Examples with com.nimbusds.oauth2.sdk com.nimbusds.oauth2.sdk used on opensource projects

Search in sources :

Example 16 with com.nimbusds.oauth2.sdk

use of com.nimbusds.oauth2.sdk in project OpenConext-oidcng by OpenConext.

the class TokenGenerator method generateIDTokenForAuthorizationEndpoint.

@SneakyThrows
public TokenValue generateIDTokenForAuthorizationEndpoint(User user, OpenIDClient client, Nonce nonce, ResponseType responseType, String accessToken, List<String> claims, Optional<String> authorizationCode, State state) {
    Map<String, Object> additionalClaims = new HashMap<>();
    additionalClaims.put("auth_time", System.currentTimeMillis() / 1000L);
    if (nonce != null) {
        additionalClaims.put("nonce", nonce.getValue());
    }
    if (AccessTokenHash.isRequiredInIDTokenClaims(responseType)) {
        additionalClaims.put("at_hash", AccessTokenHash.compute(new BearerAccessToken(accessToken), signingAlg).getValue());
    }
    if (CodeHash.isRequiredInIDTokenClaims(responseType) && authorizationCode.isPresent()) {
        additionalClaims.put("c_hash", CodeHash.compute(new com.nimbusds.oauth2.sdk.AuthorizationCode(authorizationCode.get()), signingAlg));
    }
    if (state != null && StringUtils.hasText(state.getValue())) {
        additionalClaims.put("s_hash", StateHash.compute(state, signingAlg));
    }
    String currentSigningKeyId = ensureLatestSigningKey();
    return idToken(client, Optional.of(user), additionalClaims, claims, false, currentSigningKeyId, Collections.emptyList(), true);
}
Also used : BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken) SneakyThrows(lombok.SneakyThrows)

Example 17 with com.nimbusds.oauth2.sdk

use of com.nimbusds.oauth2.sdk in project di-ipv-cri-address-api by alphagov.

the class AddressSessionService method createTokenRequest.

public TokenRequest createTokenRequest(String requestBody) throws com.nimbusds.oauth2.sdk.ParseException {
    // The URI is not needed/consumed in the resultant TokenRequest
    // therefore any value can be passed here to ensure the parse method
    // successfully materialises a TokenRequest
    URI arbitraryUri = URI.create("https://gds");
    HTTPRequest request = new HTTPRequest(HTTPRequest.Method.POST, arbitraryUri);
    request.setQuery(requestBody);
    boolean invalidTokenRequest = request.getQueryParameters().keySet().containsAll(List.of(CODE, CLIENT_ID, REDIRECT_URI, GRANT_TYPE));
    if (!invalidTokenRequest) {
        throw new AccessTokenRequestException(OAuth2Error.INVALID_REQUEST);
    }
    validateTokenRequest(request.getQueryParameters());
    request.setContentType(ContentType.APPLICATION_URLENCODED.getType());
    return TokenRequest.parse(request);
}
Also used : HTTPRequest(com.nimbusds.oauth2.sdk.http.HTTPRequest) AccessTokenRequestException(uk.gov.di.ipv.cri.address.library.exception.AccessTokenRequestException) URI(java.net.URI)

Example 18 with com.nimbusds.oauth2.sdk

use of com.nimbusds.oauth2.sdk in project asgardeo-java-oidc-sdk by asgardeo.

the class OIDCRequestResolver method isAuthorizationCodeResponse.

/**
 * Checks if the request is an Authorization Code response.
 *
 * @return True if the request is parsed as a valid Authorization response, false otherwise.
 */
public boolean isAuthorizationCodeResponse() {
    AuthorizationResponse authorizationResponse;
    AuthorizationSuccessResponse authorizationSuccessResponse;
    try {
        authorizationResponse = AuthorizationResponse.parse(ServletUtils.createHTTPRequest(request));
    } catch (com.nimbusds.oauth2.sdk.ParseException | IOException e) {
        logger.log(Level.ERROR, "Error occurred while parsing the authorization response.", e);
        return false;
    }
    if (!authorizationResponse.indicatesSuccess()) {
        logErrorAuthorizationResponse(authorizationResponse);
        return false;
    }
    authorizationSuccessResponse = authorizationResponse.toSuccessResponse();
    if (authorizationSuccessResponse.getAuthorizationCode() == null) {
        return false;
    }
    return true;
}
Also used : AuthorizationSuccessResponse(com.nimbusds.oauth2.sdk.AuthorizationSuccessResponse) IOException(java.io.IOException) AuthorizationResponse(com.nimbusds.oauth2.sdk.AuthorizationResponse)

Example 19 with com.nimbusds.oauth2.sdk

use of com.nimbusds.oauth2.sdk in project spring-security by spring-projects.

the class NimbusAuthorizationCodeTokenResponseClient method getTokenResponse.

@Override
public OAuth2AccessTokenResponse getTokenResponse(OAuth2AuthorizationCodeGrantRequest authorizationGrantRequest) {
    ClientRegistration clientRegistration = authorizationGrantRequest.getClientRegistration();
    // Build the authorization code grant request for the token endpoint
    AuthorizationCode authorizationCode = new AuthorizationCode(authorizationGrantRequest.getAuthorizationExchange().getAuthorizationResponse().getCode());
    URI redirectUri = toURI(authorizationGrantRequest.getAuthorizationExchange().getAuthorizationRequest().getRedirectUri());
    AuthorizationGrant authorizationCodeGrant = new AuthorizationCodeGrant(authorizationCode, redirectUri);
    URI tokenUri = toURI(clientRegistration.getProviderDetails().getTokenUri());
    // Set the credentials to authenticate the client at the token endpoint
    ClientID clientId = new ClientID(clientRegistration.getClientId());
    Secret clientSecret = new Secret(clientRegistration.getClientSecret());
    boolean isPost = ClientAuthenticationMethod.CLIENT_SECRET_POST.equals(clientRegistration.getClientAuthenticationMethod()) || ClientAuthenticationMethod.POST.equals(clientRegistration.getClientAuthenticationMethod());
    ClientAuthentication clientAuthentication = isPost ? new ClientSecretPost(clientId, clientSecret) : new ClientSecretBasic(clientId, clientSecret);
    com.nimbusds.oauth2.sdk.TokenResponse tokenResponse = getTokenResponse(authorizationCodeGrant, tokenUri, clientAuthentication);
    if (!tokenResponse.indicatesSuccess()) {
        TokenErrorResponse tokenErrorResponse = (TokenErrorResponse) tokenResponse;
        ErrorObject errorObject = tokenErrorResponse.getErrorObject();
        throw new OAuth2AuthorizationException(getOAuthError(errorObject));
    }
    AccessTokenResponse accessTokenResponse = (AccessTokenResponse) tokenResponse;
    String accessToken = accessTokenResponse.getTokens().getAccessToken().getValue();
    OAuth2AccessToken.TokenType accessTokenType = null;
    if (OAuth2AccessToken.TokenType.BEARER.getValue().equalsIgnoreCase(accessTokenResponse.getTokens().getAccessToken().getType().getValue())) {
        accessTokenType = OAuth2AccessToken.TokenType.BEARER;
    }
    long expiresIn = accessTokenResponse.getTokens().getAccessToken().getLifetime();
    // As per spec, in section 5.1 Successful Access Token Response
    // https://tools.ietf.org/html/rfc6749#section-5.1
    // If AccessTokenResponse.scope is empty, then default to the scope
    // originally requested by the client in the Authorization Request
    Set<String> scopes = getScopes(authorizationGrantRequest, accessTokenResponse);
    String refreshToken = null;
    if (accessTokenResponse.getTokens().getRefreshToken() != null) {
        refreshToken = accessTokenResponse.getTokens().getRefreshToken().getValue();
    }
    Map<String, Object> additionalParameters = new LinkedHashMap<>(accessTokenResponse.getCustomParameters());
    // @formatter:off
    return OAuth2AccessTokenResponse.withToken(accessToken).tokenType(accessTokenType).expiresIn(expiresIn).scopes(scopes).refreshToken(refreshToken).additionalParameters(additionalParameters).build();
// @formatter:on
}
Also used : URI(java.net.URI) ClientSecretBasic(com.nimbusds.oauth2.sdk.auth.ClientSecretBasic) LinkedHashMap(java.util.LinkedHashMap) TokenErrorResponse(com.nimbusds.oauth2.sdk.TokenErrorResponse) ClientSecretPost(com.nimbusds.oauth2.sdk.auth.ClientSecretPost) OAuth2AccessToken(org.springframework.security.oauth2.core.OAuth2AccessToken) AuthorizationGrant(com.nimbusds.oauth2.sdk.AuthorizationGrant) ClientAuthentication(com.nimbusds.oauth2.sdk.auth.ClientAuthentication) AccessTokenResponse(com.nimbusds.oauth2.sdk.AccessTokenResponse) OAuth2AccessTokenResponse(org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse) OAuth2AuthorizationException(org.springframework.security.oauth2.core.OAuth2AuthorizationException) AuthorizationCode(com.nimbusds.oauth2.sdk.AuthorizationCode) ErrorObject(com.nimbusds.oauth2.sdk.ErrorObject) Secret(com.nimbusds.oauth2.sdk.auth.Secret) ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration) AuthorizationCodeGrant(com.nimbusds.oauth2.sdk.AuthorizationCodeGrant) ClientID(com.nimbusds.oauth2.sdk.id.ClientID) ErrorObject(com.nimbusds.oauth2.sdk.ErrorObject)

Example 20 with com.nimbusds.oauth2.sdk

use of com.nimbusds.oauth2.sdk in project di-authentication-api by alphagov.

the class TokenService method generateIDToken.

private SignedJWT generateIDToken(String clientId, Subject subject, Map<String, Object> additionalTokenClaims, AccessTokenHash accessTokenHash, String vot, boolean isDocAppJourney) {
    LOG.info("Generating IdToken");
    URI trustMarkUri = buildURI(configService.getOidcApiBaseURL().get(), "/trustmark");
    Date expiryDate = NowHelper.nowPlus(configService.getIDTokenExpiry(), ChronoUnit.SECONDS);
    IDTokenClaimsSet idTokenClaims = new IDTokenClaimsSet(new Issuer(configService.getOidcApiBaseURL().get()), subject, List.of(new Audience(clientId)), expiryDate, NowHelper.now());
    idTokenClaims.setAccessTokenHash(accessTokenHash);
    idTokenClaims.putAll(additionalTokenClaims);
    if (!isDocAppJourney) {
        idTokenClaims.setClaim("vot", vot);
    }
    idTokenClaims.setClaim("vtm", trustMarkUri.toString());
    try {
        return generateSignedJWT(idTokenClaims.toJWTClaimsSet(), Optional.empty());
    } catch (com.nimbusds.oauth2.sdk.ParseException e) {
        LOG.error("Error when trying to parse IDTokenClaims to JWTClaimSet", e);
        throw new RuntimeException(e);
    }
}
Also used : Issuer(com.nimbusds.oauth2.sdk.id.Issuer) Audience(com.nimbusds.oauth2.sdk.id.Audience) IDTokenClaimsSet(com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet) ParseException(com.nimbusds.oauth2.sdk.ParseException) URI(java.net.URI) ConstructUriHelper.buildURI(uk.gov.di.authentication.shared.helpers.ConstructUriHelper.buildURI) Date(java.util.Date)

Aggregations

URI (java.net.URI)7 IOException (java.io.IOException)6 HTTPRequest (com.nimbusds.oauth2.sdk.http.HTTPRequest)5 HTTPResponse (com.nimbusds.oauth2.sdk.http.HTTPResponse)5 ClientID (com.nimbusds.oauth2.sdk.id.ClientID)5 ErrorObject (com.nimbusds.oauth2.sdk.ErrorObject)4 ParseException (com.nimbusds.oauth2.sdk.ParseException)4 AccessTokenResponse (com.nimbusds.oauth2.sdk.AccessTokenResponse)3 TokenRequest (com.nimbusds.oauth2.sdk.TokenRequest)3 TokenResponse (com.nimbusds.oauth2.sdk.TokenResponse)3 ClientSecretBasic (com.nimbusds.oauth2.sdk.auth.ClientSecretBasic)3 Issuer (com.nimbusds.oauth2.sdk.id.Issuer)3 BearerAccessToken (com.nimbusds.oauth2.sdk.token.BearerAccessToken)3 ParseException (java.text.ParseException)3 com.nimbusds.oauth2.sdk (com.nimbusds.oauth2.sdk)2 AuthorizationCode (com.nimbusds.oauth2.sdk.AuthorizationCode)2 AuthorizationResponse (com.nimbusds.oauth2.sdk.AuthorizationResponse)2 AuthorizationSuccessResponse (com.nimbusds.oauth2.sdk.AuthorizationSuccessResponse)2 Secret (com.nimbusds.oauth2.sdk.auth.Secret)2 Audience (com.nimbusds.oauth2.sdk.id.Audience)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial