Added tests for new OIDC token retrieve methods and UMA from OIDC token method

src/test/java/org/gcube/common/keycloak/TestKeycloakClient.java

@@ -19,12 +19,13 @@ public class TestKeycloakClient {
 
     protected static final Logger logger = LoggerFactory.getLogger(TestKeycloakClient.class);
 
-    private static final String DEV_ENDPOINT = "http://accounts.dev.d4science.org/auth/realms/d4science/protocol/openid-connect/token";
+    private static final String DEV_ENDPOINT = "https://accounts.dev.d4science.org/auth/realms/d4science/protocol/openid-connect/token";
     private static final String CLIENT_ID = "keycloak-client";
     private static final String CLIENT_SECRET = "38f76152-2b7c-418f-9b67-66f4cc2f401e";
     private static final String TEST_AUDIENCE = "conductor-server";
 
-    private static TokenResponse tr = null;
+    private static TokenResponse oidcTR = null;
+    private static TokenResponse umaTR = null;
 
     @Before
     public void setUp() throws Exception {
@@ -36,53 +37,91 @@ public class TestKeycloakClient {
     }
 
     @Test
-    public void test1EndpointDiscovery() throws Exception {
+    public void test01EndpointDiscovery() throws Exception {
-        logger.info("Start testing Keycloak endpoint discovery...");
+        logger.info("*** [0.1] Start testing Keycloak endpoint discovery...");
         URL url = KeycloakClientFactory.newInstance().findTokenEndpointURL();
         Assert.assertNotNull(url);
         Assert.assertTrue(url.getProtocol().equals("https"));
+        Assert.assertEquals(new URL(DEV_ENDPOINT), url);
         logger.info("Discovered URL is: {}", url);
     }
 
     @Test
-    public void test2QueryUMATokenWithDiscoveryInCurrentScope() throws Exception {
+    public void test11QueryOIDCTokenWithDiscoveryInCurrentScope() throws Exception {
-        logger.info("Start testing query UMA token from Keycloak with endpoint discovery and current scope...");
+        logger.info("*** [1.1] Start testing query OIDC token from Keycloak with endpoint discovery and current scope...");
-        tr = KeycloakClientFactory.newInstance().queryUMAToken(CLIENT_ID, CLIENT_SECRET, null);
+        oidcTR = KeycloakClientFactory.newInstance().queryOIDCToken(CLIENT_ID, CLIENT_SECRET);
-        TestModels.checkTokenResponse(tr);
+        TestModels.checkTokenResponse(oidcTR);
-        TestModels.checkAccessToken(ModelUtils.getAccessTokenFrom(tr), "service-account-" + CLIENT_ID);
+        TestModels.checkAccessToken(ModelUtils.getAccessTokenFrom(oidcTR), "service-account-" + CLIENT_ID);
     }
 
     @Test
-    public void test3QueryUMATokenWithDiscovery() throws Exception {
+    public void test12QueryOIDCToken() throws Exception {
-        logger.info("Start testing query UMA token from Keycloak with endpoint discovery...");
+        logger.info("*** [1.2] Start testing query OIDC token from Keycloak with URL...");
-        tr = KeycloakClientFactory.newInstance().queryUMAToken(CLIENT_ID, CLIENT_SECRET, TEST_AUDIENCE, null);
+        oidcTR = KeycloakClientFactory.newInstance().queryOIDCToken(new URL(DEV_ENDPOINT), CLIENT_ID, CLIENT_SECRET);
-        TestModels.checkTokenResponse(tr);
+        TestModels.checkTokenResponse(oidcTR);
-        TestModels.checkAccessToken(ModelUtils.getAccessTokenFrom(tr), "service-account-" + CLIENT_ID);
+        TestModels.checkAccessToken(ModelUtils.getAccessTokenFrom(oidcTR), "service-account-" + CLIENT_ID);
     }
 
     @Test
-    public void test4QueryUMAToken() throws Exception {
+    public void test13RefreshOIDCTokenWithDiscovery() throws Exception {
-        logger.info("Start testing query UMA token from Keycloak with URL...");
+        logger.info("*** [1.3] Start testing refresh OIDC token from Keycloak with endpoint discovery...");
-        tr = KeycloakClientFactory.newInstance().queryUMAToken(new URL(DEV_ENDPOINT), CLIENT_ID, CLIENT_SECRET,
+        TokenResponse refreshedTR = KeycloakClientFactory.newInstance().refreshToken(CLIENT_ID, CLIENT_SECRET, oidcTR);
+        TestModels.checkTokenResponse(refreshedTR);
+        TestModels.checkAccessToken(ModelUtils.getAccessTokenFrom(refreshedTR), "service-account-" + CLIENT_ID);
+        TestModels.checkRefreshToken(ModelUtils.getRefreshTokenFrom(refreshedTR));
+    }
+
+    @Test
+    public void test21QueryUMATokenWithDiscoveryInCurrentScope() throws Exception {
+        logger.info(
+                "*** [2.1] Start testing query UMA token from Keycloak with endpoint discovery and current scope as audience...");
+
+        umaTR = KeycloakClientFactory.newInstance().queryUMAToken(CLIENT_ID, CLIENT_SECRET, null);
+        TestModels.checkTokenResponse(umaTR);
+        TestModels.checkAccessToken(ModelUtils.getAccessTokenFrom(umaTR), "service-account-" + CLIENT_ID);
+    }
+
+    @Test
+    public void test22QueryUMATokenWithDiscovery() throws Exception {
+        logger.info("*** [2.2] Start testing query UMA token from Keycloak with endpoint discovery...");
+        umaTR = KeycloakClientFactory.newInstance().queryUMAToken(CLIENT_ID, CLIENT_SECRET, TEST_AUDIENCE, null);
+        TestModels.checkTokenResponse(umaTR);
+        TestModels.checkAccessToken(ModelUtils.getAccessTokenFrom(umaTR), "service-account-" + CLIENT_ID);
+    }
+
+    @Test
+    public void test23QueryUMATokenWithDiscoveryWithOIDCAuthorization() throws Exception {
+        logger.info(
+                "*** [2.3] Start testing query UMA token from Keycloak with endpoint discovery and OIDC access token for authorization...");
+
+        umaTR = KeycloakClientFactory.newInstance().queryUMAToken(oidcTR, TEST_AUDIENCE, null);
+        TestModels.checkTokenResponse(umaTR);
+        TestModels.checkAccessToken(ModelUtils.getAccessTokenFrom(umaTR), "service-account-" + CLIENT_ID);
+    }
+
+    @Test
+    public void test24QueryUMAToken() throws Exception {
+        logger.info("*** [2.4] Start testing query UMA token from Keycloak with URL...");
+        umaTR = KeycloakClientFactory.newInstance().queryUMAToken(new URL(DEV_ENDPOINT), CLIENT_ID, CLIENT_SECRET,
                 TEST_AUDIENCE, null);
 
-        TestModels.checkTokenResponse(tr);
+        TestModels.checkTokenResponse(umaTR);
-        TestModels.checkAccessToken(ModelUtils.getAccessTokenFrom(tr), "service-account-" + CLIENT_ID);
+        TestModels.checkAccessToken(ModelUtils.getAccessTokenFrom(umaTR), "service-account-" + CLIENT_ID);
     }
 
     @Test
-    public void test5RefreshTokenWithDiscovery() throws Exception {
+    public void test25RefreshUMATokenWithDiscovery() throws Exception {
-        logger.info("Start testing refresh UMA token from Keycloak with endpoint discovery...");
+        logger.info("*** [2.5] Start testing refresh UMA token from Keycloak with endpoint discovery...");
-        TokenResponse refreshedTR = KeycloakClientFactory.newInstance().refreshToken(CLIENT_ID, CLIENT_SECRET, tr);
+        TokenResponse refreshedTR = KeycloakClientFactory.newInstance().refreshToken(CLIENT_ID, CLIENT_SECRET, umaTR);
         TestModels.checkTokenResponse(refreshedTR);
         TestModels.checkAccessToken(ModelUtils.getAccessTokenFrom(refreshedTR), "service-account-" + CLIENT_ID);
         TestModels.checkRefreshToken(ModelUtils.getRefreshTokenFrom(refreshedTR));
     }
 
     @Test(expected = KeycloakClientException.class)
-    public void test6RefreshTokenWithDiscoveryAndClientIdFromRefreshToken() throws Exception {
+    public void test26RefreshTokenWithDiscoveryAndClientIdFromRefreshToken() throws Exception {
-        logger.info("Start testing refresh UMA token with error since is not a public client...");
+        logger.info("*** [2.6] Start testing refresh UMA token *with error* since is not a public client...");
-        KeycloakClientFactory.newInstance().refreshToken(tr.getRefreshToken());
+        KeycloakClientFactory.newInstance().refreshToken(umaTR.getRefreshToken());
     }
 
 }

src/test/resources/log4j.xml

@@ -12,7 +12,7 @@
 		</layout>
 	</appender>
 
-	<logger name="org.gcube" additivity="false">
+	<logger name="org.gcube.common.keycloak" additivity="false">
 		<level value="TRACE" />
 		<appender-ref ref="console" />
 	</logger>