use of com.nimbusds.oauth2.sdk in project kf-key-management by kids-first.
the class FenceService method requestTokens.
public Mono<OIDCTokens> requestTokens(String authCode, AllFences.Fence fence) {
Mono<Optional<OIDCTokens>> blockingWrapper = Mono.fromCallable(() -> {
String clientId = fence.getClientId();
String clientSecret = fence.getClientSecret();
String fenceEndpoint = fence.getTokenEndpoint();
String redirectUri = fence.getRedirectUri();
val fenceRequest = new TokenRequest(new URI(fenceEndpoint), new ClientSecretBasic(new ClientID(clientId), new com.nimbusds.oauth2.sdk.auth.Secret(clientSecret)), new AuthorizationCodeGrant(new AuthorizationCode(authCode), new URI(redirectUri)), new Scope(fence.getScope()));
val fenceResponse = fenceRequest.toHTTPRequest().send();
if (fenceResponse.indicatesSuccess()) {
val tokens = OIDCTokenResponse.parse(fenceResponse).toSuccessResponse().getOIDCTokens();
return Optional.of(tokens);
} else {
log.error("Error in {} fence response during request tokens: status={}, content={}", fence.getName(), fenceResponse.getStatusCode(), fenceResponse.getContent());
return Optional.empty();
}
});
return blockingWrapper.subscribeOn(Schedulers.boundedElastic()).flatMap(o -> o.map(Mono::just).orElseGet(Mono::empty));
}
use of com.nimbusds.oauth2.sdk in project dataverse by IQSS.
the class OIDCAuthProvider method getAccessToken.
/**
* Retrieve the Access Token from provider. Encapsulate for testing.
* @param grant
* @return The bearer access token used in code (grant) flow. May be empty if SDK could not cast internally.
*/
Optional<BearerAccessToken> getAccessToken(AuthorizationGrant grant) throws IOException, OAuth2Exception {
// Request token
HTTPResponse response = new TokenRequest(this.idpMetadata.getTokenEndpointURI(), this.clientAuth, grant, Scope.parse(this.scope)).toHTTPRequest().send();
// Parse response
try {
TokenResponse tokenRespone = OIDCTokenResponseParser.parse(response);
// If error --> oauth2 ex
if (!tokenRespone.indicatesSuccess()) {
ErrorObject error = tokenRespone.toErrorResponse().getErrorObject();
throw new OAuth2Exception(error.getHTTPStatusCode(), error.getDescription(), "auth.providers.token.failRetrieveToken");
}
// Success --> return token
OIDCTokenResponse successResponse = (OIDCTokenResponse) tokenRespone.toSuccessResponse();
return Optional.of(successResponse.getOIDCTokens().getBearerAccessToken());
} catch (ParseException ex) {
throw new OAuth2Exception(-1, ex.getMessage(), "auth.providers.token.failParseToken");
}
}
use of com.nimbusds.oauth2.sdk in project di-authentication-api by alphagov.
the class TokenService method generateClientCredentialsSelector.
private ClientCredentialsSelector<?> generateClientCredentialsSelector(String publicKey) {
return new ClientCredentialsSelector<>() {
@Override
public List<Secret> selectClientSecrets(ClientID claimedClientID, ClientAuthenticationMethod authMethod, com.nimbusds.oauth2.sdk.auth.verifier.Context context) {
return null;
}
@Override
public List<PublicKey> selectPublicKeys(ClientID claimedClientID, ClientAuthenticationMethod authMethod, JWSHeader jwsHeader, boolean forceRefresh, com.nimbusds.oauth2.sdk.auth.verifier.Context context) {
byte[] decodedKey = Base64.getMimeDecoder().decode(publicKey);
try {
X509EncodedKeySpec x509publicKey = new X509EncodedKeySpec(decodedKey);
KeyFactory kf = KeyFactory.getInstance("RSA");
return Collections.singletonList(kf.generatePublic(x509publicKey));
} catch (InvalidKeySpecException | NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
}
};
}
use of com.nimbusds.oauth2.sdk in project di-ipv-cri-uk-passport-back by alphagov.
the class JwtAuthorizationRequestHandlerTest method createErrorObjectFromResponse.
private ErrorObject createErrorObjectFromResponse(String responseBody) throws com.nimbusds.oauth2.sdk.ParseException {
HTTPResponse httpErrorResponse = new HTTPResponse(400);
httpErrorResponse.setContentType(ContentType.APPLICATION_JSON.getType());
httpErrorResponse.setContent(responseBody);
return ErrorObject.parse(httpErrorResponse);
}
use of com.nimbusds.oauth2.sdk in project OpenConext-oidcng by OpenConext.
the class IntrospectEndpointTest method introspectContract.
@Test
public // https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions/issues/265
void introspectContract() throws MalformedURLException, ParseException {
HTTPRequest request = new HTTPRequest(POST, new URL("http://localhost:8080/introspect"));
request.setContentType("application/x-www-form-urlencoded");
request.setQuery("token=123456");
// https://tools.ietf.org/html/rfc7662 is vague about the authorization requirements, but apparently this is ok
TokenIntrospectionRequest.parse(request);
}
Aggregations