@Test public void requestClientAssociateInBlackList() throws Exception { showTitle("requestClientAssociateInBlackList"); final String redirectUris = "https://www.attacker.com"; RegisterClient registerClient = new RegisterClient(registrationEndpoint); RegisterResponse response = registerClient.execRegister(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); showClient(registerClient); assertEquals(response.getStatus(), 400, "Unexpected response code: " + response.getEntity()); assertNotNull(response.getEntity(), "The entity is null"); assertNotNull(response.getErrorType(), "The error type is null"); assertNotNull(response.getErrorDescription(), "The error description is null"); }
allowedScope = org.xdi.oxauth.model.util.StringUtils.implode(grantedScopes, " "); if (clientAuthorizations != null && clientAuthorizations.getScopes() != null && Arrays.asList(clientAuthorizations.getScopes()).containsAll( org.xdi.oxauth.model.util.StringUtils.spaceSeparatedToList(scope))) { permissionGranted(session); return;
final JSONArray parameterValuesJsonArray = p_requestObject.optJSONArray(attr); final List<String> parameterValues = parameterValuesJsonArray != null ? toList(parameterValuesJsonArray) : Arrays.asList(p_requestObject.getString(attr)); if (parameterValues != null && !parameterValues.isEmpty()) {
parameters.put(REDIRECT_URIS.toString(), toJSONArray(redirectUris).toString()); parameters.put(CLAIMS_REDIRECT_URIS.toString(), toJSONArray(claimsRedirectUris).toString()); parameters.put(RESPONSE_TYPES.toString(), toJSONArray(responseTypes).toString()); parameters.put(GRANT_TYPES.toString(), toJSONArray(grantTypes).toString()); parameters.put(CONTACTS.toString(), toJSONArray(contacts).toString()); parameters.put(DEFAULT_ACR_VALUES.toString(), toJSONArray(defaultAcrValues).toString()); parameters.put(POST_LOGOUT_REDIRECT_URIS.toString(), toJSONArray(postLogoutRedirectUris).toString()); parameters.put(FRONT_CHANNEL_LOGOUT_URI.toString(), toJSONArray(frontChannelLogoutUris).toString()); parameters.put(REQUEST_URIS.toString(), toJSONArray(requestUris).toString()); parameters.put(AUTHORIZED_ORIGINS.toString(), toJSONArray(authorizedOrigins).toString()); parameters.put(SCOPES.toString(), toJSONArray(scopes).toString()); parameters.put(SCOPE.toString(), implode(scope, " ")); parameters.put(CLAIMS.toString(), implode(claims, " "));
final Set<String> scopes = Sets.newHashSet(org.xdi.oxauth.model.util.StringUtils.spaceSeparatedToList(scope)); clientAuthorizationsService.add(user.getAttribute("inum"), client.getClientId(), scopes, client.getPersistClientAuthorizations()); List<Prompt> prompts = Prompt.fromString(sessionAttribute.get(AuthorizeRequestParam.PROMPT), " "); prompts.remove(Prompt.CONSENT); sessionAttribute.put(AuthorizeRequestParam.PROMPT, org.xdi.oxauth.model.util.StringUtils.implodeEnum(prompts, " "));
private SessionId handleAcrChange(SessionId session, List<Prompt> prompts) { if (session != null) { if (session.getState() == SessionIdState.AUTHENTICATED) { if (!prompts.contains(Prompt.LOGIN)) { prompts.add(Prompt.LOGIN); } session.getSessionAttributes().put("prompt", org.xdi.oxauth.model.util.StringUtils.implode(prompts, " ")); session.setState(SessionIdState.UNAUTHENTICATED); // Update Remote IP String remoteIp = networkService.getRemoteIp(); session.getSessionAttributes().put(Constants.REMOTE_IP, remoteIp); sessionIdService.updateSessionId(session); sessionIdService.reinitLogin(session, false); } } return session; }
/** * Returns a query string with the parameters of the OpenID Connect Discovery request. * Any <code>null</code> or empty parameter will be omitted. * * @return A query string of parameters. */ @Override public String getQueryString() { StringBuilder queryStringBuilder = new StringBuilder(); try { addQueryStringParam(queryStringBuilder, RESOURCE, resource); addQueryStringParam(queryStringBuilder, REL, REL_VALUE); } catch (UnsupportedEncodingException e) { e.printStackTrace(); } return queryStringBuilder.toString(); } }
String responseType = implode(responseTypes, " "); if (StringUtils.isNotBlank(responseType)) { redirectUriResponse.addResponseParameter(AuthorizeRequestParam.RESPONSE_TYPE, responseType); redirectUriResponse.addResponseParameter(AuthorizeRequestParam.DISPLAY, display); String prompt = implode(prompts, " "); if (StringUtils.isNotBlank(prompt)) { redirectUriResponse.addResponseParameter(AuthorizeRequestParam.PROMPT, prompt); redirectUriResponse.addResponseParameter(AuthorizeRequestParam.MAX_AGE, maxAge.toString()); String uiLocalesStr = implode(uiLocales, " "); if (StringUtils.isNotBlank(uiLocalesStr)) { redirectUriResponse.addResponseParameter(AuthorizeRequestParam.UI_LOCALES, uiLocalesStr); redirectUriResponse.addResponseParameter(AuthorizeRequestParam.LOGIN_HINT, loginHint); String acrValuesStr = implode(acrValues, " "); if (StringUtils.isNotBlank(acrValuesStr)) { redirectUriResponse.addResponseParameter(AuthorizeRequestParam.ACR_VALUES, acrValuesStr); String amrValuesStr = implode(amrValues, " "); if (StringUtils.isNotBlank(amrValuesStr)) { redirectUriResponse.addResponseParameter(AuthorizeRequestParam.AMR_VALUES, amrValuesStr);
parameters.put(REDIRECT_URIS.toString(), toJSONArray(redirectUris)); parameters.put(CLAIMS_REDIRECT_URIS.toString(), toJSONArray(claimsRedirectUris)); parameters.put(RESPONSE_TYPES.toString(), toJSONArray(responseTypes)); parameters.put(GRANT_TYPES.toString(), toJSONArray(grantTypes)); parameters.put(CONTACTS.toString(), toJSONArray(contacts)); parameters.put(DEFAULT_ACR_VALUES.toString(), toJSONArray(defaultAcrValues)); parameters.put(POST_LOGOUT_REDIRECT_URIS.toString(), toJSONArray(postLogoutRedirectUris)); parameters.put(FRONT_CHANNEL_LOGOUT_URI.toString(), toJSONArray(frontChannelLogoutUris)); parameters.put(REQUEST_URIS.toString(), toJSONArray(requestUris)); parameters.put(AUTHORIZED_ORIGINS.toString(), toJSONArray(authorizedOrigins)); parameters.put(SCOPES.toString(), toJSONArray(scopes)); parameters.put(SCOPE.toString(), implode(scope, " ")); parameters.put(CLAIMS.toString(), implode(claims, " "));
@Parameters({"registerPath", "redirectUris"}) @Test public void requestClientAssociate1(final String registerPath, final String redirectUris) throws Exception { Builder request = ResteasyClientBuilder.newClient().target(url.toString() + registerPath).request(); String registerRequestContent = null; try { RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setClaimsRedirectUris(StringUtils.spaceSeparatedToList(redirectUris)); registerRequestContent = registerRequest.getJSONParameters().toString(4); } catch (JSONException e) { e.printStackTrace(); fail(e.getMessage()); } Response response = request.post(Entity.json(registerRequestContent)); String entity = response.readEntity(String.class); showResponse("requestClientAssociate1", response, entity); assertEquals(response.getStatus(), 200, "Unexpected response code. " + entity); assertNotNull(entity, "Unexpected result: " + entity); try { final RegisterResponse registerResponse = RegisterResponse.valueOf(entity); ClientTestUtil.assert_(registerResponse); registrationAccessToken1 = registerResponse.getRegistrationAccessToken(); registrationClientUri1 = registerResponse.getRegistrationClientUri(); } catch (Exception e) { e.printStackTrace(); fail(e.getMessage() + "\nResponse was: " + entity); } }
prompts.add(Prompt.LOGIN); sessionUser.getSessionAttributes().put("prompt", org.xdi.oxauth.model.util.StringUtils.implode(prompts, " "));
/** * Fail: Register a client with Application Type <code>web</code> and Redirect URI with the schema HTTP. */ @Test public void applicationTypeWebFail1() throws Exception { showTitle("applicationTypeWebFail1"); final String redirectUris = "http://client.example.com/cb"; RegisterClient registerClient = new RegisterClient(registrationEndpoint); RegisterResponse registerResponse = registerClient.execRegister(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); showClient(registerClient); assertEquals(registerResponse.getStatus(), 400, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getEntity(), "The entity is null"); assertNotNull(registerResponse.getErrorType(), "The error type is null"); assertNotNull(registerResponse.getErrorDescription(), "The error description is null"); }
requestBody.put(SCOPES.toString(), new JSONArray(getRequest().getScopes())); } else if (getRequest().getScope() != null && !getRequest().getScope().isEmpty()) { String spaceSeparatedScope = implode(getRequest().getScope(), " "); requestBody.put(SCOPE.toString(), spaceSeparatedScope); String spaceSeparatedClaims = implode(getRequest().getClaims(), " "); requestBody.put(CLAIMS.toString(), spaceSeparatedClaims);
/** * Fail: Register a client with Application Type <code>native</code> and Redirect URI with the schema HTTPS. */ @Test(enabled = false) //allowed to register redirect_uris with custom schema to conform "OAuth 2.0 for Native Apps" spec public void applicationTypeNativeFail1() throws Exception { showTitle("applicationTypeNativeFail1"); final String redirectUris = "https://client.example.com/cb"; RegisterClient registerClient = new RegisterClient(registrationEndpoint); RegisterResponse registerResponse = registerClient.execRegister(ApplicationType.NATIVE, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); showClient(registerClient); assertEquals(registerResponse.getStatus(), 400, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getEntity(), "The entity is null"); assertNotNull(registerResponse.getErrorType(), "The error type is null"); assertNotNull(registerResponse.getErrorDescription(), "The error description is null"); }
responseTypesSupported.put(implode(responseTypes, " "));
@Parameters({"registerPath", "redirectUris"}) @Test public void dynamicClientRegistration(final String registerPath, final String redirectUris) throws Exception { Builder request = ResteasyClientBuilder.newClient().target(url.toString() + registerPath).request(); List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE, ResponseType.TOKEN, ResponseType.ID_TOKEN); RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setResponseTypes(responseTypes); registerRequest.addCustomAttribute("oxAuthTrustedClient", "true"); List<GrantType> grantTypes = Arrays.asList( GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS ); registerRequest.setGrantTypes(grantTypes); String registerRequestContent = registerRequest.getJSONParameters().toString(4); Response response = request.post(Entity.json(registerRequestContent)); String entity = response.readEntity(String.class); showResponse("dynamicClientRegistration", response, entity); assertEquals(response.getStatus(), 200, "Unexpected response code. " + entity); assertNotNull(entity, "Unexpected result: " + entity); try { final RegisterResponse registerResponse = RegisterResponse.valueOf(entity); ClientTestUtil.assert_(registerResponse); clientId = registerResponse.getClientId(); clientSecret = registerResponse.getClientSecret(); } catch (Exception e) { e.printStackTrace(); fail(e.getMessage() + "\nResponse was: " + entity); } }
StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setResponseTypes(responseTypes); registerRequest.addCustomAttribute("oxAuthTrustedClient", "true");
StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setResponseTypes(responseTypes); registerRequest.addCustomAttribute("oxAuthTrustedClient", "true");