Search in sources :

Example 11 with TokenRequest

use of com.microsoft.identity.common.internal.providers.oauth2.TokenRequest in project workbench by all-of-us.

the class DelegatedUserCredentials method refreshAccessToken.

@Override
public AccessToken refreshAccessToken() throws IOException {
    // The first step is to call the IamCredentials API to generate a signed JWT with the
    // appropriate claims. This call is authorized with application default credentials (ADCs). The
    // ADC service account may be different from `serviceAccountEmail` if the ADC account has the
    // roles/iam.serviceAccountTokenCreator role on the `serviceAccountEmail` account.
    SignJwtRequest jwtRequest = SignJwtRequest.newBuilder().setName(String.format(SERVICE_ACCOUNT_NAME_FORMAT, serviceAccountEmail)).setPayload(JSON_FACTORY.toString(createJwtPayload())).build();
    String jwt = credentialsClient.signJwt(jwtRequest).getSignedJwt();
    // With the signed JWT in hand, we call Google's OAuth2 token server to exchange the JWT for
    // an access token.
    TokenRequest tokenRequest = new TokenRequest(httpTransport, JSON_FACTORY, new GenericUrl(GoogleOAuthConstants.TOKEN_SERVER_URL), JWT_BEARER_GRANT_TYPE);
    tokenRequest.put("assertion", jwt);
    TokenResponse tokenResponse = tokenRequest.execute();
    return new AccessToken(tokenResponse.getAccessToken(), Date.from(Instant.now(clock).plusSeconds(tokenResponse.getExpiresInSeconds())));
}
Also used : TokenResponse(com.google.api.client.auth.oauth2.TokenResponse) AccessToken(com.google.auth.oauth2.AccessToken) TokenRequest(com.google.api.client.auth.oauth2.TokenRequest) SignJwtRequest(com.google.cloud.iam.credentials.v1.SignJwtRequest) GenericUrl(com.google.api.client.http.GenericUrl)

Example 12 with TokenRequest

use of com.microsoft.identity.common.internal.providers.oauth2.TokenRequest in project google-api-java-client by google.

the class GoogleCredential method executeRefreshToken.

@Override
@Beta
protected TokenResponse executeRefreshToken() throws IOException {
    if (serviceAccountPrivateKey == null) {
        return super.executeRefreshToken();
    }
    // service accounts: no refresh token; instead use private key to request new access token
    JsonWebSignature.Header header = new JsonWebSignature.Header();
    header.setAlgorithm("RS256");
    header.setType("JWT");
    header.setKeyId(serviceAccountPrivateKeyId);
    JsonWebToken.Payload payload = new JsonWebToken.Payload();
    long currentTime = getClock().currentTimeMillis();
    payload.setIssuer(serviceAccountId);
    payload.setAudience(getTokenServerEncodedUrl());
    payload.setIssuedAtTimeSeconds(currentTime / 1000);
    payload.setExpirationTimeSeconds(currentTime / 1000 + 3600);
    payload.setSubject(serviceAccountUser);
    payload.put("scope", Joiner.on(' ').join(serviceAccountScopes));
    try {
        String assertion = JsonWebSignature.signUsingRsaSha256(serviceAccountPrivateKey, getJsonFactory(), header, payload);
        TokenRequest request = new TokenRequest(getTransport(), getJsonFactory(), new GenericUrl(getTokenServerEncodedUrl()), "urn:ietf:params:oauth:grant-type:jwt-bearer");
        request.put("assertion", assertion);
        return request.execute();
    } catch (GeneralSecurityException exception) {
        IOException e = new IOException();
        e.initCause(exception);
        throw e;
    }
}
Also used : JsonWebSignature(com.google.api.client.json.webtoken.JsonWebSignature) GeneralSecurityException(java.security.GeneralSecurityException) TokenRequest(com.google.api.client.auth.oauth2.TokenRequest) GenericUrl(com.google.api.client.http.GenericUrl) IOException(java.io.IOException) JsonWebToken(com.google.api.client.json.webtoken.JsonWebToken) Beta(com.google.api.client.util.Beta)

Example 13 with TokenRequest

use of com.microsoft.identity.common.internal.providers.oauth2.TokenRequest in project google-api-java-client by googleapis.

the class GoogleCredential method executeRefreshToken.

@Override
@Beta
protected TokenResponse executeRefreshToken() throws IOException {
    if (serviceAccountPrivateKey == null) {
        return super.executeRefreshToken();
    }
    // service accounts: no refresh token; instead use private key to request new access token
    JsonWebSignature.Header header = new JsonWebSignature.Header();
    header.setAlgorithm("RS256");
    header.setType("JWT");
    header.setKeyId(serviceAccountPrivateKeyId);
    JsonWebToken.Payload payload = new JsonWebToken.Payload();
    long currentTime = getClock().currentTimeMillis();
    payload.setIssuer(serviceAccountId);
    payload.setAudience(getTokenServerEncodedUrl());
    payload.setIssuedAtTimeSeconds(currentTime / 1000);
    payload.setExpirationTimeSeconds(currentTime / 1000 + 3600);
    payload.setSubject(serviceAccountUser);
    payload.put("scope", Joiner.on(' ').join(serviceAccountScopes));
    try {
        String assertion = JsonWebSignature.signUsingRsaSha256(serviceAccountPrivateKey, getJsonFactory(), header, payload);
        TokenRequest request = new TokenRequest(getTransport(), getJsonFactory(), new GenericUrl(getTokenServerEncodedUrl()), "urn:ietf:params:oauth:grant-type:jwt-bearer");
        request.put("assertion", assertion);
        return request.execute();
    } catch (GeneralSecurityException exception) {
        IOException e = new IOException();
        e.initCause(exception);
        throw e;
    }
}
Also used : JsonWebSignature(com.google.api.client.json.webtoken.JsonWebSignature) GeneralSecurityException(java.security.GeneralSecurityException) TokenRequest(com.google.api.client.auth.oauth2.TokenRequest) GenericUrl(com.google.api.client.http.GenericUrl) IOException(java.io.IOException) JsonWebToken(com.google.api.client.json.webtoken.JsonWebToken) Beta(com.google.api.client.util.Beta)

Example 14 with TokenRequest

use of com.microsoft.identity.common.internal.providers.oauth2.TokenRequest in project styx by spotify.

the class GoogleIdTokenAuth method getUserToken.

private String getUserToken(UserCredentials credentials) throws IOException {
    log.debug("Fetching user id token");
    final TokenRequest request = new RefreshTokenRequest(this.httpTransport, JSON_FACTORY, new GenericUrl(credentials.toBuilder().getTokenServerUri()), credentials.getRefreshToken()).setClientAuthentication(new ClientParametersAuthentication(credentials.getClientId(), credentials.getClientSecret())).setRequestInitializer(new HttpCredentialsAdapter(credentials));
    final TokenResponse response = request.execute();
    return (String) response.get("id_token");
}
Also used : RefreshTokenRequest(com.google.api.client.auth.oauth2.RefreshTokenRequest) ClientParametersAuthentication(com.google.api.client.auth.oauth2.ClientParametersAuthentication) HttpCredentialsAdapter(com.google.auth.http.HttpCredentialsAdapter) TokenResponse(com.google.api.client.auth.oauth2.TokenResponse) RefreshTokenRequest(com.google.api.client.auth.oauth2.RefreshTokenRequest) TokenRequest(com.google.api.client.auth.oauth2.TokenRequest) GenericUrl(com.google.api.client.http.GenericUrl)

Example 15 with TokenRequest

use of com.microsoft.identity.common.internal.providers.oauth2.TokenRequest in project styx by spotify.

the class GoogleIdTokenAuth method getServiceAccountToken.

private String getServiceAccountToken(ServiceAccountCredentials credential, String targetAudience) throws IOException, GeneralSecurityException {
    log.debug("Fetching service account id token for {}", credential.getAccount());
    final TokenRequest request = new TokenRequest(this.httpTransport, JSON_FACTORY, new GenericUrl(credential.getTokenServerUri()), "urn:ietf:params:oauth:grant-type:jwt-bearer");
    final Header header = jwtHeader();
    final Payload payload = jwtPayload(targetAudience, credential.getAccount(), credential.getTokenServerUri().toString());
    request.put("assertion", JsonWebSignature.signUsingRsaSha256(credential.getPrivateKey(), JSON_FACTORY, header, payload));
    final TokenResponse response = request.execute();
    return (String) response.get("id_token");
}
Also used : Header(com.google.api.client.json.webtoken.JsonWebSignature.Header) TokenResponse(com.google.api.client.auth.oauth2.TokenResponse) RefreshTokenRequest(com.google.api.client.auth.oauth2.RefreshTokenRequest) TokenRequest(com.google.api.client.auth.oauth2.TokenRequest) Payload(com.google.api.client.json.webtoken.JsonWebToken.Payload) GenericUrl(com.google.api.client.http.GenericUrl)

Aggregations

TokenRequest (com.microsoft.identity.common.internal.providers.oauth2.TokenRequest)10 MicrosoftStsTokenRequest (com.microsoft.identity.common.internal.providers.microsoft.microsoftsts.MicrosoftStsTokenRequest)8 TokenResult (com.microsoft.identity.common.internal.providers.oauth2.TokenResult)8 TokenRequest (com.google.api.client.auth.oauth2.TokenRequest)7 GenericUrl (com.google.api.client.http.GenericUrl)6 OAuth2StrategyParameters (com.microsoft.identity.common.internal.providers.oauth2.OAuth2StrategyParameters)5 IOException (java.io.IOException)5 ClientException (com.microsoft.identity.common.exception.ClientException)4 MicrosoftTokenRequest (com.microsoft.identity.common.internal.providers.microsoft.MicrosoftTokenRequest)4 RefreshTokenRequest (com.google.api.client.auth.oauth2.RefreshTokenRequest)3 TokenResponse (com.google.api.client.auth.oauth2.TokenResponse)3 MicrosoftStsOAuth2Configuration (com.microsoft.identity.common.internal.providers.microsoft.microsoftsts.MicrosoftStsOAuth2Configuration)3 MicrosoftStsOAuth2Strategy (com.microsoft.identity.common.internal.providers.microsoft.microsoftsts.MicrosoftStsOAuth2Strategy)3 Test (org.junit.Test)3 JsonWebSignature (com.google.api.client.json.webtoken.JsonWebSignature)2 JsonWebToken (com.google.api.client.json.webtoken.JsonWebToken)2 Beta (com.google.api.client.util.Beta)2 AzureActiveDirectoryAuthority (com.microsoft.identity.common.internal.authorities.AzureActiveDirectoryAuthority)2 HttpResponse (com.microsoft.identity.common.internal.net.HttpResponse)2 CertificateCredential (com.microsoft.identity.common.internal.providers.keys.CertificateCredential)2