private AuthorizationResponse requestAuthorization(final String userId, final String userSecret, final String redirectUri, List<ResponseType> responseTypes, List<String> scopes, String clientId, String nonce, boolean useNewDriver) { String state = UUID.randomUUID().toString(); AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce); authorizationRequest.setState(state); AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess( authorizationEndpoint, authorizationRequest, userId, userSecret, true, useNewDriver); return authorizationResponse; }
private AuthorizationResponse requestAuthorization(final String userId, final String userSecret, final String redirectUri, List<ResponseType> responseTypes, List<String> scopes, String clientId, String nonce) { String state = UUID.randomUUID().toString(); AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce); authorizationRequest.setState(state); AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess( authorizationEndpoint, authorizationRequest, userId, userSecret); assertNotNull(authorizationResponse.getLocation(), "The location is null"); assertNotNull(authorizationResponse.getCode(), "The authorization code is null"); assertNotNull(authorizationResponse.getState(), "The state is null"); assertNotNull(authorizationResponse.getScope(), "The scope is null"); return authorizationResponse; }
private AuthorizationResponse requestAuthorization(final String userId, final String userSecret, final String redirectUri, List<ResponseType> responseTypes, List<String> scopes, String clientId, String nonce) { String state = UUID.randomUUID().toString(); AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce); authorizationRequest.setState(state); AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess( authorizationEndpoint, authorizationRequest, userId, userSecret); assertNotNull(authorizationResponse.getLocation(), "The location is null"); assertNotNull(authorizationResponse.getCode(), "The authorization code is null"); assertNotNull(authorizationResponse.getState(), "The state is null"); assertNotNull(authorizationResponse.getScope(), "The scope is null"); return authorizationResponse; }
private AuthorizationResponse requestAuthorization(final String userId, final String userSecret, final String redirectUri, List<ResponseType> responseTypes, List<String> scopes, String clientId, String nonce) { String state = UUID.randomUUID().toString(); AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce); authorizationRequest.setState(state); AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess( authorizationEndpoint, authorizationRequest, userId, userSecret); assertNotNull(authorizationResponse.getLocation(), "The location is null"); assertNotNull(authorizationResponse.getCode(), "The authorization code is null"); assertNotNull(authorizationResponse.getState(), "The state is null"); assertNotNull(authorizationResponse.getScope(), "The scope is null"); return authorizationResponse; } }
private AuthorizationResponse requestAuthorization(final String userId, final String userSecret, final String redirectUri, List<ResponseType> responseTypes, List<String> scopes, String clientId, String nonce, int countAuthzSteps) { String state = UUID.randomUUID().toString(); AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce); authorizationRequest.setState(state); AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess( authorizationEndpoint, authorizationRequest, userId, userSecret, true, false, countAuthzSteps); assertNotNull(authorizationResponse.getLocation(), "The location is null"); assertNotNull(authorizationResponse.getCode(), "The authorization code is null"); assertNotNull(authorizationResponse.getState(), "The state is null"); assertNotNull(authorizationResponse.getScope(), "The scope is null"); return authorizationResponse; }
private AuthorizationResponse requestAuthorization(final String userId, final String userSecret, final String redirectUri, List<ResponseType> responseTypes, List<String> scopes, String clientId, String nonce) { String state = UUID.randomUUID().toString(); AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce); authorizationRequest.setState(state); AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess( authorizationEndpoint, authorizationRequest, userId, userSecret); assertNotNull(authorizationResponse.getLocation(), "The location is null"); assertNotNull(authorizationResponse.getCode(), "The authorization code is null"); assertNotNull(authorizationResponse.getState(), "The state is null"); assertNotNull(authorizationResponse.getScope(), "The scope is null"); return authorizationResponse; } }
List<String> scopes = Arrays.asList("openid", "profile", "address", "email"); AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId1, scopes, redirectUri, null); authorizationRequest.setState(state);
private AuthorizationResponse requestAuthorization( final String userId, final String userSecret, final String redirectUri, List<ResponseType> responseTypes, String clientId, List<String> scopes) { String nonce = UUID.randomUUID().toString(); String state = UUID.randomUUID().toString(); AuthorizationRequest authorizationRequest = new AuthorizationRequest( responseTypes, clientId, scopes, redirectUri, nonce); authorizationRequest.setState(state); AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess( authorizationEndpoint, authorizationRequest, userId, userSecret); assertNotNull(authorizationResponse.getLocation(), "The location is null"); assertNotNull(authorizationResponse.getAccessToken(), "The access token is null"); assertNotNull(authorizationResponse.getState(), "The state is null"); assertNotNull(authorizationResponse.getTokenType(), "The token type is null"); assertNotNull(authorizationResponse.getExpiresIn(), "The expires in value is null"); assertNotNull(authorizationResponse.getScope(), "The scope must be null"); assertNotNull(authorizationResponse.getIdToken(), "The id token must be null"); return authorizationResponse; }
@Parameters({"redirectUri"}) @Test public void requestAuthorizationCodeFail3(final String redirectUri) throws Exception { showTitle("requestAuthorizationCodeFail3"); List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE); // 1. Request authorization with an invalid Client ID. String clientId = "@!1111!0008!INVALID_VALUE"; List<String> scopes = Arrays.asList("openid", "profile", "address", "email"); String state = UUID.randomUUID().toString(); AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, null); authorizationRequest.setState(state); AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint); authorizeClient.setRequest(authorizationRequest); AuthorizationResponse authorizationResponse = authorizeClient.exec(); showClient(authorizeClient); assertEquals(authorizationResponse.getStatus(), 401, "Unexpected response code: " + authorizationResponse.getStatus()); assertEquals(authorizationResponse.getErrorType(), AuthorizeErrorResponseType.UNAUTHORIZED_CLIENT); assertNotNull(authorizationResponse.getErrorType(), "The error type is null"); assertNotNull(authorizationResponse.getErrorDescription(), "The error description is null"); }
String nonce = UUID.randomUUID().toString(); AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, null, scopes, redirectUri, nonce); authorizationRequest.setState(state);
List<String> scopes = Arrays.asList("openid", "profile", "address", "email"); AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId1, scopes, null, null); authorizationRequest.setState(state);
@Parameters({"authorizePath", "userId", "userSecret"}) @Test public void requestAuthorizationCodeFail1(final String authorizePath, final String userId, final String userSecret) throws Exception { // Testing with missing parameters AuthorizationRequest authorizationRequest = new AuthorizationRequest(null, null, null, null, null); authorizationRequest.setAuthUsername(userId); authorizationRequest.setAuthPassword(userSecret); Builder request = ResteasyClientBuilder.newClient() .target(url.toString() + authorizePath + "?" + authorizationRequest.getQueryString()).request(); request.header("Authorization", "Basic " + authorizationRequest.getEncodedCredentials()); request.header("Accept", MediaType.TEXT_PLAIN); Response response = request.get(); String entity = response.readEntity(String.class); showResponse("requestAuthorizationCodeFail1", response, entity); assertEquals(response.getStatus(), 400, "Unexpected response code."); assertNotNull(entity, "Unexpected result: " + entity); try { JSONObject jsonObj = new JSONObject(entity); assertTrue(jsonObj.has("error"), "The error type is null"); assertTrue(jsonObj.has("error_description"), "The error description is null"); } catch (JSONException e) { e.printStackTrace(); fail(e.getMessage() + "\nResponse was: " + entity); } }
@Parameters({"userId", "userSecret", "redirectUri"}) @Test public void requestAuthorizationTokenFail1( final String userId, final String userSecret, final String redirectUri) throws Exception { showTitle("requestAuthorizationTokenFail1"); List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN); String state = UUID.randomUUID().toString(); AuthorizationRequest request = new AuthorizationRequest(responseTypes, null, null, redirectUri, null); request.setState(state); request.setAuthUsername(userId); request.setAuthPassword(userSecret); AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint); authorizeClient.setRequest(request); AuthorizationResponse response = authorizeClient.exec(); showClient(authorizeClient); assertEquals(response.getStatus(), 400, "Unexpected response code: " + response.getStatus()); assertNotNull(response.getErrorType(), "The error type is null"); assertNotNull(response.getErrorDescription(), "The error description is null"); assertNotNull(response.getState(), "The state is null"); }
@Parameters({"redirectUri", "userId", "userSecret"}) @Test public void requestAuthorizationCodeWithoutRedirectUri( final String redirectUri, final String userId, final String userSecret) throws Exception { showTitle("requestAuthorizationCodeWithoutRedirectUri"); List<String> redirectUriList = Arrays.asList(redirectUri.split(StringUtils.SPACE)); RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", redirectUriList); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse registerResponse = registerClient.exec(); showClient(registerClient); assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getClientId()); assertNotNull(registerResponse.getClientSecret()); assertNotNull(registerResponse.getRegistrationAccessToken()); assertNotNull(registerResponse.getClientSecretExpiresAt()); String clientId = registerResponse.getClientId(); List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE); List<String> scopes = Arrays.asList("openid", "profile", "address", "email"); String state = UUID.randomUUID().toString(); AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, null); authorizationRequest.setState(state); AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess( authorizationEndpoint, authorizationRequest, userId, userSecret); assertNotNull(authorizationResponse.getLocation(), "The location is null"); assertNotNull(authorizationResponse.getCode(), "The authorization code is null"); assertNotNull(authorizationResponse.getState(), "The state is null"); assertNotNull(authorizationResponse.getScope(), "The scope is null"); }
@Parameters({"userId", "userSecret"}) @Test public void requestAuthorizationCodeFail1(final String userId, final String userSecret) throws Exception { showTitle("requestAuthorizationCodeFail1"); List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE); AuthorizationRequest request = new AuthorizationRequest(responseTypes, null, null, null, null); request.setAuthUsername(userId); request.setAuthPassword(userSecret); AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint); authorizeClient.setRequest(request); AuthorizationResponse response = authorizeClient.exec(); showClient(authorizeClient); assertEquals(response.getStatus(), 400, "Unexpected response code: " + response.getStatus()); assertNotNull(response.getErrorType(), "The error type is null"); assertNotNull(response.getErrorDescription(), "The error description is null"); }
private AuthorizationResponse requestAuthorization( final String userId, final String userSecret, final String redirectUri, List<ResponseType> responseTypes, String clientId, List<String> scopes) throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException { String nonce = UUID.randomUUID().toString(); String state = UUID.randomUUID().toString(); AuthorizationRequest authorizationRequest = new AuthorizationRequest( responseTypes, clientId, scopes, redirectUri, nonce); authorizationRequest.setState(state); authorizationRequest.setAuthUsername(userId); authorizationRequest.setAuthPassword(userSecret); authorizationRequest.getPrompts().add(Prompt.NONE); AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint); authorizeClient.setExecutor(new ApacheHttpClient4Executor(createHttpClientTrustAll())); authorizeClient.setRequest(authorizationRequest); authorizeClient.getHeaders().put("Sec-Token-Binding", ENCODED_TOKEN_BINDING_MESSAGE); AuthorizationResponse authorizationResponse = authorizeClient.exec(); showClient(authorizeClient); assertNotNull(authorizationResponse.getLocation(), "The location is null"); assertNotNull(authorizationResponse.getAccessToken(), "The access token is null"); assertNotNull(authorizationResponse.getState(), "The state is null"); assertNotNull(authorizationResponse.getTokenType(), "The token type is null"); assertNotNull(authorizationResponse.getExpiresIn(), "The expires in value is null"); assertNotNull(authorizationResponse.getScope(), "The scope must be null"); assertNotNull(authorizationResponse.getIdToken(), "The id token must be null"); return authorizationResponse; }
@Parameters({"userId", "userSecret"}) @Test public void rejectRequestWithoutResponseType(final String userId, final String userSecret) throws Exception { showTitle("OC5:FeatureTest-Reject Request Without response type"); AuthorizationRequest authorizationRequest = new AuthorizationRequest(null, null, null, null, null); authorizationRequest.setAuthUsername(userId); authorizationRequest.setAuthPassword(userSecret); AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint); authorizeClient.setRequest(authorizationRequest); AuthorizationResponse authorizationResponse = authorizeClient.exec(); showClient(authorizeClient); assertEquals(authorizationResponse.getStatus(), 400, "Unexpected response code: " + authorizationResponse.getStatus()); assertNotNull(authorizationResponse.getErrorType(), "The error type is null"); assertNotNull(authorizationResponse.getErrorDescription(), "The error description is null"); } }
String state = UUID.randomUUID().toString(); AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, null, null); authorizationRequest.setState(state);
String state = UUID.randomUUID().toString(); AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce); authorizationRequest.setResponseMode(ResponseMode.FORM_POST); authorizationRequest.setState(state);
AuthorizationRequest req = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce); req.setState(state); req.setRequestUri(requestUri);