Search in sources :

Example 6 with ProviderConfiguration

use of com.okta.oidc.net.request.ProviderConfiguration in project okta-oidc-android by okta.

the class SyncSessionClientImpl method getUserProfile.

@Override
public UserInfo getUserProfile() throws AuthorizationException {
    try {
        ProviderConfiguration providerConfiguration = mOktaState.getProviderConfiguration();
        TokenResponse tokenResponse = mOktaState.getTokenResponse();
        AuthorizedRequest request = userProfileRequest(providerConfiguration, tokenResponse);
        JSONObject userInfo = request.executeRequest(mHttpClient);
        mCurrentRequest.set(new WeakReference<>(request));
        return new UserInfo(userInfo);
    } catch (OktaRepository.EncryptionException e) {
        throw AuthorizationException.EncryptionErrors.byEncryptionException(e);
    }
}
Also used : AuthorizedRequest(com.okta.oidc.net.request.AuthorizedRequest) TokenResponse(com.okta.oidc.net.response.TokenResponse) JSONObject(org.json.JSONObject) OktaRepository(com.okta.oidc.storage.OktaRepository) UserInfo(com.okta.oidc.net.response.UserInfo) ProviderConfiguration(com.okta.oidc.net.request.ProviderConfiguration)

Example 7 with ProviderConfiguration

use of com.okta.oidc.net.request.ProviderConfiguration in project okta-oidc-android by okta.

the class SyncSessionClientImpl method authorizedRequest.

public JSONObject authorizedRequest(@NonNull Uri uri, @Nullable Map<String, String> properties, @Nullable Map<String, String> postParameters, @NonNull ConnectionParameters.RequestMethod method) throws AuthorizationException {
    try {
        ProviderConfiguration providerConfiguration = mOktaState.getProviderConfiguration();
        TokenResponse tokenResponse = mOktaState.getTokenResponse();
        AuthorizedRequest request = createAuthorizedRequest(uri, properties, postParameters, method, providerConfiguration, tokenResponse);
        mCurrentRequest.set(new WeakReference<>(request));
        return request.executeRequest(mHttpClient);
    } catch (OktaRepository.EncryptionException e) {
        throw AuthorizationException.EncryptionErrors.byEncryptionException(e);
    }
}
Also used : AuthorizedRequest(com.okta.oidc.net.request.AuthorizedRequest) TokenResponse(com.okta.oidc.net.response.TokenResponse) OktaRepository(com.okta.oidc.storage.OktaRepository) ProviderConfiguration(com.okta.oidc.net.request.ProviderConfiguration)

Example 8 with ProviderConfiguration

use of com.okta.oidc.net.request.ProviderConfiguration in project okta-oidc-android by okta.

the class AuthAPI method obtainNewConfiguration.

protected ProviderConfiguration obtainNewConfiguration() throws AuthorizationException {
    try {
        ProviderConfiguration config = mOktaState.getProviderConfiguration();
        Uri discoveryUri = mOidcConfig.getDiscoveryUri();
        if (discoveryUri != null) {
            if (config == null || !discoveryUri.toString().contains(config.issuer)) {
                mOktaState.setCurrentState(State.OBTAIN_CONFIGURATION);
                ConfigurationRequest request = configurationRequest();
                mCurrentRequest.set(new WeakReference<>(request));
                config = request.executeRequest(mHttpClient);
                mOktaState.save(config);
            }
        } else {
            config = new ProviderConfiguration(mOidcConfig.getCustomConfiguration());
            mOktaState.save(config);
        }
        return config;
    } catch (OktaRepository.EncryptionException e) {
        throw AuthorizationException.EncryptionErrors.byEncryptionException(e);
    }
}
Also used : ConfigurationRequest(com.okta.oidc.net.request.ConfigurationRequest) OktaRepository(com.okta.oidc.storage.OktaRepository) Uri(android.net.Uri) ProviderConfiguration(com.okta.oidc.net.request.ProviderConfiguration)

Example 9 with ProviderConfiguration

use of com.okta.oidc.net.request.ProviderConfiguration in project okta-oidc-android by okta.

the class OktaIdToken method validate.

/**
 * Validate.
 *
 * @param request the request
 * @throws AuthorizationException the authorization exception
 */
@RestrictTo(RestrictTo.Scope.LIBRARY)
public void validate(TokenRequest request, Validator validator) throws AuthorizationException {
    final OIDCConfig config = request.getConfig();
    ProviderConfiguration providerConfig = request.getProviderConfiguration();
    if (!"RS256".equals(mHeader.alg)) {
        throw AuthorizationException.fromTemplate(ID_TOKEN_VALIDATION_ERROR, AuthorizationException.TokenValidationError.createNotSupportedAlgorithmException(mHeader.alg));
    }
    if (providerConfig.issuer != null) {
        if (!mClaims.iss.equals(providerConfig.issuer)) {
            throw AuthorizationException.fromTemplate(ID_TOKEN_VALIDATION_ERROR, AuthorizationException.TokenValidationError.ISSUER_MISMATCH);
        }
        Uri issuerUri = Uri.parse(mClaims.iss);
        if (!issuerUri.getScheme().equals("https")) {
            throw AuthorizationException.fromTemplate(ID_TOKEN_VALIDATION_ERROR, AuthorizationException.TokenValidationError.ISSUER_NOT_HTTPS_URL);
        }
        if (TextUtils.isEmpty(issuerUri.getHost())) {
            throw AuthorizationException.fromTemplate(ID_TOKEN_VALIDATION_ERROR, AuthorizationException.TokenValidationError.ISSUER_HOST_EMPTY);
        }
        if (issuerUri.getFragment() != null || issuerUri.getQueryParameterNames().size() > 0) {
            throw AuthorizationException.fromTemplate(ID_TOKEN_VALIDATION_ERROR, AuthorizationException.TokenValidationError.ISSUER_URL_CONTAIN_OTHER_COMPONENTS);
        }
    }
    String clientId = config.getClientId();
    if (!this.mClaims.aud.contains(clientId)) {
        throw AuthorizationException.fromTemplate(ID_TOKEN_VALIDATION_ERROR, AuthorizationException.TokenValidationError.AUDIENCE_MISMATCH);
    }
    validator.validate(this);
    if (GrantTypes.AUTHORIZATION_CODE.equals(request.getGrantType())) {
        String expectedNonce = request.getNonce();
        if (!TextUtils.equals(mClaims.nonce, expectedNonce)) {
            throw AuthorizationException.fromTemplate(ID_TOKEN_VALIDATION_ERROR, AuthorizationException.TokenValidationError.NONCE_MISMATCH);
        }
    }
    if (request.getMaxAge() != null && mClaims.auth_time <= 0) {
        throw AuthorizationException.fromTemplate(ID_TOKEN_VALIDATION_ERROR, AuthorizationException.TokenValidationError.AUTH_TIME_MISSING);
    }
}
Also used : Uri(android.net.Uri) ProviderConfiguration(com.okta.oidc.net.request.ProviderConfiguration) RestrictTo(androidx.annotation.RestrictTo)

Example 10 with ProviderConfiguration

use of com.okta.oidc.net.request.ProviderConfiguration in project okta-oidc-android by okta.

the class SyncAuthClientImpl method signIn.

@WorkerThread
@Override
public Result signIn(String sessionToken, @Nullable AuthenticationPayload payload) {
    try {
        mCancel.set(false);
        ProviderConfiguration providerConfiguration = obtainNewConfiguration();
        checkIfCanceled();
        mOktaState.setCurrentState(State.SIGN_IN_REQUEST);
        NativeAuthorizeRequest request = nativeAuthorizeRequest(sessionToken, providerConfiguration, payload);
        mCurrentRequest.set(new WeakReference<>(request));
        // Save the nativeAuth request in a AuthRequest because it is needed to verify results.
        AuthorizeRequest authRequest = new AuthorizeRequest(request.getParameters());
        mOktaState.save(authRequest);
        AuthorizeResponse authResponse = request.executeRequest(mHttpClient);
        checkIfCanceled();
        // This flow should never happen but if it does throw a exception.
        if (isVerificationFlow(authResponse)) {
            return Result.error(new AuthorizationException("Email verification required. Session: " + authResponse.getSessionHint(), null));
        }
        validateResult(authResponse, authRequest);
        mOktaState.setCurrentState(State.TOKEN_EXCHANGE);
        TokenRequest requestToken = tokenExchange(authResponse, providerConfiguration, authRequest);
        mCurrentRequest.set(new WeakReference<>(requestToken));
        TokenResponse tokenResponse = requestToken.executeRequest(mHttpClient);
        mOktaState.save(tokenResponse);
        return Result.success();
    } catch (AuthorizationException e) {
        return Result.error(e);
    } catch (IOException e) {
        return Result.cancel();
    } catch (Exception e) {
        return Result.error(new AuthorizationException(OTHER.code, e.getMessage(), e));
    } finally {
        resetCurrentState();
    }
}
Also used : AuthorizeResponse(com.okta.oidc.net.response.web.AuthorizeResponse) TokenResponse(com.okta.oidc.net.response.TokenResponse) AuthorizeRequest(com.okta.oidc.net.request.web.AuthorizeRequest) NativeAuthorizeRequest(com.okta.oidc.net.request.NativeAuthorizeRequest) AuthorizationException(com.okta.oidc.util.AuthorizationException) TokenRequest(com.okta.oidc.net.request.TokenRequest) IOException(java.io.IOException) NativeAuthorizeRequest(com.okta.oidc.net.request.NativeAuthorizeRequest) IOException(java.io.IOException) AuthorizationException(com.okta.oidc.util.AuthorizationException) ProviderConfiguration(com.okta.oidc.net.request.ProviderConfiguration) WorkerThread(androidx.annotation.WorkerThread)

Aggregations

ProviderConfiguration (com.okta.oidc.net.request.ProviderConfiguration)15 TokenResponse (com.okta.oidc.net.response.TokenResponse)7 OktaRepository (com.okta.oidc.storage.OktaRepository)6 Test (org.junit.Test)4 ConfigurationRequest (com.okta.oidc.net.request.ConfigurationRequest)3 WebRequest (com.okta.oidc.net.request.web.WebRequest)3 AuthorizationException (com.okta.oidc.util.AuthorizationException)3 Uri (android.net.Uri)2 WorkerThread (androidx.annotation.WorkerThread)2 AuthorizedRequest (com.okta.oidc.net.request.AuthorizedRequest)2 TokenRequest (com.okta.oidc.net.request.TokenRequest)2 AuthorizeResponse (com.okta.oidc.net.response.web.AuthorizeResponse)2 IOException (java.io.IOException)2 RecordedRequest (okhttp3.mockwebserver.RecordedRequest)2 NonNull (androidx.annotation.NonNull)1 RestrictTo (androidx.annotation.RestrictTo)1 Gson (com.google.gson.Gson)1 StateResult (com.okta.oidc.AuthenticationResultHandler.StateResult)1 OIDCConfig (com.okta.oidc.OIDCConfig)1 NativeAuthorizeRequest (com.okta.oidc.net.request.NativeAuthorizeRequest)1