Examples with AccessToken - com.microsoft.identity.common.internal.providers.oauth2.AccessToken

Example 36 with AccessToken

use of com.microsoft.identity.common.internal.providers.oauth2.AccessToken in project docker-client by spotify.

the class ContainerRegistryAuthSupplierTest method testAuthForSwarm_TokenWithoutExpirationDoesNotCauseRefresh.

@Test
public void testAuthForSwarm_TokenWithoutExpirationDoesNotCauseRefresh() throws Exception {
    final AccessToken accessToken = new AccessToken(tokenValue, null);
    final GoogleCredentials credentials = new GoogleCredentials(accessToken);
    final ContainerRegistryAuthSupplier supplier = new ContainerRegistryAuthSupplier(credentials, clock, TimeUnit.SECONDS.toMillis(minimumExpirationSecs), refresher);
    assertThat(supplier.authForSwarm(), matchesAccessToken(accessToken));
    verify(refresher, never()).refresh(credentials);
}

Also used : AccessToken(com.google.auth.oauth2.AccessToken) GoogleCredentials(com.google.auth.oauth2.GoogleCredentials) Test(org.junit.Test)

Example 37 with AccessToken

use of com.microsoft.identity.common.internal.providers.oauth2.AccessToken in project docker-client by spotify.

the class ContainerRegistryAuthSupplierTest method testAuthForBuild_TokenWithoutExpirationDoesNotCauseRefresh.

@Test
public void testAuthForBuild_TokenWithoutExpirationDoesNotCauseRefresh() throws Exception {
    final AccessToken accessToken = new AccessToken(tokenValue, null);
    final GoogleCredentials credentials = new GoogleCredentials(accessToken);
    final ContainerRegistryAuthSupplier supplier = new ContainerRegistryAuthSupplier(credentials, clock, TimeUnit.SECONDS.toMillis(minimumExpirationSecs), refresher);
    final RegistryConfigs configs = supplier.authForBuild();
    assertThat(configs.configs().values(), is(not(empty())));
    assertThat(configs.configs().values(), everyItem(matchesAccessToken(accessToken)));
    verify(refresher, never()).refresh(credentials);
}

Also used : RegistryConfigs(com.spotify.docker.client.messages.RegistryConfigs) AccessToken(com.google.auth.oauth2.AccessToken) GoogleCredentials(com.google.auth.oauth2.GoogleCredentials) Test(org.junit.Test)

Example 38 with AccessToken

use of com.microsoft.identity.common.internal.providers.oauth2.AccessToken in project docker-client by spotify.

the class ContainerRegistryAuthSupplier method authForBuild.

@Override
public RegistryConfigs authForBuild() throws DockerException {
    final AccessToken accessToken;
    try {
        accessToken = getAccessToken();
    } catch (IOException e) {
        // do not fail as the GCR access token may not be necessary for building the image currently
        // being built
        log.warn("unable to get access token for Google Container Registry, " + "configuration for building image will not contain RegistryAuth for GCR", e);
        return RegistryConfigs.empty();
    }
    final Map<String, RegistryAuth> configs = new HashMap<>(GCR_REGISTRIES.size());
    for (String serverName : GCR_REGISTRIES) {
        configs.put(serverName, authForAccessToken(accessToken));
    }
    return RegistryConfigs.create(configs);
}

Also used : HashMap(java.util.HashMap) AccessToken(com.google.auth.oauth2.AccessToken) IOException(java.io.IOException) RegistryAuth(com.spotify.docker.client.messages.RegistryAuth)

Example 39 with AccessToken

use of com.microsoft.identity.common.internal.providers.oauth2.AccessToken in project apiman by apiman.

the class KeycloakOAuthFactory method directGrant.

private static AuthHandler directGrant(Vertx vertx, VertxEngineConfig apimanConfig, JsonObject authConfig, OAuth2FlowType flowType, String role) {
    return new AuthHandler() {

        @Override
        public void handle(RoutingContext context) {
            try {
                String[] auth = Basic.decodeWithScheme(context.request().getHeader("Authorization"));
                doBasic2Oauth(context, role, auth[0], auth[1]);
            } catch (RuntimeException e) {
                handle400(context, e.getMessage());
            }
        }

        private void doBasic2Oauth(RoutingContext context, String role, String username, String password) {
            JsonObject params = new JsonObject().put("username", username).put("password", password);
            HttpClientOptions sslOptions = getHttpClientOptionsForKeycloak(authConfig);
            OAuth2Auth oauth2 = KeycloakAuth.create(vertx, flowType, authConfig, sslOptions);
            oauth2.authenticate(params, tokenResult -> {
                if (tokenResult.succeeded()) {
                    log.debug("OAuth2 Keycloak exchange succeeded.");
                    AccessToken token = (AccessToken) tokenResult.result();
                    token.isAuthorised(role, res -> {
                        if (res.result()) {
                            context.next();
                        } else {
                            String message = MessageFormat.format("User {0} does not have required role: {1}.", username, role);
                            log.error(message);
                            handle403(context, "insufficient_scope", message);
                        }
                    });
                } else {
                    String message = tokenResult.cause().getMessage();
                    log.error("Access Token Error: {0}.", message);
                    handle401(context, "invalid_token", message);
                }
            });
        }

        private void handle400(RoutingContext context, String message) {
            if (message != null)
                context.response().setStatusMessage(message);
            context.fail(400);
        }

        private void handle401(RoutingContext context, String error, String message) {
            String value = MessageFormat.format("Basic realm=\"{0}\" error=\"{1}\" error_message=\"{2}\"", "apiman-gw", error, message);
            context.response().putHeader("WWW-Authenticate", value);
            context.fail(401);
        }

        private void handle403(RoutingContext context, String error, String message) {
            String value = MessageFormat.format("Basic realm=\"{0}\" error=\"{1}\" error_message=\"{2}\"", "apiman-gw", error, message);
            context.response().putHeader("WWW-Authenticate", value);
            context.fail(403);
        }

        @Override
        public AuthHandler addAuthority(String authority) {
            return this;
        }

        @Override
        public AuthHandler addAuthorities(Set<String> authorities) {
            return this;
        }

        @Override
        public void parseCredentials(RoutingContext routingContext, Handler<AsyncResult<JsonObject>> handler) {
        }

        @Override
        public void authorize(User user, Handler<AsyncResult<Void>> handler) {
        }
    };
}

Also used : AuthHandler(io.vertx.ext.web.handler.AuthHandler) OAuth2AuthHandler(io.vertx.ext.web.handler.OAuth2AuthHandler) Set(java.util.Set) User(io.vertx.ext.auth.User) JsonObject(io.vertx.core.json.JsonObject) AuthHandler(io.vertx.ext.web.handler.AuthHandler) OAuth2AuthHandler(io.vertx.ext.web.handler.OAuth2AuthHandler) Handler(io.vertx.core.Handler) HttpClientOptions(io.vertx.core.http.HttpClientOptions) RoutingContext(io.vertx.ext.web.RoutingContext) AccessToken(io.vertx.ext.auth.oauth2.AccessToken) OAuth2Auth(io.vertx.ext.auth.oauth2.OAuth2Auth)

Example 40 with AccessToken

use of com.microsoft.identity.common.internal.providers.oauth2.AccessToken in project apiman by apiman.

the class KeycloakOAuth2 method authenticate.

@Override
public Authenticator authenticate(Vertx vertx, Map<String, String> config, MultiMap headerMap, Handler<AsyncResult<Void>> resultHandler) {
    OAuth2FlowType flowType = getFlowType(config.get("flowType"));
    JsonObject params = new JsonObject();
    if (config.get("username") != null) {
        params.put("username", config.get("username"));
    }
    if (config.get("password") != null) {
        params.put("password", config.get("password"));
    }
    OAuth2Auth oauth2 = KeycloakAuth.create(vertx, flowType, mapToJson(config));
    oauth2.getToken(params, tokenResult -> {
        if (tokenResult.succeeded()) {
            log.debug("OAuth2 Keycloak exchange succeeded.");
            AccessToken token = tokenResult.result();
            headerMap.set("Authorization", "Bearer " + token.principal().getString("access_token"));
            resultHandler.handle(Future.succeededFuture());
        } else {
            log.error("Access Token Error: {0}.", tokenResult.cause().getMessage());
            resultHandler.handle(Future.failedFuture(tokenResult.cause()));
        }
    });
    return this;
}

Also used : AccessToken(io.vertx.ext.auth.oauth2.AccessToken) JsonObject(io.vertx.core.json.JsonObject) OAuth2Auth(io.vertx.ext.auth.oauth2.OAuth2Auth) OAuth2FlowType(io.vertx.ext.auth.oauth2.OAuth2FlowType)

Aggregations

AccessToken (com.google.auth.oauth2.AccessToken)78 Test (org.junit.Test)44 GoogleCredentials (com.google.auth.oauth2.GoogleCredentials)33 Date (java.util.Date)23 IOException (java.io.IOException)20 AccessToken (io.vertx.ext.auth.oauth2.AccessToken)16 Instant (java.time.Instant)10 Client (javax.ws.rs.client.Client)10 AccessToken (org.glassfish.jersey.client.oauth1.AccessToken)10 ConsumerCredentials (org.glassfish.jersey.client.oauth1.ConsumerCredentials)10 JsonObject (io.vertx.core.json.JsonObject)9 URI (java.net.URI)9 Feature (javax.ws.rs.core.Feature)8 JerseyTest (org.glassfish.jersey.test.JerseyTest)8 MockHttpTransport (com.google.api.client.testing.http.MockHttpTransport)6 ServiceAccountCredentials (com.google.auth.oauth2.ServiceAccountCredentials)6 Credential (io.cdap.cdap.proto.security.Credential)6 InputStreamReader (java.io.InputStreamReader)6 Clock (java.time.Clock)6 WebTarget (javax.ws.rs.client.WebTarget)6