Search in sources :

Example 1 with Builder

use of com.nimbusds.jwt.JWTClaimsSet.Builder in project ORCID-Source by ORCID.

the class OpenIDConnectTokenEnhancer method enhance.

@Override
public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {
    //We have the code at this point, but it has already been consumed and removed.
    //So instead we check for a nonce and max_age which are added back into request by OrcidClientCredentialEndPointDelegatorImpl
    Map<String, String> params = authentication.getOAuth2Request().getRequestParameters();
    //only add if we're using openid scope.
    String scopes = params.get(OrcidOauth2Constants.SCOPE_PARAM);
    if (PojoUtil.isEmpty(scopes) || !ScopePathType.getScopesFromSpaceSeparatedString(scopes).contains(ScopePathType.OPENID)) {
        return accessToken;
    }
    //this means we do not have to support using them for authentication purposes. Some APIs support it, but it is not part of the spec.          
    try {
        //shared secret for signing. Use HMAC as we can do it with existing keys and not certs
        Builder claims = new JWTClaimsSet.Builder();
        claims.audience(params.get(OrcidOauth2Constants.CLIENT_ID_PARAM));
        claims.subject(accessToken.getAdditionalInformation().get("orcid").toString());
        claims.issuer("https://orcid.org");
        Date now = new Date();
        claims.expirationTime(new Date(now.getTime() + 600000));
        claims.issueTime(now);
        claims.jwtID(UUID.randomUUID().toString());
        if (params.get(OrcidOauth2Constants.NONCE) != null)
            claims.claim(OrcidOauth2Constants.NONCE, params.get(OrcidOauth2Constants.NONCE));
        claims.claim(OrcidOauth2Constants.AUTH_TIME, profileEntityManager.getLastLogin(accessToken.getAdditionalInformation().get("orcid").toString()));
        SignedJWT signedJWT = keyManager.sign(claims.build());
        String idTok = signedJWT.serialize();
        accessToken.getAdditionalInformation().put(OrcidOauth2Constants.ID_TOKEN, idTok);
    } catch (JOSEException e) {
        e.printStackTrace();
    } catch (Exception e) {
        e.printStackTrace();
    }
    return accessToken;
}
Also used : Builder(com.nimbusds.jwt.JWTClaimsSet.Builder) SignedJWT(com.nimbusds.jwt.SignedJWT) JOSEException(com.nimbusds.jose.JOSEException) Date(java.util.Date) JOSEException(com.nimbusds.jose.JOSEException)

Aggregations

JOSEException (com.nimbusds.jose.JOSEException)1 Builder (com.nimbusds.jwt.JWTClaimsSet.Builder)1 SignedJWT (com.nimbusds.jwt.SignedJWT)1 Date (java.util.Date)1