Example 1 with ACR
use of com.nimbusds.openid.connect.sdk.claims.ACR in project OpenConext-oidcng by OpenConext.
the class JWTRequestTest method callParse.
private void callParse(OpenIDClient client, AuthenticationRequest authenticationRequest) throws Exception {
AuthenticationRequest parsed = JWTRequest.parse(authenticationRequest, client);
assertEquals("openid groups", parsed.getScope().toString());
assertEquals("123456", parsed.getNonce().getValue());
assertEquals("new", parsed.getState().getValue());
assertEquals("loa1 loa2 loa3", parsed.getACRValues().stream().map(ACR::getValue).collect(Collectors.joining(" ")));
Collection<ClaimsRequest.Entry> claims = parsed.getClaims().getIDTokenClaims();
assertEquals(1, claims.size());
assertEquals("email", claims.iterator().next().getClaimName());
}
Also used :
ACR(com.nimbusds.openid.connect.sdk.claims.ACR)
AuthenticationRequest(com.nimbusds.openid.connect.sdk.AuthenticationRequest)
Example 2 with ACR
use of com.nimbusds.openid.connect.sdk.claims.ACR in project OpenConext-oidcng by OpenConext.
the class JWTRequestTest method fullBlown.
@Test
public void fullBlown() throws Exception {
OpenIDClient client = getClient();
setCertificateFields(client, getStrippedCertificate(), null, null);
String keyID = getCertificateKeyID(client);
SignedJWT signedJWT = signedJWT(client.getClientId(), keyID, client.getRedirectUrls().get(0));
ClaimsRequest claimsRequest = new ClaimsRequest();
claimsRequest.addIDTokenClaim("email");
List<LangTag> langTags = Collections.singletonList(new LangTag("en"));
List<ACR> acrValues = Collections.singletonList(new ACR("loa"));
AuthenticationRequest authenticationRequest = new AuthenticationRequest(new URI("http://localhost/authorize"), ResponseType.getDefault(), ResponseMode.FRAGMENT, new Scope("openid"), new ClientID(client.getClientId()), new URI(client.getRedirectUrls().get(0)), new State("state"), new Nonce("nonce"), Display.getDefault(), Prompt.parse("consent"), 1200, langTags, langTags, null, "hint", acrValues, claimsRequest, "purpose", signedJWT, null, CodeChallenge.compute(CodeChallengeMethod.S256, new CodeVerifier()), CodeChallengeMethod.S256, Collections.singletonList(new URI("http://localhost")), true, Collections.singletonMap("custom", Collections.singletonList("value")));
authenticationRequest = JWTRequest.parse(authenticationRequest, client);
assertEquals("login", authenticationRequest.getPrompt().toString());
}
Also used :
OpenIDClient(oidc.model.OpenIDClient)
SignedJWT(com.nimbusds.jwt.SignedJWT)
ClaimsRequest(com.nimbusds.openid.connect.sdk.ClaimsRequest)
URI(java.net.URI)
ACR(com.nimbusds.openid.connect.sdk.claims.ACR)
Nonce(com.nimbusds.openid.connect.sdk.Nonce)
LangTag(com.nimbusds.langtag.LangTag)
CodeVerifier(com.nimbusds.oauth2.sdk.pkce.CodeVerifier)
Scope(com.nimbusds.oauth2.sdk.Scope)
State(com.nimbusds.oauth2.sdk.id.State)
ClientID(com.nimbusds.oauth2.sdk.id.ClientID)
AuthenticationRequest(com.nimbusds.openid.connect.sdk.AuthenticationRequest)
Test(org.junit.Test)
Example 3 with ACR
use of com.nimbusds.openid.connect.sdk.claims.ACR in project OpenConext-oidcng by OpenConext.
the class AuthnRequestConverter method enhanceAuthenticationRequest.
private AuthnRequest enhanceAuthenticationRequest(AuthnRequest authnRequest, Map<String, List<String>> request) throws ParseException, UnsupportedEncodingException {
String clientId = param("client_id", request);
String entityId = ServiceProviderTranslation.translateClientId(clientId);
authnRequest.setScoping(getScoping(Arrays.asList(entityId)));
String prompt = AuthorizationEndpoint.validatePrompt(request);
authnRequest.setForceAuthn(prompt != null && prompt.contains("login"));
/**
* Based on the ongoing discussion with the certification committee
* authenticationRequest.setPassive("none".equals(prompt));
*/
if (!authnRequest.isForceAuthn() && StringUtils.hasText(param("max_age", request))) {
authnRequest.setForceAuthn(true);
}
String acrValues = param("acr_values", request);
if (StringUtils.hasText(acrValues)) {
List<ACR> acrList = Arrays.stream(acrValues.split(" ")).map(ACR::new).collect(Collectors.toList());
parseAcrValues(authnRequest, acrList);
}
String requestP = param("request", request);
String requestUrlP = param("request_uri", request);
if (StringUtils.hasText(requestP) || StringUtils.hasText(requestUrlP)) {
OpenIDClient openIDClient = openIDClientRepository.findOptionalByClientId(clientId).orElseThrow(() -> new UnknownClientException(clientId));
try {
com.nimbusds.openid.connect.sdk.AuthenticationRequest authRequest = com.nimbusds.openid.connect.sdk.AuthenticationRequest.parse(request);
authRequest = JWTRequest.parse(authRequest, openIDClient);
List<ACR> acrValuesObjects = authRequest.getACRValues();
parseAcrValues(authnRequest, acrValuesObjects);
Prompt authRequestPrompt = authRequest.getPrompt();
prompt = AuthorizationEndpoint.validatePrompt(authRequestPrompt);
if (!authnRequest.isForceAuthn() && authRequest.getMaxAge() > -1) {
authnRequest.setForceAuthn(true);
}
if (!authnRequest.isForceAuthn() && prompt != null) {
authnRequest.setForceAuthn(prompt.contains("login"));
}
} catch (Exception e) {
throw new RuntimeException(e);
}
}
String loginHint = param("login_hint", request);
if (StringUtils.hasText(loginHint)) {
loginHint = URLDecoder.decode(loginHint, Charset.defaultCharset().name());
IDPList idpList = addIdpEntries(loginHint);
Scoping scoping = authnRequest.getScoping();
scoping.setIDPList(idpList);
}
return authnRequest;
}
Also used :
UnknownClientException(oidc.exceptions.UnknownClientException)
OpenIDClient(oidc.model.OpenIDClient)
URISyntaxException(java.net.URISyntaxException)
UnknownClientException(oidc.exceptions.UnknownClientException)
ParseException(com.nimbusds.oauth2.sdk.ParseException)
CookiesNotSupportedException(oidc.exceptions.CookiesNotSupportedException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
ACR(com.nimbusds.openid.connect.sdk.claims.ACR)
Prompt(com.nimbusds.openid.connect.sdk.Prompt)
Aggregations
ACR (com.nimbusds.openid.connect.sdk.claims.ACR)3
AuthenticationRequest (com.nimbusds.openid.connect.sdk.AuthenticationRequest)2
OpenIDClient (oidc.model.OpenIDClient)2
SignedJWT (com.nimbusds.jwt.SignedJWT)1
LangTag (com.nimbusds.langtag.LangTag)1
ParseException (com.nimbusds.oauth2.sdk.ParseException)1
Scope (com.nimbusds.oauth2.sdk.Scope)1
ClientID (com.nimbusds.oauth2.sdk.id.ClientID)1
State (com.nimbusds.oauth2.sdk.id.State)1
CodeVerifier (com.nimbusds.oauth2.sdk.pkce.CodeVerifier)1
ClaimsRequest (com.nimbusds.openid.connect.sdk.ClaimsRequest)1
Nonce (com.nimbusds.openid.connect.sdk.Nonce)1
Prompt (com.nimbusds.openid.connect.sdk.Prompt)1
UnsupportedEncodingException (java.io.UnsupportedEncodingException)1
URI (java.net.URI)1
URISyntaxException (java.net.URISyntaxException)1
CookiesNotSupportedException (oidc.exceptions.CookiesNotSupportedException)1
UnknownClientException (oidc.exceptions.UnknownClientException)1
Test (org.junit.Test)1
