Example 11 with com.nimbusds.oauth2.sdk
use of com.nimbusds.oauth2.sdk in project kf-key-management by kids-first.
the class FenceService method requestTokens.
public Mono<OIDCTokens> requestTokens(String authCode, AllFences.Fence fence) {
Mono<Optional<OIDCTokens>> blockingWrapper = Mono.fromCallable(() -> {
String clientId = fence.getClientId();
String clientSecret = fence.getClientSecret();
String fenceEndpoint = fence.getTokenEndpoint();
String redirectUri = fence.getRedirectUri();
val fenceRequest = new TokenRequest(new URI(fenceEndpoint), new ClientSecretBasic(new ClientID(clientId), new com.nimbusds.oauth2.sdk.auth.Secret(clientSecret)), new AuthorizationCodeGrant(new AuthorizationCode(authCode), new URI(redirectUri)), new Scope(fence.getScope()));
val fenceResponse = fenceRequest.toHTTPRequest().send();
if (fenceResponse.indicatesSuccess()) {
val tokens = OIDCTokenResponse.parse(fenceResponse).toSuccessResponse().getOIDCTokens();
return Optional.of(tokens);
} else {
log.error("Error in {} fence response during request tokens: status={}, content={}", fence.getName(), fenceResponse.getStatusCode(), fenceResponse.getContent());
return Optional.empty();
}
});
return blockingWrapper.subscribeOn(Schedulers.boundedElastic()).flatMap(o -> o.map(Mono::just).orElseGet(Mono::empty));
}
Also used :
lombok.val(lombok.val)
Optional(java.util.Optional)
Mono(reactor.core.publisher.Mono)
URI(java.net.URI)
ClientSecretBasic(com.nimbusds.oauth2.sdk.auth.ClientSecretBasic)
ClientID(com.nimbusds.oauth2.sdk.id.ClientID)
com.nimbusds.oauth2.sdk(com.nimbusds.oauth2.sdk)
Example 12 with com.nimbusds.oauth2.sdk
use of com.nimbusds.oauth2.sdk in project dataverse by IQSS.
the class OIDCAuthProvider method getAccessToken.
/**
* Retrieve the Access Token from provider. Encapsulate for testing.
* @param grant
* @return The bearer access token used in code (grant) flow. May be empty if SDK could not cast internally.
*/
Optional<BearerAccessToken> getAccessToken(AuthorizationGrant grant) throws IOException, OAuth2Exception {
// Request token
HTTPResponse response = new TokenRequest(this.idpMetadata.getTokenEndpointURI(), this.clientAuth, grant, Scope.parse(this.scope)).toHTTPRequest().send();
// Parse response
try {
TokenResponse tokenRespone = OIDCTokenResponseParser.parse(response);
// If error --> oauth2 ex
if (!tokenRespone.indicatesSuccess()) {
ErrorObject error = tokenRespone.toErrorResponse().getErrorObject();
throw new OAuth2Exception(error.getHTTPStatusCode(), error.getDescription(), "auth.providers.token.failRetrieveToken");
}
// Success --> return token
OIDCTokenResponse successResponse = (OIDCTokenResponse) tokenRespone.toSuccessResponse();
return Optional.of(successResponse.getOIDCTokens().getBearerAccessToken());
} catch (ParseException ex) {
throw new OAuth2Exception(-1, ex.getMessage(), "auth.providers.token.failParseToken");
}
}
Also used :
OIDCTokenResponse(com.nimbusds.openid.connect.sdk.OIDCTokenResponse)
TokenResponse(com.nimbusds.oauth2.sdk.TokenResponse)
HTTPResponse(com.nimbusds.oauth2.sdk.http.HTTPResponse)
ErrorObject(com.nimbusds.oauth2.sdk.ErrorObject)
OIDCTokenResponse(com.nimbusds.openid.connect.sdk.OIDCTokenResponse)
TokenRequest(com.nimbusds.oauth2.sdk.TokenRequest)
ParseException(com.nimbusds.oauth2.sdk.ParseException)
OAuth2Exception(edu.harvard.iq.dataverse.authorization.providers.oauth2.OAuth2Exception)
Example 13 with com.nimbusds.oauth2.sdk
use of com.nimbusds.oauth2.sdk in project di-authentication-api by alphagov.
the class TokenService method generateClientCredentialsSelector.
private ClientCredentialsSelector<?> generateClientCredentialsSelector(String publicKey) {
return new ClientCredentialsSelector<>() {
@Override
public List<Secret> selectClientSecrets(ClientID claimedClientID, ClientAuthenticationMethod authMethod, com.nimbusds.oauth2.sdk.auth.verifier.Context context) {
return null;
}
@Override
public List<PublicKey> selectPublicKeys(ClientID claimedClientID, ClientAuthenticationMethod authMethod, JWSHeader jwsHeader, boolean forceRefresh, com.nimbusds.oauth2.sdk.auth.verifier.Context context) {
byte[] decodedKey = Base64.getMimeDecoder().decode(publicKey);
try {
X509EncodedKeySpec x509publicKey = new X509EncodedKeySpec(decodedKey);
KeyFactory kf = KeyFactory.getInstance("RSA");
return Collections.singletonList(kf.generatePublic(x509publicKey));
} catch (InvalidKeySpecException | NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
}
};
}
Also used :
PublicKey(java.security.PublicKey)
ClientAuthenticationMethod(com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod)
X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
ClientCredentialsSelector(com.nimbusds.oauth2.sdk.auth.verifier.ClientCredentialsSelector)
Secret(com.nimbusds.oauth2.sdk.auth.Secret)
ClientID(com.nimbusds.oauth2.sdk.id.ClientID)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
JWSHeader(com.nimbusds.jose.JWSHeader)
KeyFactory(java.security.KeyFactory)
Example 14 with com.nimbusds.oauth2.sdk
use of com.nimbusds.oauth2.sdk in project di-ipv-cri-uk-passport-back by alphagov.
the class JwtAuthorizationRequestHandlerTest method createErrorObjectFromResponse.
private ErrorObject createErrorObjectFromResponse(String responseBody) throws com.nimbusds.oauth2.sdk.ParseException {
HTTPResponse httpErrorResponse = new HTTPResponse(400);
httpErrorResponse.setContentType(ContentType.APPLICATION_JSON.getType());
httpErrorResponse.setContent(responseBody);
return ErrorObject.parse(httpErrorResponse);
}
Also used :
HTTPResponse(com.nimbusds.oauth2.sdk.http.HTTPResponse)
Example 15 with com.nimbusds.oauth2.sdk
use of com.nimbusds.oauth2.sdk in project OpenConext-oidcng by OpenConext.
the class IntrospectEndpointTest method introspectContract.
@Test
public // https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions/issues/265
void introspectContract() throws MalformedURLException, ParseException {
HTTPRequest request = new HTTPRequest(POST, new URL("http://localhost:8080/introspect"));
request.setContentType("application/x-www-form-urlencoded");
request.setQuery("token=123456");
// https://tools.ietf.org/html/rfc7662 is vague about the authorization requirements, but apparently this is ok
TokenIntrospectionRequest.parse(request);
}
Also used :
HTTPRequest(com.nimbusds.oauth2.sdk.http.HTTPRequest)
URL(java.net.URL)
AbstractIntegrationTest(oidc.AbstractIntegrationTest)
Test(org.junit.Test)
Aggregations
URI (java.net.URI)7
IOException (java.io.IOException)6
HTTPRequest (com.nimbusds.oauth2.sdk.http.HTTPRequest)5
HTTPResponse (com.nimbusds.oauth2.sdk.http.HTTPResponse)5
ClientID (com.nimbusds.oauth2.sdk.id.ClientID)5
ErrorObject (com.nimbusds.oauth2.sdk.ErrorObject)4
ParseException (com.nimbusds.oauth2.sdk.ParseException)4
AccessTokenResponse (com.nimbusds.oauth2.sdk.AccessTokenResponse)3
TokenRequest (com.nimbusds.oauth2.sdk.TokenRequest)3
TokenResponse (com.nimbusds.oauth2.sdk.TokenResponse)3
ClientSecretBasic (com.nimbusds.oauth2.sdk.auth.ClientSecretBasic)3
Issuer (com.nimbusds.oauth2.sdk.id.Issuer)3
BearerAccessToken (com.nimbusds.oauth2.sdk.token.BearerAccessToken)3
ParseException (java.text.ParseException)3
com.nimbusds.oauth2.sdk (com.nimbusds.oauth2.sdk)2
AuthorizationCode (com.nimbusds.oauth2.sdk.AuthorizationCode)2
AuthorizationResponse (com.nimbusds.oauth2.sdk.AuthorizationResponse)2
AuthorizationSuccessResponse (com.nimbusds.oauth2.sdk.AuthorizationSuccessResponse)2
Secret (com.nimbusds.oauth2.sdk.auth.Secret)2
Audience (com.nimbusds.oauth2.sdk.id.Audience)2
