Example 6 with AccessToken
use of com.nimbusds.oauth2.sdk.token.AccessToken in project ddf by codice.
the class CustomOAuthCredentialsExtractorTest method setupClass.
@BeforeClass
public static void setupClass() throws Exception {
authorizationCode = CharStreams.toString(new InputStreamReader(CustomOAuthCredentialsExtractorTest.class.getClassLoader().getResourceAsStream("authorizationCode.txt")));
String accessTokenString = CharStreams.toString(new InputStreamReader(CustomOAuthCredentialsExtractorTest.class.getClassLoader().getResourceAsStream("accessToken.jwt")));
accessToken = new BearerAccessToken(accessTokenString);
authorizationHeader = "Bearer " + accessToken;
}
Also used :
InputStreamReader(java.io.InputStreamReader)
BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken)
BeforeClass(org.junit.BeforeClass)
Example 7 with AccessToken
use of com.nimbusds.oauth2.sdk.token.AccessToken in project ddf by codice.
the class OidcTokenValidator method validateAccessTokenAtHash.
/**
* Validates the at_hash parameter in the ID token against the access token. If implicit flow is
* used with a id_token token response type is used. The at_hash value is required.
*
* @param accessToken - the token to validate
* @param idToken - the corresponding ID token
*/
private static void validateAccessTokenAtHash(AccessToken accessToken, JWT idToken, OidcConfiguration configuration) throws OidcValidationException {
try {
Object atHash = idToken.getJWTClaimsSet().getClaim("at_hash");
if (atHash == null && !IMPLICIT_FLOWS.contains(new ResponseType(configuration.getResponseType()))) {
return;
}
if (atHash == null) {
String errorMessage = "at_hash value not found in response. If the ID Token is issued from the Authorization Endpoint with " + "an access_token value, which is the case for the response_type value id_token token, this is REQUIRED";
LOGGER.error(errorMessage);
throw new OidcValidationException(errorMessage);
}
JWSAlgorithm jwsAlgorithm = new JWSAlgorithm(idToken.getHeader().getAlgorithm().getName());
AccessTokenHash accessTokenHash = new AccessTokenHash((String) atHash);
AccessTokenValidator.validate(accessToken, jwsAlgorithm, accessTokenHash);
} catch (Exception e) {
LOGGER.error(ACCESS_VALIDATION_ERR_MSG, e);
throw new OidcValidationException(ACCESS_VALIDATION_ERR_MSG, e);
}
}
Also used :
AccessTokenHash(com.nimbusds.openid.connect.sdk.claims.AccessTokenHash)
JSONObject(net.minidev.json.JSONObject)
JWSAlgorithm(com.nimbusds.jose.JWSAlgorithm)
ResponseType(com.nimbusds.oauth2.sdk.ResponseType)
Example 8 with AccessToken
use of com.nimbusds.oauth2.sdk.token.AccessToken in project ddf by codice.
the class OidcCredentialsResolver method trySendingGrantAndPopulatingCredentials.
private void trySendingGrantAndPopulatingCredentials(AuthorizationGrant grant, OidcCredentials credentials, WebContext webContext) throws IOException, ParseException {
final OIDCTokens oidcTokens = getOidcTokens(grant);
try {
JWT idToken = oidcTokens.getIDToken();
if (idToken != null) {
OidcTokenValidator.validateIdTokens(idToken, webContext, configuration, client);
}
AccessToken accessToken = oidcTokens.getAccessToken();
if (accessToken != null) {
OidcTokenValidator.validateAccessToken(accessToken, idToken, resourceRetriever, metadata, configuration);
}
credentials.setAccessToken(accessToken);
credentials.setIdToken(idToken);
credentials.setRefreshToken(oidcTokens.getRefreshToken());
} catch (OidcValidationException e) {
throw new TechnicalException(e);
}
}
Also used :
TechnicalException(org.pac4j.core.exception.TechnicalException)
PlainJWT(com.nimbusds.jwt.PlainJWT)
JWT(com.nimbusds.jwt.JWT)
AccessToken(com.nimbusds.oauth2.sdk.token.AccessToken)
BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken)
OIDCTokens(com.nimbusds.openid.connect.sdk.token.OIDCTokens)
OidcValidationException(org.codice.ddf.security.oidc.validator.OidcValidationException)
Example 9 with AccessToken
use of com.nimbusds.oauth2.sdk.token.AccessToken in project ddf by codice.
the class OidcTokenValidatorTest method testValidateAccessTokenInvalidSignature.
@Test(expected = OidcValidationException.class)
public void testValidateAccessTokenInvalidSignature() throws Exception {
String accessTokenString = getAccessTokenBuilder().sign(invalidAlgorithm);
AccessToken accessToken = new BearerAccessToken(accessTokenString);
MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
messageDigest.update(accessTokenString.getBytes(Charset.forName("US-ASCII")));
byte[] hash = messageDigest.digest();
byte[] firstHalf = Arrays.copyOf(hash, hash.length / 2);
String idToken = getIdTokenBuilder().withClaim("nonce", "myNonce").withClaim("at_hash", Base64URL.encode(firstHalf).toString()).sign(validAlgorithm);
JWT jwt = SignedJWT.parse(idToken);
OidcTokenValidator.validateAccessToken(accessToken, jwt, resourceRetriever, oidcProviderMetadata, configuration);
}
Also used :
AccessToken(com.nimbusds.oauth2.sdk.token.AccessToken)
BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken)
PlainJWT(com.nimbusds.jwt.PlainJWT)
JWT(com.nimbusds.jwt.JWT)
SignedJWT(com.nimbusds.jwt.SignedJWT)
BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken)
MessageDigest(java.security.MessageDigest)
Test(org.junit.Test)
Example 10 with AccessToken
use of com.nimbusds.oauth2.sdk.token.AccessToken in project iaf by ibissource.
the class OAuthAccessTokenManager method parseResponse.
private void parseResponse(HTTPResponse httpResponse, String responseBody) throws HttpAuthenticationException {
try {
TokenResponse response = TokenResponse.parse(httpResponse);
if (!response.indicatesSuccess()) {
// We got an error response...
TokenErrorResponse errorResponse = response.toErrorResponse();
throw new HttpAuthenticationException(errorResponse.toJSONObject().toString());
}
AccessTokenResponse successResponse = response.toSuccessResponse();
// Get the access token
accessToken = successResponse.getTokens().getAccessToken();
// accessToken will be refreshed when it is half way expiration
accessTokenRefreshTime = System.currentTimeMillis() + expiryMs < 0 ? 500 * accessToken.getLifetime() : expiryMs;
} catch (ParseException e) {
throw new HttpAuthenticationException("Could not parse TokenResponse: " + responseBody, e);
}
}
Also used :
TokenErrorResponse(com.nimbusds.oauth2.sdk.TokenErrorResponse)
TokenResponse(com.nimbusds.oauth2.sdk.TokenResponse)
AccessTokenResponse(com.nimbusds.oauth2.sdk.AccessTokenResponse)
ParseException(com.nimbusds.oauth2.sdk.ParseException)
AccessTokenResponse(com.nimbusds.oauth2.sdk.AccessTokenResponse)
Aggregations
AccessToken (com.nimbusds.oauth2.sdk.token.AccessToken)12
BearerAccessToken (com.nimbusds.oauth2.sdk.token.BearerAccessToken)12
JWT (com.nimbusds.jwt.JWT)10
PlainJWT (com.nimbusds.jwt.PlainJWT)5
SignedJWT (com.nimbusds.jwt.SignedJWT)5
AuthorizationCode (com.nimbusds.oauth2.sdk.AuthorizationCode)5
RefreshToken (com.nimbusds.oauth2.sdk.token.RefreshToken)5
OidcValidationException (org.codice.ddf.security.oidc.validator.OidcValidationException)5
Test (org.junit.Test)5
ParseException (com.nimbusds.oauth2.sdk.ParseException)4
URI (java.net.URI)4
IOException (java.io.IOException)3
WebClient (org.apache.cxf.jaxrs.client.WebClient)3
TechnicalException (org.pac4j.core.exception.TechnicalException)3
JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)2
AccessTokenResponse (com.nimbusds.oauth2.sdk.AccessTokenResponse)2
AuthorizationCodeGrant (com.nimbusds.oauth2.sdk.AuthorizationCodeGrant)2
AuthorizationGrant (com.nimbusds.oauth2.sdk.AuthorizationGrant)2
ErrorObject (com.nimbusds.oauth2.sdk.ErrorObject)2
TokenErrorResponse (com.nimbusds.oauth2.sdk.TokenErrorResponse)2
