Fork: 0
agalyadoss / springboot-auth201
Transfer to URL with SHA Find file
Newer
Older
springboot-auth201 / test-oauth.sh
@agalyaramadoss agalyaramadoss on 29 Nov 4 KB added client test page
Raw Blame History 
#!/bin/bash

# OAuth 2.1 Test Script
# This script demonstrates how to test OAuth 2.1 flows

BASE_URL="http://localhost:9000"
CLIENT_ID="public-client"
CONFIDENTIAL_CLIENT_ID="confidential-client"
CONFIDENTIAL_CLIENT_SECRET="secret"
REDIRECT_URI="http://localhost:9000/authorized"

echo "================================"
echo "OAuth 2.1 Authorization Server"
echo "================================"
echo ""

# 1. Test Server Status
echo "1. Testing Server Status..."
SERVER_STATUS=$(curl -s "$BASE_URL/")
if [ $? -eq 0 ]; then
    echo "   ✓ Server is running on $BASE_URL"
    echo "   Response: $SERVER_STATUS"
else
    echo "   ✗ Server is not running. Please start it with: ./mvnw spring-boot:run"
    exit 1
fi
echo ""

# 2. Generate PKCE Challenge
echo "2. Generating PKCE Challenge..."
CODE_VERIFIER=$(openssl rand -base64 32 | tr -d '+/' | tr '=' '_' | cut -c1-43)
CODE_CHALLENGE=$(echo -n "$CODE_VERIFIER" | openssl dgst -binary -sha256 | openssl base64 | tr -d '+/' | tr '=' '_')

echo "   Code Verifier: $CODE_VERIFIER"
echo "   Code Challenge: $CODE_CHALLENGE"
echo ""

# 3. Authorization Request
echo "3. Authorization Request (Open in browser):"
AUTH_URL="$BASE_URL/oauth2/authorize?response_type=code&client_id=$CLIENT_ID&redirect_uri=$REDIRECT_URI&scope=openid%20profile%20email%20read%20write&code_challenge=$CODE_CHALLENGE&code_challenge_method=S256&state=xyz123"
echo "   $AUTH_URL"
echo ""
echo "   Login with: user / password"
echo "   After approval, you'll be redirected to:"
echo "   $REDIRECT_URI?code=AUTHORIZATION_CODE&state=xyz123"
echo ""
echo "   NOTE: The authorization code will be displayed on the callback page."
echo "   Copy it from the 'Authorization Code' field on the page."
echo ""

# 4. Prompt for Authorization Code
read -p "4. Enter the authorization code from redirect: " AUTH_CODE
echo ""

# 5. Exchange Authorization Code for Tokens
if [ -n "$AUTH_CODE" ]; then
    echo "5. Exchanging authorization code for tokens..."
    TOKEN_RESPONSE=$(curl -s -X POST "$BASE_URL/oauth2/token" \
        -H "Content-Type: application/x-www-form-urlencoded" \
        -d "grant_type=authorization_code" \
        -d "code=$AUTH_CODE" \
        -d "redirect_uri=$REDIRECT_URI" \
        -d "client_id=$CLIENT_ID" \
        -d "code_verifier=$CODE_VERIFIER")
    
    if command -v jq &> /dev/null; then
        echo "$TOKEN_RESPONSE" | jq '.'
    else
        echo "$TOKEN_RESPONSE"
    fi
    
    if command -v jq &> /dev/null; then
        ACCESS_TOKEN=$(echo "$TOKEN_RESPONSE" | jq -r '.access_token')
        REFRESH_TOKEN=$(echo "$TOKEN_RESPONSE" | jq -r '.refresh_token')
    else
        echo "   Note: Install 'jq' for better JSON formatting"
        ACCESS_TOKEN=$(echo "$TOKEN_RESPONSE" | grep -o '"access_token":"[^"]*"' | cut -d'"' -f4)
        REFRESH_TOKEN=$(echo "$TOKEN_RESPONSE" | grep -o '"refresh_token":"[^"]*"' | cut -d'"' -f4)
    fi
    echo ""
    
    # 6. Test UserInfo Endpoint
    if [ "$ACCESS_TOKEN" != "null" ] && [ -n "$ACCESS_TOKEN" ]; then
        echo "6. Fetching UserInfo..."
        USERINFO=$(curl -s -H "Authorization: Bearer $ACCESS_TOKEN" "$BASE_URL/userinfo")
        if command -v jq &> /dev/null; then
            echo "$USERINFO" | jq '.'
        else
            echo "$USERINFO"
        fi
        echo ""
        
        # 7. Test Refresh Token
        if [ "$REFRESH_TOKEN" != "null" ] && [ -n "$REFRESH_TOKEN" ]; then
            echo "7. Refreshing access token..."
            REFRESH_RESPONSE=$(curl -s -X POST "$BASE_URL/oauth2/token" \
                -H "Content-Type: application/x-www-form-urlencoded" \
                -d "grant_type=refresh_token" \
                -d "refresh_token=$REFRESH_TOKEN" \
                -d "client_id=$CLIENT_ID")
            
            if command -v jq &> /dev/null; then
                echo "$REFRESH_RESPONSE" | jq '.'
            else
                echo "$REFRESH_RESPONSE"
            fi
            echo ""
        fi
    fi
else
    echo "   Skipping token exchange (no authorization code provided)"
    echo ""
fi

# 8. Test Client Credentials Flow
echo "8. Testing Client Credentials Flow..."
CLIENT_CREDS_RESPONSE=$(curl -s -X POST "$BASE_URL/oauth2/token" \
    -u "$CONFIDENTIAL_CLIENT_ID:$CONFIDENTIAL_CLIENT_SECRET" \
    -H "Content-Type: application/x-www-form-urlencoded" \
    -d "grant_type=client_credentials" \
    -d "scope=read write")

if command -v jq &> /dev/null; then
    echo "$CLIENT_CREDS_RESPONSE" | jq '.'
else
    echo "$CLIENT_CREDS_RESPONSE"
fi
echo ""

echo "================================"
echo "✓ Testing Complete!"
echo "================================"
echo ""
echo "Summary:"
echo "  - Server: Running on $BASE_URL"
echo "  - Callback URL: $REDIRECT_URI"
echo "  - Public Client: $CLIENT_ID"
echo "  - Confidential Client: $CONFIDENTIAL_CLIENT_ID"
echo ""
echo "Next steps:"
echo "  1. Open the authorization URL in your browser"
echo "  2. Login with user/password or admin/admin"
echo "  3. Copy the authorization code from the callback page"
echo "  4. Run this script again and paste the code when prompted"
echo ""