Package org.keycloak.representations

Examples of org.keycloak.representations.PasswordToken


        String token = otp.generate(totpSecret);

        formData.add(CredentialRepresentation.TOTP, token);
        formData.remove(CredentialRepresentation.PASSWORD);

        String passwordToken = new JWSBuilder().jsonContent(new PasswordToken(realm.getName(), user.getId())).rsa256(realm.getPrivateKey());
        formData.add(CredentialRepresentation.PASSWORD_TOKEN, passwordToken);

        AuthenticationStatus status = am.authenticateForm(session, dummyConnection, realm, formData);
        Assert.assertEquals(AuthenticationStatus.SUCCESS, status);
    }
View Full Code Here


    @Test
    public void authFormWithTotpPasswordTokenInvalidKey() {
        authFormWithTotpPasswordToken();

        formData.remove(CredentialRepresentation.PASSWORD_TOKEN);
        String passwordToken = new JWSBuilder().jsonContent(new PasswordToken(realm.getName(), user.getId())).rsa256(realm.getPrivateKey());
        formData.add(CredentialRepresentation.PASSWORD_TOKEN, passwordToken);

        KeycloakModelUtils.generateRealmKeys(realm);

        AuthenticationStatus status = am.authenticateForm(session, dummyConnection, realm, formData);
View Full Code Here

    @Test
    public void authFormWithTotpPasswordTokenInvalidRealm() {
        authFormWithTotpPasswordToken();

        formData.remove(CredentialRepresentation.PASSWORD_TOKEN);
        String passwordToken = new JWSBuilder().jsonContent(new PasswordToken("invalid", user.getId())).rsa256(realm.getPrivateKey());
        formData.add(CredentialRepresentation.PASSWORD_TOKEN, passwordToken);

        AuthenticationStatus status = am.authenticateForm(session, dummyConnection, realm, formData);
        Assert.assertEquals(AuthenticationStatus.INVALID_CREDENTIALS, status);
    }
View Full Code Here

    @Test
    public void authFormWithTotpPasswordTokenInvalidUser() {
        authFormWithTotpPasswordToken();

        formData.remove(CredentialRepresentation.PASSWORD_TOKEN);
        String passwordToken = new JWSBuilder().jsonContent(new PasswordToken(realm.getName(), "invalid")).rsa256(realm.getPrivateKey());
        formData.add(CredentialRepresentation.PASSWORD_TOKEN, passwordToken);

        AuthenticationStatus status = am.authenticateForm(session, dummyConnection, realm, formData);
        Assert.assertEquals(AuthenticationStatus.INVALID_CREDENTIALS, status);
    }
View Full Code Here

            authFormWithTotpPasswordToken();

            realm.setAccessCodeLifespanUserAction(1);

            formData.remove(CredentialRepresentation.PASSWORD_TOKEN);
            String passwordToken = new JWSBuilder().jsonContent(new PasswordToken(realm.getName(), "invalid")).rsa256(realm.getPrivateKey());
            formData.add(CredentialRepresentation.PASSWORD_TOKEN, passwordToken);

            Thread.sleep(2000);

            AuthenticationStatus status = am.authenticateForm(session, dummyConnection, realm, formData);
View Full Code Here

        JWSInput jws = new JWSInput(encodedPasswordToken);
        if (!RSAProvider.verify(jws, realm.getPublicKey())) {
            return false;
        }
        try {
            PasswordToken passwordToken = jws.readJsonContent(PasswordToken.class);
            if (!passwordToken.getRealm().equals(realm.getName())) {
                return false;
            }
            if (!passwordToken.getUser().equals(user.getId())) {
                return false;
            }
            if (Time.currentTime() - passwordToken.getTimestamp() > realm.getAccessCodeLifespanUserAction()) {
                return false;
            }
            return true;
        } catch (IOException e) {
            return false;
View Full Code Here

                        .setClientSessionCode(clientCode.getCode())
                        .setFormData(formData).createLogin();
            case MISSING_TOTP:
                formData.remove(CredentialRepresentation.PASSWORD);

                String passwordToken = new JWSBuilder().jsonContent(new PasswordToken(realm.getName(), user.getId())).rsa256(realm.getPrivateKey());
                formData.add(CredentialRepresentation.PASSWORD_TOKEN, passwordToken);

                return Flows.forms(this.session, realm, client, uriInfo)
                        .setFormData(formData)
                        .setClientSessionCode(clientCode.getCode())
View Full Code Here

TOP

Related Classes of org.keycloak.representations.PasswordToken

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.