Examples with AuthenticationRequest com.nimbusds.openid.connect.sdk.AuthenticationRequest used on opensource projects

Example 6 with AuthenticationRequest

use of com.nimbusds.openid.connect.sdk.AuthenticationRequest in project OpenConext-oidcng by OpenConext.

the class JWTRequestTest method fullBlown.

@Test
public void fullBlown() throws Exception {
    OpenIDClient client = getClient();
    setCertificateFields(client, getStrippedCertificate(), null, null);
    String keyID = getCertificateKeyID(client);
    SignedJWT signedJWT = signedJWT(client.getClientId(), keyID, client.getRedirectUrls().get(0));
    ClaimsRequest claimsRequest = new ClaimsRequest();
    claimsRequest.addIDTokenClaim("email");
    List<LangTag> langTags = Collections.singletonList(new LangTag("en"));
    List<ACR> acrValues = Collections.singletonList(new ACR("loa"));
    AuthenticationRequest authenticationRequest = new AuthenticationRequest(new URI("http://localhost/authorize"), ResponseType.getDefault(), ResponseMode.FRAGMENT, new Scope("openid"), new ClientID(client.getClientId()), new URI(client.getRedirectUrls().get(0)), new State("state"), new Nonce("nonce"), Display.getDefault(), Prompt.parse("consent"), 1200, langTags, langTags, null, "hint", acrValues, claimsRequest, "purpose", signedJWT, null, CodeChallenge.compute(CodeChallengeMethod.S256, new CodeVerifier()), CodeChallengeMethod.S256, Collections.singletonList(new URI("http://localhost")), true, Collections.singletonMap("custom", Collections.singletonList("value")));
    authenticationRequest = JWTRequest.parse(authenticationRequest, client);
    assertEquals("login", authenticationRequest.getPrompt().toString());
}

Example 7 with AuthenticationRequest

use of com.nimbusds.openid.connect.sdk.AuthenticationRequest in project obiba-commons by obiba.

the class OIDCLoginFilter method doFilterInternal.

@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
    J2EContext context = new J2EContext(request, response);
    String provider = OIDCHelper.extractProviderName(context, providerParameter);
    if (Strings.isNullOrEmpty(provider)) {
        log.error("No ID provider could be identified.");
    } else {
        try {
            OIDCConfiguration config = oidcConfigurationProvider.getConfiguration(provider);
            if (config == null)
                throw new OIDCException("No OIDC configuration could be found: " + provider);
            OIDCAuthenticationRequestFactory factory = new OIDCAuthenticationRequestFactory(makeCallbackURL(provider));
            AuthenticationRequest authRequest = factory.create(config);
            if (oidcSessionManager != null) {
                OIDCSession session = makeSession(context, authRequest);
                oidcSessionManager.saveSession(session);
            }
            response.sendRedirect(authRequest.toURI().toString());
        } catch (OIDCException e) {
            log.error("OIDC login request to '{}' failed.", provider, e);
            throw e;
        }
    }
    filterChain.doFilter(request, response);
}

Example 8 with AuthenticationRequest

use of com.nimbusds.openid.connect.sdk.AuthenticationRequest in project java-oauth-server by authlete.

the class Federation method buildAuthenticationRequest.

// ------------------------------------------------------------
// Authentication Request
// ------------------------------------------------------------
private AuthenticationRequest buildAuthenticationRequest(State state, CodeVerifier verifier, CodeChallengeMethod method) throws IOException {
    // The authorization endpoint of the OpenID provider.
    URI endpoint = authorizationEndpoint();
    // response_type
    ResponseType responseType = new ResponseType("code");
    // scope
    Scope scope = buildAuthenticationRequestScope();
    // client_id (from federation configuration)
    ClientID clientId = clientId();
    // redirect_uri (from federation configuration)
    URI redirectUri = redirectUri();
    // Start to build an authentication request.
    AuthenticationRequest.Builder builder = new AuthenticationRequest.Builder(responseType, scope, clientId, redirectUri).endpointURI(endpoint);
    // state
    if (state != null) {
        builder.state(state);
    }
    // code_challenge & code_challenge_method
    if (verifier != null && method != null) {
        // code_challenge is computed from the verifier and the method.
        builder.codeChallenge(verifier, method);
    }
    return builder.build();
}

Example 9 with AuthenticationRequest

use of com.nimbusds.openid.connect.sdk.AuthenticationRequest in project java-oauth-server by authlete.

the class Federation method createFederationRequest.

// ------------------------------------------------------------
// Federation Flow
// ------------------------------------------------------------
/**
 * Create an authentication request that is to be sent to the authorization
 * endpoint of the OpenID Provider.
 */
public URI createFederationRequest(String state, String codeVerifier) throws IOException {
    // state
    State st = (state != null) ? new State(state) : null;
    // Code verifier that is to be used to calculate code_challenge.
    CodeVerifier verifier = (codeVerifier != null) ? new CodeVerifier(codeVerifier) : null;
    // code_challenge_method
    CodeChallengeMethod method = (verifier != null) ? CodeChallengeMethod.S256 : null;
    // Create an authentication request that is to be sent to
    // the authorization endpoint.
    AuthenticationRequest request = buildAuthenticationRequest(st, verifier, method);
    return request.toURI();
}

Example 10 with AuthenticationRequest

use of com.nimbusds.openid.connect.sdk.AuthenticationRequest in project di-authentication-api by alphagov.

the class AuthorisationHandler method handleRequest.

@Override
public APIGatewayProxyResponseEvent handleRequest(APIGatewayProxyRequestEvent input, Context context) {
    return isWarming(input).orElseGet(() -> {
        var persistentSessionId = authorizationService.getExistingOrCreateNewPersistentSessionId(input.getHeaders());
        var ipAddress = IpAddressHelper.extractIpAddress(input);
        auditService.submitAuditEvent(OidcAuditableEvent.AUTHORISATION_REQUEST_RECEIVED, context.getAwsRequestId(), AuditService.UNKNOWN, AuditService.UNKNOWN, AuditService.UNKNOWN, AuditService.UNKNOWN, ipAddress, AuditService.UNKNOWN, persistentSessionId);
        attachLogFieldToLogs(PERSISTENT_SESSION_ID, persistentSessionId);
        attachLogFieldToLogs(AWS_REQUEST_ID, context.getAwsRequestId());
        LOG.info("Received authentication request");
        Map<String, List<String>> queryStringParameters;
        AuthenticationRequest authRequest;
        try {
            queryStringParameters = input.getQueryStringParameters().entrySet().stream().collect(Collectors.toMap(Map.Entry::getKey, entry -> List.of(entry.getValue())));
            authRequest = AuthenticationRequest.parse(queryStringParameters);
        } catch (ParseException e) {
            if (e.getRedirectionURI() == null) {
                LOG.warn("Authentication request could not be parsed: redirect URI or Client ID is missing from auth request");
                throw new RuntimeException("Redirect URI or ClientID is missing from auth request", e);
            }
            LOG.warn("Authentication request could not be parsed", e);
            return generateErrorResponse(e.getRedirectionURI(), e.getState(), e.getResponseMode(), e.getErrorObject(), context, ipAddress, persistentSessionId);
        } catch (NullPointerException e) {
            LOG.warn("No query string parameters are present in the Authentication request", e);
            throw new RuntimeException("No query string parameters are present in the Authentication request", e);
        }
        var error = authorizationService.validateAuthRequest(authRequest);
        return error.map(e -> generateErrorResponse(authRequest.getRedirectionURI(), authRequest.getState(), authRequest.getResponseMode(), e, context, ipAddress, persistentSessionId)).orElseGet(() -> getOrCreateSessionAndRedirect(queryStringParameters, sessionService.getSessionFromSessionCookie(input.getHeaders()), authRequest, context, ipAddress, persistentSessionId));
    });
}