Search in sources :

Example 1 with AuthenticationRequest

use of com.nimbusds.openid.connect.sdk.AuthenticationRequest in project OpenConext-oidcng by OpenConext.

the class AuthorizationEndpoint method createAndSaveAuthorizationCode.

private AuthorizationCode createAndSaveAuthorizationCode(AuthorizationRequest authorizationRequest, OpenIDClient client, User user) {
    URI redirectionURI = authorizationRequest.getRedirectionURI();
    Scope scope = authorizationRequest.getScope();
    List<String> scopes = scope != null ? scope.toStringList() : Collections.emptyList();
    // Optional code challenges for PKCE
    CodeChallenge codeChallenge = authorizationRequest.getCodeChallenge();
    String codeChallengeValue = codeChallenge != null ? codeChallenge.getValue() : null;
    CodeChallengeMethod codeChallengeMethod = authorizationRequest.getCodeChallengeMethod();
    String codeChallengeMethodValue = codeChallengeMethod != null ? codeChallengeMethod.getValue() : (codeChallengeValue != null ? CodeChallengeMethod.getDefault().getValue() : null);
    List<String> idTokenClaims = getClaims(authorizationRequest);
    String code = tokenGenerator.generateAuthorizationCode();
    Nonce nonce = authorizationRequest instanceof AuthenticationRequest ? AuthenticationRequest.class.cast(authorizationRequest).getNonce() : null;
    AuthorizationCode authorizationCode = new AuthorizationCode(code, user.getSub(), client.getClientId(), scopes, redirectionURI, codeChallengeValue, codeChallengeMethodValue, nonce != null ? nonce.getValue() : null, idTokenClaims, redirectionURI != null, tokenValidity(10 * 60));
    authorizationCodeRepository.insert(authorizationCode);
    return authorizationCode;
}
Also used : Nonce(com.nimbusds.openid.connect.sdk.Nonce) AuthorizationCode(oidc.model.AuthorizationCode) Scope(com.nimbusds.oauth2.sdk.Scope) CodeChallengeMethod(com.nimbusds.oauth2.sdk.pkce.CodeChallengeMethod) CodeChallenge(com.nimbusds.oauth2.sdk.pkce.CodeChallenge) AuthenticationRequest(com.nimbusds.openid.connect.sdk.AuthenticationRequest) ProvidedRedirectURI(oidc.model.ProvidedRedirectURI) URI(java.net.URI)

Example 2 with AuthenticationRequest

use of com.nimbusds.openid.connect.sdk.AuthenticationRequest in project OpenConext-oidcng by OpenConext.

the class AuthorizationEndpoint method authorizationEndpointResponse.

private Map<String, Object> authorizationEndpointResponse(User user, OpenIDClient client, AuthorizationRequest authorizationRequest, List<String> scopes, ResponseType responseType, State state) {
    Map<String, Object> result = new LinkedHashMap<>();
    EncryptedTokenValue encryptedAccessToken = tokenGenerator.generateAccessTokenWithEmbeddedUserInfo(user, client, scopes);
    if (responseType.contains(ResponseType.Value.TOKEN.getValue()) || !isOpenIDRequest(authorizationRequest)) {
        String unspecifiedUrnHash = KeyGenerator.oneWayHash(user.getUnspecifiedNameId(), this.salt);
        AccessToken accessToken = new AccessToken(encryptedAccessToken.getJwtId(), user.getSub(), client.getClientId(), scopes, encryptedAccessToken.getKeyId(), accessTokenValidity(client), false, null, unspecifiedUrnHash);
        accessTokenRepository.insert(accessToken);
        result.put("access_token", encryptedAccessToken.getValue());
        result.put("token_type", "Bearer");
    }
    if (responseType.contains(ResponseType.Value.CODE.getValue())) {
        AuthorizationCode authorizationCode = createAndSaveAuthorizationCode(authorizationRequest, client, user);
        result.put("code", authorizationCode.getCode());
    }
    if (responseType.contains(OIDCResponseTypeValue.ID_TOKEN.getValue()) && isOpenIDRequest(scopes) && isOpenIDRequest(authorizationRequest)) {
        AuthenticationRequest authenticationRequest = (AuthenticationRequest) authorizationRequest;
        List<String> claims = getClaims(authorizationRequest);
        TokenValue tokenValue = tokenGenerator.generateIDTokenForAuthorizationEndpoint(user, client, authenticationRequest.getNonce(), responseType, encryptedAccessToken.getValue(), claims, Optional.ofNullable((String) result.get("code")), state);
        result.put("id_token", tokenValue.getValue());
    }
    result.put("expires_in", client.getAccessTokenValidity());
    if (state != null) {
        result.put("state", state.getValue());
    }
    return result;
}
Also used : AuthorizationCode(oidc.model.AuthorizationCode) AccessToken(oidc.model.AccessToken) EncryptedTokenValue(oidc.model.EncryptedTokenValue) AuthenticationRequest(com.nimbusds.openid.connect.sdk.AuthenticationRequest) LinkedHashMap(java.util.LinkedHashMap) TokenValue(oidc.model.TokenValue) EncryptedTokenValue(oidc.model.EncryptedTokenValue)

Example 3 with AuthenticationRequest

use of com.nimbusds.openid.connect.sdk.AuthenticationRequest in project Application-Gateway by gianlucafrei.

the class WiremockTest method makeLogin.

protected LoginResult makeLogin() {
    try {
        // ACT1: Start the login
        var loginResult = webClient.get().uri("/auth/local/login").exchange().expectStatus().isFound().returnResult(String.class);
        var redirectUriString = loginResult.getResponseHeaders().getFirst("Location");
        URI redirectUri = new URI(redirectUriString);
        AuthenticationRequest oidcRequest = AuthenticationRequest.parse(redirectUri);
        LoginProvider provider = config.getLoginProviders().get("local");
        assertTrue(redirectUriString.startsWith((String) provider.getWith().get("authEndpoint")));
        assertEquals(provider.getWith().get("clientId"), oidcRequest.getClientID().toString());
        var loginStateCookie = loginResult.getResponseCookies().getFirst(LoginStateCookie.NAME);
        // ACT 2: Call the callback url
        // Arrange
        String authorizationResponse = String.format("?state=%s&code=%s", oidcRequest.getState().getValue(), "authCode");
        var callbackResult = webClient.get().uri("/auth/local/callback" + authorizationResponse).cookie(loginStateCookie.getName(), loginStateCookie.getValue()).exchange().expectStatus().isFound().returnResult(String.class);
        var result = new LoginResult(callbackResult);
        // id from jwt token
        result.id = "248289761001";
        return result;
    } catch (Exception e) {
        throw new ApplicationException("Login Failed", e);
    }
}
Also used : ApplicationException(org.owasp.oag.exception.ApplicationException) AuthenticationRequest(com.nimbusds.openid.connect.sdk.AuthenticationRequest) LoginProvider(org.owasp.oag.config.configuration.LoginProvider) URI(java.net.URI) ApplicationException(org.owasp.oag.exception.ApplicationException)

Example 4 with AuthenticationRequest

use of com.nimbusds.openid.connect.sdk.AuthenticationRequest in project OpenConext-oidcng by OpenConext.

the class JWTRequestTest method plainJWT.

@Test(expected = UnsupportedJWTException.class)
public void plainJWT() throws Exception {
    OpenIDClient client = getClient();
    signedJWT(client.getClientId(), "keyID", client.getRedirectUrls().get(0));
    PlainJWT jwt = new PlainJWT(new JWTClaimsSet.Builder().jwtID(UUID.randomUUID().toString()).build());
    AuthenticationRequest authenticationRequest = new AuthenticationRequest.Builder(ResponseType.getDefault(), new Scope("openid"), new ClientID(client.getClientId()), new URI("http://localhost:8080")).requestObject(jwt).build();
    callParse(client, authenticationRequest);
}
Also used : PlainJWT(com.nimbusds.jwt.PlainJWT) Scope(com.nimbusds.oauth2.sdk.Scope) OpenIDClient(oidc.model.OpenIDClient) JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) ClientID(com.nimbusds.oauth2.sdk.id.ClientID) AuthenticationRequest(com.nimbusds.openid.connect.sdk.AuthenticationRequest) URI(java.net.URI) Test(org.junit.Test)

Example 5 with AuthenticationRequest

use of com.nimbusds.openid.connect.sdk.AuthenticationRequest in project OpenConext-oidcng by OpenConext.

the class JWTRequestTest method callParse.

private void callParse(OpenIDClient client, AuthenticationRequest authenticationRequest) throws Exception {
    AuthenticationRequest parsed = JWTRequest.parse(authenticationRequest, client);
    assertEquals("openid groups", parsed.getScope().toString());
    assertEquals("123456", parsed.getNonce().getValue());
    assertEquals("new", parsed.getState().getValue());
    assertEquals("loa1 loa2 loa3", parsed.getACRValues().stream().map(ACR::getValue).collect(Collectors.joining(" ")));
    Collection<ClaimsRequest.Entry> claims = parsed.getClaims().getIDTokenClaims();
    assertEquals(1, claims.size());
    assertEquals("email", claims.iterator().next().getClaimName());
}
Also used : ACR(com.nimbusds.openid.connect.sdk.claims.ACR) AuthenticationRequest(com.nimbusds.openid.connect.sdk.AuthenticationRequest)

Aggregations

AuthenticationRequest (com.nimbusds.openid.connect.sdk.AuthenticationRequest)73 Scope (com.nimbusds.oauth2.sdk.Scope)44 ResponseType (com.nimbusds.oauth2.sdk.ResponseType)34 State (com.nimbusds.oauth2.sdk.id.State)29 Nonce (com.nimbusds.openid.connect.sdk.Nonce)27 ClientID (com.nimbusds.oauth2.sdk.id.ClientID)24 Test (org.junit.jupiter.api.Test)19 ErrorObject (com.nimbusds.oauth2.sdk.ErrorObject)16 URI (java.net.URI)16 ParseException (com.nimbusds.oauth2.sdk.ParseException)12 ClientSession (uk.gov.di.authentication.shared.entity.ClientSession)12 AuthorizationCode (com.nimbusds.oauth2.sdk.AuthorizationCode)11 VectorOfTrust (uk.gov.di.authentication.shared.entity.VectorOfTrust)10 AuthenticationSuccessResponse (com.nimbusds.openid.connect.sdk.AuthenticationSuccessResponse)8 APIGatewayProxyResponseEvent (com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent)7 ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)7 MethodSource (org.junit.jupiter.params.provider.MethodSource)6 SignedJWT (com.nimbusds.jwt.SignedJWT)5 OIDCClaimsRequest (com.nimbusds.openid.connect.sdk.OIDCClaimsRequest)5 HashMap (java.util.HashMap)5