Example 1 with Tokeninfo
use of com.google.api.services.oauth2.model.Tokeninfo in project styx by spotify.
the class GoogleIdTokenAuth method getServiceAccountIdTokenUsingAccessToken.
private String getServiceAccountIdTokenUsingAccessToken(GoogleCredentials credentials, String targetAudience) throws IOException {
final Oauth2 oauth2 = new Oauth2.Builder(httpTransport, JSON_FACTORY, null).build();
final AccessToken accessToken = accessToken(withScopes(credentials, ImmutableList.of("https://www.googleapis.com/auth/userinfo.email")));
final Tokeninfo info = oauth2.tokeninfo().setAccessToken(accessToken.getTokenValue()).execute();
final String principal = info.getEmail();
if (principal == null) {
throw new IOException("Unable to look up principal email, credentials missing email scope?");
}
if (!SERVICE_ACCOUNT_PATTERN.matcher(principal).matches()) {
throw new IOException("Principal is not a service account, unable to acquire id token: " + principal);
}
return getServiceAccountIdTokenUsingAccessToken(credentials, principal, targetAudience);
}
Also used :
AccessToken(com.google.auth.oauth2.AccessToken)
Oauth2(com.google.api.services.oauth2.Oauth2)
IOException(java.io.IOException)
Tokeninfo(com.google.api.services.oauth2.model.Tokeninfo)
Example 2 with Tokeninfo
use of com.google.api.services.oauth2.model.Tokeninfo in project gatein-portal by Meeds-io.
the class GoogleProcessorImpl method validateTokenAndUpdateScopes.
@Override
public GoogleAccessTokenContext validateTokenAndUpdateScopes(GoogleAccessTokenContext accessTokenContext) {
GoogleRequest<Tokeninfo> googleRequest = new GoogleRequest<Tokeninfo>() {
@Override
protected Tokeninfo invokeRequest(GoogleAccessTokenContext accessTokenContext) throws IOException {
GoogleTokenResponse tokenData = accessTokenContext.getTokenData();
Oauth2 oauth2 = getOAuth2InstanceImpl(tokenData);
GoogleCredential credential = getGoogleCredential(tokenData);
return oauth2.tokeninfo().setAccessToken(credential.getAccessToken()).execute();
}
@Override
protected OAuthException createException(IOException cause) {
if (cause instanceof HttpResponseException) {
return new OAuthException(OAuthExceptionCode.ACCESS_TOKEN_ERROR, "Error when obtaining tokenInfo: " + cause.getMessage(), cause);
} else {
return new OAuthException(OAuthExceptionCode.IO_ERROR, "IO Error when obtaining tokenInfo: " + cause.getMessage(), cause);
}
}
};
Tokeninfo tokenInfo = googleRequest.executeRequest(accessTokenContext, this);
// If there was an error in the token info, abort.
if (tokenInfo.containsKey("error")) {
throw new OAuthException(OAuthExceptionCode.ACCESS_TOKEN_ERROR, "Error during token validation: " + tokenInfo.get("error").toString());
}
if (!tokenInfo.getIssuedTo().equals(clientID)) {
throw new OAuthException(OAuthExceptionCode.ACCESS_TOKEN_ERROR, "Token's client ID does not match app's. clientID from tokenINFO: " + tokenInfo.getIssuedTo());
}
if (log.isTraceEnabled()) {
log.trace("Successfully validated accessToken from google: " + tokenInfo);
}
String[] scopes = tokenInfo.getScope().split(" ");
return new GoogleAccessTokenContext(accessTokenContext.getTokenData(), scopes);
}
Also used :
Oauth2(com.google.api.services.oauth2.Oauth2)
OAuthException(org.gatein.security.oauth.exception.OAuthException)
GoogleTokenResponse(com.google.api.client.googleapis.auth.oauth2.GoogleTokenResponse)
HttpResponseException(com.google.api.client.http.HttpResponseException)
GoogleCredential(com.google.api.client.googleapis.auth.oauth2.GoogleCredential)
IOException(java.io.IOException)
Tokeninfo(com.google.api.services.oauth2.model.Tokeninfo)
Example 3 with Tokeninfo
use of com.google.api.services.oauth2.model.Tokeninfo in project isaac-api by isaacphysics.
the class GoogleAuthenticator method verifyAccessTokenIsValid.
/**
* This method will contact the identity provider to verify that the token is valid for our application.
*
* This check is intended to mitigate against the confused deputy problem; although I suspect the google client
* might already do this.
*
* @param credentials
* - the credential object for the token verification.
* @return true if the token passes our validation false if not.
*/
private boolean verifyAccessTokenIsValid(final Credential credentials) {
Validate.notNull(credentials, "Credentials cannot be null");
Oauth2 oauth2 = new Oauth2.Builder(httpTransport, jsonFactory, credentials).setApplicationName(Constants.APPLICATION_NAME).build();
try {
Tokeninfo tokeninfo = oauth2.tokeninfo().setAccessToken(credentials.getAccessToken()).execute();
if (tokeninfo.getAudience().equals(clientSecrets.getDetails().getClientId())) {
return true;
}
} catch (IOException e) {
log.error("IO error while trying to validate oauth2 security token.");
e.printStackTrace();
}
return false;
}
Also used :
Oauth2(com.google.api.services.oauth2.Oauth2)
CacheBuilder(com.google.common.cache.CacheBuilder)
IOException(java.io.IOException)
Tokeninfo(com.google.api.services.oauth2.model.Tokeninfo)
Example 4 with Tokeninfo
use of com.google.api.services.oauth2.model.Tokeninfo in project dockstore by dockstore.
the class Hoverfly method getFakeTokeninfo.
private static Tokeninfo getFakeTokeninfo(String email) {
Tokeninfo tokeninfo = new Tokeninfo();
tokeninfo.setAccessType("offline");
tokeninfo.setAudience("<fill me in>");
tokeninfo.setEmail(email);
// This is in seconds, see Tokeninfo type for more details. Random integer that isn't really used anywhere
tokeninfo.setExpiresIn(9001);
tokeninfo.setIssuedTo(tokeninfo.getAudience());
tokeninfo.setScope("https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email");
tokeninfo.setUserId("tuber");
tokeninfo.setVerifiedEmail(true);
return tokeninfo;
}
Also used :
Tokeninfo(com.google.api.services.oauth2.model.Tokeninfo)
Example 5 with Tokeninfo
use of com.google.api.services.oauth2.model.Tokeninfo in project dockstore by dockstore.
the class GoogleHelperTest method isValidAudience.
@Test
public void isValidAudience() {
final DockstoreWebserviceConfiguration config = new DockstoreWebserviceConfiguration();
config.setGoogleClientID(AUDIENCE1);
config.getExternalGoogleClientIdPrefixes().add(EXTERNAL_PREFIX);
GoogleHelper.setConfig(config);
final Tokeninfo tokeninfo = Mockito.mock(Tokeninfo.class);
when(tokeninfo.getAudience()).thenReturn(AUDIENCE1).thenReturn(EXTERNAL_AUDIENCE).thenReturn(INVALID_AUDIENCE);
Assert.assertTrue(GoogleHelper.isValidAudience(tokeninfo));
Assert.assertTrue(GoogleHelper.isValidAudience(tokeninfo));
Assert.assertFalse(GoogleHelper.isValidAudience(tokeninfo));
}
Also used :
DockstoreWebserviceConfiguration(io.dockstore.webservice.DockstoreWebserviceConfiguration)
Tokeninfo(com.google.api.services.oauth2.model.Tokeninfo)
Test(org.junit.Test)
Aggregations
Tokeninfo (com.google.api.services.oauth2.model.Tokeninfo)7
Oauth2 (com.google.api.services.oauth2.Oauth2)5
IOException (java.io.IOException)5
GoogleCredential (com.google.api.client.googleapis.auth.oauth2.GoogleCredential)3
DockstoreWebserviceConfiguration (io.dockstore.webservice.DockstoreWebserviceConfiguration)2
AuthorizationCodeFlow (com.google.api.client.auth.oauth2.AuthorizationCodeFlow)1
BearerToken (com.google.api.client.auth.oauth2.BearerToken)1
ClientParametersAuthentication (com.google.api.client.auth.oauth2.ClientParametersAuthentication)1
TokenResponse (com.google.api.client.auth.oauth2.TokenResponse)1
GoogleTokenResponse (com.google.api.client.googleapis.auth.oauth2.GoogleTokenResponse)1
GenericUrl (com.google.api.client.http.GenericUrl)1
HttpResponseException (com.google.api.client.http.HttpResponseException)1
Userinfoplus (com.google.api.services.oauth2.model.Userinfoplus)1
AccessToken (com.google.auth.oauth2.AccessToken)1
CacheBuilder (com.google.common.cache.CacheBuilder)1
CustomWebApplicationException (io.dockstore.webservice.CustomWebApplicationException)1
Token (io.dockstore.webservice.core.Token)1
TokenType (io.dockstore.webservice.core.TokenType)1
User (io.dockstore.webservice.core.User)1
TokenResource (io.dockstore.webservice.resources.TokenResource)1
