Example 6 with ProviderConfiguration
use of com.okta.oidc.net.request.ProviderConfiguration in project okta-oidc-android by okta.
the class SyncSessionClientImpl method getUserProfile.
@Override
public UserInfo getUserProfile() throws AuthorizationException {
try {
ProviderConfiguration providerConfiguration = mOktaState.getProviderConfiguration();
TokenResponse tokenResponse = mOktaState.getTokenResponse();
AuthorizedRequest request = userProfileRequest(providerConfiguration, tokenResponse);
JSONObject userInfo = request.executeRequest(mHttpClient);
mCurrentRequest.set(new WeakReference<>(request));
return new UserInfo(userInfo);
} catch (OktaRepository.EncryptionException e) {
throw AuthorizationException.EncryptionErrors.byEncryptionException(e);
}
}
Also used :
AuthorizedRequest(com.okta.oidc.net.request.AuthorizedRequest)
TokenResponse(com.okta.oidc.net.response.TokenResponse)
JSONObject(org.json.JSONObject)
OktaRepository(com.okta.oidc.storage.OktaRepository)
UserInfo(com.okta.oidc.net.response.UserInfo)
ProviderConfiguration(com.okta.oidc.net.request.ProviderConfiguration)
Example 7 with ProviderConfiguration
use of com.okta.oidc.net.request.ProviderConfiguration in project okta-oidc-android by okta.
the class SyncSessionClientImpl method authorizedRequest.
public JSONObject authorizedRequest(@NonNull Uri uri, @Nullable Map<String, String> properties, @Nullable Map<String, String> postParameters, @NonNull ConnectionParameters.RequestMethod method) throws AuthorizationException {
try {
ProviderConfiguration providerConfiguration = mOktaState.getProviderConfiguration();
TokenResponse tokenResponse = mOktaState.getTokenResponse();
AuthorizedRequest request = createAuthorizedRequest(uri, properties, postParameters, method, providerConfiguration, tokenResponse);
mCurrentRequest.set(new WeakReference<>(request));
return request.executeRequest(mHttpClient);
} catch (OktaRepository.EncryptionException e) {
throw AuthorizationException.EncryptionErrors.byEncryptionException(e);
}
}
Also used :
AuthorizedRequest(com.okta.oidc.net.request.AuthorizedRequest)
TokenResponse(com.okta.oidc.net.response.TokenResponse)
OktaRepository(com.okta.oidc.storage.OktaRepository)
ProviderConfiguration(com.okta.oidc.net.request.ProviderConfiguration)
Example 8 with ProviderConfiguration
use of com.okta.oidc.net.request.ProviderConfiguration in project okta-oidc-android by okta.
the class AuthAPI method obtainNewConfiguration.
protected ProviderConfiguration obtainNewConfiguration() throws AuthorizationException {
try {
ProviderConfiguration config = mOktaState.getProviderConfiguration();
Uri discoveryUri = mOidcConfig.getDiscoveryUri();
if (discoveryUri != null) {
if (config == null || !discoveryUri.toString().contains(config.issuer)) {
mOktaState.setCurrentState(State.OBTAIN_CONFIGURATION);
ConfigurationRequest request = configurationRequest();
mCurrentRequest.set(new WeakReference<>(request));
config = request.executeRequest(mHttpClient);
mOktaState.save(config);
}
} else {
config = new ProviderConfiguration(mOidcConfig.getCustomConfiguration());
mOktaState.save(config);
}
return config;
} catch (OktaRepository.EncryptionException e) {
throw AuthorizationException.EncryptionErrors.byEncryptionException(e);
}
}
Also used :
ConfigurationRequest(com.okta.oidc.net.request.ConfigurationRequest)
OktaRepository(com.okta.oidc.storage.OktaRepository)
Uri(android.net.Uri)
ProviderConfiguration(com.okta.oidc.net.request.ProviderConfiguration)
Example 9 with ProviderConfiguration
use of com.okta.oidc.net.request.ProviderConfiguration in project okta-oidc-android by okta.
the class OktaIdToken method validate.
/**
* Validate.
*
* @param request the request
* @throws AuthorizationException the authorization exception
*/
@RestrictTo(RestrictTo.Scope.LIBRARY)
public void validate(TokenRequest request, Validator validator) throws AuthorizationException {
final OIDCConfig config = request.getConfig();
ProviderConfiguration providerConfig = request.getProviderConfiguration();
if (!"RS256".equals(mHeader.alg)) {
throw AuthorizationException.fromTemplate(ID_TOKEN_VALIDATION_ERROR, AuthorizationException.TokenValidationError.createNotSupportedAlgorithmException(mHeader.alg));
}
if (providerConfig.issuer != null) {
if (!mClaims.iss.equals(providerConfig.issuer)) {
throw AuthorizationException.fromTemplate(ID_TOKEN_VALIDATION_ERROR, AuthorizationException.TokenValidationError.ISSUER_MISMATCH);
}
Uri issuerUri = Uri.parse(mClaims.iss);
if (!issuerUri.getScheme().equals("https")) {
throw AuthorizationException.fromTemplate(ID_TOKEN_VALIDATION_ERROR, AuthorizationException.TokenValidationError.ISSUER_NOT_HTTPS_URL);
}
if (TextUtils.isEmpty(issuerUri.getHost())) {
throw AuthorizationException.fromTemplate(ID_TOKEN_VALIDATION_ERROR, AuthorizationException.TokenValidationError.ISSUER_HOST_EMPTY);
}
if (issuerUri.getFragment() != null || issuerUri.getQueryParameterNames().size() > 0) {
throw AuthorizationException.fromTemplate(ID_TOKEN_VALIDATION_ERROR, AuthorizationException.TokenValidationError.ISSUER_URL_CONTAIN_OTHER_COMPONENTS);
}
}
String clientId = config.getClientId();
if (!this.mClaims.aud.contains(clientId)) {
throw AuthorizationException.fromTemplate(ID_TOKEN_VALIDATION_ERROR, AuthorizationException.TokenValidationError.AUDIENCE_MISMATCH);
}
validator.validate(this);
if (GrantTypes.AUTHORIZATION_CODE.equals(request.getGrantType())) {
String expectedNonce = request.getNonce();
if (!TextUtils.equals(mClaims.nonce, expectedNonce)) {
throw AuthorizationException.fromTemplate(ID_TOKEN_VALIDATION_ERROR, AuthorizationException.TokenValidationError.NONCE_MISMATCH);
}
}
if (request.getMaxAge() != null && mClaims.auth_time <= 0) {
throw AuthorizationException.fromTemplate(ID_TOKEN_VALIDATION_ERROR, AuthorizationException.TokenValidationError.AUTH_TIME_MISSING);
}
}
Also used :
Uri(android.net.Uri)
ProviderConfiguration(com.okta.oidc.net.request.ProviderConfiguration)
RestrictTo(androidx.annotation.RestrictTo)
Example 10 with ProviderConfiguration
use of com.okta.oidc.net.request.ProviderConfiguration in project okta-oidc-android by okta.
the class SyncAuthClientImpl method signIn.
@WorkerThread
@Override
public Result signIn(String sessionToken, @Nullable AuthenticationPayload payload) {
try {
mCancel.set(false);
ProviderConfiguration providerConfiguration = obtainNewConfiguration();
checkIfCanceled();
mOktaState.setCurrentState(State.SIGN_IN_REQUEST);
NativeAuthorizeRequest request = nativeAuthorizeRequest(sessionToken, providerConfiguration, payload);
mCurrentRequest.set(new WeakReference<>(request));
// Save the nativeAuth request in a AuthRequest because it is needed to verify results.
AuthorizeRequest authRequest = new AuthorizeRequest(request.getParameters());
mOktaState.save(authRequest);
AuthorizeResponse authResponse = request.executeRequest(mHttpClient);
checkIfCanceled();
// This flow should never happen but if it does throw a exception.
if (isVerificationFlow(authResponse)) {
return Result.error(new AuthorizationException("Email verification required. Session: " + authResponse.getSessionHint(), null));
}
validateResult(authResponse, authRequest);
mOktaState.setCurrentState(State.TOKEN_EXCHANGE);
TokenRequest requestToken = tokenExchange(authResponse, providerConfiguration, authRequest);
mCurrentRequest.set(new WeakReference<>(requestToken));
TokenResponse tokenResponse = requestToken.executeRequest(mHttpClient);
mOktaState.save(tokenResponse);
return Result.success();
} catch (AuthorizationException e) {
return Result.error(e);
} catch (IOException e) {
return Result.cancel();
} catch (Exception e) {
return Result.error(new AuthorizationException(OTHER.code, e.getMessage(), e));
} finally {
resetCurrentState();
}
}
Also used :
AuthorizeResponse(com.okta.oidc.net.response.web.AuthorizeResponse)
TokenResponse(com.okta.oidc.net.response.TokenResponse)
AuthorizeRequest(com.okta.oidc.net.request.web.AuthorizeRequest)
NativeAuthorizeRequest(com.okta.oidc.net.request.NativeAuthorizeRequest)
AuthorizationException(com.okta.oidc.util.AuthorizationException)
TokenRequest(com.okta.oidc.net.request.TokenRequest)
IOException(java.io.IOException)
NativeAuthorizeRequest(com.okta.oidc.net.request.NativeAuthorizeRequest)
IOException(java.io.IOException)
AuthorizationException(com.okta.oidc.util.AuthorizationException)
ProviderConfiguration(com.okta.oidc.net.request.ProviderConfiguration)
WorkerThread(androidx.annotation.WorkerThread)
Aggregations
ProviderConfiguration (com.okta.oidc.net.request.ProviderConfiguration)15
TokenResponse (com.okta.oidc.net.response.TokenResponse)7
OktaRepository (com.okta.oidc.storage.OktaRepository)6
Test (org.junit.Test)4
ConfigurationRequest (com.okta.oidc.net.request.ConfigurationRequest)3
WebRequest (com.okta.oidc.net.request.web.WebRequest)3
AuthorizationException (com.okta.oidc.util.AuthorizationException)3
Uri (android.net.Uri)2
WorkerThread (androidx.annotation.WorkerThread)2
AuthorizedRequest (com.okta.oidc.net.request.AuthorizedRequest)2
TokenRequest (com.okta.oidc.net.request.TokenRequest)2
AuthorizeResponse (com.okta.oidc.net.response.web.AuthorizeResponse)2
IOException (java.io.IOException)2
RecordedRequest (okhttp3.mockwebserver.RecordedRequest)2
NonNull (androidx.annotation.NonNull)1
RestrictTo (androidx.annotation.RestrictTo)1
Gson (com.google.gson.Gson)1
StateResult (com.okta.oidc.AuthenticationResultHandler.StateResult)1
OIDCConfig (com.okta.oidc.OIDCConfig)1
NativeAuthorizeRequest (com.okta.oidc.net.request.NativeAuthorizeRequest)1
