Search in sources :

Example 1 with ErrorObject

use of com.nimbusds.oauth2.sdk.ErrorObject in project spring-security by spring-projects.

the class OAuth2AccessTokenResponseBodyExtractor method oauth2AccessTokenResponse.

private static Mono<AccessTokenResponse> oauth2AccessTokenResponse(TokenResponse tokenResponse) {
    if (tokenResponse.indicatesSuccess()) {
        return Mono.just(tokenResponse).cast(AccessTokenResponse.class);
    }
    TokenErrorResponse tokenErrorResponse = (TokenErrorResponse) tokenResponse;
    ErrorObject errorObject = tokenErrorResponse.getErrorObject();
    OAuth2Error oauth2Error = getOAuth2Error(errorObject);
    return Mono.error(new OAuth2AuthorizationException(oauth2Error));
}
Also used : OAuth2AuthorizationException(org.springframework.security.oauth2.core.OAuth2AuthorizationException) TokenErrorResponse(com.nimbusds.oauth2.sdk.TokenErrorResponse) ErrorObject(com.nimbusds.oauth2.sdk.ErrorObject) OAuth2Error(org.springframework.security.oauth2.core.OAuth2Error)

Example 2 with ErrorObject

use of com.nimbusds.oauth2.sdk.ErrorObject in project spring-security by spring-projects.

the class NimbusReactiveOpaqueTokenIntrospector method castToNimbusSuccess.

private TokenIntrospectionSuccessResponse castToNimbusSuccess(TokenIntrospectionResponse introspectionResponse) {
    if (!introspectionResponse.indicatesSuccess()) {
        ErrorObject errorObject = introspectionResponse.toErrorResponse().getErrorObject();
        String message = "Token introspection failed with response " + errorObject.toJSONObject().toJSONString();
        this.logger.trace(message);
        throw new OAuth2IntrospectionException(message);
    }
    return (TokenIntrospectionSuccessResponse) introspectionResponse;
}
Also used : ErrorObject(com.nimbusds.oauth2.sdk.ErrorObject) TokenIntrospectionSuccessResponse(com.nimbusds.oauth2.sdk.TokenIntrospectionSuccessResponse)

Example 3 with ErrorObject

use of com.nimbusds.oauth2.sdk.ErrorObject in project spring-security by spring-projects.

the class NimbusOpaqueTokenIntrospector method castToNimbusSuccess.

private TokenIntrospectionSuccessResponse castToNimbusSuccess(TokenIntrospectionResponse introspectionResponse) {
    if (!introspectionResponse.indicatesSuccess()) {
        ErrorObject errorObject = introspectionResponse.toErrorResponse().getErrorObject();
        String message = "Token introspection failed with response " + errorObject.toJSONObject().toJSONString();
        this.logger.trace(message);
        throw new OAuth2IntrospectionException(message);
    }
    return (TokenIntrospectionSuccessResponse) introspectionResponse;
}
Also used : ErrorObject(com.nimbusds.oauth2.sdk.ErrorObject) TokenIntrospectionSuccessResponse(com.nimbusds.oauth2.sdk.TokenIntrospectionSuccessResponse)

Example 4 with ErrorObject

use of com.nimbusds.oauth2.sdk.ErrorObject in project spring-security by spring-projects.

the class NimbusAuthorizationCodeTokenResponseClient method getTokenResponse.

@Override
public OAuth2AccessTokenResponse getTokenResponse(OAuth2AuthorizationCodeGrantRequest authorizationGrantRequest) {
    ClientRegistration clientRegistration = authorizationGrantRequest.getClientRegistration();
    // Build the authorization code grant request for the token endpoint
    AuthorizationCode authorizationCode = new AuthorizationCode(authorizationGrantRequest.getAuthorizationExchange().getAuthorizationResponse().getCode());
    URI redirectUri = toURI(authorizationGrantRequest.getAuthorizationExchange().getAuthorizationRequest().getRedirectUri());
    AuthorizationGrant authorizationCodeGrant = new AuthorizationCodeGrant(authorizationCode, redirectUri);
    URI tokenUri = toURI(clientRegistration.getProviderDetails().getTokenUri());
    // Set the credentials to authenticate the client at the token endpoint
    ClientID clientId = new ClientID(clientRegistration.getClientId());
    Secret clientSecret = new Secret(clientRegistration.getClientSecret());
    boolean isPost = ClientAuthenticationMethod.CLIENT_SECRET_POST.equals(clientRegistration.getClientAuthenticationMethod()) || ClientAuthenticationMethod.POST.equals(clientRegistration.getClientAuthenticationMethod());
    ClientAuthentication clientAuthentication = isPost ? new ClientSecretPost(clientId, clientSecret) : new ClientSecretBasic(clientId, clientSecret);
    com.nimbusds.oauth2.sdk.TokenResponse tokenResponse = getTokenResponse(authorizationCodeGrant, tokenUri, clientAuthentication);
    if (!tokenResponse.indicatesSuccess()) {
        TokenErrorResponse tokenErrorResponse = (TokenErrorResponse) tokenResponse;
        ErrorObject errorObject = tokenErrorResponse.getErrorObject();
        throw new OAuth2AuthorizationException(getOAuthError(errorObject));
    }
    AccessTokenResponse accessTokenResponse = (AccessTokenResponse) tokenResponse;
    String accessToken = accessTokenResponse.getTokens().getAccessToken().getValue();
    OAuth2AccessToken.TokenType accessTokenType = null;
    if (OAuth2AccessToken.TokenType.BEARER.getValue().equalsIgnoreCase(accessTokenResponse.getTokens().getAccessToken().getType().getValue())) {
        accessTokenType = OAuth2AccessToken.TokenType.BEARER;
    }
    long expiresIn = accessTokenResponse.getTokens().getAccessToken().getLifetime();
    // As per spec, in section 5.1 Successful Access Token Response
    // https://tools.ietf.org/html/rfc6749#section-5.1
    // If AccessTokenResponse.scope is empty, then default to the scope
    // originally requested by the client in the Authorization Request
    Set<String> scopes = getScopes(authorizationGrantRequest, accessTokenResponse);
    String refreshToken = null;
    if (accessTokenResponse.getTokens().getRefreshToken() != null) {
        refreshToken = accessTokenResponse.getTokens().getRefreshToken().getValue();
    }
    Map<String, Object> additionalParameters = new LinkedHashMap<>(accessTokenResponse.getCustomParameters());
    // @formatter:off
    return OAuth2AccessTokenResponse.withToken(accessToken).tokenType(accessTokenType).expiresIn(expiresIn).scopes(scopes).refreshToken(refreshToken).additionalParameters(additionalParameters).build();
// @formatter:on
}
Also used : URI(java.net.URI) ClientSecretBasic(com.nimbusds.oauth2.sdk.auth.ClientSecretBasic) LinkedHashMap(java.util.LinkedHashMap) TokenErrorResponse(com.nimbusds.oauth2.sdk.TokenErrorResponse) ClientSecretPost(com.nimbusds.oauth2.sdk.auth.ClientSecretPost) OAuth2AccessToken(org.springframework.security.oauth2.core.OAuth2AccessToken) AuthorizationGrant(com.nimbusds.oauth2.sdk.AuthorizationGrant) ClientAuthentication(com.nimbusds.oauth2.sdk.auth.ClientAuthentication) AccessTokenResponse(com.nimbusds.oauth2.sdk.AccessTokenResponse) OAuth2AccessTokenResponse(org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse) OAuth2AuthorizationException(org.springframework.security.oauth2.core.OAuth2AuthorizationException) AuthorizationCode(com.nimbusds.oauth2.sdk.AuthorizationCode) ErrorObject(com.nimbusds.oauth2.sdk.ErrorObject) Secret(com.nimbusds.oauth2.sdk.auth.Secret) ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration) AuthorizationCodeGrant(com.nimbusds.oauth2.sdk.AuthorizationCodeGrant) ClientID(com.nimbusds.oauth2.sdk.id.ClientID) ErrorObject(com.nimbusds.oauth2.sdk.ErrorObject)

Aggregations

ErrorObject (com.nimbusds.oauth2.sdk.ErrorObject)4 TokenErrorResponse (com.nimbusds.oauth2.sdk.TokenErrorResponse)2 TokenIntrospectionSuccessResponse (com.nimbusds.oauth2.sdk.TokenIntrospectionSuccessResponse)2 OAuth2AuthorizationException (org.springframework.security.oauth2.core.OAuth2AuthorizationException)2 AccessTokenResponse (com.nimbusds.oauth2.sdk.AccessTokenResponse)1 AuthorizationCode (com.nimbusds.oauth2.sdk.AuthorizationCode)1 AuthorizationCodeGrant (com.nimbusds.oauth2.sdk.AuthorizationCodeGrant)1 AuthorizationGrant (com.nimbusds.oauth2.sdk.AuthorizationGrant)1 ClientAuthentication (com.nimbusds.oauth2.sdk.auth.ClientAuthentication)1 ClientSecretBasic (com.nimbusds.oauth2.sdk.auth.ClientSecretBasic)1 ClientSecretPost (com.nimbusds.oauth2.sdk.auth.ClientSecretPost)1 Secret (com.nimbusds.oauth2.sdk.auth.Secret)1 ClientID (com.nimbusds.oauth2.sdk.id.ClientID)1 URI (java.net.URI)1 LinkedHashMap (java.util.LinkedHashMap)1 ClientRegistration (org.springframework.security.oauth2.client.registration.ClientRegistration)1 OAuth2AccessToken (org.springframework.security.oauth2.core.OAuth2AccessToken)1 OAuth2Error (org.springframework.security.oauth2.core.OAuth2Error)1 OAuth2AccessTokenResponse (org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse)1