Search in sources :

Example 16 with AuthorizationRequest

use of com.nimbusds.oauth2.sdk.AuthorizationRequest in project OpenConext-oidcng by OpenConext.

the class AuthorizationEndpointUnitTest method doValidateRedirectionUri.

@SuppressWarnings("unchecked")
private void doValidateRedirectionUri(String clientRedirectUri, String requestRedirectUri) throws IOException, ParseException {
    AuthorizationRequest authorizationRequest = authorizationRequest(new FluentMap<String, String>().p("client_id", "http://oidc-rp").p("response_type", "code").p("redirect_uri", requestRedirectUri));
    OpenIDClient client = openIDClient(clientRedirectUri, "open_id", "authorization_code");
    ProvidedRedirectURI redirectUri = AuthorizationEndpoint.validateRedirectionURI(authorizationRequest.getRedirectionURI(), client);
    assertEquals(redirectUri.getRedirectURI(), requestRedirectUri != null ? requestRedirectUri : clientRedirectUri);
}
Also used : AuthorizationRequest(com.nimbusds.oauth2.sdk.AuthorizationRequest) OpenIDClient(oidc.model.OpenIDClient) ProvidedRedirectURI(oidc.model.ProvidedRedirectURI)

Example 17 with AuthorizationRequest

use of com.nimbusds.oauth2.sdk.AuthorizationRequest in project OpenConext-oidcng by OpenConext.

the class AuthorizationEndpointUnitTest method authorizationRequest.

private AuthorizationRequest authorizationRequest(Map<String, String> parameters) throws IOException, ParseException {
    parameters.put("client_id", "https://mock-rp");
    String queryString = parameters.entrySet().stream().filter(p -> p.getValue() != null).map(p -> String.format("%s=%s", p.getKey(), p.getValue())).collect(Collectors.joining("&"));
    MockHttpServletRequest request = new MockHttpServletRequest(HttpMethod.GET.name(), "http://localhost");
    request.setQueryString(queryString);
    return AuthorizationRequest.parse(ServletUtils.createHTTPRequest(request));
}
Also used : Prompt(com.nimbusds.openid.connect.sdk.Prompt) ProvidedRedirectURI(oidc.model.ProvidedRedirectURI) ServletUtils(com.nimbusds.oauth2.sdk.http.ServletUtils) RedirectMismatchException(oidc.exceptions.RedirectMismatchException) ArrayList(java.util.ArrayList) Collections.singletonList(java.util.Collections.singletonList) ResponseType(com.nimbusds.oauth2.sdk.ResponseType) Map(java.util.Map) UnsupportedPromptValueException(oidc.exceptions.UnsupportedPromptValueException) ParseException(com.nimbusds.oauth2.sdk.ParseException) OpenIDClient(oidc.model.OpenIDClient) Scope(com.nimbusds.oauth2.sdk.Scope) HttpMethod(org.springframework.http.HttpMethod) Assert.assertTrue(org.junit.Assert.assertTrue) InvalidGrantException(oidc.exceptions.InvalidGrantException) Test(org.junit.Test) IOException(java.io.IOException) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Mockito.when(org.mockito.Mockito.when) ArgumentMatchers.anyList(org.mockito.ArgumentMatchers.anyList) Collectors(java.util.stream.Collectors) AuthorizationRequest(com.nimbusds.oauth2.sdk.AuthorizationRequest) List(java.util.List) InvalidScopeException(oidc.exceptions.InvalidScopeException) OpenIDClientRepository(oidc.repository.OpenIDClientRepository) Collections(java.util.Collections) Assert.assertEquals(org.junit.Assert.assertEquals) StringUtils(org.springframework.util.StringUtils) Mockito.mock(org.mockito.Mockito.mock) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)

Example 18 with AuthorizationRequest

use of com.nimbusds.oauth2.sdk.AuthorizationRequest in project OpenConext-oidcng by OpenConext.

the class AuthnRequestConverter method validateAuthorizationRequest.

@SneakyThrows
private void validateAuthorizationRequest(AuthorizationRequest authorizationRequest, OpenIDClient openIDClient) {
    ClientID clientID = authorizationRequest.getClientID();
    MDCContext.mdcContext("action", "Authorization", "clientId", clientID.getValue());
    AuthorizationEndpoint.validateScopes(openIDClientRepository, authorizationRequest.getScope(), openIDClient);
    AuthorizationEndpoint.validateGrantType(authorizationRequest, openIDClient);
}
Also used : ClientID(com.nimbusds.oauth2.sdk.id.ClientID) SneakyThrows(lombok.SneakyThrows)

Example 19 with AuthorizationRequest

use of com.nimbusds.oauth2.sdk.AuthorizationRequest in project OpenConext-oidcng by OpenConext.

the class AuthnRequestConverter method convert.

@SneakyThrows
@Override
public AuthnRequest convert(Saml2AuthenticationRequestContext ctx) {
    CustomSaml2AuthenticationRequestContext context = (CustomSaml2AuthenticationRequestContext) ctx;
    HttpServletRequest request = context.getRequest();
    HttpSession session = request.getSession(false);
    if (session == null) {
        LOG.warn("There is no session in the HttpServletRequest. CookiesNotSupportedException will be thrown");
    } else {
        Enumeration<String> attributeNames = session.getAttributeNames();
        List<String> list = Collections.list(attributeNames);
        if (!list.contains("SPRING_SECURITY_SAVED_REQUEST")) {
            LOG.info("There is a session in the HttpServletRequest with ID " + session.getId() + " which does not contain a saved request. Attribute names are: " + list.toString());
        }
    }
    SavedRequest savedRequest = requestCache.getRequest(request, null);
    if (savedRequest == null) {
        throw new CookiesNotSupportedException();
    }
    Map<String, String[]> parameterMap = savedRequest.getParameterMap();
    Map<String, List<String>> parameters = parameterMap.keySet().stream().collect(Collectors.toMap(key -> key, key -> Arrays.asList(parameterMap.get(key))));
    List<String> redirectUris = parameters.get("redirect_uri");
    URI redirectURI = CollectionUtils.isEmpty(redirectUris) ? null : new URI(redirectUris.get(0));
    List<String> clientIds = parameters.get("client_id");
    String clientId = CollectionUtils.isEmpty(clientIds) ? null : clientIds.get(0);
    OpenIDClient openIDClient = openIDClientRepository.findOptionalByClientId(clientId).orElseThrow(() -> new UnknownClientException(clientId));
    AuthorizationEndpoint.validateRedirectionURI(redirectURI, openIDClient);
    request.setAttribute(REDIRECT_URI_VALID, true);
    AuthorizationRequest authorizationRequest = AuthorizationRequest.parse(parameters);
    validateAuthorizationRequest(authorizationRequest, openIDClient);
    RelyingPartyRegistration relyingParty = context.getRelyingPartyRegistration();
    AuthnRequestBuilder authnRequestBuilder = (AuthnRequestBuilder) registry.getBuilderFactory().getBuilder(AuthnRequest.DEFAULT_ELEMENT_NAME);
    AuthnRequest authnRequest = authnRequestBuilder.buildObject();
    authnRequest.setID("ARQ" + UUID.randomUUID().toString().substring(1));
    authnRequest.setIssueInstant(Instant.now());
    authnRequest.setProtocolBinding(POST.getUrn());
    IssuerBuilder issuerBuilder = (IssuerBuilder) registry.getBuilderFactory().getBuilder(Issuer.DEFAULT_ELEMENT_NAME);
    Issuer issuer = issuerBuilder.buildObject();
    issuer.setValue(relyingParty.getEntityId());
    authnRequest.setIssuer(issuer);
    authnRequest.setDestination(context.getDestination());
    authnRequest.setAssertionConsumerServiceURL(context.getAssertionConsumerServiceUrl());
    saveAuthenticationRequestUrl(savedRequest, authnRequest, authorizationRequest.getClientID());
    enhanceAuthenticationRequest(authnRequest, parameters);
    return authnRequest;
}
Also used : URLCoding(oidc.web.URLCoding) RequestCache(org.springframework.security.web.savedrequest.RequestCache) java.util(java.util) Prompt(com.nimbusds.openid.connect.sdk.Prompt) URLDecoder(java.net.URLDecoder) SneakyThrows(lombok.SneakyThrows) URISyntaxException(java.net.URISyntaxException) LocalDateTime(java.time.LocalDateTime) UnknownClientException(oidc.exceptions.UnknownClientException) org.opensaml.saml.saml2.core.impl(org.opensaml.saml.saml2.core.impl) XMLObjectProviderRegistry(org.opensaml.core.xml.config.XMLObjectProviderRegistry) RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) HttpServletRequest(javax.servlet.http.HttpServletRequest) Charset(java.nio.charset.Charset) Saml2AuthenticationRequestContext(org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationRequestContext) ParseException(com.nimbusds.oauth2.sdk.ParseException) OpenIDClient(oidc.model.OpenIDClient) URI(java.net.URI) MDCContext(oidc.log.MDCContext) Converter(org.springframework.core.convert.converter.Converter) HttpSession(javax.servlet.http.HttpSession) ClientID(com.nimbusds.oauth2.sdk.id.ClientID) JWTRequest(oidc.secure.JWTRequest) org.opensaml.saml.saml2.core(org.opensaml.saml.saml2.core) SavedRequest(org.springframework.security.web.savedrequest.SavedRequest) ConfigurationService(org.opensaml.core.config.ConfigurationService) Instant(java.time.Instant) Collectors(java.util.stream.Collectors) POST(org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding.POST) ZoneId(java.time.ZoneId) AuthorizationRequest(com.nimbusds.oauth2.sdk.AuthorizationRequest) AuthenticationRequestRepository(oidc.repository.AuthenticationRequestRepository) ServiceProviderTranslation(oidc.manage.ServiceProviderTranslation) Stream(java.util.stream.Stream) CookiesNotSupportedException(oidc.exceptions.CookiesNotSupportedException) CollectionUtils(org.springframework.util.CollectionUtils) OpenIDClientRepository(oidc.repository.OpenIDClientRepository) ACR(com.nimbusds.openid.connect.sdk.claims.ACR) Log(org.apache.commons.logging.Log) LogFactory(org.apache.commons.logging.LogFactory) UnsupportedEncodingException(java.io.UnsupportedEncodingException) AuthorizationEndpoint(oidc.endpoints.AuthorizationEndpoint) StringUtils(org.springframework.util.StringUtils) RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) AuthorizationRequest(com.nimbusds.oauth2.sdk.AuthorizationRequest) UnknownClientException(oidc.exceptions.UnknownClientException) HttpSession(javax.servlet.http.HttpSession) OpenIDClient(oidc.model.OpenIDClient) URI(java.net.URI) HttpServletRequest(javax.servlet.http.HttpServletRequest) CookiesNotSupportedException(oidc.exceptions.CookiesNotSupportedException) SavedRequest(org.springframework.security.web.savedrequest.SavedRequest) SneakyThrows(lombok.SneakyThrows)

Example 20 with AuthorizationRequest

use of com.nimbusds.oauth2.sdk.AuthorizationRequest in project di-authentication-api by alphagov.

the class TokenHandlerTest method generateAuthRequest.

private static AuthorizationRequest generateAuthRequest(SignedJWT signedJWT) {
    Scope scope = new Scope();
    scope.add(OIDCScopeValue.OPENID);
    AuthorizationRequest.Builder builder = new AuthorizationRequest.Builder(ResponseType.CODE, DOC_APP_CLIENT_ID).requestObject(signedJWT);
    return builder.build();
}
Also used : AuthorizationRequest(com.nimbusds.oauth2.sdk.AuthorizationRequest) Scope(com.nimbusds.oauth2.sdk.Scope)

Aggregations

AuthorizationRequest (com.nimbusds.oauth2.sdk.AuthorizationRequest)13 Scope (com.nimbusds.oauth2.sdk.Scope)9 ResponseType (com.nimbusds.oauth2.sdk.ResponseType)7 URI (java.net.URI)6 OpenIDClient (oidc.model.OpenIDClient)6 AuthenticationRequest (com.nimbusds.openid.connect.sdk.AuthenticationRequest)5 State (com.nimbusds.oauth2.sdk.id.State)4 ParseException (com.nimbusds.oauth2.sdk.ParseException)3 ClientID (com.nimbusds.oauth2.sdk.id.ClientID)3 Nonce (com.nimbusds.openid.connect.sdk.Nonce)3 Prompt (com.nimbusds.openid.connect.sdk.Prompt)3 Map (java.util.Map)3 ProvidedRedirectURI (oidc.model.ProvidedRedirectURI)3 OpenIDClientRepository (oidc.repository.OpenIDClientRepository)3 ClientSession (uk.gov.di.authentication.shared.entity.ClientSession)3 AuthorizationCode (com.nimbusds.oauth2.sdk.AuthorizationCode)2 IOException (java.io.IOException)2 URISyntaxException (java.net.URISyntaxException)2 List (java.util.List)2 Collectors (java.util.stream.Collectors)2