keycloak-client/src/test/java/org/gcube/common/keycloak/TestKeycloakClient.java

package org.gcube.common.keycloak;

import java.net.URL;

import org.gcube.common.keycloak.model.ModelUtils;
import org.gcube.common.keycloak.model.TokenIntrospectionResponse;
import org.gcube.common.keycloak.model.TokenResponse;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.FixMethodOrder;
import org.junit.Test;
import org.junit.runners.MethodSorters;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@FixMethodOrder(MethodSorters.NAME_ASCENDING)
public class TestKeycloakClient {

    protected static final Logger logger = LoggerFactory.getLogger(TestKeycloakClient.class);

    protected static final String DEV_BASE_URL = "https://accounts.dev.d4science.org/auth/realms/d4science";
    protected static final String DEV_TOKEN_ENDPOINT = DEV_BASE_URL + "/protocol/openid-connect/token";
    protected static final String DEV_INTROSPECTION_ENDPOINT = DEV_TOKEN_ENDPOINT + "/introspect";

    protected static final String CLIENT_ID = "keycloak-client-unit-test";
    protected static final String CLIENT_SECRET = "ebf6f82e-9511-408e-8321-203081e472d8";
    protected static final String TEST_AUDIENCE = "conductor-server";
    protected static final String OLD_OIDC_ACCESS_TOKEN = "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJSSklZNEpoNF9qdDdvNmREY0NlUDFfS1l0akcxVExXVW9oMkQ2Tzk1bFNBIn0.eyJleHAiOjE2NTI5Nzk4NDUsImlhdCI6MTY1Mjk3OTU0NSwianRpIjoiMzQ2MjgwMWItODg4NS00YTM4LWJkNDUtNWExM2U1MGE5MGU5IiwiaXNzIjoiaHR0cHM6Ly9hY2NvdW50cy5kZXYuZDRzY2llbmNlLm9yZy9hdXRoL3JlYWxtcy9kNHNjaWVuY2UiLCJhdWQiOlsiJTJGZ2N1YmUiLCIlMkZnY3ViZSUyRmRldnNlYyUyRmRldlZSRSIsImFjY291bnQiXSwic3ViIjoiYTQ3ZGZlMTYtYjRlZC00NGVkLWExZDktOTdlY2Q1MDQzNjBjIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoia2V5Y2xvYWstY2xpZW50Iiwic2Vzc2lvbl9zdGF0ZSI6ImQ4MDk3MDBmLWEyNDUtNDI3Zi1hYzhjLTQxYjFkZDNkYTQ3MCIsImFjciI6IjEiLCJhbGxvd2VkLW9yaWdpbnMiOlsiIl0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJvZmZsaW5lX2FjY2VzcyIsIkluZnJhc3RydWN0dXJlLUNsaWVudCIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiJTJGZ2N1YmUiOnsicm9sZXMiOlsiTWVtYmVyIl19LCJrZXljbG9hay1jbGllbnQiOnsicm9sZXMiOlsidW1hX3Byb3RlY3Rpb24iXX0sIiUyRmdjdWJlJTJGZGV2c2VjJTJGZGV2VlJFIjp7InJvbGVzIjpbIk1lbWJlciJdfSwiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJlbWFpbCBwcm9maWxlIiwiY2xpZW50SWQiOiJrZXljbG9hay1jbGllbnQiLCJjbGllbnRIb3N0IjoiOTMuNjYuMTg1Ljc1IiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJzZXJ2aWNlLWFjY291bnQta2V5Y2xvYWstY2xpZW50IiwiY2xpZW50QWRkcmVzcyI6IjkzLjY2LjE4NS43NSJ9.FQu4ox2HWeqeaY7nHYVGeJVpkJOcASfOb8tbOUeG-GB6sMjRB2S8PjLLaw63r_c42yxKszP04XdxGqIWqXTtoD9QCiUHTT5yJTkIpio4tMMGHth9Fbx-9dwk0yy_IFi1_OsCvZFmOQRdjMuUkj1lSqslCzAw-2E5q1Zt415-au5pEVJYNTFqIsG72ChJwh6eq1Dh1XBy8krb7YVPQyIwxO_awgAYO5hbsdvXYlRfCrnB38kk2V6-CQ-XYoL1m7xIB-gjhKCiFvDmmntQSRCZFgb0qi8eOmh9FdzPxZgx7yPJwAAj17dS4B_gz9FpZBVciNzpA6Lf4P2bqvoD9-R6ow";
    protected static final String OLD_UMA_ACCESS_TOKEN = "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJSSklZNEpoNF9qdDdvNmREY0NlUDFfS1l0akcxVExXVW9oMkQ2Tzk1bFNBIn0.eyJleHAiOjE2NTI5ODA0NzgsImlhdCI6MTY1Mjk4MDE3OCwianRpIjoiNjBkNzU3MGMtZmQxOC00NGQ1LTg1MzUtODhlMmFmOGQ1ZTgwIiwiaXNzIjoiaHR0cHM6Ly9hY2NvdW50cy5kZXYuZDRzY2llbmNlLm9yZy9hdXRoL3JlYWxtcy9kNHNjaWVuY2UiLCJhdWQiOiJjb25kdWN0b3Itc2VydmVyIiwic3ViIjoiYTQ3ZGZlMTYtYjRlZC00NGVkLWExZDktOTdlY2Q1MDQzNjBjIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoia2V5Y2xvYWstY2xpZW50Iiwic2Vzc2lvbl9zdGF0ZSI6IjI3NDUyN2M5LWNkZjMtNGM2Yi1iNTUxLTFmMTRkZGE5ZGVlZiIsImFjciI6IjEiLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsiSW5mcmFzdHJ1Y3R1cmUtQ2xpZW50Il19LCJhdXRob3JpemF0aW9uIjp7InBlcm1pc3Npb25zIjpbeyJzY29wZXMiOlsiZ2V0Il0sInJzaWQiOiIyNDlmZDQ2OS03OWM1LTRiODUtYjE5NS1mMjliM2ViNjAzNDUiLCJyc25hbWUiOiJtZXRhZGF0YSJ9LHsic2NvcGVzIjpbImdldCIsInN0YXJ0IiwidGVybWluYXRlIl0sInJzaWQiOiJhNmYzZWFkZS03NDA0LTRlNWQtOTA3MC04MDBhZGI1YWFjNGUiLCJyc25hbWUiOiJ3b3JrZmxvdyJ9LHsicnNpZCI6IjFiNmMwMGI3LTkxMzktNGVhYS1hYWM3LTIwMjMxZmVlMDVhNSIsInJzbmFtZSI6IkRlZmF1bHQgUmVzb3VyY2UifV19LCJzY29wZSI6ImVtYWlsIHByb2ZpbGUiLCJjbGllbnRJZCI6ImtleWNsb2FrLWNsaWVudCIsImNsaWVudEhvc3QiOiI5My42Ni4xODUuNzUiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsInByZWZlcnJlZF91c2VybmFtZSI6InNlcnZpY2UtYWNjb3VudC1rZXljbG9hay1jbGllbnQiLCJjbGllbnRBZGRyZXNzIjoiOTMuNjYuMTg1Ljc1In0.Hh62E56R-amHwoDPFQEylMvrvmNzWnC_4bDI7_iQYAPJ5YzCNH9d7zcdGaQ96kRmps_JRc2Giv_1W9kYorOhlXl-5QLDrSoqrqFxrNpEGG5r5jpNJbusbu4wNUKiCt_GMnM1UmztgXiQeuggNGkmeBIjotj0eubnmIbUV9ukHj3v7Z5PwNKKX3BCpsghd1u8lg6Nfqk_Oho4GXUfdaFY_AR3SNqzVI_9YLhND_a03MNNWlnfOvj8T4nDCKBZIs91tVyiu98d2TjnQt8PdlVwokMP3LA58m0Khy2cmUm1KF2k0zlzP8MxV9wTxNrpovMr-PnbtEPZ_IlVQIzHwjHfwQ";

    protected static TokenResponse oidcTR = null;
    protected static TokenResponse umaTR = null;

    @Before
    public void setUp() throws Exception {
    }

    @After
    public void tearDown() throws Exception {
    }

    @Test
    public void test00TokenEndpointConstruction() throws Exception {
        logger.info("*** [0.0] Start testing Keycloak token endpoint construction from base URL...");
        URL url = KeycloakClientFactory.newInstance().getTokenEndpointURL(new URL(DEV_BASE_URL));
        Assert.assertNotNull(url);
        Assert.assertTrue(url.getProtocol().equals("https"));
        Assert.assertEquals(new URL(DEV_TOKEN_ENDPOINT), url);
        logger.info("Constructed URL is: {}", url);
    }

    @Test
    public void test00ATokenEndpointConstructionWithTrailingSlash() throws Exception {
        logger.info("*** [0.0] Start testing Keycloak token endpoint construction from base URL with trailing slash...");
        URL url = KeycloakClientFactory.newInstance().getTokenEndpointURL(new URL(DEV_BASE_URL + "/"));
        Assert.assertNotNull(url);
        Assert.assertTrue(url.getProtocol().equals("https"));
        Assert.assertEquals(new URL(DEV_TOKEN_ENDPOINT), url);
        logger.info("Constructed URL is: {}", url);
    }

    @Test
    public void test01IntrospectionEndpointConstruction() throws Exception {
        logger.info("*** [0.0] Start testing Keycloak introspection endpoint construction from base URL...");
        URL url = KeycloakClientFactory.newInstance().getIntrospectionEndpointURL(new URL(DEV_BASE_URL));
        Assert.assertNotNull(url);
        Assert.assertTrue(url.getProtocol().equals("https"));
        Assert.assertEquals(new URL(DEV_INTROSPECTION_ENDPOINT), url);
        logger.info("Constructed URL is: {}", url);
    }

    @Test
    public void test01AIntrospectionEndpointConstructionWithTrailingSlash() throws Exception {
        logger.info("*** [0.0] Start testing Keycloak introspection endpoint construction from base URL with trailing slash...");
        URL url = KeycloakClientFactory.newInstance().getIntrospectionEndpointURL(new URL(DEV_BASE_URL + "/"));
        Assert.assertNotNull(url);
        Assert.assertTrue(url.getProtocol().equals("https"));
        Assert.assertEquals(new URL(DEV_INTROSPECTION_ENDPOINT), url);
        logger.info("Constructed URL is: {}", url);
    }

    @Test
    public void test02IntrospectEndpointCompute() throws Exception {
        logger.info("*** [0.2] Start testing Keycloak userinfo endpoint computed from provided URL...");
        URL url = KeycloakClientFactory.newInstance().computeIntrospectionEndpointURL(new URL(DEV_TOKEN_ENDPOINT));
        Assert.assertNotNull(url);
        Assert.assertTrue(url.getProtocol().equals("https"));
        Assert.assertEquals(new URL(DEV_INTROSPECTION_ENDPOINT), url);
        logger.info("Computed URL is: {}", url);
    }

    @Test
    public void test12QueryOIDCToken() throws Exception {
        logger.info("*** [1.2] Start testing query OIDC token from Keycloak with URL...");
        oidcTR = KeycloakClientFactory.newInstance().queryOIDCToken(new URL(DEV_TOKEN_ENDPOINT), CLIENT_ID,
                CLIENT_SECRET);

        logger.info("*** [1.2] OIDC access token: {}", oidcTR.getAccessToken());
        logger.info("*** [1.2] OIDC refresh token: {}", oidcTR.getRefreshToken());
        TestModels.checkTokenResponse(oidcTR);
        TestModels.checkAccessToken(ModelUtils.getAccessTokenFrom(oidcTR), "service-account-" + CLIENT_ID, false);
    }

    @Test
    public void test24QueryUMAToken() throws Exception {
        logger.info("*** [2.4] Start testing query UMA token from Keycloak with URL...");
        umaTR = KeycloakClientFactory.newInstance().queryUMAToken(new URL(DEV_TOKEN_ENDPOINT), CLIENT_ID, CLIENT_SECRET,
                TEST_AUDIENCE, null);

        logger.info("*** [2.4] UMA access token: {}", umaTR.getAccessToken());
        logger.info("*** [2.4] UMA refresh token: {}", umaTR.getRefreshToken());

        TestModels.checkTokenResponse(umaTR);
        TestModels.checkAccessToken(ModelUtils.getAccessTokenFrom(umaTR), "service-account-" + CLIENT_ID, true);
    }

    @Test
    public void test302IntrospectOIDCAccessToken() throws Exception {
        logger.info("*** [3.2] Start testing introspect OIDC access token...");
        TokenIntrospectionResponse tir = KeycloakClientFactory.newInstance().introspectAccessToken(
                new URL(DEV_INTROSPECTION_ENDPOINT), CLIENT_ID, CLIENT_SECRET, oidcTR.getAccessToken());

        TestModels.checkTokenIntrospectionResponse(tir);
    }

    @Test
    public void test304IntrospectUMAAccessToken() throws Exception {
        logger.info("*** [3.4] Start testing introspect UMA access token...");
        TokenIntrospectionResponse tir = KeycloakClientFactory.newInstance().introspectAccessToken(
                new URL(DEV_INTROSPECTION_ENDPOINT), CLIENT_ID, CLIENT_SECRET, umaTR.getAccessToken());

        TestModels.checkTokenIntrospectionResponse(tir);
    }

    @Test
    public void test306OIDCAccessTokenVerification() throws Exception {
        logger.info("*** [3.6] Start OIDC access token verification...");
        Assert.assertTrue(KeycloakClientFactory.newInstance().isAccessTokenVerified(
                new URL(DEV_INTROSPECTION_ENDPOINT), CLIENT_ID, CLIENT_SECRET, oidcTR.getAccessToken()));
    }

    @Test
    public void test307OIDCAccessTokenNonVerification() throws Exception {
        logger.info("*** [3.7] Start OIDC access token NON verification...");
        Assert.assertFalse(KeycloakClientFactory.newInstance().isAccessTokenVerified(
                new URL(DEV_INTROSPECTION_ENDPOINT), CLIENT_ID, CLIENT_SECRET, OLD_OIDC_ACCESS_TOKEN));
    }

    @Test
    public void test309UMAAccessTokenVerification() throws Exception {
        logger.info("*** [3.9] Start UMA access token verification...");
        Assert.assertTrue(KeycloakClientFactory.newInstance().isAccessTokenVerified(
                new URL(DEV_INTROSPECTION_ENDPOINT), CLIENT_ID, CLIENT_SECRET, umaTR.getAccessToken()));
    }

    @Test
    public void test310UMAAccessTokenNonVerification() throws Exception {
        logger.info("*** [3.10] Start UMA access token NON verification...");
        Assert.assertFalse(KeycloakClientFactory.newInstance().isAccessTokenVerified(
                new URL(DEV_INTROSPECTION_ENDPOINT), CLIENT_ID, CLIENT_SECRET, OLD_UMA_ACCESS_TOKEN));
    }
}
First share with auto-discovery of the endpoint in scope with ic-client and gxREST use 2021-05-28 18:29:06 +02:00			`package org.gcube.common.keycloak;`

			`import java.net.URL;`

			`import org.gcube.common.keycloak.model.ModelUtils;`
Added tests for new introspect and isVerified functions (both OIDC and UMA are supported) (#23326) 2022-05-20 10:14:34 +02:00			`import org.gcube.common.keycloak.model.TokenIntrospectionResponse;`
First share with auto-discovery of the endpoint in scope with ic-client and gxREST use 2021-05-28 18:29:06 +02:00			`import org.gcube.common.keycloak.model.TokenResponse;`
			`import org.junit.After;`
			`import org.junit.Assert;`
			`import org.junit.Before;`
[#22515] Added refresh token methods 2021-12-09 15:05:26 +01:00			`import org.junit.FixMethodOrder;`
First share with auto-discovery of the endpoint in scope with ic-client and gxREST use 2021-05-28 18:29:06 +02:00			`import org.junit.Test;`
[#22515] Added refresh token methods 2021-12-09 15:05:26 +01:00			`import org.junit.runners.MethodSorters;`
First share with auto-discovery of the endpoint in scope with ic-client and gxREST use 2021-05-28 18:29:06 +02:00			`import org.slf4j.Logger;`
			`import org.slf4j.LoggerFactory;`

[#22515] Added refresh token methods 2021-12-09 15:05:26 +01:00			`@FixMethodOrder(MethodSorters.NAME_ASCENDING)`
First share with auto-discovery of the endpoint in scope with ic-client and gxREST use 2021-05-28 18:29:06 +02:00			`public class TestKeycloakClient {`

			`protected static final Logger logger = LoggerFactory.getLogger(TestKeycloakClient.class);`

Added methods for `token` and `introspect` endpoint construction starting from realm's base URL and related tests 2022-06-10 13:48:48 +02:00			`protected static final String DEV_BASE_URL = "https://accounts.dev.d4science.org/auth/realms/d4science";`
			`protected static final String DEV_TOKEN_ENDPOINT = DEV_BASE_URL + "/protocol/openid-connect/token";`
Removed the discovery functionality to be compatible with SmartGears.v4 and moved to the new library `keycloak-client-legacy-is` that will provide the backward compatibility. (#23478) 2022-06-08 19:05:40 +02:00			`protected static final String DEV_INTROSPECTION_ENDPOINT = DEV_TOKEN_ENDPOINT + "/introspect";`
Added tests for new introspect and isVerified functions (both OIDC and UMA are supported) (#23326) 2022-05-20 10:14:34 +02:00
Removed the discovery functionality to be compatible with SmartGears.v4 and moved to the new library `keycloak-client-legacy-is` that will provide the backward compatibility. (#23478) 2022-06-08 19:05:40 +02:00			`protected static final String CLIENT_ID = "keycloak-client-unit-test";`
			`protected static final String CLIENT_SECRET = "ebf6f82e-9511-408e-8321-203081e472d8";`
			`protected static final String TEST_AUDIENCE = "conductor-server";`
			protected static final String OLD_OIDC_ACCESS_TOKEN = "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJSSklZNEpoNF9qdDdvNmREY0NlUDFfS1l0akcxVExXVW9oMkQ2Tzk1bFNBIn0.eyJleHAiOjE2NTI5Nzk4NDUsImlhdCI6MTY1Mjk3OTU0NSwianRpIjoiMzQ2MjgwMWItODg4NS00YTM4LWJkNDUtNWExM2U1MGE5MGU5IiwiaXNzIjoiaHR0cHM6Ly9hY2NvdW50cy5kZXYuZDRzY2llbmNlLm9yZy9hdXRoL3JlYWxtcy9kNHNjaWVuY2UiLCJhdWQiOlsiJTJGZ2N1YmUiLCIlMkZnY3ViZSUyRmRldnNlYyUyRmRldlZSRSIsImFjY291bnQiXSwic3ViIjoiYTQ3ZGZlMTYtYjRlZC00NGVkLWExZDktOTdlY2Q1MDQzNjBjIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoia2V5Y2xvYWstY2xpZW50Iiwic2Vzc2lvbl9zdGF0ZSI6ImQ4MDk3MDBmLWEyNDUtNDI3Zi1hYzhjLTQxYjFkZDNkYTQ3MCIsImFjciI6IjEiLCJhbGxvd2VkLW9yaWdpbnMiOlsiIl0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJvZmZsaW5lX2FjY2VzcyIsIkluZnJhc3RydWN0dXJlLUNsaWVudCIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiJTJGZ2N1YmUiOnsicm9sZXMiOlsiTWVtYmVyIl19LCJrZXljbG9hay1jbGllbnQiOnsicm9sZXMiOlsidW1hX3Byb3RlY3Rpb24iXX0sIiUyRmdjdWJlJTJGZGV2c2VjJTJGZGV2VlJFIjp7InJvbGVzIjpbIk1lbWJlciJdfSwiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJlbWFpbCBwcm9maWxlIiwiY2xpZW50SWQiOiJrZXljbG9hay1jbGllbnQiLCJjbGllbnRIb3N0IjoiOTMuNjYuMTg1Ljc1IiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJzZXJ2aWNlLWFjY291bnQta2V5Y2xvYWstY2xpZW50IiwiY2xpZW50QWRkcmVzcyI6IjkzLjY2LjE4NS43NSJ9.FQu4ox2HWeqeaY7nHYVGeJVpkJOcASfOb8tbOUeG-GB6sMjRB2S8PjLLaw63r_c42yxKszP04XdxGqIWqXTtoD9QCiUHTT5yJTkIpio4tMMGHth9Fbx-9dwk0yy_IFi1_OsCvZFmOQRdjMuUkj1lSqslCzAw-2E5q1Zt415-au5pEVJYNTFqIsG72ChJwh6eq1Dh1XBy8krb7YVPQyIwxO_awgAYO5hbsdvXYlRfCrnB38kk2V6-CQ-XYoL1m7xIB-gjhKCiFvDmmntQSRCZFgb0qi8eOmh9FdzPxZgx7yPJwAAj17dS4B_gz9FpZBVciNzpA6Lf4P2bqvoD9-R6ow";
			protected static final String OLD_UMA_ACCESS_TOKEN = "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJSSklZNEpoNF9qdDdvNmREY0NlUDFfS1l0akcxVExXVW9oMkQ2Tzk1bFNBIn0.eyJleHAiOjE2NTI5ODA0NzgsImlhdCI6MTY1Mjk4MDE3OCwianRpIjoiNjBkNzU3MGMtZmQxOC00NGQ1LTg1MzUtODhlMmFmOGQ1ZTgwIiwiaXNzIjoiaHR0cHM6Ly9hY2NvdW50cy5kZXYuZDRzY2llbmNlLm9yZy9hdXRoL3JlYWxtcy9kNHNjaWVuY2UiLCJhdWQiOiJjb25kdWN0b3Itc2VydmVyIiwic3ViIjoiYTQ3ZGZlMTYtYjRlZC00NGVkLWExZDktOTdlY2Q1MDQzNjBjIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoia2V5Y2xvYWstY2xpZW50Iiwic2Vzc2lvbl9zdGF0ZSI6IjI3NDUyN2M5LWNkZjMtNGM2Yi1iNTUxLTFmMTRkZGE5ZGVlZiIsImFjciI6IjEiLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsiSW5mcmFzdHJ1Y3R1cmUtQ2xpZW50Il19LCJhdXRob3JpemF0aW9uIjp7InBlcm1pc3Npb25zIjpbeyJzY29wZXMiOlsiZ2V0Il0sInJzaWQiOiIyNDlmZDQ2OS03OWM1LTRiODUtYjE5NS1mMjliM2ViNjAzNDUiLCJyc25hbWUiOiJtZXRhZGF0YSJ9LHsic2NvcGVzIjpbImdldCIsInN0YXJ0IiwidGVybWluYXRlIl0sInJzaWQiOiJhNmYzZWFkZS03NDA0LTRlNWQtOTA3MC04MDBhZGI1YWFjNGUiLCJyc25hbWUiOiJ3b3JrZmxvdyJ9LHsicnNpZCI6IjFiNmMwMGI3LTkxMzktNGVhYS1hYWM3LTIwMjMxZmVlMDVhNSIsInJzbmFtZSI6IkRlZmF1bHQgUmVzb3VyY2UifV19LCJzY29wZSI6ImVtYWlsIHByb2ZpbGUiLCJjbGllbnRJZCI6ImtleWNsb2FrLWNsaWVudCIsImNsaWVudEhvc3QiOiI5My42Ni4xODUuNzUiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsInByZWZlcnJlZF91c2VybmFtZSI6InNlcnZpY2UtYWNjb3VudC1rZXljbG9hay1jbGllbnQiLCJjbGllbnRBZGRyZXNzIjoiOTMuNjYuMTg1Ljc1In0.Hh62E56R-amHwoDPFQEylMvrvmNzWnC_4bDI7_iQYAPJ5YzCNH9d7zcdGaQ96kRmps_JRc2Giv_1W9kYorOhlXl-5QLDrSoqrqFxrNpEGG5r5jpNJbusbu4wNUKiCt_GMnM1UmztgXiQeuggNGkmeBIjotj0eubnmIbUV9ukHj3v7Z5PwNKKX3BCpsghd1u8lg6Nfqk_Oho4GXUfdaFY_AR3SNqzVI_9YLhND_a03MNNWlnfOvj8T4nDCKBZIs91tVyiu98d2TjnQt8PdlVwokMP3LA58m0Khy2cmUm1KF2k0zlzP8MxV9wTxNrpovMr-PnbtEPZ_IlVQIzHwjHfwQ";
First share with auto-discovery of the endpoint in scope with ic-client and gxREST use 2021-05-28 18:29:06 +02:00
Removed the discovery functionality to be compatible with SmartGears.v4 and moved to the new library `keycloak-client-legacy-is` that will provide the backward compatibility. (#23478) 2022-06-08 19:05:40 +02:00			`protected static TokenResponse oidcTR = null;`
			`protected static TokenResponse umaTR = null;`
[#22515] Added refresh token methods 2021-12-09 15:05:26 +01:00
First share with auto-discovery of the endpoint in scope with ic-client and gxREST use 2021-05-28 18:29:06 +02:00			`@Before`
			`public void setUp() throws Exception {`
			`}`

			`@After`
			`public void tearDown() throws Exception {`
			`}`

Added methods for `token` and `introspect` endpoint construction starting from realm's base URL and related tests 2022-06-10 13:48:48 +02:00			`@Test`
			`public void test00TokenEndpointConstruction() throws Exception {`
			`logger.info("*** [0.0] Start testing Keycloak token endpoint construction from base URL...");`
			`URL url = KeycloakClientFactory.newInstance().getTokenEndpointURL(new URL(DEV_BASE_URL));`
			`Assert.assertNotNull(url);`
			`Assert.assertTrue(url.getProtocol().equals("https"));`
			`Assert.assertEquals(new URL(DEV_TOKEN_ENDPOINT), url);`
			`logger.info("Constructed URL is: {}", url);`
			`}`

			`@Test`
			`public void test00ATokenEndpointConstructionWithTrailingSlash() throws Exception {`
			`logger.info("*** [0.0] Start testing Keycloak token endpoint construction from base URL with trailing slash...");`
			`URL url = KeycloakClientFactory.newInstance().getTokenEndpointURL(new URL(DEV_BASE_URL + "/"));`
			`Assert.assertNotNull(url);`
			`Assert.assertTrue(url.getProtocol().equals("https"));`
			`Assert.assertEquals(new URL(DEV_TOKEN_ENDPOINT), url);`
			`logger.info("Constructed URL is: {}", url);`
			`}`

			`@Test`
			`public void test01IntrospectionEndpointConstruction() throws Exception {`
			`logger.info("*** [0.0] Start testing Keycloak introspection endpoint construction from base URL...");`
			`URL url = KeycloakClientFactory.newInstance().getIntrospectionEndpointURL(new URL(DEV_BASE_URL));`
			`Assert.assertNotNull(url);`
			`Assert.assertTrue(url.getProtocol().equals("https"));`
			`Assert.assertEquals(new URL(DEV_INTROSPECTION_ENDPOINT), url);`
			`logger.info("Constructed URL is: {}", url);`
			`}`

			`@Test`
			`public void test01AIntrospectionEndpointConstructionWithTrailingSlash() throws Exception {`
			`logger.info("*** [0.0] Start testing Keycloak introspection endpoint construction from base URL with trailing slash...");`
			`URL url = KeycloakClientFactory.newInstance().getIntrospectionEndpointURL(new URL(DEV_BASE_URL + "/"));`
			`Assert.assertNotNull(url);`
			`Assert.assertTrue(url.getProtocol().equals("https"));`
			`Assert.assertEquals(new URL(DEV_INTROSPECTION_ENDPOINT), url);`
			`logger.info("Constructed URL is: {}", url);`
			`}`

First share with auto-discovery of the endpoint in scope with ic-client and gxREST use 2021-05-28 18:29:06 +02:00			`@Test`
Removed the discovery functionality to be compatible with SmartGears.v4 and moved to the new library `keycloak-client-legacy-is` that will provide the backward compatibility. (#23478) 2022-06-08 19:05:40 +02:00			`public void test02IntrospectEndpointCompute() throws Exception {`
Added tests for new introspect and isVerified functions (both OIDC and UMA are supported) (#23326) 2022-05-20 10:14:34 +02:00			`logger.info("*** [0.2] Start testing Keycloak userinfo endpoint computed from provided URL...");`
			`URL url = KeycloakClientFactory.newInstance().computeIntrospectionEndpointURL(new URL(DEV_TOKEN_ENDPOINT));`
			`Assert.assertNotNull(url);`
			`Assert.assertTrue(url.getProtocol().equals("https"));`
			`Assert.assertEquals(new URL(DEV_INTROSPECTION_ENDPOINT), url);`
Added methods for `token` and `introspect` endpoint construction starting from realm's base URL and related tests 2022-06-10 13:48:48 +02:00			`logger.info("Computed URL is: {}", url);`
First share with auto-discovery of the endpoint in scope with ic-client and gxREST use 2021-05-28 18:29:06 +02:00			`}`

			`@Test`
Added tests for new OIDC token retrieve methods and UMA from OIDC token method 2022-03-30 12:02:23 +02:00			`public void test12QueryOIDCToken() throws Exception {`
			`logger.info("*** [1.2] Start testing query OIDC token from Keycloak with URL...");`
Added tests for new introspect and isVerified functions (both OIDC and UMA are supported) (#23326) 2022-05-20 10:14:34 +02:00			`oidcTR = KeycloakClientFactory.newInstance().queryOIDCToken(new URL(DEV_TOKEN_ENDPOINT), CLIENT_ID,`
			`CLIENT_SECRET);`

			`logger.info("*** [1.2] OIDC access token: {}", oidcTR.getAccessToken());`
			`logger.info("*** [1.2] OIDC refresh token: {}", oidcTR.getRefreshToken());`
Added tests for new OIDC token retrieve methods and UMA from OIDC token method 2022-03-30 12:02:23 +02:00			`TestModels.checkTokenResponse(oidcTR);`
Removed the discovery functionality to be compatible with SmartGears.v4 and moved to the new library `keycloak-client-legacy-is` that will provide the backward compatibility. (#23478) 2022-06-08 19:05:40 +02:00			`TestModels.checkAccessToken(ModelUtils.getAccessTokenFrom(oidcTR), "service-account-" + CLIENT_ID, false);`
Added tests for new OIDC token retrieve methods and UMA from OIDC token method 2022-03-30 12:02:23 +02:00			`}`

			`@Test`
			`public void test24QueryUMAToken() throws Exception {`
			`logger.info("*** [2.4] Start testing query UMA token from Keycloak with URL...");`
Added tests for new introspect and isVerified functions (both OIDC and UMA are supported) (#23326) 2022-05-20 10:14:34 +02:00			`umaTR = KeycloakClientFactory.newInstance().queryUMAToken(new URL(DEV_TOKEN_ENDPOINT), CLIENT_ID, CLIENT_SECRET,`
[#22515] Added refresh token methods 2021-12-09 15:05:26 +01:00			`TEST_AUDIENCE, null);`
First share with auto-discovery of the endpoint in scope with ic-client and gxREST use 2021-05-28 18:29:06 +02:00
Added tests for new introspect and isVerified functions (both OIDC and UMA are supported) (#23326) 2022-05-20 10:14:34 +02:00			`logger.info("*** [2.4] UMA access token: {}", umaTR.getAccessToken());`
			`logger.info("*** [2.4] UMA refresh token: {}", umaTR.getRefreshToken());`

Added tests for new OIDC token retrieve methods and UMA from OIDC token method 2022-03-30 12:02:23 +02:00			`TestModels.checkTokenResponse(umaTR);`
Removed the discovery functionality to be compatible with SmartGears.v4 and moved to the new library `keycloak-client-legacy-is` that will provide the backward compatibility. (#23478) 2022-06-08 19:05:40 +02:00			`TestModels.checkAccessToken(ModelUtils.getAccessTokenFrom(umaTR), "service-account-" + CLIENT_ID, true);`
Added tests for new introspect and isVerified functions (both OIDC and UMA are supported) (#23326) 2022-05-20 10:14:34 +02:00			`}`

			`@Test`
			`public void test302IntrospectOIDCAccessToken() throws Exception {`
			`logger.info("*** [3.2] Start testing introspect OIDC access token...");`
			`TokenIntrospectionResponse tir = KeycloakClientFactory.newInstance().introspectAccessToken(`
			`new URL(DEV_INTROSPECTION_ENDPOINT), CLIENT_ID, CLIENT_SECRET, oidcTR.getAccessToken());`

			`TestModels.checkTokenIntrospectionResponse(tir);`
			`}`

			`@Test`
			`public void test304IntrospectUMAAccessToken() throws Exception {`
			`logger.info("*** [3.4] Start testing introspect UMA access token...");`
			`TokenIntrospectionResponse tir = KeycloakClientFactory.newInstance().introspectAccessToken(`
			`new URL(DEV_INTROSPECTION_ENDPOINT), CLIENT_ID, CLIENT_SECRET, umaTR.getAccessToken());`

			`TestModels.checkTokenIntrospectionResponse(tir);`
			`}`

			`@Test`
			`public void test306OIDCAccessTokenVerification() throws Exception {`
			`logger.info("*** [3.6] Start OIDC access token verification...");`
			`Assert.assertTrue(KeycloakClientFactory.newInstance().isAccessTokenVerified(`
			`new URL(DEV_INTROSPECTION_ENDPOINT), CLIENT_ID, CLIENT_SECRET, oidcTR.getAccessToken()));`
			`}`

			`@Test`
			`public void test307OIDCAccessTokenNonVerification() throws Exception {`
			`logger.info("*** [3.7] Start OIDC access token NON verification...");`
			`Assert.assertFalse(KeycloakClientFactory.newInstance().isAccessTokenVerified(`
			`new URL(DEV_INTROSPECTION_ENDPOINT), CLIENT_ID, CLIENT_SECRET, OLD_OIDC_ACCESS_TOKEN));`
			`}`

			`@Test`
			`public void test309UMAAccessTokenVerification() throws Exception {`
			`logger.info("*** [3.9] Start UMA access token verification...");`
			`Assert.assertTrue(KeycloakClientFactory.newInstance().isAccessTokenVerified(`
			`new URL(DEV_INTROSPECTION_ENDPOINT), CLIENT_ID, CLIENT_SECRET, umaTR.getAccessToken()));`
			`}`

			`@Test`
			`public void test310UMAAccessTokenNonVerification() throws Exception {`
			`logger.info("*** [3.10] Start UMA access token NON verification...");`
			`Assert.assertFalse(KeycloakClientFactory.newInstance().isAccessTokenVerified(`
			`new URL(DEV_INTROSPECTION_ENDPOINT), CLIENT_ID, CLIENT_SECRET, OLD_UMA_ACCESS_TOKEN));`
			`}`
First share with auto-discovery of the endpoint in scope with ic-client and gxREST use 2021-05-28 18:29:06 +02:00			`}`