Example 11 with TokenRequest
use of com.microsoft.identity.common.internal.providers.oauth2.TokenRequest in project workbench by all-of-us.
the class DelegatedUserCredentials method refreshAccessToken.
@Override
public AccessToken refreshAccessToken() throws IOException {
// The first step is to call the IamCredentials API to generate a signed JWT with the
// appropriate claims. This call is authorized with application default credentials (ADCs). The
// ADC service account may be different from `serviceAccountEmail` if the ADC account has the
// roles/iam.serviceAccountTokenCreator role on the `serviceAccountEmail` account.
SignJwtRequest jwtRequest = SignJwtRequest.newBuilder().setName(String.format(SERVICE_ACCOUNT_NAME_FORMAT, serviceAccountEmail)).setPayload(JSON_FACTORY.toString(createJwtPayload())).build();
String jwt = credentialsClient.signJwt(jwtRequest).getSignedJwt();
// With the signed JWT in hand, we call Google's OAuth2 token server to exchange the JWT for
// an access token.
TokenRequest tokenRequest = new TokenRequest(httpTransport, JSON_FACTORY, new GenericUrl(GoogleOAuthConstants.TOKEN_SERVER_URL), JWT_BEARER_GRANT_TYPE);
tokenRequest.put("assertion", jwt);
TokenResponse tokenResponse = tokenRequest.execute();
return new AccessToken(tokenResponse.getAccessToken(), Date.from(Instant.now(clock).plusSeconds(tokenResponse.getExpiresInSeconds())));
}
Also used :
TokenResponse(com.google.api.client.auth.oauth2.TokenResponse)
AccessToken(com.google.auth.oauth2.AccessToken)
TokenRequest(com.google.api.client.auth.oauth2.TokenRequest)
SignJwtRequest(com.google.cloud.iam.credentials.v1.SignJwtRequest)
GenericUrl(com.google.api.client.http.GenericUrl)
Example 12 with TokenRequest
use of com.microsoft.identity.common.internal.providers.oauth2.TokenRequest in project google-api-java-client by google.
the class GoogleCredential method executeRefreshToken.
@Override
@Beta
protected TokenResponse executeRefreshToken() throws IOException {
if (serviceAccountPrivateKey == null) {
return super.executeRefreshToken();
}
// service accounts: no refresh token; instead use private key to request new access token
JsonWebSignature.Header header = new JsonWebSignature.Header();
header.setAlgorithm("RS256");
header.setType("JWT");
header.setKeyId(serviceAccountPrivateKeyId);
JsonWebToken.Payload payload = new JsonWebToken.Payload();
long currentTime = getClock().currentTimeMillis();
payload.setIssuer(serviceAccountId);
payload.setAudience(getTokenServerEncodedUrl());
payload.setIssuedAtTimeSeconds(currentTime / 1000);
payload.setExpirationTimeSeconds(currentTime / 1000 + 3600);
payload.setSubject(serviceAccountUser);
payload.put("scope", Joiner.on(' ').join(serviceAccountScopes));
try {
String assertion = JsonWebSignature.signUsingRsaSha256(serviceAccountPrivateKey, getJsonFactory(), header, payload);
TokenRequest request = new TokenRequest(getTransport(), getJsonFactory(), new GenericUrl(getTokenServerEncodedUrl()), "urn:ietf:params:oauth:grant-type:jwt-bearer");
request.put("assertion", assertion);
return request.execute();
} catch (GeneralSecurityException exception) {
IOException e = new IOException();
e.initCause(exception);
throw e;
}
}
Also used :
JsonWebSignature(com.google.api.client.json.webtoken.JsonWebSignature)
GeneralSecurityException(java.security.GeneralSecurityException)
TokenRequest(com.google.api.client.auth.oauth2.TokenRequest)
GenericUrl(com.google.api.client.http.GenericUrl)
IOException(java.io.IOException)
JsonWebToken(com.google.api.client.json.webtoken.JsonWebToken)
Beta(com.google.api.client.util.Beta)
Example 13 with TokenRequest
use of com.microsoft.identity.common.internal.providers.oauth2.TokenRequest in project google-api-java-client by googleapis.
the class GoogleCredential method executeRefreshToken.
@Override
@Beta
protected TokenResponse executeRefreshToken() throws IOException {
if (serviceAccountPrivateKey == null) {
return super.executeRefreshToken();
}
// service accounts: no refresh token; instead use private key to request new access token
JsonWebSignature.Header header = new JsonWebSignature.Header();
header.setAlgorithm("RS256");
header.setType("JWT");
header.setKeyId(serviceAccountPrivateKeyId);
JsonWebToken.Payload payload = new JsonWebToken.Payload();
long currentTime = getClock().currentTimeMillis();
payload.setIssuer(serviceAccountId);
payload.setAudience(getTokenServerEncodedUrl());
payload.setIssuedAtTimeSeconds(currentTime / 1000);
payload.setExpirationTimeSeconds(currentTime / 1000 + 3600);
payload.setSubject(serviceAccountUser);
payload.put("scope", Joiner.on(' ').join(serviceAccountScopes));
try {
String assertion = JsonWebSignature.signUsingRsaSha256(serviceAccountPrivateKey, getJsonFactory(), header, payload);
TokenRequest request = new TokenRequest(getTransport(), getJsonFactory(), new GenericUrl(getTokenServerEncodedUrl()), "urn:ietf:params:oauth:grant-type:jwt-bearer");
request.put("assertion", assertion);
return request.execute();
} catch (GeneralSecurityException exception) {
IOException e = new IOException();
e.initCause(exception);
throw e;
}
}
Also used :
JsonWebSignature(com.google.api.client.json.webtoken.JsonWebSignature)
GeneralSecurityException(java.security.GeneralSecurityException)
TokenRequest(com.google.api.client.auth.oauth2.TokenRequest)
GenericUrl(com.google.api.client.http.GenericUrl)
IOException(java.io.IOException)
JsonWebToken(com.google.api.client.json.webtoken.JsonWebToken)
Beta(com.google.api.client.util.Beta)
Example 14 with TokenRequest
use of com.microsoft.identity.common.internal.providers.oauth2.TokenRequest in project styx by spotify.
the class GoogleIdTokenAuth method getUserToken.
private String getUserToken(UserCredentials credentials) throws IOException {
log.debug("Fetching user id token");
final TokenRequest request = new RefreshTokenRequest(this.httpTransport, JSON_FACTORY, new GenericUrl(credentials.toBuilder().getTokenServerUri()), credentials.getRefreshToken()).setClientAuthentication(new ClientParametersAuthentication(credentials.getClientId(), credentials.getClientSecret())).setRequestInitializer(new HttpCredentialsAdapter(credentials));
final TokenResponse response = request.execute();
return (String) response.get("id_token");
}
Also used :
RefreshTokenRequest(com.google.api.client.auth.oauth2.RefreshTokenRequest)
ClientParametersAuthentication(com.google.api.client.auth.oauth2.ClientParametersAuthentication)
HttpCredentialsAdapter(com.google.auth.http.HttpCredentialsAdapter)
TokenResponse(com.google.api.client.auth.oauth2.TokenResponse)
RefreshTokenRequest(com.google.api.client.auth.oauth2.RefreshTokenRequest)
TokenRequest(com.google.api.client.auth.oauth2.TokenRequest)
GenericUrl(com.google.api.client.http.GenericUrl)
Example 15 with TokenRequest
use of com.microsoft.identity.common.internal.providers.oauth2.TokenRequest in project styx by spotify.
the class GoogleIdTokenAuth method getServiceAccountToken.
private String getServiceAccountToken(ServiceAccountCredentials credential, String targetAudience) throws IOException, GeneralSecurityException {
log.debug("Fetching service account id token for {}", credential.getAccount());
final TokenRequest request = new TokenRequest(this.httpTransport, JSON_FACTORY, new GenericUrl(credential.getTokenServerUri()), "urn:ietf:params:oauth:grant-type:jwt-bearer");
final Header header = jwtHeader();
final Payload payload = jwtPayload(targetAudience, credential.getAccount(), credential.getTokenServerUri().toString());
request.put("assertion", JsonWebSignature.signUsingRsaSha256(credential.getPrivateKey(), JSON_FACTORY, header, payload));
final TokenResponse response = request.execute();
return (String) response.get("id_token");
}
Also used :
Header(com.google.api.client.json.webtoken.JsonWebSignature.Header)
TokenResponse(com.google.api.client.auth.oauth2.TokenResponse)
RefreshTokenRequest(com.google.api.client.auth.oauth2.RefreshTokenRequest)
TokenRequest(com.google.api.client.auth.oauth2.TokenRequest)
Payload(com.google.api.client.json.webtoken.JsonWebToken.Payload)
GenericUrl(com.google.api.client.http.GenericUrl)
Aggregations
TokenRequest (com.microsoft.identity.common.internal.providers.oauth2.TokenRequest)10
MicrosoftStsTokenRequest (com.microsoft.identity.common.internal.providers.microsoft.microsoftsts.MicrosoftStsTokenRequest)8
TokenResult (com.microsoft.identity.common.internal.providers.oauth2.TokenResult)8
TokenRequest (com.google.api.client.auth.oauth2.TokenRequest)7
GenericUrl (com.google.api.client.http.GenericUrl)6
OAuth2StrategyParameters (com.microsoft.identity.common.internal.providers.oauth2.OAuth2StrategyParameters)5
IOException (java.io.IOException)5
ClientException (com.microsoft.identity.common.exception.ClientException)4
MicrosoftTokenRequest (com.microsoft.identity.common.internal.providers.microsoft.MicrosoftTokenRequest)4
RefreshTokenRequest (com.google.api.client.auth.oauth2.RefreshTokenRequest)3
TokenResponse (com.google.api.client.auth.oauth2.TokenResponse)3
MicrosoftStsOAuth2Configuration (com.microsoft.identity.common.internal.providers.microsoft.microsoftsts.MicrosoftStsOAuth2Configuration)3
MicrosoftStsOAuth2Strategy (com.microsoft.identity.common.internal.providers.microsoft.microsoftsts.MicrosoftStsOAuth2Strategy)3
Test (org.junit.Test)3
JsonWebSignature (com.google.api.client.json.webtoken.JsonWebSignature)2
JsonWebToken (com.google.api.client.json.webtoken.JsonWebToken)2
Beta (com.google.api.client.util.Beta)2
AzureActiveDirectoryAuthority (com.microsoft.identity.common.internal.authorities.AzureActiveDirectoryAuthority)2
HttpResponse (com.microsoft.identity.common.internal.net.HttpResponse)2
CertificateCredential (com.microsoft.identity.common.internal.providers.keys.CertificateCredential)2
