Examples with PairClientIDAuthMethod com.forgerock.openbanking.aspsp.as.service.PairClientIDAuthMethod used on opensource projects

Search in sources :

Example 6 with PairClientIDAuthMethod

use of com.forgerock.openbanking.aspsp.as.service.PairClientIDAuthMethod in project openbanking-aspsp by OpenBankingToolkit.

the class AccessTokenApiController method getAccessToken.

@Override
@PreAuthorize("hasAnyAuthority('ROLE_PISP', 'ROLE_AISP', 'ROLE_CBPII')")
public ResponseEntity getAccessToken(MultiValueMap<String, String> paramMap, String authorization, Principal principal, HttpServletRequest request) throws OBErrorResponseException, OBErrorException {
    log.debug("getAccessToken(), paramMap {}", paramMap);
    PairClientIDAuthMethod clientIDAuthMethod = matlsRequestVerificationService.verifyMATLSMatchesRequest(paramMap, authorization, principal);
    AMGateway amGateway = this.amGateway;
    // The token endpoint can also be used as audience, as per OIDC spec
    if (clientIDAuthMethod.getAuthMethod() == PRIVATE_KEY_JWT) {
        String clientAssertion = paramMap.getFirst(CLIENT_ASSERTION);
        if (clientAssertion == null || clientAssertion.isBlank()) {
            log.debug("getAccessToken() clientAssertion was null or blank");
            throw new OBErrorResponseException(OBRIErrorType.ACCESS_TOKEN_INVALID.getHttpStatus(), OBRIErrorResponseCategory.ACCESS_TOKEN, OBRIErrorType.ACCESS_TOKEN_INVALID.toOBError1("No client_assertion in body"));
        }
        amGateway = amGatewayService.getAmGateway(clientAssertion);
    }
    // can throw a UnsupportedOIDCGrantTypeException
    GrantType grantType = GrantType.fromType(paramMap.getFirst(OIDCConstants.OIDCClaim.GRANT_TYPE));
    ResponseEntity<AccessTokenResponse> responseEntity = getAccessToken(paramMap, request, clientIDAuthMethod, amGateway, grantType);
    try {
        responseEntity = jwtOverridingService.rewriteAccessTokenResponseIdToken(responseEntity);
    } catch (AccessTokenReWriteException e) {
        log.debug("Failed to rewrite the access token response's id_token.", e);
        String supportUID = UUID.randomUUID().toString();
        throw new OBErrorResponseException(OBRIErrorType.ACCESS_TOKEN_INVALID_ID_TOKEN.getHttpStatus(), OBRIErrorResponseCategory.ACCESS_TOKEN, OBRIErrorType.ACCESS_TOKEN_INVALID_ID_TOKEN.toOBError1(supportUID));
    }
    return responseEntity;
}
Also used : AMGateway(com.forgerock.openbanking.am.gateway.AMGateway) OBErrorResponseException(com.forgerock.openbanking.exceptions.OBErrorResponseException) AccessTokenReWriteException(com.forgerock.openbanking.common.error.exception.AccessTokenReWriteException) GrantType(com.forgerock.openbanking.constants.OIDCConstants.GrantType) AccessTokenResponse(com.forgerock.openbanking.model.oidc.AccessTokenResponse) PairClientIDAuthMethod(com.forgerock.openbanking.aspsp.as.service.PairClientIDAuthMethod) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)

Example 7 with PairClientIDAuthMethod

use of com.forgerock.openbanking.aspsp.as.service.PairClientIDAuthMethod in project openbanking-aspsp by OpenBankingToolkit.

the class HeadLessAccessTokenServiceTest method failWhenNoAuthorisation_getAccessToken.

@Test
public void failWhenNoAuthorisation_getAccessToken() throws OBErrorResponseException, OBErrorException {
    // Given
    PairClientIDAuthMethod clientIdAuthMethod = getClientIDAuthMethod(TokenEndpointAuthMethods.CLIENT_SECRET_BASIC);
    MultiValueMap<String, String> params = getParamsMap(GrantType.HEADLESS_AUTH);
    HttpHeaders httpHeaders = new HttpHeaders();
    AccessTokenResponse accessTokenResponse = new AccessTokenResponse();
    ResponseEntity<String> responseEntity = new ResponseEntity<>("{\"error\":\"broken stuff\"}", httpHeaders, HttpStatus.BAD_REQUEST);
    given(authorisationApi.getAuthorisation(params.getFirst(OIDCClaim.RESPONSE_TYPE), params.getFirst(OIDCClaim.CLIENT_ID), params.getFirst(OIDCClaim.STATE), params.getFirst(OIDCClaim.NONCE), params.getFirst(OIDCClaim.SCOPE), params.getFirst(OIDCClaim.REDIRECT_URI), params.getFirst(OIDCClaim.REQUEST), true, params.getFirst(OIDCClaim.USERNAME), params.getFirst(OIDCClaim.PASSWORD), "", null, request)).willReturn(responseEntity);
    // When
    OBErrorResponseException exception = catchThrowableOfType(() -> headlessAccessTokenService.getAccessToken(amGateway, clientIdAuthMethod, params, request), OBErrorResponseException.class);
    // Then
    assertThat(exception).isNotNull();
    assertThat(exception.getCategory()).isEqualTo(OBRIErrorResponseCategory.HEADLESS_AUTH);
    assertThat(exception.getErrors().get(0).getErrorCode()).isEqualTo(ErrorCode.OBRI_HEADLESS_AS_ERROR.toString());
}
Also used : HttpHeaders(org.springframework.http.HttpHeaders) ResponseEntity(org.springframework.http.ResponseEntity) OBErrorResponseException(com.forgerock.openbanking.exceptions.OBErrorResponseException) AccessTokenResponse(com.forgerock.openbanking.model.oidc.AccessTokenResponse) PairClientIDAuthMethod(com.forgerock.openbanking.aspsp.as.service.PairClientIDAuthMethod) Test(org.junit.Test)

Example 8 with PairClientIDAuthMethod

use of com.forgerock.openbanking.aspsp.as.service.PairClientIDAuthMethod in project openbanking-aspsp by OpenBankingToolkit.

the class HeadLessAccessTokenServiceTest method success_getAccessToken.

@Test
public void success_getAccessToken() throws OBErrorResponseException, OBErrorException, URISyntaxException {
    // Given
    PairClientIDAuthMethod clientIdAuthMethod = getClientIDAuthMethod(TokenEndpointAuthMethods.CLIENT_SECRET_BASIC);
    MultiValueMap<String, String> params = getParamsMap(GrantType.HEADLESS_AUTH);
    HttpHeaders httpHeaders = new HttpHeaders();
    httpHeaders.setLocation(new URI("http://acme.com/#code=access_code"));
    AccessTokenResponse accessTokenResponse = new AccessTokenResponse();
    ResponseEntity<AccessTokenResponse> responseEntity = new ResponseEntity<>(accessTokenResponse, httpHeaders, HttpStatus.OK);
    given(authorisationApi.getAuthorisation(params.getFirst(OIDCClaim.RESPONSE_TYPE), params.getFirst(OIDCClaim.CLIENT_ID), params.getFirst(OIDCClaim.STATE), params.getFirst(OIDCClaim.NONCE), params.getFirst(OIDCClaim.SCOPE), params.getFirst(OIDCClaim.REDIRECT_URI), params.getFirst(OIDCClaim.REQUEST), true, params.getFirst(OIDCClaim.USERNAME), params.getFirst(OIDCClaim.PASSWORD), "", null, request)).willReturn(responseEntity);
    String requestBody = "grant_type=authorization_code&redirect_uri=https%3A%2F%2Facme.co.uk&code=access_code";
    given(amGateway.toAM(request, new HttpHeaders(), this.typeReference, requestBody)).willReturn(responseEntity);
    // When
    ResponseEntity<AccessTokenResponse> response = headlessAccessTokenService.getAccessToken(amGateway, clientIdAuthMethod, params, request);
    // Then
    assertThat(response).isNotNull();
    assertThat(response.getStatusCode()).isEqualTo(HttpStatus.OK);
}
Also used : HttpHeaders(org.springframework.http.HttpHeaders) ResponseEntity(org.springframework.http.ResponseEntity) URI(java.net.URI) AccessTokenResponse(com.forgerock.openbanking.model.oidc.AccessTokenResponse) PairClientIDAuthMethod(com.forgerock.openbanking.aspsp.as.service.PairClientIDAuthMethod) Test(org.junit.Test)

Example 9 with PairClientIDAuthMethod

use of com.forgerock.openbanking.aspsp.as.service.PairClientIDAuthMethod in project openbanking-aspsp by OpenBankingToolkit.

the class HeadLessAccessTokenServiceTest method getClientIDAuthMethod.

// ToDo: Extract to test helper class as also used in @AccessTokenApiControllerTest
private PairClientIDAuthMethod getClientIDAuthMethod(TokenEndpointAuthMethods clientIdAuthMethod) {
    PairClientIDAuthMethod pairClientIDAuthMethod = new PairClientIDAuthMethod();
    pairClientIDAuthMethod.setAuthMethod(clientIdAuthMethod);
    return pairClientIDAuthMethod;
}
Also used : PairClientIDAuthMethod(com.forgerock.openbanking.aspsp.as.service.PairClientIDAuthMethod)

Example 10 with PairClientIDAuthMethod

use of com.forgerock.openbanking.aspsp.as.service.PairClientIDAuthMethod in project openbanking-aspsp by OpenBankingToolkit.

the class HeadLessAccessTokenServiceTest method failWhenNoLocationHeader_getAccessToken.

@Test
public void failWhenNoLocationHeader_getAccessToken() throws OBErrorResponseException, OBErrorException {
    // Given
    PairClientIDAuthMethod clientIdAuthMethod = getClientIDAuthMethod(TokenEndpointAuthMethods.CLIENT_SECRET_BASIC);
    MultiValueMap<String, String> params = getParamsMap(GrantType.HEADLESS_AUTH);
    HttpHeaders httpHeaders = new HttpHeaders();
    // httpHeaders.setLocation(new URI("http://acme.com/#code=access_code"));
    AccessTokenResponse accessTokenResponse = new AccessTokenResponse();
    ResponseEntity<AccessTokenResponse> responseEntity = new ResponseEntity<>(accessTokenResponse, httpHeaders, HttpStatus.OK);
    given(authorisationApi.getAuthorisation(params.getFirst(OIDCClaim.RESPONSE_TYPE), params.getFirst(OIDCClaim.CLIENT_ID), params.getFirst(OIDCClaim.STATE), params.getFirst(OIDCClaim.NONCE), params.getFirst(OIDCClaim.SCOPE), params.getFirst(OIDCClaim.REDIRECT_URI), params.getFirst(OIDCClaim.REQUEST), true, params.getFirst(OIDCClaim.USERNAME), params.getFirst(OIDCClaim.PASSWORD), "", null, request)).willReturn(responseEntity);
    // When
    OBErrorResponseException exception = catchThrowableOfType(() -> headlessAccessTokenService.getAccessToken(amGateway, clientIdAuthMethod, params, request), OBErrorResponseException.class);
    // Then
    assertThat(exception).isNotNull();
    assertThat(exception.getCategory()).isEqualTo(OBRIErrorResponseCategory.HEADLESS_AUTH);
}
Also used : HttpHeaders(org.springframework.http.HttpHeaders) ResponseEntity(org.springframework.http.ResponseEntity) OBErrorResponseException(com.forgerock.openbanking.exceptions.OBErrorResponseException) AccessTokenResponse(com.forgerock.openbanking.model.oidc.AccessTokenResponse) PairClientIDAuthMethod(com.forgerock.openbanking.aspsp.as.service.PairClientIDAuthMethod) Test(org.junit.Test)

Aggregations

PairClientIDAuthMethod (com.forgerock.openbanking.aspsp.as.service.PairClientIDAuthMethod)10 Test (org.junit.Test)7 ResponseEntity (org.springframework.http.ResponseEntity)6 OBErrorResponseException (com.forgerock.openbanking.exceptions.OBErrorResponseException)5 AccessTokenResponse (com.forgerock.openbanking.model.oidc.AccessTokenResponse)5 HttpHeaders (org.springframework.http.HttpHeaders)3 AMGateway (com.forgerock.openbanking.am.gateway.AMGateway)1 AccessTokenReWriteException (com.forgerock.openbanking.common.error.exception.AccessTokenReWriteException)1 GrantType (com.forgerock.openbanking.constants.OIDCConstants.GrantType)1 URI (java.net.URI)1 PreAuthorize (org.springframework.security.access.prepost.PreAuthorize)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial