Example 1 with GrantType
use of com.forgerock.openbanking.constants.OIDCConstants.GrantType in project openbanking-aspsp by OpenBankingToolkit.
the class AccessTokenApiController method getAccessToken.
@Override
@PreAuthorize("hasAnyAuthority('ROLE_PISP', 'ROLE_AISP', 'ROLE_CBPII')")
public ResponseEntity getAccessToken(MultiValueMap<String, String> paramMap, String authorization, Principal principal, HttpServletRequest request) throws OBErrorResponseException, OBErrorException {
log.debug("getAccessToken(), paramMap {}", paramMap);
PairClientIDAuthMethod clientIDAuthMethod = matlsRequestVerificationService.verifyMATLSMatchesRequest(paramMap, authorization, principal);
AMGateway amGateway = this.amGateway;
// The token endpoint can also be used as audience, as per OIDC spec
if (clientIDAuthMethod.getAuthMethod() == PRIVATE_KEY_JWT) {
String clientAssertion = paramMap.getFirst(CLIENT_ASSERTION);
if (clientAssertion == null || clientAssertion.isBlank()) {
log.debug("getAccessToken() clientAssertion was null or blank");
throw new OBErrorResponseException(OBRIErrorType.ACCESS_TOKEN_INVALID.getHttpStatus(), OBRIErrorResponseCategory.ACCESS_TOKEN, OBRIErrorType.ACCESS_TOKEN_INVALID.toOBError1("No client_assertion in body"));
}
amGateway = amGatewayService.getAmGateway(clientAssertion);
}
// can throw a UnsupportedOIDCGrantTypeException
GrantType grantType = GrantType.fromType(paramMap.getFirst(OIDCConstants.OIDCClaim.GRANT_TYPE));
ResponseEntity<AccessTokenResponse> responseEntity = getAccessToken(paramMap, request, clientIDAuthMethod, amGateway, grantType);
try {
responseEntity = jwtOverridingService.rewriteAccessTokenResponseIdToken(responseEntity);
} catch (AccessTokenReWriteException e) {
log.debug("Failed to rewrite the access token response's id_token.", e);
String supportUID = UUID.randomUUID().toString();
throw new OBErrorResponseException(OBRIErrorType.ACCESS_TOKEN_INVALID_ID_TOKEN.getHttpStatus(), OBRIErrorResponseCategory.ACCESS_TOKEN, OBRIErrorType.ACCESS_TOKEN_INVALID_ID_TOKEN.toOBError1(supportUID));
}
return responseEntity;
}
Also used :
AMGateway(com.forgerock.openbanking.am.gateway.AMGateway)
OBErrorResponseException(com.forgerock.openbanking.exceptions.OBErrorResponseException)
AccessTokenReWriteException(com.forgerock.openbanking.common.error.exception.AccessTokenReWriteException)
GrantType(com.forgerock.openbanking.constants.OIDCConstants.GrantType)
AccessTokenResponse(com.forgerock.openbanking.model.oidc.AccessTokenResponse)
PairClientIDAuthMethod(com.forgerock.openbanking.aspsp.as.service.PairClientIDAuthMethod)
PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)
Aggregations
AMGateway (com.forgerock.openbanking.am.gateway.AMGateway)1
PairClientIDAuthMethod (com.forgerock.openbanking.aspsp.as.service.PairClientIDAuthMethod)1
AccessTokenReWriteException (com.forgerock.openbanking.common.error.exception.AccessTokenReWriteException)1
GrantType (com.forgerock.openbanking.constants.OIDCConstants.GrantType)1
OBErrorResponseException (com.forgerock.openbanking.exceptions.OBErrorResponseException)1
AccessTokenResponse (com.forgerock.openbanking.model.oidc.AccessTokenResponse)1
PreAuthorize (org.springframework.security.access.prepost.PreAuthorize)1
