use of com.nimbusds.oauth2.sdk in project conquery by bakdata.
the class JwtPkceVerifyingRealmFactory method getTokenResponse.
/**
* Tries to redeem the {@link AuthorizationGrant} for an {@link com.nimbusds.oauth2.sdk.token.AccessToken} ( + {@link RefreshToken}).
*/
@Nullable
@SneakyThrows({ ParseException.class, IOException.class })
private AccessTokenResponse getTokenResponse(ContainerRequestContext request, AuthorizationGrant authzGrant) {
// Retrieve the IDP configuration
final Optional<IdpConfiguration> idpConfigurationOpt = idpConfigurationSupplier.get();
if (idpConfigurationOpt.isEmpty()) {
log.warn("Unable to start authentication, because idp configuration is not available.");
return null;
}
JwtPkceVerifyingRealmFactory.IdpConfiguration idpConfiguration = idpConfigurationOpt.get();
// Send the auth code/refresh token to the IDP to redeem them for a new access and refresh token
final TokenRequest tokenRequest = new TokenRequest(UriBuilder.fromUri(idpConfiguration.getTokenEndpoint()).build(), new ClientID(client), authzGrant);
// Get the response
TokenResponse response = TokenResponse.parse(tokenRequest.toHTTPRequest().send());
// Check if the response was valid
if (!response.indicatesSuccess()) {
HTTPResponse httpResponse = response.toHTTPResponse();
log.warn("Unable to retrieve access token from auth server: {}", httpResponse.getContent());
return null;
} else if (!(response instanceof AccessTokenResponse)) {
log.warn("Unknown token response {}.", response.getClass().getName());
return null;
}
return (AccessTokenResponse) response;
}
use of com.nimbusds.oauth2.sdk in project chipster-web-server by chipster.
the class OidcProvidersImpl method getMetadata.
private OIDCProviderMetadata getMetadata(OidcConfig oidc) throws IOException, com.nimbusds.oauth2.sdk.ParseException {
// The OpenID provider issuer URL
Issuer issuer = new Issuer(oidc.getIssuer());
// Will resolve the OpenID provider metadata automatically
OIDCProviderConfigurationRequest request = new OIDCProviderConfigurationRequest(issuer);
// Make HTTP request
HTTPRequest httpRequest = request.toHTTPRequest();
HTTPResponse httpResponse = httpRequest.send();
// Parse OpenID provider metadata
return OIDCProviderMetadata.parse(httpResponse.getContentAsJSONObject());
}
use of com.nimbusds.oauth2.sdk in project chipster-web-server by chipster.
the class OidcProvidersImpl method getUserInfo.
@Override
public UserInfo getUserInfo(OidcConfig oidcConfig, String accessTokenString, boolean isDebug) {
URI userInfoEndpoint = this.userInfoEndpointURIs.get(oidcConfig);
BearerAccessToken token = new BearerAccessToken(accessTokenString);
if (isDebug) {
logger.info("get userinfo from " + userInfoEndpoint);
}
try {
// Make the request
HTTPResponse httpResponse = new UserInfoRequest(userInfoEndpoint, token).toHTTPRequest().send();
// Parse the response
UserInfoResponse userInfoResponse = UserInfoResponse.parse(httpResponse);
if (!userInfoResponse.indicatesSuccess()) {
// The request failed, e.g. due to invalid or expired token
logger.error("userinfo request failed: " + userInfoResponse.toErrorResponse().getErrorObject().getCode() + " " + userInfoResponse.toErrorResponse().getErrorObject().getDescription());
throw new InternalServerErrorException("userinfo request failed");
}
return userInfoResponse.toSuccessResponse().getUserInfo();
} catch (com.nimbusds.oauth2.sdk.ParseException | IOException e) {
throw new InternalServerErrorException("oidc userinfo error", e);
}
}
use of com.nimbusds.oauth2.sdk in project Alpine by stevespringett.
the class OidcUserInfoAuthenticator method authenticate.
OidcProfile authenticate(final String accessToken, final OidcProfileCreator profileCreator) throws AlpineAuthenticationException {
final UserInfoResponse userInfoResponse;
try {
final var httpResponse = new UserInfoRequest(configuration.getUserInfoEndpointUri(), new BearerAccessToken(accessToken)).toHTTPRequest().send();
userInfoResponse = UserInfoResponse.parse(httpResponse);
} catch (IOException e) {
LOGGER.error("UserInfo request failed", e);
throw new AlpineAuthenticationException(AlpineAuthenticationException.CauseType.OTHER);
} catch (com.nimbusds.oauth2.sdk.ParseException e) {
LOGGER.error("Parsing UserInfo response failed", e);
throw new AlpineAuthenticationException(AlpineAuthenticationException.CauseType.OTHER);
}
if (!userInfoResponse.indicatesSuccess()) {
final var error = userInfoResponse.toErrorResponse().getErrorObject();
LOGGER.error("UserInfo request failed (Code:" + error.getCode() + ", Description: " + error.getDescription() + ")");
throw new AlpineAuthenticationException(AlpineAuthenticationException.CauseType.INVALID_CREDENTIALS);
}
final var userInfo = userInfoResponse.toSuccessResponse().getUserInfo();
LOGGER.debug("UserInfo response: " + userInfo.toJSONString());
return profileCreator.create(userInfo);
}
use of com.nimbusds.oauth2.sdk in project Kustvakt by KorAP.
the class OpenIdResponseHandler method createErrorResponse.
public Response createErrorResponse(ParseException e, State state) {
ErrorObject errorObject = e.getErrorObject();
if (errorObject == null) {
errorObject = com.nimbusds.oauth2.sdk.OAuth2Error.INVALID_REQUEST;
if (e.getMessage() != null) {
errorObject = errorObject.setDescription(e.getMessage());
}
}
JSONObject json = errorObject.toJSONObject();
if (state != null) {
json.put("state", state.getValue());
}
return Response.status(errorObject.getHTTPStatusCode()).entity(json).build();
}
Aggregations