Example 1 with AuthenticationRequest
use of com.nimbusds.openid.connect.sdk.AuthenticationRequest in project OpenConext-oidcng by OpenConext.
the class AuthorizationEndpoint method createAndSaveAuthorizationCode.
private AuthorizationCode createAndSaveAuthorizationCode(AuthorizationRequest authorizationRequest, OpenIDClient client, User user) {
URI redirectionURI = authorizationRequest.getRedirectionURI();
Scope scope = authorizationRequest.getScope();
List<String> scopes = scope != null ? scope.toStringList() : Collections.emptyList();
// Optional code challenges for PKCE
CodeChallenge codeChallenge = authorizationRequest.getCodeChallenge();
String codeChallengeValue = codeChallenge != null ? codeChallenge.getValue() : null;
CodeChallengeMethod codeChallengeMethod = authorizationRequest.getCodeChallengeMethod();
String codeChallengeMethodValue = codeChallengeMethod != null ? codeChallengeMethod.getValue() : (codeChallengeValue != null ? CodeChallengeMethod.getDefault().getValue() : null);
List<String> idTokenClaims = getClaims(authorizationRequest);
String code = tokenGenerator.generateAuthorizationCode();
Nonce nonce = authorizationRequest instanceof AuthenticationRequest ? AuthenticationRequest.class.cast(authorizationRequest).getNonce() : null;
AuthorizationCode authorizationCode = new AuthorizationCode(code, user.getSub(), client.getClientId(), scopes, redirectionURI, codeChallengeValue, codeChallengeMethodValue, nonce != null ? nonce.getValue() : null, idTokenClaims, redirectionURI != null, tokenValidity(10 * 60));
authorizationCodeRepository.insert(authorizationCode);
return authorizationCode;
}
Also used :
Nonce(com.nimbusds.openid.connect.sdk.Nonce)
AuthorizationCode(oidc.model.AuthorizationCode)
Scope(com.nimbusds.oauth2.sdk.Scope)
CodeChallengeMethod(com.nimbusds.oauth2.sdk.pkce.CodeChallengeMethod)
CodeChallenge(com.nimbusds.oauth2.sdk.pkce.CodeChallenge)
AuthenticationRequest(com.nimbusds.openid.connect.sdk.AuthenticationRequest)
ProvidedRedirectURI(oidc.model.ProvidedRedirectURI)
URI(java.net.URI)
Example 2 with AuthenticationRequest
use of com.nimbusds.openid.connect.sdk.AuthenticationRequest in project OpenConext-oidcng by OpenConext.
the class AuthorizationEndpoint method authorizationEndpointResponse.
private Map<String, Object> authorizationEndpointResponse(User user, OpenIDClient client, AuthorizationRequest authorizationRequest, List<String> scopes, ResponseType responseType, State state) {
Map<String, Object> result = new LinkedHashMap<>();
EncryptedTokenValue encryptedAccessToken = tokenGenerator.generateAccessTokenWithEmbeddedUserInfo(user, client, scopes);
if (responseType.contains(ResponseType.Value.TOKEN.getValue()) || !isOpenIDRequest(authorizationRequest)) {
String unspecifiedUrnHash = KeyGenerator.oneWayHash(user.getUnspecifiedNameId(), this.salt);
AccessToken accessToken = new AccessToken(encryptedAccessToken.getJwtId(), user.getSub(), client.getClientId(), scopes, encryptedAccessToken.getKeyId(), accessTokenValidity(client), false, null, unspecifiedUrnHash);
accessTokenRepository.insert(accessToken);
result.put("access_token", encryptedAccessToken.getValue());
result.put("token_type", "Bearer");
}
if (responseType.contains(ResponseType.Value.CODE.getValue())) {
AuthorizationCode authorizationCode = createAndSaveAuthorizationCode(authorizationRequest, client, user);
result.put("code", authorizationCode.getCode());
}
if (responseType.contains(OIDCResponseTypeValue.ID_TOKEN.getValue()) && isOpenIDRequest(scopes) && isOpenIDRequest(authorizationRequest)) {
AuthenticationRequest authenticationRequest = (AuthenticationRequest) authorizationRequest;
List<String> claims = getClaims(authorizationRequest);
TokenValue tokenValue = tokenGenerator.generateIDTokenForAuthorizationEndpoint(user, client, authenticationRequest.getNonce(), responseType, encryptedAccessToken.getValue(), claims, Optional.ofNullable((String) result.get("code")), state);
result.put("id_token", tokenValue.getValue());
}
result.put("expires_in", client.getAccessTokenValidity());
if (state != null) {
result.put("state", state.getValue());
}
return result;
}
Also used :
AuthorizationCode(oidc.model.AuthorizationCode)
AccessToken(oidc.model.AccessToken)
EncryptedTokenValue(oidc.model.EncryptedTokenValue)
AuthenticationRequest(com.nimbusds.openid.connect.sdk.AuthenticationRequest)
LinkedHashMap(java.util.LinkedHashMap)
TokenValue(oidc.model.TokenValue)
EncryptedTokenValue(oidc.model.EncryptedTokenValue)
Example 3 with AuthenticationRequest
use of com.nimbusds.openid.connect.sdk.AuthenticationRequest in project Application-Gateway by gianlucafrei.
the class WiremockTest method makeLogin.
protected LoginResult makeLogin() {
try {
// ACT1: Start the login
var loginResult = webClient.get().uri("/auth/local/login").exchange().expectStatus().isFound().returnResult(String.class);
var redirectUriString = loginResult.getResponseHeaders().getFirst("Location");
URI redirectUri = new URI(redirectUriString);
AuthenticationRequest oidcRequest = AuthenticationRequest.parse(redirectUri);
LoginProvider provider = config.getLoginProviders().get("local");
assertTrue(redirectUriString.startsWith((String) provider.getWith().get("authEndpoint")));
assertEquals(provider.getWith().get("clientId"), oidcRequest.getClientID().toString());
var loginStateCookie = loginResult.getResponseCookies().getFirst(LoginStateCookie.NAME);
// ACT 2: Call the callback url
// Arrange
String authorizationResponse = String.format("?state=%s&code=%s", oidcRequest.getState().getValue(), "authCode");
var callbackResult = webClient.get().uri("/auth/local/callback" + authorizationResponse).cookie(loginStateCookie.getName(), loginStateCookie.getValue()).exchange().expectStatus().isFound().returnResult(String.class);
var result = new LoginResult(callbackResult);
// id from jwt token
result.id = "248289761001";
return result;
} catch (Exception e) {
throw new ApplicationException("Login Failed", e);
}
}
Also used :
ApplicationException(org.owasp.oag.exception.ApplicationException)
AuthenticationRequest(com.nimbusds.openid.connect.sdk.AuthenticationRequest)
LoginProvider(org.owasp.oag.config.configuration.LoginProvider)
URI(java.net.URI)
ApplicationException(org.owasp.oag.exception.ApplicationException)
Example 4 with AuthenticationRequest
use of com.nimbusds.openid.connect.sdk.AuthenticationRequest in project OpenConext-oidcng by OpenConext.
the class JWTRequestTest method plainJWT.
@Test(expected = UnsupportedJWTException.class)
public void plainJWT() throws Exception {
OpenIDClient client = getClient();
signedJWT(client.getClientId(), "keyID", client.getRedirectUrls().get(0));
PlainJWT jwt = new PlainJWT(new JWTClaimsSet.Builder().jwtID(UUID.randomUUID().toString()).build());
AuthenticationRequest authenticationRequest = new AuthenticationRequest.Builder(ResponseType.getDefault(), new Scope("openid"), new ClientID(client.getClientId()), new URI("http://localhost:8080")).requestObject(jwt).build();
callParse(client, authenticationRequest);
}
Also used :
PlainJWT(com.nimbusds.jwt.PlainJWT)
Scope(com.nimbusds.oauth2.sdk.Scope)
OpenIDClient(oidc.model.OpenIDClient)
JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet)
ClientID(com.nimbusds.oauth2.sdk.id.ClientID)
AuthenticationRequest(com.nimbusds.openid.connect.sdk.AuthenticationRequest)
URI(java.net.URI)
Test(org.junit.Test)
Example 5 with AuthenticationRequest
use of com.nimbusds.openid.connect.sdk.AuthenticationRequest in project OpenConext-oidcng by OpenConext.
the class JWTRequestTest method callParse.
private void callParse(OpenIDClient client, AuthenticationRequest authenticationRequest) throws Exception {
AuthenticationRequest parsed = JWTRequest.parse(authenticationRequest, client);
assertEquals("openid groups", parsed.getScope().toString());
assertEquals("123456", parsed.getNonce().getValue());
assertEquals("new", parsed.getState().getValue());
assertEquals("loa1 loa2 loa3", parsed.getACRValues().stream().map(ACR::getValue).collect(Collectors.joining(" ")));
Collection<ClaimsRequest.Entry> claims = parsed.getClaims().getIDTokenClaims();
assertEquals(1, claims.size());
assertEquals("email", claims.iterator().next().getClaimName());
}
Also used :
ACR(com.nimbusds.openid.connect.sdk.claims.ACR)
AuthenticationRequest(com.nimbusds.openid.connect.sdk.AuthenticationRequest)
Aggregations
AuthenticationRequest (com.nimbusds.openid.connect.sdk.AuthenticationRequest)73
Scope (com.nimbusds.oauth2.sdk.Scope)44
ResponseType (com.nimbusds.oauth2.sdk.ResponseType)34
State (com.nimbusds.oauth2.sdk.id.State)29
Nonce (com.nimbusds.openid.connect.sdk.Nonce)27
ClientID (com.nimbusds.oauth2.sdk.id.ClientID)24
Test (org.junit.jupiter.api.Test)19
ErrorObject (com.nimbusds.oauth2.sdk.ErrorObject)16
URI (java.net.URI)16
ParseException (com.nimbusds.oauth2.sdk.ParseException)12
ClientSession (uk.gov.di.authentication.shared.entity.ClientSession)12
AuthorizationCode (com.nimbusds.oauth2.sdk.AuthorizationCode)11
VectorOfTrust (uk.gov.di.authentication.shared.entity.VectorOfTrust)10
AuthenticationSuccessResponse (com.nimbusds.openid.connect.sdk.AuthenticationSuccessResponse)8
APIGatewayProxyResponseEvent (com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent)7
ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)7
MethodSource (org.junit.jupiter.params.provider.MethodSource)6
SignedJWT (com.nimbusds.jwt.SignedJWT)5
OIDCClaimsRequest (com.nimbusds.openid.connect.sdk.OIDCClaimsRequest)5
HashMap (java.util.HashMap)5
