@Test
public void testPrompt() {
AuthorizationRequest req = mRequestBuilder.setPrompt(AuthorizationRequest.Prompt.LOGIN).build();
assertThat(req.prompt).isEqualTo(AuthorizationRequest.Prompt.LOGIN);
assertThat(req.getPromptValues()).hasSize(1).contains(AuthorizationRequest.Prompt.LOGIN);
}
@Test
public void testToUri_noCodeVerifier() throws Exception {
AuthorizationRequest req = mRequestBuilder.setCodeVerifier(null).build();
assertThat(req.toUri().getQueryParameterNames())
.doesNotContain(AuthorizationRequest.PARAM_CODE_CHALLENGE)
.doesNotContain(AuthorizationRequest.PARAM_CODE_CHALLENGE_METHOD);
}
@Test
public void testToUri() throws Exception {
AuthorizationRequest request = mRequestBuilder.build();
Uri uri = request.toUri();
assertThat(uri.getQueryParameterNames())
.isEqualTo(
new HashSet<>(
Arrays.asList(
AuthorizationRequest.PARAM_CLIENT_ID,
AuthorizationRequest.PARAM_RESPONSE_TYPE,
AuthorizationRequest.PARAM_REDIRECT_URI,
AuthorizationRequest.PARAM_STATE,
AuthorizationRequest.PARAM_CODE_CHALLENGE,
AuthorizationRequest.PARAM_CODE_CHALLENGE_METHOD)));
assertThat(uri.getQueryParameter(AuthorizationRequest.PARAM_CLIENT_ID))
.isEqualTo(TEST_CLIENT_ID);
assertThat(uri.getQueryParameter(AuthorizationRequest.PARAM_RESPONSE_TYPE))
.isEqualTo(ResponseTypeValues.CODE);
assertThat(uri.getQueryParameter(AuthorizationRequest.PARAM_REDIRECT_URI))
.isEqualTo(TEST_APP_REDIRECT_URI.toString());
assertThat(uri.getQueryParameter(AuthorizationRequest.PARAM_STATE)).isEqualTo(request.state);
assertThat(uri.getQueryParameter(AuthorizationRequest.PARAM_CODE_CHALLENGE))
.isEqualTo(request.codeVerifierChallenge);
assertThat(uri.getQueryParameter(AuthorizationRequest.PARAM_CODE_CHALLENGE_METHOD))
.isEqualTo(request.codeVerifierChallengeMethod);
}
public void test_btooth_proper_URL() throws Exception {
String properBtooth = "B1:B1:0D:B3:10:30:00:00";
AuthorizationRequest req =
new AuthorizationRequest(
"B1:B1:0D:B3:10:30:00:00/sqrl?972764a6021a2649e9bbecfd52c36f13b30a260dbc5c373a53e9d7ae502d0c3a");
assertTrue("Is proper Bluetooth address", req.isValidBluetooth);
assertEquals("B1:B1:0D:B3:10:30:00:00", req.getURL());
}
public void testAuth3_nonce() throws Exception {
AuthorizationRequest req =
new AuthorizationRequest(
"sqrl://example.com/sqrl?4095c8adfa51dabe30fe9f9474d3f91def620300e489e6853baa67bed5d5e0d4");
String testReuslt = req.getNonce();
assertEquals("4095c8adfa51dabe30fe9f9474d3f91def620300e489e6853baa67bed5d5e0d4", testReuslt);
}
public void testAuth_malformed_url3() throws Exception {
AuthorizationRequest req =
new AuthorizationRequest(
"10.0.0.2.5/sqrl?972764a6021a2649e9bbecfd52c36f13b30a260dbc5c373a53e9d7ae502d0c3a");
// There is no need to be this forgiving. Noone would expect it and I see no benefit in leaving
// it out
assertEquals(false, req.IsValid());
}
public void testAuth_malformed_url() throws Exception {
AuthorizationRequest req =
new AuthorizationRequest(
"example.com/sqrl?4095c8adfa51dabe30fe9f9474d3f91def620300e489e6853baa67bed5d5e0d4");
// There is no need to be this forgiving. Noone would expect it and I see no benefit in leaving
// it out
assertEquals(false, req.IsValid());
}
public AuthorizationRequest createAuthorizationRequest(Contact contact) {
logger.trace("createAuthorizationRequest " + contact);
AuthorizationRequest authReq = new AuthorizationRequest();
authReq.setReason(authorizationRequestReason);
isAuthorizationRequestSent = true;
return authReq;
}
private AuthorizationRequest clientCredentialToken(AccessTokenRequest accessTokenRequest) {
AuthorizationRequest request = new AuthorizationRequest();
request.setClient(accessTokenRequest.getClient());
// We have to construct a AuthenticatedPrincipal on-the-fly as there is only key-secret
// authentication
request.setPrincipal(new AuthenticatedPrincipal(request.getClient().getClientId()));
// Get scopes (either from request or the client's default set)
request.setGrantedScopes(accessTokenRequest.getScopeList());
return request;
}
public void testAuth() throws Exception {
AuthorizationRequest req =
new AuthorizationRequest(
"https://localhost/sqrl?4095c8adfa51dabe30fe9f9474d3f91def620300e489e6853baa67bed5d5e0d4");
String testReuslt = req.getDomain();
assertEquals("localhost", testReuslt);
req.fullNut = false;
assertEquals("https://localhost/sqrl", req.getReturnURL());
}
@Parameters({"userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri"})
@Test
public void supportCodeResponseType(
final String userId,
final String userSecret,
final String redirectUris,
final String redirectUri,
final String sectorIdentifierUri)
throws Exception {
showTitle("OC5:FeatureTest-Support code Response Type");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE);
// 1. Register client
RegisterRequest registerRequest =
new RegisterRequest(
ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(
registerResponse.getStatus(),
200,
"Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
String registrationAccessToken = registerResponse.getRegistrationAccessToken();
// 2. Request authorization
List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest =
new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
AuthorizationResponse authorizationResponse =
authenticateResourceOwnerAndGrantAccess(
authorizationEndpoint, authorizationRequest, userId, userSecret);
assertNotNull(authorizationResponse.getLocation());
assertNotNull(authorizationResponse.getCode());
assertNotNull(authorizationResponse.getState());
}
private Response sendAuthorizationCodeResponse(AuthorizationRequest authReq) {
String uri = authReq.getRedirectUri();
String authorizationCode = getAuthorizationCodeValue();
authReq.setAuthorizationCode(authorizationCode);
authorizationRequestRepository.save(authReq);
uri = uri + appendQueryMark(uri) + "code=" + authorizationCode + appendStateParameter(authReq);
return Response.seeOther(UriBuilder.fromUri(uri).build())
.cacheControl(cacheControlNoStore())
.header("Pragma", "no-cache")
.build();
}
@Test
public void testToUri_additionalParams() throws Exception {
Map<String, String> additionalParams = new HashMap<>();
additionalParams.put("my_param", "1234");
additionalParams.put("another_param", "5678");
AuthorizationRequest req = mRequestBuilder.setAdditionalParameters(additionalParams).build();
Uri uri = req.toUri();
assertThat(uri.getQueryParameter("my_param")).isEqualTo("1234");
assertThat(uri.getQueryParameter("another_param")).isEqualTo("5678");
}
public void testQRlAddress() {
// qrl://10.0.0.27/login/sqrlauth.php?nut=5f7d471e26450c1539fe73b7867a789abb0c7de6f4246f1e719d7b2830e73de2
String qrlAddress =
"qrl://10.0.0.27/login/sqrlauth.php?nut=5f7d471e26450c1539fe73b7867a789abb0c7de6f4246f1e719d7b2830e73de2";
AuthorizationRequest req = new AuthorizationRequest(qrlAddress);
assertEquals(true, req.isValid);
assertEquals("10.0.0.27", req.domain);
assertEquals(
"5f7d471e26450c1539fe73b7867a789abb0c7de6f4246f1e719d7b2830e73de2", req.getNonce());
assertTrue(req.getReturnURL().startsWith("http"));
}
private AuthorizationRequest authorizationCodeToken(AccessTokenRequest accessTokenRequest) {
AuthorizationRequest authReq =
authorizationRequestRepository.findByAuthorizationCode(accessTokenRequest.getCode());
if (authReq == null) {
throw new ValidationResponseException(ValidationResponse.INVALID_GRANT_AUTHORIZATION_CODE);
}
String uri = accessTokenRequest.getRedirectUri();
if (!authReq.getRedirectUri().equalsIgnoreCase(uri)) {
throw new ValidationResponseException(ValidationResponse.REDIRECT_URI_DIFFERENT);
}
authorizationRequestRepository.delete(authReq);
return authReq;
}
private AuthorizationRequest refreshTokenToken(AccessTokenRequest accessTokenRequest) {
AccessToken accessToken =
accessTokenRepository.findByRefreshToken(accessTokenRequest.getRefreshToken());
if (accessToken == null) {
throw new ValidationResponseException(ValidationResponse.INVALID_GRANT_REFRESH_TOKEN);
}
AuthorizationRequest request = new AuthorizationRequest();
request.setClient(accessToken.getClient());
request.setPrincipal(accessToken.getPrincipal());
request.setGrantedScopes(accessToken.getScopes());
accessTokenRepository.delete(accessToken);
return request;
}
private Response doProcess(HttpServletRequest request) {
AuthorizationRequest authReq = findAuthorizationRequest(request);
if (authReq == null) {
return serverError("Not a valid AbstractAuthenticator.AUTH_STATE on the Request");
}
processScopes(authReq, request);
if (authReq.getResponseType().equals(OAuth2Validator.IMPLICIT_GRANT_RESPONSE_TYPE)) {
AccessToken token = createAccessToken(authReq, true);
return sendImplicitGrantResponse(authReq, token);
} else {
return sendAuthorizationCodeResponse(authReq);
}
}
public void testAuth3_wqithsqrl_picky() throws Exception {
AuthorizationRequest req =
new AuthorizationRequest(
"sqrl://example.com/sqrl?4095c8adfa51dabe30fe9f9474d3f91def620300e489e6853baa67bed5d5e0d4");
String testReuslt = req.getDomain();
assertEquals("example.com", testReuslt);
// if we understand how to construct a sqrl then we should expect to understand how to handle
// the protocol
req.isConnectionPicky = true;
req.fullNut = false;
assertEquals("https://example.com/sqrl", req.getReturnURL());
}
public void testQRlAddressSignatureSend() {
// qrl://10.0.0.27/login/sqrlauth.php?nut=5f7d471e26450c1539fe73b7867a789abb0c7de6f4246f1e719d7b2830e73de2
String qrlAddress =
"qrl://10.0.0.27/login/sqrlauth.php?nut=393cbc323070c8281e05bd8554f8d8d409cd9c64267f358cac41c121b1720299";
AuthorizationRequest req = new AuthorizationRequest(qrlAddress);
assertEquals(true, req.isValid);
assertEquals("10.0.0.27", req.domain);
assertEquals(
"393cbc323070c8281e05bd8554f8d8d409cd9c64267f358cac41c121b1720299", req.getNonce());
assertTrue(req.getReturnURL().startsWith("http"));
assertTrue(
req.getReturnURL()
.endsWith("nut=393cbc323070c8281e05bd8554f8d8d409cd9c64267f358cac41c121b1720299"));
}
@Test
public void testPrompt_withVarargs() {
AuthorizationRequest req =
mRequestBuilder
.setPromptValues(AuthorizationRequest.Prompt.LOGIN, AuthorizationRequest.Prompt.CONSENT)
.build();
assertThat(req.prompt)
.isEqualTo(AuthorizationRequest.Prompt.LOGIN + " " + AuthorizationRequest.Prompt.CONSENT);
assertThat(req.getPromptValues())
.hasSize(2)
.contains(AuthorizationRequest.Prompt.LOGIN)
.contains(AuthorizationRequest.Prompt.CONSENT);
}
/*
* In the user consent filter the scopes are (possible) set on the Request
*/
private void processScopes(AuthorizationRequest authReq, HttpServletRequest request) {
if (authReq.getClient().isSkipConsent()) {
// return the scopes in the authentication request since the requested scopes are stored in
// the
// authorizationRequest.
authReq.setGrantedScopes(authReq.getRequestedScopes());
} else {
String[] scopes = (String[]) request.getAttribute(AbstractUserConsentHandler.GRANTED_SCOPES);
if (!ArrayUtils.isEmpty(scopes)) {
authReq.setGrantedScopes(Arrays.asList(scopes));
} else {
authReq.setGrantedScopes(null);
}
}
}
private AuthorizationRequest passwordToken(AccessTokenRequest accessTokenRequest) {
// Authenticate the resource owner
AuthenticatedPrincipal principal =
resourceOwnerAuthenticator.authenticate(
accessTokenRequest.getUsername(), accessTokenRequest.getPassword());
if (principal == null) {
throw new ValidationResponseException(ValidationResponse.INVALID_GRANT_PASSWORD);
}
AuthorizationRequest request = new AuthorizationRequest();
request.setClient(accessTokenRequest.getClient());
request.setPrincipal(principal);
request.setGrantedScopes(accessTokenRequest.getScopeList());
return request;
}
private String appendStateParameter(AuthorizationRequest authReq) {
String state = authReq.getState();
try {
return StringUtils.isBlank(state) ? "" : "&state=".concat(URLEncoder.encode(state, "UTF-8"));
} catch (UnsupportedEncodingException e) {
throw new RuntimeException(e);
}
}
private AccessToken createAccessToken(AuthorizationRequest request, boolean isImplicitGrant) {
Client client = request.getClient();
long expireDuration = client.getExpireDuration();
long expires =
(expireDuration == 0L ? 0L : (System.currentTimeMillis() + (1000 * expireDuration)));
String refreshToken =
(client.isUseRefreshTokens() && !isImplicitGrant) ? getTokenValue(true) : null;
AuthenticatedPrincipal principal = request.getPrincipal();
AccessToken token =
new AccessToken(
getTokenValue(false),
principal,
client,
expires,
request.getGrantedScopes(),
refreshToken);
return accessTokenRepository.save(token);
}
private Response sendImplicitGrantResponse(
AuthorizationRequest authReq, AccessToken accessToken) {
String uri = authReq.getRedirectUri();
String fragment =
String.format(
"access_token=%s&token_type=bearer&expires_in=%s&scope=%s",
accessToken.getToken(),
accessToken.getExpiresIn(),
StringUtils.join(authReq.getGrantedScopes(), ','))
+ appendStateParameter(authReq);
if (authReq.getClient().isIncludePrincipal()) {
fragment += String.format("&principal=%s", authReq.getPrincipal().getDisplayName());
}
return Response.seeOther(UriBuilder.fromUri(uri).fragment(fragment).build())
.cacheControl(cacheControlNoStore())
.header("Pragma", "no-cache")
.build();
}
@Test
public void testPrompt_withIterable() {
AuthorizationRequest req =
mRequestBuilder
.setPromptValues(
Arrays.asList(
AuthorizationRequest.Prompt.SELECT_ACCOUNT,
AuthorizationRequest.Prompt.CONSENT))
.build();
assertThat(req.prompt)
.isEqualTo(
AuthorizationRequest.Prompt.SELECT_ACCOUNT + " " + AuthorizationRequest.Prompt.CONSENT);
assertThat(req.getPromptValues())
.hasSize(2)
.contains(AuthorizationRequest.Prompt.SELECT_ACCOUNT)
.contains(AuthorizationRequest.Prompt.CONSENT);
}
public void testQRLAddressNewNut() {
// qrl://10.0.0.27/login/sqrlauth.php?nut=5f7d471e26450c1539fe73b7867a789abb0c7de6f4246f1e719d7b2830e73de2
String qrlAddress =
"qrl://10.0.0.27/login/sqrlauth.php?nut=393cbc323070c8281e05bd8554f8d8d409cd9c64267f358cac41c121b1720299";
AuthorizationRequest req = new AuthorizationRequest(qrlAddress);
assertEquals(true, req.isValid);
assertEquals("10.0.0.27", req.domain);
assertEquals(
"393cbc323070c8281e05bd8554f8d8d409cd9c64267f358cac41c121b1720299", req.getNonce());
assertTrue(req.getReturnURL().startsWith("http"));
assertTrue(
req.getReturnURL()
.endsWith("nut=393cbc323070c8281e05bd8554f8d8d409cd9c64267f358cac41c121b1720299"));
String newNut = Helper.urlEncode(Helper.CreateRandom(32));
AuthorizationRequest newnutaddress = req.getNewNut(newNut);
assertTrue(newnutaddress.getReturnURL().startsWith("http"));
assertTrue(newnutaddress.getReturnURL().endsWith(newNut));
assertEquals(
String.format("http://10.0.0.27/login/sqrlauth.php?nut=%s", newNut),
newnutaddress.getReturnURL());
}
public AuthorizationResponse processAuthorisationRequest(
AuthorizationRequest req, Contact sourceContact) {
logger.debug("Processing in " + this);
synchronized (this) {
logger.trace("processAuthorisationRequest " + req + " " + sourceContact);
isAuthorizationRequestReceived = true;
authorizationRequestReason = req.getReason();
notifyAll();
// will wait as a normal user
Object lock = new Object();
synchronized (lock) {
try {
lock.wait(2000);
} catch (Exception ex) {
}
}
return responseToRequest;
}
}
@Parameters({"redirectUris", "sectorIdentifierUri", "redirectUri", "userId", "userSecret"})
@Test // This test requires a place to publish a sector identifier JSON array of redirect URIs via
// HTTPS
public void requestAuthorizationCodeWithSectorIdentifier(
final String redirectUris,
final String sectorIdentifierUri,
final String redirectUri,
final String userId,
final String userSecret)
throws Exception {
showTitle("requestAuthorizationCodeWithSectorIdentifier");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE, ResponseType.ID_TOKEN);
// 1. Register client with Sector Identifier URL
RegisterRequest registerRequest =
new RegisterRequest(
ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.addCustomAttribute("oxAuthTrustedClient", "true");
registerRequest.setResponseTypes(responseTypes);
registerRequest.setSubjectType(SubjectType.PAIRWISE);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.CLIENT_SECRET_POST);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(
registerResponse.getStatus(),
200,
"Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
String clientSecret = registerResponse.getClientSecret();
// 2. Request authorization and receive the authorization code.
List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
String state = UUID.randomUUID().toString();
String nonce = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest =
new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
authorizationRequest.setAuthUsername(userId);
authorizationRequest.setAuthPassword(userSecret);
authorizationRequest.getPrompts().add(Prompt.NONE);
AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
authorizeClient.setRequest(authorizationRequest);
AuthorizationResponse authorizationResponse = authorizeClient.exec();
showClient(authorizeClient);
assertEquals(
authorizationResponse.getStatus(),
302,
"Unexpected response code: " + authorizationResponse.getStatus());
assertNotNull(authorizationResponse.getLocation(), "The location is null");
assertNotNull(authorizationResponse.getCode(), "The authorization code is null");
assertNotNull(authorizationResponse.getState(), "The state is null");
assertNotNull(authorizationResponse.getScope(), "The scope is null");
assertEquals(authorizationResponse.getState(), state);
String authorizationCode = authorizationResponse.getCode();
String idToken = authorizationResponse.getIdToken();
// 3. Validate id_token
Jwt jwt = Jwt.parse(idToken);
assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.TYPE));
assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUER));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUDIENCE));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.CODE_HASH));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUTHENTICATION_TIME));
RSAPublicKey publicKey =
JwkClient.getRSAPublicKey(jwksUri, jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID));
RSASigner rsaSigner = new RSASigner(SignatureAlgorithm.RS256, publicKey);
assertTrue(rsaSigner.validate(jwt));
// 4. Request access token using the authorization code.
TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
tokenRequest.setCode(authorizationCode);
tokenRequest.setRedirectUri(redirectUri);
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword(clientSecret);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_POST);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertEquals(
tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus());
assertNotNull(tokenResponse.getEntity(), "The entity is null");
assertNotNull(tokenResponse.getAccessToken(), "The access token is null");
assertNotNull(tokenResponse.getExpiresIn(), "The expires in value is null");
assertNotNull(tokenResponse.getTokenType(), "The token type is null");
assertNotNull(tokenResponse.getRefreshToken(), "The refresh token is null");
String accessToken = tokenResponse.getAccessToken();
// 5. Request user info
UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
UserInfoResponse userInfoResponse = userInfoClient.execUserInfo(accessToken);
showClient(userInfoClient);
assertEquals(
userInfoResponse.getStatus(),
200,
"Unexpected response code: " + userInfoResponse.getStatus());
assertNotNull(userInfoResponse.getClaim(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.NAME));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.GIVEN_NAME));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.FAMILY_NAME));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.EMAIL));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.ZONEINFO));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.LOCALE));
}
@Parameters({"userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri"})
@Test
public void requestAuthorizationPromptNone(
final String userId,
final String userSecret,
final String redirectUris,
final String redirectUri,
final String sectorIdentifierUri)
throws Exception {
showTitle("OC5:FeatureTest-Support prompt value none");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE);
// 1. Register client
RegisterRequest registerRequest =
new RegisterRequest(
ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(
registerResponse.getStatus(),
200,
"Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
String clientSecret = registerResponse.getClientSecret();
String sessionState = null;
{
// 2. Request authorization
List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest =
new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
AuthorizationResponse authorizationResponse =
authenticateResourceOwnerAndGrantAccess(
authorizationEndpoint, authorizationRequest, userId, userSecret);
assertNotNull(authorizationResponse.getLocation());
assertNotNull(authorizationResponse.getCode());
assertNotNull(authorizationResponse.getState());
assertNotNull(authorizationResponse.getScope());
String authorizationCode = authorizationResponse.getCode();
sessionState = authorizationResponse.getSessionState();
// 3. Get Access Token
TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
tokenRequest.setCode(authorizationCode);
tokenRequest.setRedirectUri(redirectUri);
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword(clientSecret);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_BASIC);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertEquals(
tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus());
assertNotNull(tokenResponse.getEntity(), "The entity is null");
assertNotNull(tokenResponse.getAccessToken(), "The access token is null");
assertNotNull(tokenResponse.getExpiresIn(), "The expires in value is null");
assertNotNull(tokenResponse.getTokenType(), "The token type is null");
assertNotNull(tokenResponse.getRefreshToken(), "The refresh token is null");
}
{
// 4. Request authorization
List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest =
new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
authorizationRequest.getPrompts().add(Prompt.NONE);
authorizationRequest.setSessionState(sessionState);
AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
authorizeClient.setRequest(authorizationRequest);
AuthorizationResponse authorizationResponse = authorizeClient.exec();
assertNotNull(authorizationResponse.getLocation());
assertNotNull(authorizationResponse.getCode());
assertNotNull(authorizationResponse.getState());
assertNotNull(authorizationResponse.getScope());
String authorizationCode = authorizationResponse.getCode();
// 5. Get Access Token
TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
tokenRequest.setCode(authorizationCode);
tokenRequest.setRedirectUri(redirectUri);
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword(clientSecret);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_BASIC);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertEquals(
tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus());
assertNotNull(tokenResponse.getEntity(), "The entity is null");
assertNotNull(tokenResponse.getAccessToken(), "The access token is null");
assertNotNull(tokenResponse.getExpiresIn(), "The expires in value is null");
assertNotNull(tokenResponse.getTokenType(), "The token type is null");
assertNotNull(tokenResponse.getRefreshToken(), "The refresh token is null");
}
}
