Example 1 with IntrospectionResponse
use of com.authlete.common.dto.IntrospectionResponse in project java-oauth-server by authlete.
the class ObbUtils method validateAccessToken.
public static IntrospectionResponse validateAccessToken(String outgoingInteractionId, String code, AuthleteApi authleteApi, HttpServletRequest request, String... requiredScopes) {
// Extract the access token from the Authorization header.
String accessToken = extractAccessToken(request);
// Extract the client certificate.
String clientCertificate = CertificateUtils.extract(request);
// Extract information required to validate any DPoP proof
String dpop = request.getHeader("DPoP");
String htm = request.getMethod();
// This assumes that jetty has the correct incoming url; if running behind a reverse proxy it is important that
// the jetty ForwardedRequestCustomizer is enabled and that the reverse proxy sets the relevants headers so
// that jetty can determine the original url - e.g. in apache "RequestHeader set X-Forwarded-Proto https" is
// required
String htu = request.getRequestURL().toString();
IntrospectionResponse response;
try {
// Call Authlete's /api/auth/introspection API.
response = callIntrospection(authleteApi, accessToken, requiredScopes, dpop, htm, htu, clientCertificate);
} catch (AuthleteApiException e) {
// Failed to call Authlete's /api/auth/interaction API.
e.printStackTrace();
throw internalServerErrorException(outgoingInteractionId, code, e.getMessage());
}
// 'action' in the response denotes the next action which
// this service implementation should take.
Action action = response.getAction();
// If the protected resource endpoint conforms to RFC 6750,
// response.getResponseContent() can be used. However, the
// protected resource endpoints of Open Banking Brasil behave
// differently in error cases.
String detail = response.getResultMessage();
// Dispatch according to the action.
switch(action) {
case INTERNAL_SERVER_ERROR:
// 500 Internal Server Error
throw internalServerErrorException(outgoingInteractionId, code, detail);
case BAD_REQUEST:
// 400 Bad Request
throw badRequestException(outgoingInteractionId, code, detail);
case UNAUTHORIZED:
// 401 Unauthorized
throw unauthorizedException(outgoingInteractionId, code, detail);
case FORBIDDEN:
// 403 Forbidden
throw forbiddenException(outgoingInteractionId, code, detail);
case OK:
// Return access token information.
return response;
default:
// Unknown action. This never happens.
throw unknownAction(outgoingInteractionId, code, action);
}
}
Also used :
Action(com.authlete.common.dto.IntrospectionResponse.Action)
IntrospectionResponse(com.authlete.common.dto.IntrospectionResponse)
AuthleteApiException(com.authlete.common.api.AuthleteApiException)
Example 2 with IntrospectionResponse
use of com.authlete.common.dto.IntrospectionResponse in project java-oauth-server by authlete.
the class ConsentsEndpoint method delete.
@DELETE
@Path("{consentId}")
public Response delete(@Context HttpServletRequest request, @HeaderParam(X_FAPI_INTERACTION_ID) String incomingInteractionId, @PathParam("consentId") String consentId) {
String code = "Consent Delete";
// Compute a value for the "x-fapi-interaction-id" HTTP response header.
String outgoingInteractionId = ObbUtils.computeOutgoingInteractionId(code, incomingInteractionId);
// Validate the access token.
AuthleteApi authleteApi = AuthleteApiFactory.getDefaultApi();
IntrospectionResponse info = ObbUtils.validateAccessToken(outgoingInteractionId, code, authleteApi, request, "consents");
// Find "consent".
Consent consent = ConsentDao.getInstance().read(consentId);
// Validate the consent.
validateConsent(outgoingInteractionId, code, consent, info);
// Delete the refresh token associated with the consent.
deleteRefreshToken(outgoingInteractionId, code, authleteApi, consent.getRefreshToken());
// Delete the consent.
ConsentDao.getInstance().delete(consentId);
// Build a successful response.
return ObbUtils.noContent(outgoingInteractionId);
}
Also used :
AuthleteApi(com.authlete.common.api.AuthleteApi)
IntrospectionResponse(com.authlete.common.dto.IntrospectionResponse)
CreateConsent(com.authlete.jaxrs.server.obb.model.CreateConsent)
ResponseConsent(com.authlete.jaxrs.server.obb.model.ResponseConsent)
Consent(com.authlete.jaxrs.server.obb.model.Consent)
Path(javax.ws.rs.Path)
DELETE(javax.ws.rs.DELETE)
Example 3 with IntrospectionResponse
use of com.authlete.common.dto.IntrospectionResponse in project java-oauth-server by authlete.
the class AccountsEndpoint method read.
@GET
public Response read(@Context HttpServletRequest request, @HeaderParam(X_FAPI_INTERACTION_ID) String incomingInteractionId) {
String code = "Accounts Read";
// Compute a value for the "x-fapi-interaction-id" HTTP response header.
String outgoingInteractionId = ObbUtils.computeOutgoingInteractionId(code, incomingInteractionId);
// Validate the access token.
AuthleteApi authleteApi = AuthleteApiFactory.getDefaultApi();
IntrospectionResponse info = ObbUtils.validateAccessToken(outgoingInteractionId, code, authleteApi, request, "accounts");
// Make sure that the access token has a "consent:{consentId}" scope.
ensureConsentScope(outgoingInteractionId, code, info);
// Build a response body.
ResponseAccountList body = buildResponseBody();
// Build a successful response.
return ObbUtils.ok(outgoingInteractionId, body);
}
Also used :
AuthleteApi(com.authlete.common.api.AuthleteApi)
ResponseAccountList(com.authlete.jaxrs.server.obb.model.ResponseAccountList)
IntrospectionResponse(com.authlete.common.dto.IntrospectionResponse)
GET(javax.ws.rs.GET)
Example 4 with IntrospectionResponse
use of com.authlete.common.dto.IntrospectionResponse in project java-oauth-server by authlete.
the class ConsentsEndpoint method read.
@GET
@Path("{consentId}")
public Response read(@Context HttpServletRequest request, @HeaderParam(X_FAPI_INTERACTION_ID) String incomingInteractionId, @PathParam("consentId") String consentId) {
String code = "Consent Read";
// Compute a value for the "x-fapi-interaction-id" HTTP response header.
String outgoingInteractionId = ObbUtils.computeOutgoingInteractionId(code, incomingInteractionId);
// Validate the access token.
AuthleteApi authleteApi = AuthleteApiFactory.getDefaultApi();
IntrospectionResponse info = ObbUtils.validateAccessToken(outgoingInteractionId, code, authleteApi, request, "consents");
// Find "consent".
Consent consent = ConsentDao.getInstance().read(consentId);
// Validate the consent.
validateConsent(outgoingInteractionId, code, consent, info);
// Build a response body.
ResponseConsent rc = ResponseConsent.create(consent);
// Build a successful response.
return ObbUtils.ok(outgoingInteractionId, rc);
}
Also used :
ResponseConsent(com.authlete.jaxrs.server.obb.model.ResponseConsent)
AuthleteApi(com.authlete.common.api.AuthleteApi)
IntrospectionResponse(com.authlete.common.dto.IntrospectionResponse)
CreateConsent(com.authlete.jaxrs.server.obb.model.CreateConsent)
ResponseConsent(com.authlete.jaxrs.server.obb.model.ResponseConsent)
Consent(com.authlete.jaxrs.server.obb.model.Consent)
Path(javax.ws.rs.Path)
GET(javax.ws.rs.GET)
Example 5 with IntrospectionResponse
use of com.authlete.common.dto.IntrospectionResponse in project java-oauth-server by authlete.
the class ConsentsEndpoint method create.
@POST
@Consumes(MediaType.APPLICATION_JSON)
public Response create(@Context HttpServletRequest request, @HeaderParam(X_FAPI_INTERACTION_ID) String incomingInteractionId, CreateConsent createConsent) {
String code = "Consent Create";
// Compute a value for the "x-fapi-interaction-id" HTTP response header.
String outgoingInteractionId = ObbUtils.computeOutgoingInteractionId(code, incomingInteractionId);
// Validate the access token.
AuthleteApi authleteApi = AuthleteApiFactory.getDefaultApi();
IntrospectionResponse info = ObbUtils.validateAccessToken(outgoingInteractionId, code, authleteApi, request, "consents");
// Validate the input.
validateCreateConsent(outgoingInteractionId, code, createConsent);
// Create "consent".
Consent consent = ConsentDao.getInstance().create(createConsent, info.getClientId());
// Build a response body.
ResponseConsent rc = ResponseConsent.create(consent);
// Build a successful response.
return ObbUtils.created(outgoingInteractionId, rc);
}
Also used :
ResponseConsent(com.authlete.jaxrs.server.obb.model.ResponseConsent)
AuthleteApi(com.authlete.common.api.AuthleteApi)
IntrospectionResponse(com.authlete.common.dto.IntrospectionResponse)
CreateConsent(com.authlete.jaxrs.server.obb.model.CreateConsent)
ResponseConsent(com.authlete.jaxrs.server.obb.model.ResponseConsent)
Consent(com.authlete.jaxrs.server.obb.model.Consent)
POST(javax.ws.rs.POST)
Consumes(javax.ws.rs.Consumes)
Aggregations
IntrospectionResponse (com.authlete.common.dto.IntrospectionResponse)7
AuthleteApi (com.authlete.common.api.AuthleteApi)6
GET (javax.ws.rs.GET)4
Consent (com.authlete.jaxrs.server.obb.model.Consent)3
CreateConsent (com.authlete.jaxrs.server.obb.model.CreateConsent)3
ResponseConsent (com.authlete.jaxrs.server.obb.model.ResponseConsent)3
ResponseAccountList (com.authlete.jaxrs.server.obb.model.ResponseAccountList)2
Path (javax.ws.rs.Path)2
AuthleteApiException (com.authlete.common.api.AuthleteApiException)1
Action (com.authlete.common.dto.IntrospectionResponse.Action)1
ResponseResourceList (com.authlete.jaxrs.server.obb.model.ResponseResourceList)1
Consumes (javax.ws.rs.Consumes)1
DELETE (javax.ws.rs.DELETE)1
POST (javax.ws.rs.POST)1
