Examples with Tokens com.auth0.Tokens used on opensource projects

Example 16 with Tokens

use of com.auth0.Tokens in project hopsworks by logicalclocks.

the class JWTController method renewServiceToken.

public Pair<String, String[]> renewServiceToken(String oneTimeRenewalToken, String serviceToken, Date newExpiration, Date newNotBefore, Long serviceJWTLifetimeMS, String username, List<String> userRoles, List<String> audience, String remoteHostname, String issuer, String defaultJWTSigningKeyName, boolean force) throws JWTException, NoSuchAlgorithmException {
    Map<String, Object> claims = new HashMap<>(4);
    claims.put(Constants.RENEWABLE, false);
    claims.put(Constants.EXPIRY_LEEWAY, 3600);
    claims.put(Constants.ROLES, userRoles.toArray(new String[1]));
    String renewalKeyName = getServiceOneTimeJWTSigningKeyname(username, remoteHostname);
    LocalDateTime masterExpiration = newExpiration.toInstant().atZone(ZoneId.systemDefault()).toLocalDateTime();
    LocalDateTime notBefore = computeNotBefore4ServiceRenewalTokens(masterExpiration);
    LocalDateTime expiresAt = notBefore.plus(serviceJWTLifetimeMS, ChronoUnit.MILLIS);
    JsonWebToken jwtSpecs = new JsonWebToken();
    jwtSpecs.setSubject(username);
    jwtSpecs.setIssuer(issuer);
    jwtSpecs.setAudience(audience);
    jwtSpecs.setKeyId(renewalKeyName);
    jwtSpecs.setNotBefore(localDateTime2Date(notBefore));
    jwtSpecs.setExpiresAt(localDateTime2Date(expiresAt));
    try {
        // Then generate the new one-time tokens
        String[] renewalTokens = generateOneTimeTokens4ServiceJWTRenewal(jwtSpecs, claims, defaultJWTSigningKeyName);
        String signingKeyId = getSignKeyID(renewalTokens[0]);
        DecodedJWT serviceJWT = decodeToken(serviceToken);
        claims.clear();
        claims.put(Constants.RENEWABLE, false);
        claims.put(Constants.SERVICE_JWT_RENEWAL_KEY_ID, signingKeyId);
        claims.put(Constants.EXPIRY_LEEWAY, getExpLeewayClaim(serviceJWT));
        // Finally renew the service master token
        String renewedServiceToken = renewToken(serviceToken, newExpiration, newNotBefore, false, claims, force);
        invalidate(oneTimeRenewalToken);
        return Pair.of(renewedServiceToken, renewalTokens);
    } catch (JWTException | NoSuchAlgorithmException ex) {
        if (renewalKeyName != null) {
            deleteSigningKey(renewalKeyName);
        }
        throw ex;
    }
}

Example 17 with Tokens

use of com.auth0.Tokens in project hopsworks by logicalclocks.

the class JWTController method invalidate.

/**
 * Invalidate a token by adding it to the invalid tokens table.
 *
 * @param token
 * @throws io.hops.hopsworks.jwt.exception.InvalidationException
 */
public void invalidate(String token) throws InvalidationException {
    if (token == null || token.isEmpty()) {
        return;
    }
    DecodedJWT jwt;
    try {
        jwt = verifyToken(token, null);
    } catch (Exception ex) {
        // no need to invalidate if not valid
        return;
    }
    int expLeeway = getExpLeewayClaim(jwt);
    invalidateJWT(jwt.getId(), jwt.getExpiresAt(), expLeeway);
}

Example 18 with Tokens

use of com.auth0.Tokens in project auth0-java by auth0.

the class BlacklistsEntityTest method shouldGetBlacklistedTokens.

@Test
public void shouldGetBlacklistedTokens() throws Exception {
    Request<List<Token>> request = api.blacklists().getBlacklist("myapi");
    assertThat(request, is(notNullValue()));
    server.jsonResponse(MGMT_BLACKLISTED_TOKENS_LIST, 200);
    List<Token> response = request.execute();
    RecordedRequest recordedRequest = server.takeRequest();
    assertThat(recordedRequest, hasMethodAndPath("GET", "/api/v2/blacklists/tokens"));
    assertThat(recordedRequest, hasHeader("Content-Type", "application/json"));
    assertThat(recordedRequest, hasHeader("Authorization", "Bearer apiToken"));
    assertThat(recordedRequest, hasQueryParameter("aud", "myapi"));
    assertThat(response, is(notNullValue()));
    assertThat(response, hasSize(2));
}

Example 19 with Tokens

use of com.auth0.Tokens in project AuthGuard by AuthGuard.

the class OAuthService method exchangeAuthorizationCode.

/**
 * Exchanges an authorization code with OAuth tokens. It'll verify that
 * a session containing that state exists before performing the exchange.
 * If the state has expired or no record of it existed then the future
 * will complete with {@link ServiceAuthorizationException}.
 *
 * @param provider The name of a provider as stated in the configuration.
 * @param state The state the identity provider returned.
 * @param authorizationCode The authorization code generated by the identity provider.
 */
public CompletableFuture<TokensResponse> exchangeAuthorizationCode(final String provider, final String state, final String authorizationCode) {
    final OAuthServiceClient client = Optional.ofNullable(providersClients.get(provider)).orElseThrow(() -> new ServiceException(ErrorCode.GENERIC_AUTH_FAILURE, "Invalid identity provider"));
    return CompletableFuture.supplyAsync(() -> sessionsService.getByToken(state)).thenCompose(sessionOptional -> sessionOptional.map(session -> doExchange(client, authorizationCode, session)).orElseThrow(() -> new ServiceAuthorizationException(ErrorCode.TOKEN_EXPIRED_OR_DOES_NOT_EXIST, "The provided state is either invalid or has expired"))).thenApply(tokensResponse -> {
        if (client.getConfiguration().isAccountProvider()) {
            if (tokensResponse.getIdToken() == null) {
                LOG.warn("Provider {} was set as an account provider but no ID was found in the response", provider);
            } else {
                final AccountBO account = getOrCreateAccount(client, authorizationCode, tokensResponse.getIdToken());
                tokensResponse.setAccountId(account.getId());
            }
        }
        return tokensResponse;
    });
}

Example 20 with Tokens

use of com.auth0.Tokens in project AuthGuard by AuthGuard.

the class JwtTokenVerifierTest method validate.

@Test
void validate() {
    final StrategyConfig strategyConfig = strategyConfig(false);
    final JwtConfig jwtConfig = jwtConfig();
    final JwtTokenVerifier jwtTokenVerifier = newVerifierInstance(strategyConfig);
    final AccountBO account = RANDOM.nextObject(AccountBO.class);
    final AuthResponseBO tokens = generateToken(jwtConfig, account, null);
    final Either<Exception, DecodedJWT> validatedToken = jwtTokenVerifier.verify(tokens.getToken().toString());
    assertThat(validatedToken.isRight()).isTrue();
    verifyToken(validatedToken.get(), account.getId(), null, null, null);
}