/*
* oxAuth is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text.
*
* Copyright (c) 2014, Gluu
*/
package org.xdi.oxauth.ws.rs;
import org.testng.annotations.Parameters;
import org.testng.annotations.Test;
import org.xdi.oxauth.BaseTest;
import org.xdi.oxauth.client.*;
import org.xdi.oxauth.model.common.AuthenticationMethod;
import org.xdi.oxauth.model.common.GrantType;
import org.xdi.oxauth.model.crypto.OxAuthCryptoProvider;
import org.xdi.oxauth.model.crypto.signature.SignatureAlgorithm;
import org.xdi.oxauth.model.register.ApplicationType;
import org.xdi.oxauth.model.token.TokenErrorResponseType;
import org.xdi.oxauth.model.userinfo.UserInfoErrorResponseType;
import org.xdi.oxauth.model.util.StringUtils;
import java.util.Arrays;
import java.util.List;
import static org.testng.Assert.*;
/**
* @author Javier Rojas Blum
* @version May 12, 2017
*/
public class ClientCredentialsGrantHttpTest extends BaseTest {
@Parameters({"redirectUris", "sectorIdentifierUri"})
@Test
public void defaultAuthenticationMethod(final String redirectUris, final String sectorIdentifierUri) throws Exception {
showTitle("defaultAuthenticationMethod");
List<String> scopes = Arrays.asList("clientinfo");
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setScopes(scopes);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
String clientSecret = registerResponse.getClientSecret();
// 2. Request Client Credentials Grant
TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
tokenRequest.setScope("clientinfo");
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword(clientSecret);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus());
assertNotNull(tokenResponse.getEntity());
assertNotNull(tokenResponse.getAccessToken());
assertNotNull(tokenResponse.getTokenType());
assertNotNull(tokenResponse.getScope());
assertNull(tokenResponse.getRefreshToken());
String accessToken = tokenResponse.getAccessToken();
// 3. Request client info
ClientInfoClient clientInfoClient = new ClientInfoClient(clientInfoEndpoint);
ClientInfoResponse clientInfoResponse = clientInfoClient.execClientInfo(accessToken);
showClient(clientInfoClient);
assertEquals(clientInfoResponse.getStatus(), 200, "Unexpected response code: " + clientInfoResponse.getStatus());
assertNotNull(clientInfoResponse.getClaim("displayName"), "Unexpected result: displayName not found");
assertNotNull(clientInfoResponse.getClaim("inum"), "Unexpected result: inum not found");
}
@Parameters({"redirectUris", "sectorIdentifierUri"})
@Test
public void defaultAuthenticationMethodFail(final String redirectUris, final String sectorIdentifierUri) throws Exception {
showTitle("defaultAuthenticationMethodFail");
List<String> scopes = Arrays.asList("clientinfo");
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setScopes(scopes);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
// 2. Request Client Credentials Grant
TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
tokenRequest.setScope("clientinfo");
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword("INVALID_CLIENT_SECRET");
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertEquals(tokenResponse.getStatus(), 401, "Unexpected response code: " + tokenResponse.getStatus());
assertNotNull(tokenResponse.getErrorType());
assertEquals(tokenResponse.getErrorType(), TokenErrorResponseType.INVALID_CLIENT);
assertNotNull(tokenResponse.getErrorDescription());
}
@Parameters({"redirectUris", "sectorIdentifierUri"})
@Test
public void clientSecretBasicAuthenticationMethod(final String redirectUris, final String sectorIdentifierUri) throws Exception {
showTitle("clientSecretBasicAuthenticationMethod");
List<String> scopes = Arrays.asList("openid", "profile", "address", "email", "clientinfo");
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setScopes(scopes);
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.CLIENT_SECRET_BASIC);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
String clientSecret = registerResponse.getClientSecret();
// 2. Request Client Credentials Grant
TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
tokenRequest.setScope("clientinfo");
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword(clientSecret);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_BASIC);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus());
assertNotNull(tokenResponse.getEntity());
assertNotNull(tokenResponse.getAccessToken());
assertNotNull(tokenResponse.getTokenType());
assertNotNull(tokenResponse.getScope());
assertNull(tokenResponse.getRefreshToken());
String accessToken = tokenResponse.getAccessToken();
// 3. Request client info
ClientInfoClient clientInfoClient = new ClientInfoClient(clientInfoEndpoint);
ClientInfoResponse clientInfoResponse = clientInfoClient.execClientInfo(accessToken);
showClient(clientInfoClient);
assertEquals(clientInfoResponse.getStatus(), 200, "Unexpected response code: " + clientInfoResponse.getStatus());
assertNotNull(clientInfoResponse.getClaim("displayName"), "Unexpected result: displayName not found");
assertNotNull(clientInfoResponse.getClaim("inum"), "Unexpected result: inum not found");
// 4. Request user info should fail
UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
userInfoClient.setSharedKey(clientSecret);
UserInfoResponse userInfoResponse = userInfoClient.execUserInfo(accessToken);
showClient(userInfoClient);
assertEquals(userInfoResponse.getStatus(), 403);
assertEquals(userInfoResponse.getErrorType(), UserInfoErrorResponseType.INSUFFICIENT_SCOPE);
}
@Parameters({"redirectUris", "sectorIdentifierUri"})
@Test
public void clientSecretBasicAuthenticationMethodFail(final String redirectUris, final String sectorIdentifierUri) throws Exception {
showTitle("clientSecretBasicAuthenticationMethodFail");
List<String> scopes = Arrays.asList("clientinfo");
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setScopes(scopes);
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.CLIENT_SECRET_BASIC);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
// 2. Request Client Credentials Grant
TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
tokenRequest.setScope("clientinfo");
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword("INVALID_CLIENT_SECRET");
tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_BASIC);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertEquals(tokenResponse.getStatus(), 401, "Unexpected response code: " + tokenResponse.getStatus());
assertNotNull(tokenResponse.getErrorType());
assertEquals(tokenResponse.getErrorType(), TokenErrorResponseType.INVALID_CLIENT);
assertNotNull(tokenResponse.getErrorDescription());
}
@Parameters({"redirectUris", "sectorIdentifierUri"})
@Test
public void clientSecretPostAuthenticationMethod(final String redirectUris, final String sectorIdentifierUri) throws Exception {
showTitle("clientSecretPostAuthenticationMethod");
List<String> scopes = Arrays.asList("clientinfo");
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setScopes(scopes);
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.CLIENT_SECRET_POST);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
String clientSecret = registerResponse.getClientSecret();
// 2. Request Client Credentials Grant
TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
tokenRequest.setScope("clientinfo");
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword(clientSecret);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_POST);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus());
assertNotNull(tokenResponse.getEntity());
assertNotNull(tokenResponse.getAccessToken());
assertNotNull(tokenResponse.getTokenType());
assertNotNull(tokenResponse.getScope());
assertNull(tokenResponse.getRefreshToken());
String accessToken = tokenResponse.getAccessToken();
// 3. Request client info
ClientInfoClient clientInfoClient = new ClientInfoClient(clientInfoEndpoint);
ClientInfoResponse clientInfoResponse = clientInfoClient.execClientInfo(accessToken);
showClient(clientInfoClient);
assertEquals(clientInfoResponse.getStatus(), 200, "Unexpected response code: " + clientInfoResponse.getStatus());
assertNotNull(clientInfoResponse.getClaim("displayName"), "Unexpected result: displayName not found");
assertNotNull(clientInfoResponse.getClaim("inum"), "Unexpected result: inum not found");
}
@Parameters({"redirectUris", "sectorIdentifierUri"})
@Test
public void clientSecretPostAuthenticationMethodFail1(final String redirectUris, final String sectorIdentifierUri) throws Exception {
showTitle("clientSecretPostAuthenticationMethodFail1");
List<String> scopes = Arrays.asList("clientinfo");
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setScopes(scopes);
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.CLIENT_SECRET_POST);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
// 2. Request Client Credentials Grant
TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
tokenRequest.setScope("clientinfo");
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword("INVALID_CLIENT_SECRET");
tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_POST);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertEquals(tokenResponse.getStatus(), 401, "Unexpected response code: " + tokenResponse.getStatus());
assertNotNull(tokenResponse.getErrorType());
assertEquals(tokenResponse.getErrorType(), TokenErrorResponseType.INVALID_CLIENT);
assertNotNull(tokenResponse.getErrorDescription());
}
@Parameters({"redirectUris", "sectorIdentifierUri"})
@Test
public void clientSecretPostAuthenticationMethodFail2(final String redirectUris, final String sectorIdentifierUri) throws Exception {
showTitle("clientSecretPostAuthenticationMethodFail2");
List<String> scopes = Arrays.asList("clientinfo");
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setScopes(scopes);
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.CLIENT_SECRET_POST);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
// 2. Request Client Credentials Grant
TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
tokenRequest.setScope("clientinfo");
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword(null);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_POST);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertEquals(tokenResponse.getStatus(), 401, "Unexpected response code: " + tokenResponse.getStatus());
assertNotNull(tokenResponse.getErrorType());
assertEquals(tokenResponse.getErrorType(), TokenErrorResponseType.INVALID_CLIENT);
assertNotNull(tokenResponse.getErrorDescription());
}
@Parameters({"redirectUris", "sectorIdentifierUri"})
@Test
public void clientSecretPostAuthenticationMethodFail3(final String redirectUris, final String sectorIdentifierUri) throws Exception {
showTitle("clientSecretPostAuthenticationMethodFail3");
List<String> scopes = Arrays.asList("clientinfo");
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setScopes(scopes);
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.CLIENT_SECRET_POST);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
// 2. Request Client Credentials Grant
TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
tokenRequest.setScope("clientinfo");
tokenRequest.setAuthUsername(null);
tokenRequest.setAuthPassword(null);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_POST);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertEquals(tokenResponse.getStatus(), 401, "Unexpected response code: " + tokenResponse.getStatus());
assertNotNull(tokenResponse.getErrorType());
assertEquals(tokenResponse.getErrorType(), TokenErrorResponseType.INVALID_CLIENT);
assertNotNull(tokenResponse.getErrorDescription());
}
@Parameters({"redirectUris", "sectorIdentifierUri"})
@Test
public void clientSecretJwtAuthenticationMethodHS256(final String redirectUris, final String sectorIdentifierUri) throws Exception {
showTitle("clientSecretJwtAuthenticationMethodHS256");
List<String> scopes = Arrays.asList("clientinfo");
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setScopes(scopes);
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.CLIENT_SECRET_JWT);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
String clientSecret = registerResponse.getClientSecret();
// 2. Request Client Credentials Grant
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider();
TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
tokenRequest.setScope("clientinfo");
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword(clientSecret);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_JWT);
tokenRequest.setAlgorithm(SignatureAlgorithm.HS256);
tokenRequest.setCryptoProvider(cryptoProvider);
tokenRequest.setAudience(tokenEndpoint);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus());
assertNotNull(tokenResponse.getEntity());
assertNotNull(tokenResponse.getAccessToken());
assertNotNull(tokenResponse.getTokenType());
assertNotNull(tokenResponse.getScope());
assertNull(tokenResponse.getRefreshToken());
String accessToken = tokenResponse.getAccessToken();
// 3. Request client info
ClientInfoClient clientInfoClient = new ClientInfoClient(clientInfoEndpoint);
ClientInfoResponse clientInfoResponse = clientInfoClient.execClientInfo(accessToken);
showClient(clientInfoClient);
assertEquals(clientInfoResponse.getStatus(), 200, "Unexpected response code: " + clientInfoResponse.getStatus());
assertNotNull(clientInfoResponse.getClaim("displayName"), "Unexpected result: displayName not found");
assertNotNull(clientInfoResponse.getClaim("inum"), "Unexpected result: inum not found");
}
@Parameters({"redirectUris", "sectorIdentifierUri"})
@Test
public void clientSecretJwtAuthenticationMethodHS256Fail(final String redirectUris, final String sectorIdentifierUri) throws Exception {
showTitle("clientSecretJwtAuthenticationMethodHS256Fail");
List<String> scopes = Arrays.asList("clientinfo");
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setScopes(scopes);
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.CLIENT_SECRET_JWT);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
// 2. Request Client Credentials Grant
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider();
TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
tokenRequest.setScope("clientinfo");
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword("INVALID_CLIENT_SECRET");
tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_JWT);
tokenRequest.setAlgorithm(SignatureAlgorithm.HS256);
tokenRequest.setCryptoProvider(cryptoProvider);
tokenRequest.setAudience(tokenEndpoint);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertEquals(tokenResponse.getStatus(), 401, "Unexpected response code: " + tokenResponse.getStatus());
assertNotNull(tokenResponse.getErrorType());
assertEquals(tokenResponse.getErrorType(), TokenErrorResponseType.INVALID_CLIENT);
assertNotNull(tokenResponse.getErrorDescription());
}
@Parameters({"redirectUris", "sectorIdentifierUri"})
@Test
public void clientSecretJwtAuthenticationMethodHS384(final String redirectUris, final String sectorIdentifierUri) throws Exception {
showTitle("clientSecretJwtAuthenticationMethodHS384");
List<String> scopes = Arrays.asList("clientinfo");
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setScopes(scopes);
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.CLIENT_SECRET_JWT);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
String clientSecret = registerResponse.getClientSecret();
// 2. Request Client Credentials Grant
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider();
TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
tokenRequest.setScope("clientinfo");
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword(clientSecret);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_JWT);
tokenRequest.setAlgorithm(SignatureAlgorithm.HS384);
tokenRequest.setCryptoProvider(cryptoProvider);
tokenRequest.setAudience(tokenEndpoint);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus());
assertNotNull(tokenResponse.getEntity());
assertNotNull(tokenResponse.getAccessToken());
assertNotNull(tokenResponse.getTokenType());
assertNotNull(tokenResponse.getScope());
assertNull(tokenResponse.getRefreshToken());
String accessToken = tokenResponse.getAccessToken();
// 3. Request client info
ClientInfoClient clientInfoClient = new ClientInfoClient(clientInfoEndpoint);
ClientInfoResponse clientInfoResponse = clientInfoClient.execClientInfo(accessToken);
showClient(clientInfoClient);
assertEquals(clientInfoResponse.getStatus(), 200, "Unexpected response code: " + clientInfoResponse.getStatus());
assertNotNull(clientInfoResponse.getClaim("displayName"), "Unexpected result: displayName not found");
assertNotNull(clientInfoResponse.getClaim("inum"), "Unexpected result: inum not found");
}
@Parameters({"redirectUris", "sectorIdentifierUri"})
@Test
public void clientSecretJwtAuthenticationMethodHS384Fail(final String redirectUris, final String sectorIdentifierUri) throws Exception {
showTitle("clientSecretJwtAuthenticationMethodHS384Fail");
List<String> scopes = Arrays.asList("clientinfo");
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setScopes(scopes);
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.CLIENT_SECRET_JWT);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
// 2. Request Client Credentials Grant
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider();
TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
tokenRequest.setScope("clientinfo");
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword("INVALID_CLIENT_SECRET");
tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_JWT);
tokenRequest.setAlgorithm(SignatureAlgorithm.HS384);
tokenRequest.setCryptoProvider(cryptoProvider);
tokenRequest.setAudience(tokenEndpoint);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertEquals(tokenResponse.getStatus(), 401, "Unexpected response code: " + tokenResponse.getStatus());
assertNotNull(tokenResponse.getErrorType());
assertEquals(tokenResponse.getErrorType(), TokenErrorResponseType.INVALID_CLIENT);
assertNotNull(tokenResponse.getErrorDescription());
}
@Parameters({"redirectUris", "sectorIdentifierUri"})
@Test
public void clientSecretJwtAuthenticationMethodHS512(final String redirectUris, final String sectorIdentifierUri) throws Exception {
showTitle("clientSecretJwtAuthenticationMethodHS512");
List<String> scopes = Arrays.asList("clientinfo");
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setScopes(scopes);
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.CLIENT_SECRET_JWT);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
String clientSecret = registerResponse.getClientSecret();
// 2. Request Client Credentials Grant
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider();
TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
tokenRequest.setScope("clientinfo");
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword(clientSecret);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_JWT);
tokenRequest.setAlgorithm(SignatureAlgorithm.HS512);
tokenRequest.setCryptoProvider(cryptoProvider);
tokenRequest.setAudience(tokenEndpoint);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus());
assertNotNull(tokenResponse.getEntity());
assertNotNull(tokenResponse.getAccessToken());
assertNotNull(tokenResponse.getTokenType());
assertNotNull(tokenResponse.getScope());
assertNull(tokenResponse.getRefreshToken());
String accessToken = tokenResponse.getAccessToken();
// 3. Request client info
ClientInfoClient clientInfoClient = new ClientInfoClient(clientInfoEndpoint);
ClientInfoResponse clientInfoResponse = clientInfoClient.execClientInfo(accessToken);
showClient(clientInfoClient);
assertEquals(clientInfoResponse.getStatus(), 200, "Unexpected response code: " + clientInfoResponse.getStatus());
assertNotNull(clientInfoResponse.getClaim("displayName"), "Unexpected result: displayName not found");
assertNotNull(clientInfoResponse.getClaim("inum"), "Unexpected result: inum not found");
}
@Parameters({"redirectUris", "sectorIdentifierUri"})
@Test
public void clientSecretJwtAuthenticationMethodHS512Fail(final String redirectUris, final String sectorIdentifierUri) throws Exception {
showTitle("clientSecretJwtAuthenticationMethodHS512Fail");
List<String> scopes = Arrays.asList("clientinfo");
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setScopes(scopes);
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.CLIENT_SECRET_JWT);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
String clientSecret = registerResponse.getClientSecret();
// 2. Request Client Credentials Grant
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider();
TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
tokenRequest.setScope("clientinfo");
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword("INVALID_CLIENT_SECRET");
tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_JWT);
tokenRequest.setAlgorithm(SignatureAlgorithm.HS512);
tokenRequest.setCryptoProvider(cryptoProvider);
tokenRequest.setAudience(tokenEndpoint);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertEquals(tokenResponse.getStatus(), 401, "Unexpected response code: " + tokenResponse.getStatus());
assertNotNull(tokenResponse.getErrorType());
assertEquals(tokenResponse.getErrorType(), TokenErrorResponseType.INVALID_CLIENT);
assertNotNull(tokenResponse.getErrorDescription());
}
@Parameters({"redirectUris", "clientJwksUri", "RS256_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri"})
@Test
public void privateKeyJwtAuthenticationMethodRS256(
final String redirectUris, final String clientJwksUri, final String keyId, final String dnName,
final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
showTitle("privateKeyJwtAuthenticationMethodRS256");
List<String> scopes = Arrays.asList("clientinfo");
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setScopes(scopes);
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
registerRequest.setJwksUri(clientJwksUri);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
// 2. Request Client Credentials Grant
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
tokenRequest.setScope("clientinfo");
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
tokenRequest.setAlgorithm(SignatureAlgorithm.RS256);
tokenRequest.setCryptoProvider(cryptoProvider);
tokenRequest.setKeyId(keyId);
tokenRequest.setAudience(tokenEndpoint);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus());
assertNotNull(tokenResponse.getEntity());
assertNotNull(tokenResponse.getAccessToken());
assertNotNull(tokenResponse.getTokenType());
assertNotNull(tokenResponse.getScope());
assertNull(tokenResponse.getRefreshToken());
String accessToken = tokenResponse.getAccessToken();
// 3. Request client info
ClientInfoClient clientInfoClient = new ClientInfoClient(clientInfoEndpoint);
ClientInfoResponse clientInfoResponse = clientInfoClient.execClientInfo(accessToken);
showClient(clientInfoClient);
assertEquals(clientInfoResponse.getStatus(), 200, "Unexpected response code: " + clientInfoResponse.getStatus());
assertNotNull(clientInfoResponse.getClaim("displayName"), "Unexpected result: displayName not found");
assertNotNull(clientInfoResponse.getClaim("inum"), "Unexpected result: inum not found");
}
@Parameters({"redirectUris", "clientJwksUri", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri"})
@Test
public void privateKeyJwtAuthenticationMethodRS256Fail(
final String redirectUris, final String clientJwksUri, final String dnName, final String keyStoreFile,
final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
showTitle("privateKeyJwtAuthenticationMethodRS256Fail");
List<String> scopes = Arrays.asList("clientinfo");
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setScopes(scopes);
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
registerRequest.setJwksUri(clientJwksUri);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
// 2. Request Client Credentials Grant
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
tokenRequest.setScope("clientinfo");
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
tokenRequest.setAlgorithm(SignatureAlgorithm.RS256);
tokenRequest.setCryptoProvider(cryptoProvider);
tokenRequest.setKeyId("RS256SIG_INVALID_KEYID");
tokenRequest.setAudience(tokenEndpoint);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertEquals(tokenResponse.getStatus(), 401, "Unexpected response code: " + tokenResponse.getStatus());
assertNotNull(tokenResponse.getErrorType());
assertEquals(tokenResponse.getErrorType(), TokenErrorResponseType.INVALID_CLIENT);
assertNotNull(tokenResponse.getErrorDescription());
}
@Parameters({"redirectUris", "clientJwksUri", "RS384_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri"})
@Test
public void privateKeyJwtAuthenticationMethodRS384(
final String redirectUris, final String clientJwksUri, final String keyId, final String dnName,
final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
showTitle("privateKeyJwtAuthenticationMethodRS384");
List<String> scopes = Arrays.asList("clientinfo");
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setScopes(scopes);
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
registerRequest.setJwksUri(clientJwksUri);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
// 2. Request Client Credentials Grant
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
tokenRequest.setScope("clientinfo");
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
tokenRequest.setAlgorithm(SignatureAlgorithm.RS384);
tokenRequest.setCryptoProvider(cryptoProvider);
tokenRequest.setKeyId(keyId);
tokenRequest.setAudience(tokenEndpoint);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus());
assertNotNull(tokenResponse.getEntity());
assertNotNull(tokenResponse.getAccessToken());
assertNotNull(tokenResponse.getTokenType());
assertNotNull(tokenResponse.getScope());
assertNull(tokenResponse.getRefreshToken());
String accessToken = tokenResponse.getAccessToken();
// 3. Request client info
ClientInfoClient clientInfoClient = new ClientInfoClient(clientInfoEndpoint);
ClientInfoResponse clientInfoResponse = clientInfoClient.execClientInfo(accessToken);
showClient(clientInfoClient);
assertEquals(clientInfoResponse.getStatus(), 200, "Unexpected response code: " + clientInfoResponse.getStatus());
assertNotNull(clientInfoResponse.getClaim("displayName"), "Unexpected result: displayName not found");
assertNotNull(clientInfoResponse.getClaim("inum"), "Unexpected result: inum not found");
}
@Parameters({"redirectUris", "clientJwksUri", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri"})
@Test
public void privateKeyJwtAuthenticationMethodRS384Fail(
final String redirectUris, final String clientJwksUri, final String dnName, final String keyStoreFile,
final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
showTitle("privateKeyJwtAuthenticationMethodRS384Fail");
List<String> scopes = Arrays.asList("clientinfo");
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setScopes(scopes);
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
registerRequest.setJwksUri(clientJwksUri);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
// 2. Request Client Credentials Grant
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
tokenRequest.setScope("clientinfo");
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
tokenRequest.setAlgorithm(SignatureAlgorithm.RS384);
tokenRequest.setCryptoProvider(cryptoProvider);
tokenRequest.setKeyId("RS384SIG_INVALID_KEYID");
tokenRequest.setAudience(tokenEndpoint);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertEquals(tokenResponse.getStatus(), 401, "Unexpected response code: " + tokenResponse.getStatus());
assertNotNull(tokenResponse.getErrorType());
assertEquals(tokenResponse.getErrorType(), TokenErrorResponseType.INVALID_CLIENT);
assertNotNull(tokenResponse.getErrorDescription());
}
@Parameters({"redirectUris", "clientJwksUri", "RS512_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri"})
@Test
public void privateKeyJwtAuthenticationMethodRS512(
final String redirectUris, final String clientJwksUri, final String keyId, final String dnName,
final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
showTitle("privateKeyJwtAuthenticationMethodRS512");
List<String> scopes = Arrays.asList("clientinfo");
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setScopes(scopes);
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
registerRequest.setJwksUri(clientJwksUri);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
// 2. Request Client Credentials Grant
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
tokenRequest.setScope("clientinfo");
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
tokenRequest.setAlgorithm(SignatureAlgorithm.RS512);
tokenRequest.setCryptoProvider(cryptoProvider);
tokenRequest.setKeyId(keyId);
tokenRequest.setAudience(tokenEndpoint);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus());
assertNotNull(tokenResponse.getEntity());
assertNotNull(tokenResponse.getAccessToken());
assertNotNull(tokenResponse.getTokenType());
assertNotNull(tokenResponse.getScope());
assertNull(tokenResponse.getRefreshToken());
String accessToken = tokenResponse.getAccessToken();
// 3. Request client info
ClientInfoClient clientInfoClient = new ClientInfoClient(clientInfoEndpoint);
ClientInfoResponse clientInfoResponse = clientInfoClient.execClientInfo(accessToken);
showClient(clientInfoClient);
assertEquals(clientInfoResponse.getStatus(), 200, "Unexpected response code: " + clientInfoResponse.getStatus());
assertNotNull(clientInfoResponse.getClaim("displayName"), "Unexpected result: displayName not found");
assertNotNull(clientInfoResponse.getClaim("inum"), "Unexpected result: inum not found");
}
@Parameters({"redirectUris", "clientJwksUri", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri"})
@Test
public void privateKeyJwtAuthenticationMethodRS512Fail(
final String redirectUris, final String clientJwksUri, final String dnName, final String keyStoreFile,
final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
showTitle("privateKeyJwtAuthenticationMethodRS512Fail");
List<String> scopes = Arrays.asList("clientinfo");
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setScopes(scopes);
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
registerRequest.setJwksUri(clientJwksUri);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
// 2. Request Client Credentials Grant
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
tokenRequest.setScope("clientinfo");
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
tokenRequest.setAlgorithm(SignatureAlgorithm.RS512);
tokenRequest.setCryptoProvider(cryptoProvider);
tokenRequest.setKeyId("RS512SIG_INVALID_KEYID");
tokenRequest.setAudience(tokenEndpoint);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertEquals(tokenResponse.getStatus(), 401, "Unexpected response code: " + tokenResponse.getStatus());
assertNotNull(tokenResponse.getErrorType());
assertEquals(tokenResponse.getErrorType(), TokenErrorResponseType.INVALID_CLIENT);
assertNotNull(tokenResponse.getErrorDescription());
}
@Parameters({"redirectUris", "clientJwksUri", "ES256_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri"})
@Test
public void privateKeyJwtAuthenticationMethodES256(
final String redirectUris, final String clientJwksUri, final String keyId, final String dnName,
final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
showTitle("privateKeyJwtAuthenticationMethodES256");
List<String> scopes = Arrays.asList("clientinfo");
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setScopes(scopes);
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
registerRequest.setJwksUri(clientJwksUri);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
// 2. Request Client Credentials Grant
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
tokenRequest.setScope("clientinfo");
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
tokenRequest.setAlgorithm(SignatureAlgorithm.ES256);
tokenRequest.setCryptoProvider(cryptoProvider);
tokenRequest.setKeyId(keyId);
tokenRequest.setAudience(tokenEndpoint);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus());
assertNotNull(tokenResponse.getEntity());
assertNotNull(tokenResponse.getAccessToken());
assertNotNull(tokenResponse.getTokenType());
assertNotNull(tokenResponse.getScope());
assertNull(tokenResponse.getRefreshToken());
String accessToken = tokenResponse.getAccessToken();
// 3. Request client info
ClientInfoClient clientInfoClient = new ClientInfoClient(clientInfoEndpoint);
ClientInfoResponse clientInfoResponse = clientInfoClient.execClientInfo(accessToken);
showClient(clientInfoClient);
assertEquals(clientInfoResponse.getStatus(), 200, "Unexpected response code: " + clientInfoResponse.getStatus());
assertNotNull(clientInfoResponse.getClaim("displayName"), "Unexpected result: displayName not found");
assertNotNull(clientInfoResponse.getClaim("inum"), "Unexpected result: inum not found");
}
@Parameters({"redirectUris", "clientJwksUri", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri"})
@Test
public void privateKeyJwtAuthenticationMethodES256Fail(
final String redirectUris, final String clientJwksUri, final String dnName, final String keyStoreFile,
final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
showTitle("privateKeyJwtAuthenticationMethodES256Fail");
List<String> scopes = Arrays.asList("clientinfo");
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setScopes(scopes);
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
registerRequest.setJwksUri(clientJwksUri);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
// 2. Request Client Credentials Grant
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
tokenRequest.setScope("clientinfo");
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
tokenRequest.setAlgorithm(SignatureAlgorithm.ES256);
tokenRequest.setCryptoProvider(cryptoProvider);
tokenRequest.setKeyId("ES256SIG_INVALID_KEYID");
tokenRequest.setAudience(tokenEndpoint);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertEquals(tokenResponse.getStatus(), 401, "Unexpected response code: " + tokenResponse.getStatus());
assertNotNull(tokenResponse.getErrorType());
assertEquals(tokenResponse.getErrorType(), TokenErrorResponseType.INVALID_CLIENT);
assertNotNull(tokenResponse.getErrorDescription());
}
@Parameters({"redirectUris", "clientJwksUri", "ES384_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri"})
@Test
public void privateKeyJwtAuthenticationMethodES384(
final String redirectUris, final String clientJwksUri, final String keyId, final String dnName,
final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
showTitle("privateKeyJwtAuthenticationMethodES384");
List<String> scopes = Arrays.asList("clientinfo");
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setScopes(scopes);
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
registerRequest.setJwksUri(clientJwksUri);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
// 2. Request Client Credentials Grant
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
tokenRequest.setScope("clientinfo");
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
tokenRequest.setAlgorithm(SignatureAlgorithm.ES384);
tokenRequest.setCryptoProvider(cryptoProvider);
tokenRequest.setKeyId(keyId);
tokenRequest.setAudience(tokenEndpoint);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus());
assertNotNull(tokenResponse.getEntity());
assertNotNull(tokenResponse.getAccessToken());
assertNotNull(tokenResponse.getTokenType());
assertNotNull(tokenResponse.getScope());
assertNull(tokenResponse.getRefreshToken());
String accessToken = tokenResponse.getAccessToken();
// 3. Request client info
ClientInfoClient clientInfoClient = new ClientInfoClient(clientInfoEndpoint);
ClientInfoResponse clientInfoResponse = clientInfoClient.execClientInfo(accessToken);
showClient(clientInfoClient);
assertEquals(clientInfoResponse.getStatus(), 200, "Unexpected response code: " + clientInfoResponse.getStatus());
assertNotNull(clientInfoResponse.getClaim("displayName"), "Unexpected result: displayName not found");
assertNotNull(clientInfoResponse.getClaim("inum"), "Unexpected result: inum not found");
}
@Parameters({"redirectUris", "clientJwksUri", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri"})
@Test
public void privateKeyJwtAuthenticationMethodES384Fail(
final String redirectUris, final String clientJwksUri, final String dnName, final String keyStoreFile,
final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
showTitle("privateKeyJwtAuthenticationMethodES384Fail");
List<String> scopes = Arrays.asList("clientinfo");
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setScopes(scopes);
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
registerRequest.setJwksUri(clientJwksUri);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
// 2. Request Client Credentials Grant
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
tokenRequest.setScope("clientinfo");
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
tokenRequest.setAlgorithm(SignatureAlgorithm.ES384);
tokenRequest.setCryptoProvider(cryptoProvider);
tokenRequest.setKeyId("ES384SIG_INVALID_KEYID");
tokenRequest.setAudience(tokenEndpoint);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertEquals(tokenResponse.getStatus(), 401, "Unexpected response code: " + tokenResponse.getStatus());
assertNotNull(tokenResponse.getErrorType());
assertEquals(tokenResponse.getErrorType(), TokenErrorResponseType.INVALID_CLIENT);
assertNotNull(tokenResponse.getErrorDescription());
}
@Parameters({"redirectUris", "clientJwksUri", "ES512_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri"})
@Test
public void privateKeyJwtAuthenticationMethodES512(
final String redirectUris, final String clientJwksUri, final String keyId, final String dnName,
final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
showTitle("privateKeyJwtAuthenticationMethodES512");
List<String> scopes = Arrays.asList("clientinfo");
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setScopes(scopes);
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
registerRequest.setJwksUri(clientJwksUri);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
// 2. Request Client Credentials Grant
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
tokenRequest.setScope("clientinfo");
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
tokenRequest.setAlgorithm(SignatureAlgorithm.ES512);
tokenRequest.setCryptoProvider(cryptoProvider);
tokenRequest.setKeyId(keyId);
tokenRequest.setAudience(tokenEndpoint);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus());
assertNotNull(tokenResponse.getEntity());
assertNotNull(tokenResponse.getAccessToken());
assertNotNull(tokenResponse.getTokenType());
assertNotNull(tokenResponse.getScope());
assertNull(tokenResponse.getRefreshToken());
String accessToken = tokenResponse.getAccessToken();
// 3. Request client info
ClientInfoClient clientInfoClient = new ClientInfoClient(clientInfoEndpoint);
ClientInfoResponse clientInfoResponse = clientInfoClient.execClientInfo(accessToken);
showClient(clientInfoClient);
assertEquals(clientInfoResponse.getStatus(), 200, "Unexpected response code: " + clientInfoResponse.getStatus());
assertNotNull(clientInfoResponse.getClaim("displayName"), "Unexpected result: displayName not found");
assertNotNull(clientInfoResponse.getClaim("inum"), "Unexpected result: inum not found");
}
@Parameters({"redirectUris", "clientJwksUri", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri"})
@Test
public void privateKeyJwtAuthenticationMethodES512Fail(
final String redirectUris, final String clientJwksUri, final String dnName, final String keyStoreFile,
final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
showTitle("privateKeyJwtAuthenticationMethodES512Fail");
List<String> scopes = Arrays.asList("clientinfo");
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setScopes(scopes);
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
registerRequest.setJwksUri(clientJwksUri);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
// 2. Request Client Credentials Grant
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
tokenRequest.setScope("clientinfo");
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
tokenRequest.setAlgorithm(SignatureAlgorithm.ES512);
tokenRequest.setCryptoProvider(cryptoProvider);
tokenRequest.setKeyId("ES512SIG_INVALID_KEYID");
tokenRequest.setAudience(tokenEndpoint);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertEquals(tokenResponse.getStatus(), 401, "Unexpected response code: " + tokenResponse.getStatus());
assertNotNull(tokenResponse.getErrorType());
assertEquals(tokenResponse.getErrorType(), TokenErrorResponseType.INVALID_CLIENT);
assertNotNull(tokenResponse.getErrorDescription());
}
}