIL)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.ZONEINFO)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.LOCALE)); }
Example #27
Source File: UserInfoRestWebServiceHttpTest.java From oxAuth with MIT License | 4 votes |
@Parameters({"redirectUris", "redirectUri", "userId", "userSecret", "sectorIdentifierUri"}) @Test public void requestUserInfoAlgA256KWEncA256GCM(final String redirectUris, final String redirectUri, final String userId, final String userSecret, final String sectorIdentifierUri) { showTitle("requestUserInfoAlgA256KWEncA256GCM"); List<ResponseType> responseTypes = Arrays.asList( ResponseType.TOKEN, ResponseType.ID_TOKEN); // 1. Dynamic Registration RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setResponseTypes(responseTypes); registerRequest.setUserInfoEncryptedResponseAlg(KeyEncryptionAlgorithm.A256KW); registerRequest.setUserInfoEncryptedResponseEnc(BlockEncryptionAlgorithm.A256GCM); registerRequest.setSubjectType(SubjectType.PAIRWISE); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse registerResponse = registerClient.exec(); showClient(registerClient); assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getClientId()); assertNotNull(registerResponse.getClientSecret()); assertNotNull(registerResponse.getRegistrationAccessToken()); assertNotNull(registerResponse.getClientSecretExpiresAt()); String clientId = registerResponse.getClientId(); String clientSecret = registerResponse.getClientSecret(); AuthorizationResponse authorizationResponse = requestAuthorization(userId, userSecret, redirectUri, responseTypes, clientId); String accessToken = authorizationResponse.getAccessToken(); // 3. Request user info (encrypted) UserInfoRequest userInfoRequest = new UserInfoRequest(accessToken); UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint); userInfoClient.setSharedKey(clientSecret); userInfoClient.setRequest(userInfoRequest); UserInfoResponse userInfoResponse = userInfoClient.exec(); showClient(userInfoClient); assertEquals(userInfoResponse.getStatus(), 200, "Unexpected response code: " + userInfoResponse.getStatus()); assertNotNull(userInfoResponse.getClaim(JwtClaimName.SUBJECT_IDENTIFIER)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.NAME)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.GIVEN_NAME)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.FAMILY_NAME)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.PICTURE)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.EMAIL)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.ZONEINFO)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.LOCALE)); }
Example #28
Source File: UserInfoRestWebServiceHttpTest.java From oxAuth with MIT License | 4 votes |
@Parameters({"redirectUris", "redirectUri", "userId", "userSecret", "sectorIdentifierUri"}) @Test public void requestUserInfoAlgA128KWEncA128GCM(final String redirectUris, final String redirectUri, final String userId, final String userSecret, final String sectorIdentifierUri) { showTitle("requestUserInfoAlgA128KWEncA128GCM"); List<ResponseType> responseTypes = Arrays.asList( ResponseType.TOKEN, ResponseType.ID_TOKEN); // 1. Dynamic Registration RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setResponseTypes(responseTypes); registerRequest.setUserInfoEncryptedResponseAlg(KeyEncryptionAlgorithm.A128KW); registerRequest.setUserInfoEncryptedResponseEnc(BlockEncryptionAlgorithm.A128GCM); registerRequest.setSubjectType(SubjectType.PAIRWISE); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse registerResponse = registerClient.exec(); showClient(registerClient); assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getClientId()); assertNotNull(registerResponse.getClientSecret()); assertNotNull(registerResponse.getRegistrationAccessToken()); assertNotNull(registerResponse.getClientSecretExpiresAt()); String clientId = registerResponse.getClientId(); String clientSecret = registerResponse.getClientSecret(); AuthorizationResponse authorizationResponse = requestAuthorization(userId, userSecret, redirectUri, responseTypes, clientId); String accessToken = authorizationResponse.getAccessToken(); // 3. Request user info (encrypted) UserInfoRequest userInfoRequest = new UserInfoRequest(accessToken); UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint); userInfoClient.setSharedKey(clientSecret); userInfoClient.setRequest(userInfoRequest); UserInfoResponse userInfoResponse = userInfoClient.exec(); showClient(userInfoClient); assertEquals(userInfoResponse.getStatus(), 200, "Unexpected response code: " + userInfoResponse.getStatus()); assertNotNull(userInfoResponse.getClaim(JwtClaimName.SUBJECT_IDENTIFIER)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.NAME)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.GIVEN_NAME)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.FAMILY_NAME)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.PICTURE)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.EMAIL)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.ZONEINFO)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.LOCALE)); }
Example #29
Source File: UserInfoRestWebServiceHttpTest.java From oxAuth with MIT License | 4 votes |
@Parameters({"redirectUris", "redirectUri", "userId", "userSecret", "clientJwksUri", "sectorIdentifierUri", "RSA1_5_keyId", "keyStoreFile", "keyStoreSecret"}) @Test public void requestUserInfoAlgRSA15EncA256CBCPLUSHS512( final String redirectUris, final String redirectUri, final String userId, final String userSecret, final String jwksUri, final String sectorIdentifierUri, final String keyId, final String keyStoreFile, final String keyStoreSecret) { try { showTitle("requestUserInfoAlgRSA15EncA256CBCPLUSHS512"); List<ResponseType> responseTypes = Arrays.asList( ResponseType.TOKEN, ResponseType.ID_TOKEN); // 1. Dynamic Registration RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setJwksUri(jwksUri); registerRequest.setResponseTypes(responseTypes); registerRequest.setUserInfoEncryptedResponseAlg(KeyEncryptionAlgorithm.RSA1_5); registerRequest.setUserInfoEncryptedResponseEnc(BlockEncryptionAlgorithm.A256CBC_PLUS_HS512); registerRequest.setSubjectType(SubjectType.PAIRWISE); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse registerResponse = registerClient.exec(); showClient(registerClient); assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getClientId()); assertNotNull(registerResponse.getClientSecret()); assertNotNull(registerResponse.getRegistrationAccessToken()); assertNotNull(registerResponse.getClientSecretExpiresAt()); String clientId = registerResponse.getClientId(); AuthorizationResponse authorizationResponse = requestAuthorization(userId, userSecret, redirectUri, responseTypes, clientId); String accessToken = authorizationResponse.getAccessToken(); // 3. Request user info (encrypted) OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, null); PrivateKey privateKey = cryptoProvider.getPrivateKey(keyId); UserInfoRequest userInfoRequest = new UserInfoRequest(accessToken); UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint); userInfoClient.setPrivateKey(privateKey); userInfoClient.setRequest(userInfoRequest); UserInfoResponse userInfoResponse = userInfoClient.exec(); showClient(userInfoClient); assertEquals(userInfoResponse.getStatus(), 200, "Unexpected response code: " + userInfoResponse.getStatus()); assertNotNull(userInfoResponse.getClaim(JwtClaimName.SUBJECT_IDENTIFIER)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.NAME)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.GIVEN_NAME)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.FAMILY_NAME)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.PICTURE)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.EMAIL)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.ZONEINFO)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.LOCALE)); } catch (Exception ex) { fail(ex.getMessage(), ex); } }
Example #30
Source File: UserInfoRestWebServiceHttpTest.java From oxAuth with MIT License | 4 votes |
@Parameters({"redirectUris", "redirectUri", "userId", "userSecret", "clientJwksUri", "sectorIdentifierUri", "RSA1_5_keyId", "keyStoreFile", "keyStoreSecret"}) @Test public void requestUserInfoAlgRSA15EncA128CBCPLUSHS256( final String redirectUris, final String redirectUri, final String userId, final String userSecret, final String jwksUri, final String sectorIdentifierUri, final String keyId, final String keyStoreFile, final String keyStoreSecret) { try { showTitle("requestUserInfoAlgRSA15EncA128CBCPLUSHS256"); List<ResponseType> responseTypes = Arrays.asList( ResponseType.TOKEN, ResponseType.ID_TOKEN); // 1. Dynamic Registration RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setJwksUri(jwksUri); registerRequest.setResponseTypes(responseTypes); registerRequest.setUserInfoEncryptedResponseAlg(KeyEncryptionAlgorithm.RSA1_5); registerRequest.setUserInfoEncryptedResponseEnc(BlockEncryptionAlgorithm.A128CBC_PLUS_HS256); registerRequest.setSubjectType(SubjectType.PAIRWISE); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse registerResponse = registerClient.exec(); showClient(registerClient); assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getClientId()); assertNotNull(registerResponse.getClientSecret()); assertNotNull(registerResponse.getRegistrationAccessToken()); assertNotNull(registerResponse.getClientSecretExpiresAt()); String clientId = registerResponse.getClientId(); AuthorizationResponse authorizationResponse = requestAuthorization(userId, userSecret, redirectUri, responseTypes, clientId); String accessToken = authorizationResponse.getAccessToken(); // 3. Request user info (encrypted) OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, null); PrivateKey privateKey = cryptoProvider.getPrivateKey(keyId); UserInfoRequest userInfoRequest = new UserInfoRequest(accessToken); UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint); userInfoClient.setPrivateKey(privateKey); userInfoClient.setRequest(userInfoRequest); UserInfoResponse userInfoResponse = userInfoClient.exec(); showClient(userInfoClient); assertEquals(userInfoResponse.getStatus(), 200, "Unexpected response code: " + userInfoResponse.getStatus()); assertNotNull(userInfoResponse.getClaim(JwtClaimName.SUBJECT_IDENTIFIER)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.NAME)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.GIVEN_NAME)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.FAMILY_NAME)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.PICTURE)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.EMAIL)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.ZONEINFO)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.LOCALE)); } catch (Exception ex) { fail(ex.getMessage(), ex); } }