Example 16 with AuthorizationRequest
use of com.nimbusds.oauth2.sdk.AuthorizationRequest in project OpenConext-oidcng by OpenConext.
the class AuthorizationEndpointUnitTest method doValidateRedirectionUri.
@SuppressWarnings("unchecked")
private void doValidateRedirectionUri(String clientRedirectUri, String requestRedirectUri) throws IOException, ParseException {
AuthorizationRequest authorizationRequest = authorizationRequest(new FluentMap<String, String>().p("client_id", "http://oidc-rp").p("response_type", "code").p("redirect_uri", requestRedirectUri));
OpenIDClient client = openIDClient(clientRedirectUri, "open_id", "authorization_code");
ProvidedRedirectURI redirectUri = AuthorizationEndpoint.validateRedirectionURI(authorizationRequest.getRedirectionURI(), client);
assertEquals(redirectUri.getRedirectURI(), requestRedirectUri != null ? requestRedirectUri : clientRedirectUri);
}
Also used :
AuthorizationRequest(com.nimbusds.oauth2.sdk.AuthorizationRequest)
OpenIDClient(oidc.model.OpenIDClient)
ProvidedRedirectURI(oidc.model.ProvidedRedirectURI)
Example 17 with AuthorizationRequest
use of com.nimbusds.oauth2.sdk.AuthorizationRequest in project OpenConext-oidcng by OpenConext.
the class AuthorizationEndpointUnitTest method authorizationRequest.
private AuthorizationRequest authorizationRequest(Map<String, String> parameters) throws IOException, ParseException {
parameters.put("client_id", "https://mock-rp");
String queryString = parameters.entrySet().stream().filter(p -> p.getValue() != null).map(p -> String.format("%s=%s", p.getKey(), p.getValue())).collect(Collectors.joining("&"));
MockHttpServletRequest request = new MockHttpServletRequest(HttpMethod.GET.name(), "http://localhost");
request.setQueryString(queryString);
return AuthorizationRequest.parse(ServletUtils.createHTTPRequest(request));
}
Also used :
Prompt(com.nimbusds.openid.connect.sdk.Prompt)
ProvidedRedirectURI(oidc.model.ProvidedRedirectURI)
ServletUtils(com.nimbusds.oauth2.sdk.http.ServletUtils)
RedirectMismatchException(oidc.exceptions.RedirectMismatchException)
ArrayList(java.util.ArrayList)
Collections.singletonList(java.util.Collections.singletonList)
ResponseType(com.nimbusds.oauth2.sdk.ResponseType)
Map(java.util.Map)
UnsupportedPromptValueException(oidc.exceptions.UnsupportedPromptValueException)
ParseException(com.nimbusds.oauth2.sdk.ParseException)
OpenIDClient(oidc.model.OpenIDClient)
Scope(com.nimbusds.oauth2.sdk.Scope)
HttpMethod(org.springframework.http.HttpMethod)
Assert.assertTrue(org.junit.Assert.assertTrue)
InvalidGrantException(oidc.exceptions.InvalidGrantException)
Test(org.junit.Test)
IOException(java.io.IOException)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
Mockito.when(org.mockito.Mockito.when)
ArgumentMatchers.anyList(org.mockito.ArgumentMatchers.anyList)
Collectors(java.util.stream.Collectors)
AuthorizationRequest(com.nimbusds.oauth2.sdk.AuthorizationRequest)
List(java.util.List)
InvalidScopeException(oidc.exceptions.InvalidScopeException)
OpenIDClientRepository(oidc.repository.OpenIDClientRepository)
Collections(java.util.Collections)
Assert.assertEquals(org.junit.Assert.assertEquals)
StringUtils(org.springframework.util.StringUtils)
Mockito.mock(org.mockito.Mockito.mock)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
Example 18 with AuthorizationRequest
use of com.nimbusds.oauth2.sdk.AuthorizationRequest in project OpenConext-oidcng by OpenConext.
the class AuthnRequestConverter method validateAuthorizationRequest.
@SneakyThrows
private void validateAuthorizationRequest(AuthorizationRequest authorizationRequest, OpenIDClient openIDClient) {
ClientID clientID = authorizationRequest.getClientID();
MDCContext.mdcContext("action", "Authorization", "clientId", clientID.getValue());
AuthorizationEndpoint.validateScopes(openIDClientRepository, authorizationRequest.getScope(), openIDClient);
AuthorizationEndpoint.validateGrantType(authorizationRequest, openIDClient);
}
Also used :
ClientID(com.nimbusds.oauth2.sdk.id.ClientID)
SneakyThrows(lombok.SneakyThrows)
Example 19 with AuthorizationRequest
use of com.nimbusds.oauth2.sdk.AuthorizationRequest in project OpenConext-oidcng by OpenConext.
the class AuthnRequestConverter method convert.
@SneakyThrows
@Override
public AuthnRequest convert(Saml2AuthenticationRequestContext ctx) {
CustomSaml2AuthenticationRequestContext context = (CustomSaml2AuthenticationRequestContext) ctx;
HttpServletRequest request = context.getRequest();
HttpSession session = request.getSession(false);
if (session == null) {
LOG.warn("There is no session in the HttpServletRequest. CookiesNotSupportedException will be thrown");
} else {
Enumeration<String> attributeNames = session.getAttributeNames();
List<String> list = Collections.list(attributeNames);
if (!list.contains("SPRING_SECURITY_SAVED_REQUEST")) {
LOG.info("There is a session in the HttpServletRequest with ID " + session.getId() + " which does not contain a saved request. Attribute names are: " + list.toString());
}
}
SavedRequest savedRequest = requestCache.getRequest(request, null);
if (savedRequest == null) {
throw new CookiesNotSupportedException();
}
Map<String, String[]> parameterMap = savedRequest.getParameterMap();
Map<String, List<String>> parameters = parameterMap.keySet().stream().collect(Collectors.toMap(key -> key, key -> Arrays.asList(parameterMap.get(key))));
List<String> redirectUris = parameters.get("redirect_uri");
URI redirectURI = CollectionUtils.isEmpty(redirectUris) ? null : new URI(redirectUris.get(0));
List<String> clientIds = parameters.get("client_id");
String clientId = CollectionUtils.isEmpty(clientIds) ? null : clientIds.get(0);
OpenIDClient openIDClient = openIDClientRepository.findOptionalByClientId(clientId).orElseThrow(() -> new UnknownClientException(clientId));
AuthorizationEndpoint.validateRedirectionURI(redirectURI, openIDClient);
request.setAttribute(REDIRECT_URI_VALID, true);
AuthorizationRequest authorizationRequest = AuthorizationRequest.parse(parameters);
validateAuthorizationRequest(authorizationRequest, openIDClient);
RelyingPartyRegistration relyingParty = context.getRelyingPartyRegistration();
AuthnRequestBuilder authnRequestBuilder = (AuthnRequestBuilder) registry.getBuilderFactory().getBuilder(AuthnRequest.DEFAULT_ELEMENT_NAME);
AuthnRequest authnRequest = authnRequestBuilder.buildObject();
authnRequest.setID("ARQ" + UUID.randomUUID().toString().substring(1));
authnRequest.setIssueInstant(Instant.now());
authnRequest.setProtocolBinding(POST.getUrn());
IssuerBuilder issuerBuilder = (IssuerBuilder) registry.getBuilderFactory().getBuilder(Issuer.DEFAULT_ELEMENT_NAME);
Issuer issuer = issuerBuilder.buildObject();
issuer.setValue(relyingParty.getEntityId());
authnRequest.setIssuer(issuer);
authnRequest.setDestination(context.getDestination());
authnRequest.setAssertionConsumerServiceURL(context.getAssertionConsumerServiceUrl());
saveAuthenticationRequestUrl(savedRequest, authnRequest, authorizationRequest.getClientID());
enhanceAuthenticationRequest(authnRequest, parameters);
return authnRequest;
}
Also used :
URLCoding(oidc.web.URLCoding)
RequestCache(org.springframework.security.web.savedrequest.RequestCache)
java.util(java.util)
Prompt(com.nimbusds.openid.connect.sdk.Prompt)
URLDecoder(java.net.URLDecoder)
SneakyThrows(lombok.SneakyThrows)
URISyntaxException(java.net.URISyntaxException)
LocalDateTime(java.time.LocalDateTime)
UnknownClientException(oidc.exceptions.UnknownClientException)
org.opensaml.saml.saml2.core.impl(org.opensaml.saml.saml2.core.impl)
XMLObjectProviderRegistry(org.opensaml.core.xml.config.XMLObjectProviderRegistry)
RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Charset(java.nio.charset.Charset)
Saml2AuthenticationRequestContext(org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationRequestContext)
ParseException(com.nimbusds.oauth2.sdk.ParseException)
OpenIDClient(oidc.model.OpenIDClient)
URI(java.net.URI)
MDCContext(oidc.log.MDCContext)
Converter(org.springframework.core.convert.converter.Converter)
HttpSession(javax.servlet.http.HttpSession)
ClientID(com.nimbusds.oauth2.sdk.id.ClientID)
JWTRequest(oidc.secure.JWTRequest)
org.opensaml.saml.saml2.core(org.opensaml.saml.saml2.core)
SavedRequest(org.springframework.security.web.savedrequest.SavedRequest)
ConfigurationService(org.opensaml.core.config.ConfigurationService)
Instant(java.time.Instant)
Collectors(java.util.stream.Collectors)
POST(org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding.POST)
ZoneId(java.time.ZoneId)
AuthorizationRequest(com.nimbusds.oauth2.sdk.AuthorizationRequest)
AuthenticationRequestRepository(oidc.repository.AuthenticationRequestRepository)
ServiceProviderTranslation(oidc.manage.ServiceProviderTranslation)
Stream(java.util.stream.Stream)
CookiesNotSupportedException(oidc.exceptions.CookiesNotSupportedException)
CollectionUtils(org.springframework.util.CollectionUtils)
OpenIDClientRepository(oidc.repository.OpenIDClientRepository)
ACR(com.nimbusds.openid.connect.sdk.claims.ACR)
Log(org.apache.commons.logging.Log)
LogFactory(org.apache.commons.logging.LogFactory)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
AuthorizationEndpoint(oidc.endpoints.AuthorizationEndpoint)
StringUtils(org.springframework.util.StringUtils)
RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)
AuthorizationRequest(com.nimbusds.oauth2.sdk.AuthorizationRequest)
UnknownClientException(oidc.exceptions.UnknownClientException)
HttpSession(javax.servlet.http.HttpSession)
OpenIDClient(oidc.model.OpenIDClient)
URI(java.net.URI)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
CookiesNotSupportedException(oidc.exceptions.CookiesNotSupportedException)
SavedRequest(org.springframework.security.web.savedrequest.SavedRequest)
SneakyThrows(lombok.SneakyThrows)
Example 20 with AuthorizationRequest
use of com.nimbusds.oauth2.sdk.AuthorizationRequest in project di-authentication-api by alphagov.
the class TokenHandlerTest method generateAuthRequest.
private static AuthorizationRequest generateAuthRequest(SignedJWT signedJWT) {
Scope scope = new Scope();
scope.add(OIDCScopeValue.OPENID);
AuthorizationRequest.Builder builder = new AuthorizationRequest.Builder(ResponseType.CODE, DOC_APP_CLIENT_ID).requestObject(signedJWT);
return builder.build();
}
Also used :
AuthorizationRequest(com.nimbusds.oauth2.sdk.AuthorizationRequest)
Scope(com.nimbusds.oauth2.sdk.Scope)
Aggregations
AuthorizationRequest (com.nimbusds.oauth2.sdk.AuthorizationRequest)13
Scope (com.nimbusds.oauth2.sdk.Scope)9
ResponseType (com.nimbusds.oauth2.sdk.ResponseType)7
URI (java.net.URI)6
OpenIDClient (oidc.model.OpenIDClient)6
AuthenticationRequest (com.nimbusds.openid.connect.sdk.AuthenticationRequest)5
State (com.nimbusds.oauth2.sdk.id.State)4
ParseException (com.nimbusds.oauth2.sdk.ParseException)3
ClientID (com.nimbusds.oauth2.sdk.id.ClientID)3
Nonce (com.nimbusds.openid.connect.sdk.Nonce)3
Prompt (com.nimbusds.openid.connect.sdk.Prompt)3
Map (java.util.Map)3
ProvidedRedirectURI (oidc.model.ProvidedRedirectURI)3
OpenIDClientRepository (oidc.repository.OpenIDClientRepository)3
ClientSession (uk.gov.di.authentication.shared.entity.ClientSession)3
AuthorizationCode (com.nimbusds.oauth2.sdk.AuthorizationCode)2
IOException (java.io.IOException)2
URISyntaxException (java.net.URISyntaxException)2
List (java.util.List)2
Collectors (java.util.stream.Collectors)2
