Search in sources :

Example 1 with UserInfoResponse

use of com.nimbusds.openid.connect.sdk.UserInfoResponse in project nifi by apache.

the class StandardOidcIdentityProvider method lookupEmail.

private String lookupEmail(final BearerAccessToken bearerAccessToken) throws IOException {
    try {
        // build the user request
        final UserInfoRequest request = new UserInfoRequest(oidcProviderMetadata.getUserInfoEndpointURI(), bearerAccessToken);
        final HTTPRequest tokenHttpRequest = request.toHTTPRequest();
        tokenHttpRequest.setConnectTimeout(oidcConnectTimeout);
        tokenHttpRequest.setReadTimeout(oidcReadTimeout);
        // send the user request
        final UserInfoResponse response = UserInfoResponse.parse(request.toHTTPRequest().send());
        // interpret the details
        if (response.indicatesSuccess()) {
            final UserInfoSuccessResponse successResponse = (UserInfoSuccessResponse) response;
            final JWTClaimsSet claimsSet;
            if (successResponse.getUserInfo() != null) {
                claimsSet = successResponse.getUserInfo().toJWTClaimsSet();
            } else {
                claimsSet = successResponse.getUserInfoJWT().getJWTClaimsSet();
            }
            final String email = claimsSet.getStringClaim(EMAIL_CLAIM_NAME);
            // ensure we were able to get the user email
            if (StringUtils.isBlank(email)) {
                throw new IllegalStateException("Unable to extract email from the UserInfo token.");
            } else {
                return email;
            }
        } else {
            final UserInfoErrorResponse errorResponse = (UserInfoErrorResponse) response;
            throw new RuntimeException("An error occurred while invoking the UserInfo endpoint: " + errorResponse.getErrorObject().getDescription());
        }
    } catch (final ParseException | java.text.ParseException e) {
        throw new RuntimeException("Unable to parse the response from the UserInfo token request: " + e.getMessage());
    }
}
Also used : HTTPRequest(com.nimbusds.oauth2.sdk.http.HTTPRequest) UserInfoSuccessResponse(com.nimbusds.openid.connect.sdk.UserInfoSuccessResponse) JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) UserInfoErrorResponse(com.nimbusds.openid.connect.sdk.UserInfoErrorResponse) UserInfoRequest(com.nimbusds.openid.connect.sdk.UserInfoRequest) ParseException(com.nimbusds.oauth2.sdk.ParseException) UserInfoResponse(com.nimbusds.openid.connect.sdk.UserInfoResponse)

Example 2 with UserInfoResponse

use of com.nimbusds.openid.connect.sdk.UserInfoResponse in project ddf by codice.

the class OidcCredentialsResolver method resolveIdToken.

/* This methods job is to try and get an id token from a
  1. refresh token
  2. authorization code
  3. access token
  */
public void resolveIdToken(OidcCredentials credentials, WebContext webContext) {
    final AccessToken initialAccessToken = credentials.getAccessToken();
    final JWT initialIdToken = credentials.getIdToken();
    try {
        OidcTokenValidator.validateAccessToken(initialAccessToken, initialIdToken, resourceRetriever, metadata, configuration);
        if (initialIdToken != null) {
            OidcTokenValidator.validateIdTokens(initialIdToken, webContext, configuration, client);
            return;
        }
    } catch (OidcValidationException e) {
        throw new TechnicalException(e);
    }
    final RefreshToken initialRefreshToken = credentials.getRefreshToken();
    final AuthorizationCode initialAuthorizationCode = credentials.getCode();
    final List<AuthorizationGrant> grantList = new ArrayList<>();
    if (initialRefreshToken != null) {
        grantList.add(new RefreshTokenGrant(initialRefreshToken));
    }
    if (initialAuthorizationCode != null) {
        try {
            final URI callbackUri = new URI(client.computeFinalCallbackUrl(webContext));
            grantList.add(new AuthorizationCodeGrant(initialAuthorizationCode, callbackUri));
        } catch (URISyntaxException e) {
            LOGGER.debug("Problem computing callback url. Cannot add authorization code grant.");
        }
    }
    // try to get id token using refresh token and authorization code
    for (AuthorizationGrant grant : grantList) {
        try {
            trySendingGrantAndPopulatingCredentials(grant, credentials, webContext);
            if (credentials.getIdToken() != null) {
                break;
            }
        } catch (IOException | ParseException e) {
            LOGGER.debug("Problem sending grant ({}).", grant, e);
        }
    }
    // try to get id token using access token
    if (credentials.getIdToken() == null && initialAccessToken != null) {
        final UserInfoRequest userInfoRequest = new UserInfoRequest(metadata.getUserInfoEndpointURI(), Method.GET, new BearerAccessToken(initialAccessToken.toString()));
        final HTTPRequest userInfoHttpRequest = userInfoRequest.toHTTPRequest();
        try {
            final HTTPResponse httpResponse = userInfoHttpRequest.send();
            final UserInfoResponse userInfoResponse = UserInfoResponse.parse(httpResponse);
            if (userInfoResponse instanceof UserInfoSuccessResponse) {
                final UserInfoSuccessResponse userInfoSuccessResponse = (UserInfoSuccessResponse) userInfoResponse;
                JWT idToken = userInfoSuccessResponse.getUserInfoJWT();
                if (idToken == null && userInfoSuccessResponse.getUserInfo().toJWTClaimsSet() != null) {
                    idToken = new PlainJWT(userInfoSuccessResponse.getUserInfo().toJWTClaimsSet());
                }
                OidcTokenValidator.validateUserInfoIdToken(idToken, resourceRetriever, metadata);
                credentials.setIdToken(idToken);
            } else {
                throw new TechnicalException("Received a non-successful UserInfoResponse.");
            }
        } catch (IOException | ParseException | OidcValidationException e) {
            LOGGER.debug("Problem retrieving id token using access token.", e);
            throw new TechnicalException(e);
        }
    }
}
Also used : AuthorizationCode(com.nimbusds.oauth2.sdk.AuthorizationCode) HTTPRequest(com.nimbusds.oauth2.sdk.http.HTTPRequest) PlainJWT(com.nimbusds.jwt.PlainJWT) TechnicalException(org.pac4j.core.exception.TechnicalException) UserInfoSuccessResponse(com.nimbusds.openid.connect.sdk.UserInfoSuccessResponse) PlainJWT(com.nimbusds.jwt.PlainJWT) JWT(com.nimbusds.jwt.JWT) RefreshTokenGrant(com.nimbusds.oauth2.sdk.RefreshTokenGrant) HTTPResponse(com.nimbusds.oauth2.sdk.http.HTTPResponse) ArrayList(java.util.ArrayList) UserInfoRequest(com.nimbusds.openid.connect.sdk.UserInfoRequest) URISyntaxException(java.net.URISyntaxException) IOException(java.io.IOException) URI(java.net.URI) OidcValidationException(org.codice.ddf.security.oidc.validator.OidcValidationException) RefreshToken(com.nimbusds.oauth2.sdk.token.RefreshToken) AuthorizationCodeGrant(com.nimbusds.oauth2.sdk.AuthorizationCodeGrant) AccessToken(com.nimbusds.oauth2.sdk.token.AccessToken) BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken) ParseException(com.nimbusds.oauth2.sdk.ParseException) BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken) UserInfoResponse(com.nimbusds.openid.connect.sdk.UserInfoResponse) AuthorizationGrant(com.nimbusds.oauth2.sdk.AuthorizationGrant)

Aggregations

ParseException (com.nimbusds.oauth2.sdk.ParseException)2 HTTPRequest (com.nimbusds.oauth2.sdk.http.HTTPRequest)2 UserInfoRequest (com.nimbusds.openid.connect.sdk.UserInfoRequest)2 UserInfoResponse (com.nimbusds.openid.connect.sdk.UserInfoResponse)2 UserInfoSuccessResponse (com.nimbusds.openid.connect.sdk.UserInfoSuccessResponse)2 JWT (com.nimbusds.jwt.JWT)1 JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)1 PlainJWT (com.nimbusds.jwt.PlainJWT)1 AuthorizationCode (com.nimbusds.oauth2.sdk.AuthorizationCode)1 AuthorizationCodeGrant (com.nimbusds.oauth2.sdk.AuthorizationCodeGrant)1 AuthorizationGrant (com.nimbusds.oauth2.sdk.AuthorizationGrant)1 RefreshTokenGrant (com.nimbusds.oauth2.sdk.RefreshTokenGrant)1 HTTPResponse (com.nimbusds.oauth2.sdk.http.HTTPResponse)1 AccessToken (com.nimbusds.oauth2.sdk.token.AccessToken)1 BearerAccessToken (com.nimbusds.oauth2.sdk.token.BearerAccessToken)1 RefreshToken (com.nimbusds.oauth2.sdk.token.RefreshToken)1 UserInfoErrorResponse (com.nimbusds.openid.connect.sdk.UserInfoErrorResponse)1 IOException (java.io.IOException)1 URI (java.net.URI)1 URISyntaxException (java.net.URISyntaxException)1