Example 6 with Tokens
use of com.nimbusds.oauth2.sdk.token.Tokens in project Application-Gateway by gianlucafrei.
the class Oauth2Driver method processCallback.
@Override
public UserModel processCallback(ServerHttpRequest request, String stateFromLoginStep, URI callbackUri) throws AuthenticationException {
var settings = getSettings();
String authCode = request.getQueryParams().getFirst("code");
if (authCode == null)
throw new AuthenticationException("No auth code");
String stateFromRequest = request.getQueryParams().getFirst("state");
if (stateFromRequest == null)
throw new AuthenticationException("No state");
if (!stateFromLoginStep.equals(stateFromRequest))
throw new AuthenticationException("State missmatch");
AuthorizationCode code = new AuthorizationCode(authCode);
ClientAuthentication clientAuth = new ClientSecretBasic(getClientId(settings), getClientSecret(settings));
URI tokenEndpoint = getTokenEndpoint(settings);
AuthorizationGrant codeGrant = new AuthorizationCodeGrant(code, callbackUri);
Tokens tokens = loadTokens(clientAuth, tokenEndpoint, codeGrant);
// Load user Email
return loadUserInfo(tokens);
}
Also used :
AuthenticationException(org.owasp.oag.exception.AuthenticationException)
ClientAuthentication(com.nimbusds.oauth2.sdk.auth.ClientAuthentication)
URI(java.net.URI)
ClientSecretBasic(com.nimbusds.oauth2.sdk.auth.ClientSecretBasic)
Tokens(com.nimbusds.oauth2.sdk.token.Tokens)
Example 7 with Tokens
use of com.nimbusds.oauth2.sdk.token.Tokens in project Application-Gateway by gianlucafrei.
the class OidcDriver method loadUserInfo.
@Override
protected UserModel loadUserInfo(Tokens tokens) {
try {
// Because we have overridden the loadTokens method we can safely convert the tokens object
OIDCTokens oidcTokens = (OIDCTokens) tokens;
JWT idToken = oidcTokens.getIDToken();
JWTClaimsSet jwtClaims = idToken.getJWTClaimsSet();
AccessToken accessToken = oidcTokens.getAccessToken();
RefreshToken refreshToken = oidcTokens.getRefreshToken();
UserModel model = new UserModel(jwtClaims.getSubject());
model.set("original-id-token", idToken.getParsedString());
model.set("original-access-token", accessToken.toString());
for (String claimName : getMappedClaims()) {
Object claim = jwtClaims.getClaim(claimName);
if (claim != null) {
model.set(claimName, claim.toString());
}
}
return model;
} catch (Exception e) {
throw new ApplicationException("Could not extract user info", e);
}
}
Also used :
UserModel(org.owasp.oag.session.UserModel)
RefreshToken(com.nimbusds.oauth2.sdk.token.RefreshToken)
ApplicationException(org.owasp.oag.exception.ApplicationException)
JWT(com.nimbusds.jwt.JWT)
JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet)
AccessToken(com.nimbusds.oauth2.sdk.token.AccessToken)
OIDCTokens(com.nimbusds.openid.connect.sdk.token.OIDCTokens)
SystemException(org.owasp.oag.exception.SystemException)
AuthenticationException(org.owasp.oag.exception.AuthenticationException)
IOException(java.io.IOException)
ApplicationException(org.owasp.oag.exception.ApplicationException)
Example 8 with Tokens
use of com.nimbusds.oauth2.sdk.token.Tokens in project di-ipv-cri-uk-passport-back by alphagov.
the class AccessTokenHandlerTest method shouldReturnAccessTokenOnSuccessfulExchange.
@Test
void shouldReturnAccessTokenOnSuccessfulExchange() throws Exception {
APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
String tokenRequestBody = "code=12345&redirect_uri=http://example.com&grant_type=authorization_code&client_id=test_client_id";
event.setBody(tokenRequestBody);
AccessToken accessToken = new BearerAccessToken();
TokenResponse tokenResponse = new AccessTokenResponse(new Tokens(accessToken, null));
when(mockAccessTokenService.generateAccessToken(any())).thenReturn(tokenResponse);
when(mockAuthorizationCodeService.getAuthCodeItem("12345")).thenReturn(TEST_AUTH_CODE_ITEM);
when(mockAccessTokenService.validateTokenRequest(any())).thenReturn(ValidationResult.createValidResult());
APIGatewayProxyResponseEvent response = handler.handleRequest(event, context);
Map<String, Object> responseBody = objectMapper.readValue(response.getBody(), new TypeReference<>() {
});
assertEquals(ContentType.APPLICATION_JSON.getType(), response.getHeaders().get("Content-Type"));
assertEquals(200, response.getStatusCode());
assertEquals(tokenResponse.toSuccessResponse().getTokens().getAccessToken().getValue(), responseBody.get("access_token").toString());
}
Also used :
APIGatewayProxyRequestEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent)
TokenResponse(com.nimbusds.oauth2.sdk.TokenResponse)
AccessTokenResponse(com.nimbusds.oauth2.sdk.AccessTokenResponse)
AccessToken(com.nimbusds.oauth2.sdk.token.AccessToken)
BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken)
ErrorObject(com.nimbusds.oauth2.sdk.ErrorObject)
BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken)
APIGatewayProxyResponseEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent)
AccessTokenResponse(com.nimbusds.oauth2.sdk.AccessTokenResponse)
Tokens(com.nimbusds.oauth2.sdk.token.Tokens)
Test(org.junit.jupiter.api.Test)
Example 9 with Tokens
use of com.nimbusds.oauth2.sdk.token.Tokens in project Kustvakt by KorAP.
the class OpenIdTokenService method createsAccessTokenResponse.
private AccessTokenResponse createsAccessTokenResponse(AccessToken accessToken, RefreshToken refreshToken, Scope scope, String clientId, String userId, ZonedDateTime userAuthenticationTime, String nonce) throws KustvaktException {
if (scope.contains("openid")) {
JWTClaimsSet claims = createIdTokenClaims(clientId, userId, userAuthenticationTime, nonce);
SignedJWT idToken = signIdToken(claims, // default
new JWSHeader(JWSAlgorithm.RS256), config.getRsaPrivateKey());
OIDCTokens tokens = new OIDCTokens(idToken, accessToken, refreshToken);
return new OIDCTokenResponse(tokens);
} else {
Tokens tokens = new Tokens(accessToken, refreshToken);
return new AccessTokenResponse(tokens);
}
}
Also used :
JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet)
OIDCTokens(com.nimbusds.openid.connect.sdk.token.OIDCTokens)
OIDCTokenResponse(com.nimbusds.openid.connect.sdk.OIDCTokenResponse)
SignedJWT(com.nimbusds.jwt.SignedJWT)
AccessTokenResponse(com.nimbusds.oauth2.sdk.AccessTokenResponse)
JWSHeader(com.nimbusds.jose.JWSHeader)
Tokens(com.nimbusds.oauth2.sdk.token.Tokens)
OIDCTokens(com.nimbusds.openid.connect.sdk.token.OIDCTokens)
Example 10 with Tokens
use of com.nimbusds.oauth2.sdk.token.Tokens in project di-ipv-cri-address-api by alphagov.
the class AccessTokenHandlerTest method shouldReturnAccessTokenOnSuccessfulExchange.
@Test
void shouldReturnAccessTokenOnSuccessfulExchange() throws Exception {
APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
String tokenRequestBody = "code=12345&redirect_uri=http://test.com&grant_type=authorization_code&client_id=test_client_id";
event.withBody(tokenRequestBody);
AddressSessionItem addressSessionItem = mock(AddressSessionItem.class);
AccessToken accessToken = new BearerAccessToken();
tokenResponse = new AccessTokenResponse(new Tokens(accessToken, null));
// TODO: This here as a placeholder pending the story that generates the authorization code
TokenRequest tokenRequest = mock(TokenRequest.class);
when(tokenRequest.getAuthorizationGrant()).thenReturn(new AuthorizationCodeGrant(new AuthorizationCode("12345"), URI.create("http://test.com"), null));
when(mockAddressSessionService.createTokenRequest(tokenRequestBody)).thenReturn(tokenRequest);
when(mockAddressSessionService.createToken(any())).thenReturn(tokenResponse);
when(mockAddressSessionService.getAddressSessionItemByValue(any())).thenReturn(addressSessionItem);
APIGatewayProxyResponseEvent response = handler.handleRequest(event, context);
Map<String, Object> responseBody = objectMapper.readValue(response.getBody(), new TypeReference<>() {
});
assertEquals(ContentType.APPLICATION_JSON.getType(), response.getHeaders().get("Content-Type"));
assertEquals(HttpStatus.SC_OK, response.getStatusCode());
assertEquals(tokenResponse.toSuccessResponse().getTokens().getAccessToken().getValue(), responseBody.get("access_token").toString());
}
Also used :
AuthorizationCode(com.nimbusds.oauth2.sdk.AuthorizationCode)
APIGatewayProxyRequestEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent)
APIGatewayProxyResponseEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent)
AuthorizationCodeGrant(com.nimbusds.oauth2.sdk.AuthorizationCodeGrant)
AccessToken(com.nimbusds.oauth2.sdk.token.AccessToken)
BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken)
TokenRequest(com.nimbusds.oauth2.sdk.TokenRequest)
AddressSessionItem(uk.gov.di.ipv.cri.address.library.persistence.item.AddressSessionItem)
ErrorObject(com.nimbusds.oauth2.sdk.ErrorObject)
BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken)
AccessTokenResponse(com.nimbusds.oauth2.sdk.AccessTokenResponse)
Tokens(com.nimbusds.oauth2.sdk.token.Tokens)
Test(org.junit.jupiter.api.Test)
Aggregations
URI (java.net.URI)18
OIDCTokens (com.nimbusds.openid.connect.sdk.token.OIDCTokens)17
ClientSecretBasic (com.nimbusds.oauth2.sdk.auth.ClientSecretBasic)15
ClientID (com.nimbusds.oauth2.sdk.id.ClientID)15
OIDCTokenResponse (com.nimbusds.openid.connect.sdk.OIDCTokenResponse)15
TokenResponse (com.nimbusds.oauth2.sdk.TokenResponse)14
TokenRequest (com.nimbusds.oauth2.sdk.TokenRequest)13
BearerAccessToken (com.nimbusds.oauth2.sdk.token.BearerAccessToken)13
Secret (com.nimbusds.oauth2.sdk.auth.Secret)12
HTTPResponse (com.nimbusds.oauth2.sdk.http.HTTPResponse)12
Tokens (com.nimbusds.oauth2.sdk.token.Tokens)11
TokenErrorResponse (com.nimbusds.oauth2.sdk.TokenErrorResponse)10
ClientAuthentication (com.nimbusds.oauth2.sdk.auth.ClientAuthentication)10
AccessToken (com.nimbusds.oauth2.sdk.token.AccessToken)10
IOException (java.io.IOException)10
AccessTokenResponse (com.nimbusds.oauth2.sdk.AccessTokenResponse)8
Scope (com.nimbusds.oauth2.sdk.Scope)8
RefreshToken (com.nimbusds.oauth2.sdk.token.RefreshToken)8
HashMap (java.util.HashMap)8
Test (org.testng.annotations.Test)8
