use of com.nimbusds.openid.connect.sdk.AuthenticationRequest in project OpenConext-oidcng by OpenConext.
the class JWTRequestTest method fullBlown.
@Test
public void fullBlown() throws Exception {
OpenIDClient client = getClient();
setCertificateFields(client, getStrippedCertificate(), null, null);
String keyID = getCertificateKeyID(client);
SignedJWT signedJWT = signedJWT(client.getClientId(), keyID, client.getRedirectUrls().get(0));
ClaimsRequest claimsRequest = new ClaimsRequest();
claimsRequest.addIDTokenClaim("email");
List<LangTag> langTags = Collections.singletonList(new LangTag("en"));
List<ACR> acrValues = Collections.singletonList(new ACR("loa"));
AuthenticationRequest authenticationRequest = new AuthenticationRequest(new URI("http://localhost/authorize"), ResponseType.getDefault(), ResponseMode.FRAGMENT, new Scope("openid"), new ClientID(client.getClientId()), new URI(client.getRedirectUrls().get(0)), new State("state"), new Nonce("nonce"), Display.getDefault(), Prompt.parse("consent"), 1200, langTags, langTags, null, "hint", acrValues, claimsRequest, "purpose", signedJWT, null, CodeChallenge.compute(CodeChallengeMethod.S256, new CodeVerifier()), CodeChallengeMethod.S256, Collections.singletonList(new URI("http://localhost")), true, Collections.singletonMap("custom", Collections.singletonList("value")));
authenticationRequest = JWTRequest.parse(authenticationRequest, client);
assertEquals("login", authenticationRequest.getPrompt().toString());
}
use of com.nimbusds.openid.connect.sdk.AuthenticationRequest in project obiba-commons by obiba.
the class OIDCLoginFilter method doFilterInternal.
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
J2EContext context = new J2EContext(request, response);
String provider = OIDCHelper.extractProviderName(context, providerParameter);
if (Strings.isNullOrEmpty(provider)) {
log.error("No ID provider could be identified.");
} else {
try {
OIDCConfiguration config = oidcConfigurationProvider.getConfiguration(provider);
if (config == null)
throw new OIDCException("No OIDC configuration could be found: " + provider);
OIDCAuthenticationRequestFactory factory = new OIDCAuthenticationRequestFactory(makeCallbackURL(provider));
AuthenticationRequest authRequest = factory.create(config);
if (oidcSessionManager != null) {
OIDCSession session = makeSession(context, authRequest);
oidcSessionManager.saveSession(session);
}
response.sendRedirect(authRequest.toURI().toString());
} catch (OIDCException e) {
log.error("OIDC login request to '{}' failed.", provider, e);
throw e;
}
}
filterChain.doFilter(request, response);
}
use of com.nimbusds.openid.connect.sdk.AuthenticationRequest in project java-oauth-server by authlete.
the class Federation method buildAuthenticationRequest.
// ------------------------------------------------------------
// Authentication Request
// ------------------------------------------------------------
private AuthenticationRequest buildAuthenticationRequest(State state, CodeVerifier verifier, CodeChallengeMethod method) throws IOException {
// The authorization endpoint of the OpenID provider.
URI endpoint = authorizationEndpoint();
// response_type
ResponseType responseType = new ResponseType("code");
// scope
Scope scope = buildAuthenticationRequestScope();
// client_id (from federation configuration)
ClientID clientId = clientId();
// redirect_uri (from federation configuration)
URI redirectUri = redirectUri();
// Start to build an authentication request.
AuthenticationRequest.Builder builder = new AuthenticationRequest.Builder(responseType, scope, clientId, redirectUri).endpointURI(endpoint);
// state
if (state != null) {
builder.state(state);
}
// code_challenge & code_challenge_method
if (verifier != null && method != null) {
// code_challenge is computed from the verifier and the method.
builder.codeChallenge(verifier, method);
}
return builder.build();
}
use of com.nimbusds.openid.connect.sdk.AuthenticationRequest in project java-oauth-server by authlete.
the class Federation method createFederationRequest.
// ------------------------------------------------------------
// Federation Flow
// ------------------------------------------------------------
/**
* Create an authentication request that is to be sent to the authorization
* endpoint of the OpenID Provider.
*/
public URI createFederationRequest(String state, String codeVerifier) throws IOException {
// state
State st = (state != null) ? new State(state) : null;
// Code verifier that is to be used to calculate code_challenge.
CodeVerifier verifier = (codeVerifier != null) ? new CodeVerifier(codeVerifier) : null;
// code_challenge_method
CodeChallengeMethod method = (verifier != null) ? CodeChallengeMethod.S256 : null;
// Create an authentication request that is to be sent to
// the authorization endpoint.
AuthenticationRequest request = buildAuthenticationRequest(st, verifier, method);
return request.toURI();
}
use of com.nimbusds.openid.connect.sdk.AuthenticationRequest in project di-authentication-api by alphagov.
the class AuthorisationHandler method handleRequest.
@Override
public APIGatewayProxyResponseEvent handleRequest(APIGatewayProxyRequestEvent input, Context context) {
return isWarming(input).orElseGet(() -> {
var persistentSessionId = authorizationService.getExistingOrCreateNewPersistentSessionId(input.getHeaders());
var ipAddress = IpAddressHelper.extractIpAddress(input);
auditService.submitAuditEvent(OidcAuditableEvent.AUTHORISATION_REQUEST_RECEIVED, context.getAwsRequestId(), AuditService.UNKNOWN, AuditService.UNKNOWN, AuditService.UNKNOWN, AuditService.UNKNOWN, ipAddress, AuditService.UNKNOWN, persistentSessionId);
attachLogFieldToLogs(PERSISTENT_SESSION_ID, persistentSessionId);
attachLogFieldToLogs(AWS_REQUEST_ID, context.getAwsRequestId());
LOG.info("Received authentication request");
Map<String, List<String>> queryStringParameters;
AuthenticationRequest authRequest;
try {
queryStringParameters = input.getQueryStringParameters().entrySet().stream().collect(Collectors.toMap(Map.Entry::getKey, entry -> List.of(entry.getValue())));
authRequest = AuthenticationRequest.parse(queryStringParameters);
} catch (ParseException e) {
if (e.getRedirectionURI() == null) {
LOG.warn("Authentication request could not be parsed: redirect URI or Client ID is missing from auth request");
throw new RuntimeException("Redirect URI or ClientID is missing from auth request", e);
}
LOG.warn("Authentication request could not be parsed", e);
return generateErrorResponse(e.getRedirectionURI(), e.getState(), e.getResponseMode(), e.getErrorObject(), context, ipAddress, persistentSessionId);
} catch (NullPointerException e) {
LOG.warn("No query string parameters are present in the Authentication request", e);
throw new RuntimeException("No query string parameters are present in the Authentication request", e);
}
var error = authorizationService.validateAuthRequest(authRequest);
return error.map(e -> generateErrorResponse(authRequest.getRedirectionURI(), authRequest.getState(), authRequest.getResponseMode(), e, context, ipAddress, persistentSessionId)).orElseGet(() -> getOrCreateSessionAndRedirect(queryStringParameters, sessionService.getSessionFromSessionCookie(input.getHeaders()), authRequest, context, ipAddress, persistentSessionId));
});
}
Aggregations