Example 1 with com.nimbusds.oauth2.sdk
use of com.nimbusds.oauth2.sdk in project conquery by bakdata.
the class JwtPkceVerifyingRealmFactory method getTokenResponse.
/**
* Tries to redeem the {@link AuthorizationGrant} for an {@link com.nimbusds.oauth2.sdk.token.AccessToken} ( + {@link RefreshToken}).
*/
@Nullable
@SneakyThrows({ ParseException.class, IOException.class })
private AccessTokenResponse getTokenResponse(ContainerRequestContext request, AuthorizationGrant authzGrant) {
// Retrieve the IDP configuration
final Optional<IdpConfiguration> idpConfigurationOpt = idpConfigurationSupplier.get();
if (idpConfigurationOpt.isEmpty()) {
log.warn("Unable to start authentication, because idp configuration is not available.");
return null;
}
JwtPkceVerifyingRealmFactory.IdpConfiguration idpConfiguration = idpConfigurationOpt.get();
// Send the auth code/refresh token to the IDP to redeem them for a new access and refresh token
final TokenRequest tokenRequest = new TokenRequest(UriBuilder.fromUri(idpConfiguration.getTokenEndpoint()).build(), new ClientID(client), authzGrant);
// Get the response
TokenResponse response = TokenResponse.parse(tokenRequest.toHTTPRequest().send());
// Check if the response was valid
if (!response.indicatesSuccess()) {
HTTPResponse httpResponse = response.toHTTPResponse();
log.warn("Unable to retrieve access token from auth server: {}", httpResponse.getContent());
return null;
} else if (!(response instanceof AccessTokenResponse)) {
log.warn("Unknown token response {}.", response.getClass().getName());
return null;
}
return (AccessTokenResponse) response;
}
Also used :
HTTPResponse(com.nimbusds.oauth2.sdk.http.HTTPResponse)
ClientID(com.nimbusds.oauth2.sdk.id.ClientID)
Nullable(org.jetbrains.annotations.Nullable)
Example 2 with com.nimbusds.oauth2.sdk
use of com.nimbusds.oauth2.sdk in project chipster-web-server by chipster.
the class OidcProvidersImpl method getMetadata.
private OIDCProviderMetadata getMetadata(OidcConfig oidc) throws IOException, com.nimbusds.oauth2.sdk.ParseException {
// The OpenID provider issuer URL
Issuer issuer = new Issuer(oidc.getIssuer());
// Will resolve the OpenID provider metadata automatically
OIDCProviderConfigurationRequest request = new OIDCProviderConfigurationRequest(issuer);
// Make HTTP request
HTTPRequest httpRequest = request.toHTTPRequest();
HTTPResponse httpResponse = httpRequest.send();
// Parse OpenID provider metadata
return OIDCProviderMetadata.parse(httpResponse.getContentAsJSONObject());
}
Also used :
HTTPRequest(com.nimbusds.oauth2.sdk.http.HTTPRequest)
Issuer(com.nimbusds.oauth2.sdk.id.Issuer)
HTTPResponse(com.nimbusds.oauth2.sdk.http.HTTPResponse)
OIDCProviderConfigurationRequest(com.nimbusds.openid.connect.sdk.op.OIDCProviderConfigurationRequest)
Example 3 with com.nimbusds.oauth2.sdk
use of com.nimbusds.oauth2.sdk in project chipster-web-server by chipster.
the class OidcProvidersImpl method getUserInfo.
@Override
public UserInfo getUserInfo(OidcConfig oidcConfig, String accessTokenString, boolean isDebug) {
URI userInfoEndpoint = this.userInfoEndpointURIs.get(oidcConfig);
BearerAccessToken token = new BearerAccessToken(accessTokenString);
if (isDebug) {
logger.info("get userinfo from " + userInfoEndpoint);
}
try {
// Make the request
HTTPResponse httpResponse = new UserInfoRequest(userInfoEndpoint, token).toHTTPRequest().send();
// Parse the response
UserInfoResponse userInfoResponse = UserInfoResponse.parse(httpResponse);
if (!userInfoResponse.indicatesSuccess()) {
// The request failed, e.g. due to invalid or expired token
logger.error("userinfo request failed: " + userInfoResponse.toErrorResponse().getErrorObject().getCode() + " " + userInfoResponse.toErrorResponse().getErrorObject().getDescription());
throw new InternalServerErrorException("userinfo request failed");
}
return userInfoResponse.toSuccessResponse().getUserInfo();
} catch (com.nimbusds.oauth2.sdk.ParseException | IOException e) {
throw new InternalServerErrorException("oidc userinfo error", e);
}
}
Also used :
HTTPResponse(com.nimbusds.oauth2.sdk.http.HTTPResponse)
InternalServerErrorException(jakarta.ws.rs.InternalServerErrorException)
UserInfoRequest(com.nimbusds.openid.connect.sdk.UserInfoRequest)
BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken)
IOException(java.io.IOException)
UserInfoResponse(com.nimbusds.openid.connect.sdk.UserInfoResponse)
URI(java.net.URI)
Example 4 with com.nimbusds.oauth2.sdk
use of com.nimbusds.oauth2.sdk in project Alpine by stevespringett.
the class OidcUserInfoAuthenticator method authenticate.
OidcProfile authenticate(final String accessToken, final OidcProfileCreator profileCreator) throws AlpineAuthenticationException {
final UserInfoResponse userInfoResponse;
try {
final var httpResponse = new UserInfoRequest(configuration.getUserInfoEndpointUri(), new BearerAccessToken(accessToken)).toHTTPRequest().send();
userInfoResponse = UserInfoResponse.parse(httpResponse);
} catch (IOException e) {
LOGGER.error("UserInfo request failed", e);
throw new AlpineAuthenticationException(AlpineAuthenticationException.CauseType.OTHER);
} catch (com.nimbusds.oauth2.sdk.ParseException e) {
LOGGER.error("Parsing UserInfo response failed", e);
throw new AlpineAuthenticationException(AlpineAuthenticationException.CauseType.OTHER);
}
if (!userInfoResponse.indicatesSuccess()) {
final var error = userInfoResponse.toErrorResponse().getErrorObject();
LOGGER.error("UserInfo request failed (Code:" + error.getCode() + ", Description: " + error.getDescription() + ")");
throw new AlpineAuthenticationException(AlpineAuthenticationException.CauseType.INVALID_CREDENTIALS);
}
final var userInfo = userInfoResponse.toSuccessResponse().getUserInfo();
LOGGER.debug("UserInfo response: " + userInfo.toJSONString());
return profileCreator.create(userInfo);
}
Also used :
UserInfoRequest(com.nimbusds.openid.connect.sdk.UserInfoRequest)
BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken)
IOException(java.io.IOException)
UserInfoResponse(com.nimbusds.openid.connect.sdk.UserInfoResponse)
Example 5 with com.nimbusds.oauth2.sdk
use of com.nimbusds.oauth2.sdk in project Kustvakt by KorAP.
the class OpenIdResponseHandler method createErrorResponse.
public Response createErrorResponse(ParseException e, State state) {
ErrorObject errorObject = e.getErrorObject();
if (errorObject == null) {
errorObject = com.nimbusds.oauth2.sdk.OAuth2Error.INVALID_REQUEST;
if (e.getMessage() != null) {
errorObject = errorObject.setDescription(e.getMessage());
}
}
JSONObject json = errorObject.toJSONObject();
if (state != null) {
json.put("state", state.getValue());
}
return Response.status(errorObject.getHTTPStatusCode()).entity(json).build();
}
Also used :
JSONObject(net.minidev.json.JSONObject)
ErrorObject(com.nimbusds.oauth2.sdk.ErrorObject)
Aggregations
URI (java.net.URI)7
IOException (java.io.IOException)6
HTTPRequest (com.nimbusds.oauth2.sdk.http.HTTPRequest)5
HTTPResponse (com.nimbusds.oauth2.sdk.http.HTTPResponse)5
ClientID (com.nimbusds.oauth2.sdk.id.ClientID)5
ErrorObject (com.nimbusds.oauth2.sdk.ErrorObject)4
ParseException (com.nimbusds.oauth2.sdk.ParseException)4
AccessTokenResponse (com.nimbusds.oauth2.sdk.AccessTokenResponse)3
TokenRequest (com.nimbusds.oauth2.sdk.TokenRequest)3
TokenResponse (com.nimbusds.oauth2.sdk.TokenResponse)3
ClientSecretBasic (com.nimbusds.oauth2.sdk.auth.ClientSecretBasic)3
Issuer (com.nimbusds.oauth2.sdk.id.Issuer)3
BearerAccessToken (com.nimbusds.oauth2.sdk.token.BearerAccessToken)3
ParseException (java.text.ParseException)3
com.nimbusds.oauth2.sdk (com.nimbusds.oauth2.sdk)2
AuthorizationCode (com.nimbusds.oauth2.sdk.AuthorizationCode)2
AuthorizationResponse (com.nimbusds.oauth2.sdk.AuthorizationResponse)2
AuthorizationSuccessResponse (com.nimbusds.oauth2.sdk.AuthorizationSuccessResponse)2
Secret (com.nimbusds.oauth2.sdk.auth.Secret)2
Audience (com.nimbusds.oauth2.sdk.id.Audience)2
