Example 21 with User
use of com.auth0.flickr2.domain.User in project auth0-java by auth0.
the class ConnectionsEntity method deleteUser.
/**
* Delete an existing User from the given Database Connection. A token with scope delete:users is needed.
* See https://auth0.com/docs/api/management/v2#!/Connections/delete_users_by_email
*
* @param connectionId the connection id where the user is stored.
* @param email the email of the user to delete.
* @return a Request to execute.
*/
public Request<Void> deleteUser(String connectionId, String email) {
Asserts.assertNotNull(connectionId, "connection id");
Asserts.assertNotNull(email, "email");
String url = baseUrl.newBuilder().addPathSegments("api/v2/connections").addPathSegment(connectionId).addPathSegment("users").addQueryParameter("email", email).build().toString();
VoidRequest request = new VoidRequest(this.client, url, "DELETE");
request.addHeader("Authorization", "Bearer " + apiToken);
return request;
}
Also used :
VoidRequest(com.auth0.net.VoidRequest)
Example 22 with User
use of com.auth0.flickr2.domain.User in project auth0-java by auth0.
the class GrantsEntity method deleteAll.
/**
* Deletes all Grants of a given user. A token with scope delete:grants is needed.
* See https://auth0.com/docs/api/management/v2#!/Grants/delete_grants_by_id<br>
*
* @param userId The id of the user whose grants are deleted.
* @return a Request to execute.
*/
public Request<Void> deleteAll(String userId) {
Asserts.assertNotNull(userId, "user id");
final String url = baseUrl.newBuilder().addPathSegments("api/v2/grants").addQueryParameter("user_id", userId).build().toString();
VoidRequest request = new VoidRequest(client, url, "DELETE");
request.addHeader("Authorization", "Bearer " + apiToken);
return request;
}
Also used :
VoidRequest(com.auth0.net.VoidRequest)
Example 23 with User
use of com.auth0.flickr2.domain.User in project auth0-java by auth0.
the class JobsEntityTest method shouldThrowOnSendUserVerificationEmailWithNullIdentityUserId.
@Test
public void shouldThrowOnSendUserVerificationEmailWithNullIdentityUserId() {
exception.expect(IllegalArgumentException.class);
exception.expectMessage("'identity user id' cannot be null!");
api.jobs().sendVerificationEmail("google-oauth2|1234", null, new EmailVerificationIdentity("google-oauth2", null));
}
Also used :
EmailVerificationIdentity(com.auth0.json.mgmt.EmailVerificationIdentity)
Test(org.junit.Test)
Example 24 with User
use of com.auth0.flickr2.domain.User in project auth0-java by auth0.
the class IdTokenVerifier method verify.
/**
* Verifies a provided ID Token follows the <a href="https://openid.net/specs/openid-connect-core-1_0-final.html#IDTokenValidation">OIDC specification.</a>
*
* @param token the ID Token to verify. Must not be null or empty.
* @param nonce the nonce expected on the ID token, which must match the nonce specified on the authorization request.
* If null, no validation of the nonce will occur.
* @param maxAuthenticationAge The maximum authentication age allowed, which specifies the allowable elapsed time in seconds
* since the last time the end-user was actively authenticated. This must match the specified
* {@code max_age} parameter specified on the authorization request. If null, no validation
* of the {@code auth_time} claim will occur.
* @throws IdTokenValidationException if:
* <ul>
* <li>The ID token is null</li>
* <li>The ID token's signing algorithm is not supported</li>
* <li>The ID token's signature is invalid</li>
* <li>Any of the ID token's claims are invalid</li>
* </ul>
* @see IdTokenVerifier#verify(String)
* @see IdTokenVerifier#verify(String, String)
*/
public void verify(String token, String nonce, Integer maxAuthenticationAge) throws IdTokenValidationException {
if (isEmpty(token)) {
throw new IdTokenValidationException("ID token is required but missing");
}
DecodedJWT decoded = this.signatureVerifier.verifySignature(token);
if (isEmpty(decoded.getIssuer())) {
throw new IdTokenValidationException("Issuer (iss) claim must be a string present in the ID token");
}
if (!decoded.getIssuer().equals(this.issuer)) {
throw new IdTokenValidationException(String.format("Issuer (iss) claim mismatch in the ID token, expected \"%s\", found \"%s\"", this.issuer, decoded.getIssuer()));
}
if (isEmpty(decoded.getSubject())) {
throw new IdTokenValidationException("Subject (sub) claim must be a string present in the ID token");
}
final List<String> audience = decoded.getAudience();
if (audience == null) {
throw new IdTokenValidationException("Audience (aud) claim must be a string or array of strings present in the ID token");
}
if (!audience.contains(this.audience)) {
throw new IdTokenValidationException(String.format("Audience (aud) claim mismatch in the ID token; expected \"%s\" but found \"%s\"", this.audience, decoded.getAudience()));
}
// Org verification
if (this.organization != null) {
String orgClaim = decoded.getClaim("org_id").asString();
if (isEmpty(orgClaim)) {
throw new IdTokenValidationException("Organization Id (org_id) claim must be a string present in the ID token");
}
if (!this.organization.equals(orgClaim)) {
throw new IdTokenValidationException(String.format("Organization (org_id) claim mismatch in the ID token; expected \"%s\" but found \"%s\"", this.organization, orgClaim));
}
}
final Calendar cal = Calendar.getInstance();
final Date now = this.clock != null ? this.clock : cal.getTime();
final int clockSkew = this.leeway != null ? this.leeway : DEFAULT_LEEWAY;
if (decoded.getExpiresAt() == null) {
throw new IdTokenValidationException("Expiration Time (exp) claim must be a number present in the ID token");
}
cal.setTime(decoded.getExpiresAt());
cal.add(Calendar.SECOND, clockSkew);
Date expDate = cal.getTime();
if (now.after(expDate)) {
throw new IdTokenValidationException(String.format("Expiration Time (exp) claim error in the ID token; current time (%d) is after expiration time (%d)", now.getTime() / 1000, expDate.getTime() / 1000));
}
if (decoded.getIssuedAt() == null) {
throw new IdTokenValidationException("Issued At (iat) claim must be a number present in the ID token");
}
cal.setTime(decoded.getIssuedAt());
cal.add(Calendar.SECOND, -1 * clockSkew);
if (nonce != null) {
String nonceClaim = decoded.getClaim(NONCE_CLAIM).asString();
if (isEmpty(nonceClaim)) {
throw new IdTokenValidationException("Nonce (nonce) claim must be a string present in the ID token");
}
if (!nonce.equals(nonceClaim)) {
throw new IdTokenValidationException(String.format("Nonce (nonce) claim mismatch in the ID token; expected \"%s\", found \"%s\"", nonce, nonceClaim));
}
}
if (audience.size() > 1) {
String azpClaim = decoded.getClaim(AZP_CLAIM).asString();
if (isEmpty(azpClaim)) {
throw new IdTokenValidationException("Authorized Party (azp) claim must be a string present in the ID token when Audience (aud) claim has multiple values");
}
if (!this.audience.equals(azpClaim)) {
throw new IdTokenValidationException(String.format("Authorized Party (azp) claim mismatch in the ID token; expected \"%s\", found \"%s\"", this.audience, azpClaim));
}
}
if (maxAuthenticationAge != null) {
Date authTime = decoded.getClaim(AUTH_TIME_CLAIM).asDate();
if (authTime == null) {
throw new IdTokenValidationException("Authentication Time (auth_time) claim must be a number present in the ID token when Max Age (max_age) is specified");
}
cal.setTime(authTime);
cal.add(Calendar.SECOND, maxAuthenticationAge);
cal.add(Calendar.SECOND, clockSkew);
Date authTimeDate = cal.getTime();
if (now.after(authTimeDate)) {
throw new IdTokenValidationException(String.format("Authentication Time (auth_time) claim in the ID token indicates that too much time has passed since the last end-user authentication. Current time (%d) is after last auth at (%d)", now.getTime() / 1000, authTimeDate.getTime() / 1000));
}
}
}
Also used :
IdTokenValidationException(com.auth0.exception.IdTokenValidationException)
Calendar(java.util.Calendar)
DecodedJWT(com.auth0.jwt.interfaces.DecodedJWT)
Date(java.util.Date)
Example 25 with User
use of com.auth0.flickr2.domain.User in project auth0-java by auth0.
the class UsersEntity method removeRoles.
/**
* Remove roles from a user.
* A token with update:users is needed.
* See https://auth0.com/docs/api/management/v2#!/Users/delete_user_roles
*
* @param userId the user id
* @param roleIds a list of role ids to remove from the user
* @return a Request to execute
*/
public Request<Void> removeRoles(String userId, List<String> roleIds) {
Asserts.assertNotNull(userId, "user id");
Asserts.assertNotEmpty(roleIds, "role ids");
Map<String, List<String>> body = new HashMap<>();
body.put("roles", roleIds);
final String url = baseUrl.newBuilder().addPathSegments("api/v2/users").addPathSegments(userId).addPathSegments("roles").build().toString();
VoidRequest request = new VoidRequest(this.client, url, "DELETE");
request.setBody(body);
request.addHeader("Authorization", "Bearer " + apiToken);
return request;
}Aggregations
Algorithm (com.auth0.jwt.algorithms.Algorithm)64
DecodedJWT (com.auth0.jwt.interfaces.DecodedJWT)60
IOException (java.io.IOException)51
Test (org.junit.Test)46
JWT (com.auth0.jwt.JWT)42
Instant (java.time.Instant)39
java.util (java.util)37
Duration (java.time.Duration)36
TechnicalException (io.gravitee.repository.exceptions.TechnicalException)35
Maps (io.gravitee.common.util.Maps)34
DEFAULT_JWT_ISSUER (io.gravitee.rest.api.service.common.JWTHelper.DefaultValues.DEFAULT_JWT_ISSUER)34
User (io.gravitee.repository.management.model.User)33
ConfigurableEnvironment (org.springframework.core.env.ConfigurableEnvironment)32
UserRepository (io.gravitee.repository.management.api.UserRepository)30
io.gravitee.rest.api.model (io.gravitee.rest.api.model)30
JWTVerifier (com.auth0.jwt.JWTVerifier)28
MetadataPage (io.gravitee.common.data.domain.MetadataPage)28
MembershipRepository (io.gravitee.repository.management.api.MembershipRepository)28
Membership (io.gravitee.repository.management.model.Membership)28
UserStatus (io.gravitee.repository.management.model.UserStatus)28
