use of com.nimbusds.openid.connect.sdk.AuthenticationRequest in project OpenConext-oidcng by OpenConext.
the class AuthorizationEndpoint method createAndSaveAuthorizationCode.
private AuthorizationCode createAndSaveAuthorizationCode(AuthorizationRequest authorizationRequest, OpenIDClient client, User user) {
URI redirectionURI = authorizationRequest.getRedirectionURI();
Scope scope = authorizationRequest.getScope();
List<String> scopes = scope != null ? scope.toStringList() : Collections.emptyList();
// Optional code challenges for PKCE
CodeChallenge codeChallenge = authorizationRequest.getCodeChallenge();
String codeChallengeValue = codeChallenge != null ? codeChallenge.getValue() : null;
CodeChallengeMethod codeChallengeMethod = authorizationRequest.getCodeChallengeMethod();
String codeChallengeMethodValue = codeChallengeMethod != null ? codeChallengeMethod.getValue() : (codeChallengeValue != null ? CodeChallengeMethod.getDefault().getValue() : null);
List<String> idTokenClaims = getClaims(authorizationRequest);
String code = tokenGenerator.generateAuthorizationCode();
Nonce nonce = authorizationRequest instanceof AuthenticationRequest ? AuthenticationRequest.class.cast(authorizationRequest).getNonce() : null;
AuthorizationCode authorizationCode = new AuthorizationCode(code, user.getSub(), client.getClientId(), scopes, redirectionURI, codeChallengeValue, codeChallengeMethodValue, nonce != null ? nonce.getValue() : null, idTokenClaims, redirectionURI != null, tokenValidity(10 * 60));
authorizationCodeRepository.insert(authorizationCode);
return authorizationCode;
}
use of com.nimbusds.openid.connect.sdk.AuthenticationRequest in project OpenConext-oidcng by OpenConext.
the class AuthorizationEndpoint method authorizationEndpointResponse.
private Map<String, Object> authorizationEndpointResponse(User user, OpenIDClient client, AuthorizationRequest authorizationRequest, List<String> scopes, ResponseType responseType, State state) {
Map<String, Object> result = new LinkedHashMap<>();
EncryptedTokenValue encryptedAccessToken = tokenGenerator.generateAccessTokenWithEmbeddedUserInfo(user, client, scopes);
if (responseType.contains(ResponseType.Value.TOKEN.getValue()) || !isOpenIDRequest(authorizationRequest)) {
String unspecifiedUrnHash = KeyGenerator.oneWayHash(user.getUnspecifiedNameId(), this.salt);
AccessToken accessToken = new AccessToken(encryptedAccessToken.getJwtId(), user.getSub(), client.getClientId(), scopes, encryptedAccessToken.getKeyId(), accessTokenValidity(client), false, null, unspecifiedUrnHash);
accessTokenRepository.insert(accessToken);
result.put("access_token", encryptedAccessToken.getValue());
result.put("token_type", "Bearer");
}
if (responseType.contains(ResponseType.Value.CODE.getValue())) {
AuthorizationCode authorizationCode = createAndSaveAuthorizationCode(authorizationRequest, client, user);
result.put("code", authorizationCode.getCode());
}
if (responseType.contains(OIDCResponseTypeValue.ID_TOKEN.getValue()) && isOpenIDRequest(scopes) && isOpenIDRequest(authorizationRequest)) {
AuthenticationRequest authenticationRequest = (AuthenticationRequest) authorizationRequest;
List<String> claims = getClaims(authorizationRequest);
TokenValue tokenValue = tokenGenerator.generateIDTokenForAuthorizationEndpoint(user, client, authenticationRequest.getNonce(), responseType, encryptedAccessToken.getValue(), claims, Optional.ofNullable((String) result.get("code")), state);
result.put("id_token", tokenValue.getValue());
}
result.put("expires_in", client.getAccessTokenValidity());
if (state != null) {
result.put("state", state.getValue());
}
return result;
}
use of com.nimbusds.openid.connect.sdk.AuthenticationRequest in project Application-Gateway by gianlucafrei.
the class WiremockTest method makeLogin.
protected LoginResult makeLogin() {
try {
// ACT1: Start the login
var loginResult = webClient.get().uri("/auth/local/login").exchange().expectStatus().isFound().returnResult(String.class);
var redirectUriString = loginResult.getResponseHeaders().getFirst("Location");
URI redirectUri = new URI(redirectUriString);
AuthenticationRequest oidcRequest = AuthenticationRequest.parse(redirectUri);
LoginProvider provider = config.getLoginProviders().get("local");
assertTrue(redirectUriString.startsWith((String) provider.getWith().get("authEndpoint")));
assertEquals(provider.getWith().get("clientId"), oidcRequest.getClientID().toString());
var loginStateCookie = loginResult.getResponseCookies().getFirst(LoginStateCookie.NAME);
// ACT 2: Call the callback url
// Arrange
String authorizationResponse = String.format("?state=%s&code=%s", oidcRequest.getState().getValue(), "authCode");
var callbackResult = webClient.get().uri("/auth/local/callback" + authorizationResponse).cookie(loginStateCookie.getName(), loginStateCookie.getValue()).exchange().expectStatus().isFound().returnResult(String.class);
var result = new LoginResult(callbackResult);
// id from jwt token
result.id = "248289761001";
return result;
} catch (Exception e) {
throw new ApplicationException("Login Failed", e);
}
}
use of com.nimbusds.openid.connect.sdk.AuthenticationRequest in project OpenConext-oidcng by OpenConext.
the class JWTRequestTest method plainJWT.
@Test(expected = UnsupportedJWTException.class)
public void plainJWT() throws Exception {
OpenIDClient client = getClient();
signedJWT(client.getClientId(), "keyID", client.getRedirectUrls().get(0));
PlainJWT jwt = new PlainJWT(new JWTClaimsSet.Builder().jwtID(UUID.randomUUID().toString()).build());
AuthenticationRequest authenticationRequest = new AuthenticationRequest.Builder(ResponseType.getDefault(), new Scope("openid"), new ClientID(client.getClientId()), new URI("http://localhost:8080")).requestObject(jwt).build();
callParse(client, authenticationRequest);
}
use of com.nimbusds.openid.connect.sdk.AuthenticationRequest in project OpenConext-oidcng by OpenConext.
the class JWTRequestTest method callParse.
private void callParse(OpenIDClient client, AuthenticationRequest authenticationRequest) throws Exception {
AuthenticationRequest parsed = JWTRequest.parse(authenticationRequest, client);
assertEquals("openid groups", parsed.getScope().toString());
assertEquals("123456", parsed.getNonce().getValue());
assertEquals("new", parsed.getState().getValue());
assertEquals("loa1 loa2 loa3", parsed.getACRValues().stream().map(ACR::getValue).collect(Collectors.joining(" ")));
Collection<ClaimsRequest.Entry> claims = parsed.getClaims().getIDTokenClaims();
assertEquals(1, claims.size());
assertEquals("email", claims.iterator().next().getClaimName());
}
Aggregations