@Test public void changeClientIdTest() throws Exception { keycloakRule.update( new KeycloakRule.KeycloakSetup() { @Override public void config( RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { ClientModel app = appRealm.getClientByClientId("service-account-cl"); app.setClientId("updated-client"); } }); oauth.clientId("updated-client"); OAuthClient.AccessTokenResponse response = oauth.doClientCredentialsGrantAccessTokenRequest("secret1"); assertEquals(200, response.getStatusCode()); AccessToken accessToken = oauth.verifyToken(response.getAccessToken()); RefreshToken refreshToken = oauth.verifyRefreshToken(response.getRefreshToken()); Assert.assertEquals( "updated-client", accessToken.getOtherClaims().get(ServiceAccountConstants.CLIENT_ID)); // Username still same. Client ID changed events .expectClientLogin() .client("updated-client") .user(userId) .session(accessToken.getSessionState()) .detail(Details.TOKEN_ID, accessToken.getId()) .detail(Details.REFRESH_TOKEN_ID, refreshToken.getId()) .detail( Details.USERNAME, ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + "service-account-cl") .assertEvent(); // Revert change keycloakRule.update( new KeycloakRule.KeycloakSetup() { @Override public void config( RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { ClientModel app = appRealm.getClientByClientId("updated-client"); app.setClientId("service-account-cl"); } }); }
@Test public void clientCredentialsAuthSuccess() throws Exception { oauth.clientId("service-account-cl"); OAuthClient.AccessTokenResponse response = oauth.doClientCredentialsGrantAccessTokenRequest("secret1"); assertEquals(200, response.getStatusCode()); AccessToken accessToken = oauth.verifyToken(response.getAccessToken()); RefreshToken refreshToken = oauth.verifyRefreshToken(response.getRefreshToken()); events .expectClientLogin() .client("service-account-cl") .user(userId) .session(accessToken.getSessionState()) .detail(Details.TOKEN_ID, accessToken.getId()) .detail(Details.REFRESH_TOKEN_ID, refreshToken.getId()) .detail( Details.USERNAME, ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + "service-account-cl") .assertEvent(); assertEquals(accessToken.getSessionState(), refreshToken.getSessionState()); System.out.println("Access token other claims: " + accessToken.getOtherClaims()); Assert.assertEquals( "service-account-cl", accessToken.getOtherClaims().get(ServiceAccountConstants.CLIENT_ID)); Assert.assertTrue( accessToken.getOtherClaims().containsKey(ServiceAccountConstants.CLIENT_ADDRESS)); Assert.assertTrue( accessToken.getOtherClaims().containsKey(ServiceAccountConstants.CLIENT_HOST)); OAuthClient.AccessTokenResponse refreshedResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "secret1"); AccessToken refreshedAccessToken = oauth.verifyToken(refreshedResponse.getAccessToken()); RefreshToken refreshedRefreshToken = oauth.verifyRefreshToken(refreshedResponse.getRefreshToken()); assertEquals(accessToken.getSessionState(), refreshedAccessToken.getSessionState()); assertEquals(accessToken.getSessionState(), refreshedRefreshToken.getSessionState()); events .expectRefresh(refreshToken.getId(), refreshToken.getSessionState()) .user(userId) .client("service-account-cl") .assertEvent(); }
@Test public void clientCredentialsLogout() throws Exception { oauth.clientId("service-account-cl"); OAuthClient.AccessTokenResponse response = oauth.doClientCredentialsGrantAccessTokenRequest("secret1"); assertEquals(200, response.getStatusCode()); AccessToken accessToken = oauth.verifyToken(response.getAccessToken()); RefreshToken refreshToken = oauth.verifyRefreshToken(response.getRefreshToken()); events .expectClientLogin() .client("service-account-cl") .user(userId) .session(accessToken.getSessionState()) .detail(Details.TOKEN_ID, accessToken.getId()) .detail(Details.REFRESH_TOKEN_ID, refreshToken.getId()) .detail( Details.USERNAME, ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + "service-account-cl") .detail(Details.CLIENT_AUTH_METHOD, ClientIdAndSecretAuthenticator.PROVIDER_ID) .assertEvent(); HttpResponse logoutResponse = oauth.doLogout(response.getRefreshToken(), "secret1"); assertEquals(204, logoutResponse.getStatusLine().getStatusCode()); events .expectLogout(accessToken.getSessionState()) .client("service-account-cl") .user(userId) .removeDetail(Details.REDIRECT_URI) .assertEvent(); response = oauth.doRefreshTokenRequest(response.getRefreshToken(), "secret1"); assertEquals(400, response.getStatusCode()); assertEquals("invalid_grant", response.getError()); events .expectRefresh(refreshToken.getId(), refreshToken.getSessionState()) .client("service-account-cl") .user(userId) .removeDetail(Details.TOKEN_ID) .removeDetail(Details.UPDATED_REFRESH_TOKEN_ID) .error(Errors.INVALID_TOKEN) .assertEvent(); }
@Test public void grantAccessTokenLogout() throws Exception { oauth.clientId("resource-owner"); OAuthClient.AccessTokenResponse response = oauth.doGrantAccessTokenRequest("secret", "test-user@localhost", "password"); assertEquals(200, response.getStatusCode()); AccessToken accessToken = oauth.verifyToken(response.getAccessToken()); RefreshToken refreshToken = oauth.verifyRefreshToken(response.getRefreshToken()); events .expectLogin() .client("resource-owner") .session(accessToken.getSessionState()) .detail(Details.AUTH_METHOD, "oauth_credentials") .detail(Details.RESPONSE_TYPE, "token") .detail(Details.TOKEN_ID, accessToken.getId()) .detail(Details.REFRESH_TOKEN_ID, refreshToken.getId()) .removeDetail(Details.CODE_ID) .removeDetail(Details.REDIRECT_URI) .removeDetail(Details.CONSENT) .assertEvent(); HttpResponse logoutResponse = oauth.doLogout(response.getRefreshToken(), "secret"); assertEquals(204, logoutResponse.getStatusLine().getStatusCode()); events .expectLogout(accessToken.getSessionState()) .client("resource-owner") .removeDetail(Details.REDIRECT_URI) .assertEvent(); response = oauth.doRefreshTokenRequest(response.getRefreshToken(), "secret"); assertEquals(400, response.getStatusCode()); assertEquals("invalid_grant", response.getError()); events .expectRefresh(refreshToken.getId(), refreshToken.getSessionState()) .client("resource-owner") .removeDetail(Details.TOKEN_ID) .removeDetail(Details.UPDATED_REFRESH_TOKEN_ID) .error(Errors.INVALID_TOKEN) .assertEvent(); }
private void grantAccessToken(String login) throws Exception { oauth.clientId("resource-owner"); OAuthClient.AccessTokenResponse response = oauth.doGrantAccessTokenRequest("secret", login, "password"); assertEquals(200, response.getStatusCode()); AccessToken accessToken = oauth.verifyToken(response.getAccessToken()); RefreshToken refreshToken = oauth.verifyRefreshToken(response.getRefreshToken()); events .expectLogin() .client("resource-owner") .user(userId) .session(accessToken.getSessionState()) .detail(Details.AUTH_METHOD, "oauth_credentials") .detail(Details.RESPONSE_TYPE, "token") .detail(Details.TOKEN_ID, accessToken.getId()) .detail(Details.REFRESH_TOKEN_ID, refreshToken.getId()) .detail(Details.USERNAME, login) .removeDetail(Details.CODE_ID) .removeDetail(Details.REDIRECT_URI) .removeDetail(Details.CONSENT) .assertEvent(); assertEquals(accessToken.getSessionState(), refreshToken.getSessionState()); OAuthClient.AccessTokenResponse refreshedResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "secret"); AccessToken refreshedAccessToken = oauth.verifyToken(refreshedResponse.getAccessToken()); RefreshToken refreshedRefreshToken = oauth.verifyRefreshToken(refreshedResponse.getRefreshToken()); assertEquals(accessToken.getSessionState(), refreshedAccessToken.getSessionState()); assertEquals(accessToken.getSessionState(), refreshedRefreshToken.getSessionState()); events .expectRefresh(refreshToken.getId(), refreshToken.getSessionState()) .user(userId) .client("resource-owner") .assertEvent(); }
public AccessTokenResponse build() { if (accessToken != null) { event.detail(Details.TOKEN_ID, accessToken.getId()); } if (refreshToken != null) { if (event.getEvent().getDetails().containsKey(Details.REFRESH_TOKEN_ID)) { event.detail(Details.UPDATED_REFRESH_TOKEN_ID, refreshToken.getId()); } else { event.detail(Details.REFRESH_TOKEN_ID, refreshToken.getId()); } } AccessTokenResponse res = new AccessTokenResponse(); if (idToken != null) { String encodedToken = new JWSBuilder().jsonContent(idToken).rsa256(realm.getPrivateKey()); res.setIdToken(encodedToken); } if (accessToken != null) { String encodedToken = new JWSBuilder().jsonContent(accessToken).rsa256(realm.getPrivateKey()); res.setToken(encodedToken); res.setTokenType("bearer"); res.setSessionState(accessToken.getSessionState()); if (accessToken.getExpiration() != 0) { res.setExpiresIn(accessToken.getExpiration() - Time.currentTime()); } } if (refreshToken != null) { String encodedToken = new JWSBuilder().jsonContent(refreshToken).rsa256(realm.getPrivateKey()); res.setRefreshToken(encodedToken); if (refreshToken.getExpiration() != 0) { res.setRefreshExpiresIn(refreshToken.getExpiration() - Time.currentTime()); } } int notBefore = realm.getNotBefore(); if (client.getNotBefore() > notBefore) notBefore = client.getNotBefore(); res.setNotBeforePolicy(notBefore); return res; }