Example 6 with HTTPResponse
use of com.nimbusds.oauth2.sdk.http.HTTPResponse in project spring-security by spring-projects.
the class NimbusOpaqueTokenIntrospector method introspect.
@Override
public OAuth2AuthenticatedPrincipal introspect(String token) {
RequestEntity<?> requestEntity = this.requestEntityConverter.convert(token);
if (requestEntity == null) {
throw new OAuth2IntrospectionException("requestEntityConverter returned a null entity");
}
ResponseEntity<String> responseEntity = makeRequest(requestEntity);
HTTPResponse httpResponse = adaptToNimbusResponse(responseEntity);
TokenIntrospectionResponse introspectionResponse = parseNimbusResponse(httpResponse);
TokenIntrospectionSuccessResponse introspectionSuccessResponse = castToNimbusSuccess(introspectionResponse);
// 'exp', for example)
if (!introspectionSuccessResponse.isActive()) {
this.logger.trace("Did not validate token since it is inactive");
throw new BadOpaqueTokenException("Provided token isn't active");
}
return convertClaimsSet(introspectionSuccessResponse);
}
Also used :
HTTPResponse(com.nimbusds.oauth2.sdk.http.HTTPResponse)
TokenIntrospectionSuccessResponse(com.nimbusds.oauth2.sdk.TokenIntrospectionSuccessResponse)
TokenIntrospectionResponse(com.nimbusds.oauth2.sdk.TokenIntrospectionResponse)
Example 7 with HTTPResponse
use of com.nimbusds.oauth2.sdk.http.HTTPResponse in project spring-security by spring-projects.
the class NimbusOpaqueTokenIntrospector method adaptToNimbusResponse.
private HTTPResponse adaptToNimbusResponse(ResponseEntity<String> responseEntity) {
MediaType contentType = responseEntity.getHeaders().getContentType();
if (contentType == null) {
this.logger.trace("Did not receive Content-Type from introspection endpoint in response");
throw new OAuth2IntrospectionException("Introspection endpoint response was invalid, as no Content-Type header was provided");
}
// Nimbus expects JSON, but does not appear to validate this header first.
if (!contentType.isCompatibleWith(MediaType.APPLICATION_JSON)) {
this.logger.trace("Did not receive JSON-compatible Content-Type from introspection endpoint in response");
throw new OAuth2IntrospectionException("Introspection endpoint response was invalid, as content type '" + contentType + "' is not compatible with JSON");
}
HTTPResponse response = new HTTPResponse(responseEntity.getStatusCodeValue());
response.setHeader(HttpHeaders.CONTENT_TYPE, contentType.toString());
response.setContent(responseEntity.getBody());
if (response.getStatusCode() != HTTPResponse.SC_OK) {
this.logger.trace("Introspection endpoint returned non-OK status code");
throw new OAuth2IntrospectionException("Introspection endpoint responded with HTTP status code " + response.getStatusCode());
}
return response;
}
Also used :
HTTPResponse(com.nimbusds.oauth2.sdk.http.HTTPResponse)
MediaType(org.springframework.http.MediaType)
Example 8 with HTTPResponse
use of com.nimbusds.oauth2.sdk.http.HTTPResponse in project ddf by codice.
the class OidcCredentialsResolver method resolveIdToken.
/* This methods job is to try and get an id token from a
1. refresh token
2. authorization code
3. access token
*/
public void resolveIdToken(OidcCredentials credentials, WebContext webContext) {
final AccessToken initialAccessToken = credentials.getAccessToken();
final JWT initialIdToken = credentials.getIdToken();
try {
OidcTokenValidator.validateAccessToken(initialAccessToken, initialIdToken, resourceRetriever, metadata, configuration);
if (initialIdToken != null) {
OidcTokenValidator.validateIdTokens(initialIdToken, webContext, configuration, client);
return;
}
} catch (OidcValidationException e) {
throw new TechnicalException(e);
}
final RefreshToken initialRefreshToken = credentials.getRefreshToken();
final AuthorizationCode initialAuthorizationCode = credentials.getCode();
final List<AuthorizationGrant> grantList = new ArrayList<>();
if (initialRefreshToken != null) {
grantList.add(new RefreshTokenGrant(initialRefreshToken));
}
if (initialAuthorizationCode != null) {
try {
final URI callbackUri = new URI(client.computeFinalCallbackUrl(webContext));
grantList.add(new AuthorizationCodeGrant(initialAuthorizationCode, callbackUri));
} catch (URISyntaxException e) {
LOGGER.debug("Problem computing callback url. Cannot add authorization code grant.");
}
}
// try to get id token using refresh token and authorization code
for (AuthorizationGrant grant : grantList) {
try {
trySendingGrantAndPopulatingCredentials(grant, credentials, webContext);
if (credentials.getIdToken() != null) {
break;
}
} catch (IOException | ParseException e) {
LOGGER.debug("Problem sending grant ({}).", grant, e);
}
}
// try to get id token using access token
if (credentials.getIdToken() == null && initialAccessToken != null) {
final UserInfoRequest userInfoRequest = new UserInfoRequest(metadata.getUserInfoEndpointURI(), Method.GET, new BearerAccessToken(initialAccessToken.toString()));
final HTTPRequest userInfoHttpRequest = userInfoRequest.toHTTPRequest();
try {
final HTTPResponse httpResponse = userInfoHttpRequest.send();
final UserInfoResponse userInfoResponse = UserInfoResponse.parse(httpResponse);
if (userInfoResponse instanceof UserInfoSuccessResponse) {
final UserInfoSuccessResponse userInfoSuccessResponse = (UserInfoSuccessResponse) userInfoResponse;
JWT idToken = userInfoSuccessResponse.getUserInfoJWT();
if (idToken == null && userInfoSuccessResponse.getUserInfo().toJWTClaimsSet() != null) {
idToken = new PlainJWT(userInfoSuccessResponse.getUserInfo().toJWTClaimsSet());
}
OidcTokenValidator.validateUserInfoIdToken(idToken, resourceRetriever, metadata);
credentials.setIdToken(idToken);
} else {
throw new TechnicalException("Received a non-successful UserInfoResponse.");
}
} catch (IOException | ParseException | OidcValidationException e) {
LOGGER.debug("Problem retrieving id token using access token.", e);
throw new TechnicalException(e);
}
}
}
Also used :
AuthorizationCode(com.nimbusds.oauth2.sdk.AuthorizationCode)
HTTPRequest(com.nimbusds.oauth2.sdk.http.HTTPRequest)
PlainJWT(com.nimbusds.jwt.PlainJWT)
TechnicalException(org.pac4j.core.exception.TechnicalException)
UserInfoSuccessResponse(com.nimbusds.openid.connect.sdk.UserInfoSuccessResponse)
PlainJWT(com.nimbusds.jwt.PlainJWT)
JWT(com.nimbusds.jwt.JWT)
RefreshTokenGrant(com.nimbusds.oauth2.sdk.RefreshTokenGrant)
HTTPResponse(com.nimbusds.oauth2.sdk.http.HTTPResponse)
ArrayList(java.util.ArrayList)
UserInfoRequest(com.nimbusds.openid.connect.sdk.UserInfoRequest)
URISyntaxException(java.net.URISyntaxException)
IOException(java.io.IOException)
URI(java.net.URI)
OidcValidationException(org.codice.ddf.security.oidc.validator.OidcValidationException)
RefreshToken(com.nimbusds.oauth2.sdk.token.RefreshToken)
AuthorizationCodeGrant(com.nimbusds.oauth2.sdk.AuthorizationCodeGrant)
AccessToken(com.nimbusds.oauth2.sdk.token.AccessToken)
BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken)
ParseException(com.nimbusds.oauth2.sdk.ParseException)
BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken)
UserInfoResponse(com.nimbusds.openid.connect.sdk.UserInfoResponse)
AuthorizationGrant(com.nimbusds.oauth2.sdk.AuthorizationGrant)
Aggregations
HTTPResponse (com.nimbusds.oauth2.sdk.http.HTTPResponse)8
HTTPRequest (com.nimbusds.oauth2.sdk.http.HTTPRequest)5
IOException (java.io.IOException)4
TechnicalException (org.pac4j.core.exception.TechnicalException)4
JWT (com.nimbusds.jwt.JWT)2
ParseException (com.nimbusds.oauth2.sdk.ParseException)2
AccessToken (com.nimbusds.oauth2.sdk.token.AccessToken)2
BearerAccessToken (com.nimbusds.oauth2.sdk.token.BearerAccessToken)2
RefreshToken (com.nimbusds.oauth2.sdk.token.RefreshToken)2
OIDCTokenResponse (com.nimbusds.openid.connect.sdk.OIDCTokenResponse)2
URI (java.net.URI)2
URISyntaxException (java.net.URISyntaxException)2
MediaType (org.springframework.http.MediaType)2
JOSEException (com.nimbusds.jose.JOSEException)1
BadJOSEException (com.nimbusds.jose.proc.BadJOSEException)1
JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)1
PlainJWT (com.nimbusds.jwt.PlainJWT)1
AuthorizationCode (com.nimbusds.oauth2.sdk.AuthorizationCode)1
AuthorizationCodeGrant (com.nimbusds.oauth2.sdk.AuthorizationCodeGrant)1
AuthorizationGrant (com.nimbusds.oauth2.sdk.AuthorizationGrant)1
