Search in sources :

Example 1 with OidcClientRegistrationResponse

use of org.apereo.cas.oidc.dynareg.OidcClientRegistrationResponse in project cas by apereo.

the class OidcDynamicClientRegistrationEndpointController method handleRequestInternal.

/**
     * Handle request.
     *
     * @param jsonInput the json input
     * @param request   the request
     * @param response  the response
     * @return the model and view
     * @throws Exception the exception
     */
@PostMapping(value = '/' + OidcConstants.BASE_OIDC_URL + '/' + OidcConstants.REGISTRATION_URL, consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE)
public ResponseEntity<OidcClientRegistrationResponse> handleRequestInternal(@RequestBody final String jsonInput, final HttpServletRequest request, final HttpServletResponse response) throws Exception {
    try {
        final OidcClientRegistrationRequest registrationRequest = this.clientRegistrationRequestSerializer.from(jsonInput);
        LOGGER.debug("Received client registration request [{}]", registrationRequest);
        if (registrationRequest.getScopes().isEmpty()) {
            throw new Exception("Registration request does not contain any scope values");
        }
        if (!registrationRequest.getScope().contains(OidcConstants.OPENID)) {
            throw new Exception("Registration request scopes do not contain [{}]" + OidcConstants.OPENID);
        }
        final OidcRegisteredService registeredService = new OidcRegisteredService();
        registeredService.setName(registrationRequest.getClientName());
        if (StringUtils.isNotBlank(registrationRequest.getJwksUri())) {
            registeredService.setJwks(registrationRequest.getJwksUri());
            registeredService.setSignIdToken(true);
        }
        final String uri = registrationRequest.getRedirectUris().stream().findFirst().get();
        registeredService.setServiceId(uri);
        registeredService.setClientId(clientIdGenerator.getNewString());
        registeredService.setClientSecret(clientSecretGenerator.getNewString());
        registeredService.setEvaluationOrder(Integer.MIN_VALUE);
        final Set<String> supportedScopes = new HashSet<>(casProperties.getAuthn().getOidc().getScopes());
        supportedScopes.retainAll(registrationRequest.getScopes());
        final OidcClientRegistrationResponse clientResponse = getClientRegistrationResponse(registrationRequest, registeredService);
        registeredService.setScopes(supportedScopes);
        final Set<String> processedScopes = new LinkedHashSet<>(supportedScopes);
        registeredService.setScopes(processedScopes);
        registeredService.setDescription("Dynamically registered service ".concat(registeredService.getName()).concat(" with grant types ").concat(clientResponse.getGrantTypes().stream().collect(Collectors.joining(","))).concat(" and with scopes ").concat(registeredService.getScopes().stream().collect(Collectors.joining(","))).concat(" and response types ").concat(clientResponse.getResponseTypes().stream().collect(Collectors.joining(","))));
        registeredService.setDynamicallyRegistered(true);
        scopeToAttributesFilter.reconcile(registeredService);
        return new ResponseEntity<>(clientResponse, HttpStatus.CREATED);
    } catch (final Exception e) {
        LOGGER.error(e.getMessage(), e);
        final Map<String, String> map = new HashMap<>();
        map.put("error", "invalid_client_metadata");
        map.put("error_message", e.getMessage());
        return new ResponseEntity(map, HttpStatus.BAD_REQUEST);
    }
}
Also used : LinkedHashSet(java.util.LinkedHashSet) ResponseEntity(org.springframework.http.ResponseEntity) OidcRegisteredService(org.apereo.cas.services.OidcRegisteredService) OidcClientRegistrationRequest(org.apereo.cas.oidc.dynareg.OidcClientRegistrationRequest) HashMap(java.util.HashMap) Map(java.util.Map) OidcClientRegistrationResponse(org.apereo.cas.oidc.dynareg.OidcClientRegistrationResponse) HashSet(java.util.HashSet) LinkedHashSet(java.util.LinkedHashSet) PostMapping(org.springframework.web.bind.annotation.PostMapping)

Example 2 with OidcClientRegistrationResponse

use of org.apereo.cas.oidc.dynareg.OidcClientRegistrationResponse in project cas by apereo.

the class OidcDynamicClientRegistrationEndpointController method getClientRegistrationResponse.

/**
     * Gets client registration response.
     *
     * @param registrationRequest the registration request
     * @param registeredService   the registered service
     * @return the client registration response
     */
protected OidcClientRegistrationResponse getClientRegistrationResponse(final OidcClientRegistrationRequest registrationRequest, final OidcRegisteredService registeredService) {
    final OidcClientRegistrationResponse clientResponse = new OidcClientRegistrationResponse();
    clientResponse.setApplicationType("web");
    clientResponse.setClientId(registeredService.getClientId());
    clientResponse.setClientSecret(registeredService.getClientSecret());
    clientResponse.setSubjectType("public");
    clientResponse.setTokenEndpointAuthMethod(registrationRequest.getTokenEndpointAuthMethod());
    clientResponse.setClientName(registeredService.getName());
    clientResponse.setGrantTypes(Arrays.asList(OAuth20GrantTypes.AUTHORIZATION_CODE.name().toLowerCase(), OAuth20GrantTypes.REFRESH_TOKEN.name().toLowerCase()));
    clientResponse.setRedirectUris(Collections.singletonList(registeredService.getServiceId()));
    clientResponse.setResponseTypes(Collections.singletonList(OAuth20ResponseTypes.CODE.name().toLowerCase()));
    return clientResponse;
}
Also used : OidcClientRegistrationResponse(org.apereo.cas.oidc.dynareg.OidcClientRegistrationResponse)

Aggregations

OidcClientRegistrationResponse (org.apereo.cas.oidc.dynareg.OidcClientRegistrationResponse)2 HashMap (java.util.HashMap)1 HashSet (java.util.HashSet)1 LinkedHashSet (java.util.LinkedHashSet)1 Map (java.util.Map)1 OidcClientRegistrationRequest (org.apereo.cas.oidc.dynareg.OidcClientRegistrationRequest)1 OidcRegisteredService (org.apereo.cas.services.OidcRegisteredService)1 ResponseEntity (org.springframework.http.ResponseEntity)1 PostMapping (org.springframework.web.bind.annotation.PostMapping)1