use of com.okta.oidc.net.request.ProviderConfiguration in project okta-oidc-android by okta.
the class SyncSessionClientImpl method getUserProfile.
@Override
public UserInfo getUserProfile() throws AuthorizationException {
try {
ProviderConfiguration providerConfiguration = mOktaState.getProviderConfiguration();
TokenResponse tokenResponse = mOktaState.getTokenResponse();
AuthorizedRequest request = userProfileRequest(providerConfiguration, tokenResponse);
JSONObject userInfo = request.executeRequest(mHttpClient);
mCurrentRequest.set(new WeakReference<>(request));
return new UserInfo(userInfo);
} catch (OktaRepository.EncryptionException e) {
throw AuthorizationException.EncryptionErrors.byEncryptionException(e);
}
}
use of com.okta.oidc.net.request.ProviderConfiguration in project okta-oidc-android by okta.
the class SyncSessionClientImpl method authorizedRequest.
public JSONObject authorizedRequest(@NonNull Uri uri, @Nullable Map<String, String> properties, @Nullable Map<String, String> postParameters, @NonNull ConnectionParameters.RequestMethod method) throws AuthorizationException {
try {
ProviderConfiguration providerConfiguration = mOktaState.getProviderConfiguration();
TokenResponse tokenResponse = mOktaState.getTokenResponse();
AuthorizedRequest request = createAuthorizedRequest(uri, properties, postParameters, method, providerConfiguration, tokenResponse);
mCurrentRequest.set(new WeakReference<>(request));
return request.executeRequest(mHttpClient);
} catch (OktaRepository.EncryptionException e) {
throw AuthorizationException.EncryptionErrors.byEncryptionException(e);
}
}
use of com.okta.oidc.net.request.ProviderConfiguration in project okta-oidc-android by okta.
the class AuthAPI method obtainNewConfiguration.
protected ProviderConfiguration obtainNewConfiguration() throws AuthorizationException {
try {
ProviderConfiguration config = mOktaState.getProviderConfiguration();
Uri discoveryUri = mOidcConfig.getDiscoveryUri();
if (discoveryUri != null) {
if (config == null || !discoveryUri.toString().contains(config.issuer)) {
mOktaState.setCurrentState(State.OBTAIN_CONFIGURATION);
ConfigurationRequest request = configurationRequest();
mCurrentRequest.set(new WeakReference<>(request));
config = request.executeRequest(mHttpClient);
mOktaState.save(config);
}
} else {
config = new ProviderConfiguration(mOidcConfig.getCustomConfiguration());
mOktaState.save(config);
}
return config;
} catch (OktaRepository.EncryptionException e) {
throw AuthorizationException.EncryptionErrors.byEncryptionException(e);
}
}
use of com.okta.oidc.net.request.ProviderConfiguration in project okta-oidc-android by okta.
the class OktaIdToken method validate.
/**
* Validate.
*
* @param request the request
* @throws AuthorizationException the authorization exception
*/
@RestrictTo(RestrictTo.Scope.LIBRARY)
public void validate(TokenRequest request, Validator validator) throws AuthorizationException {
final OIDCConfig config = request.getConfig();
ProviderConfiguration providerConfig = request.getProviderConfiguration();
if (!"RS256".equals(mHeader.alg)) {
throw AuthorizationException.fromTemplate(ID_TOKEN_VALIDATION_ERROR, AuthorizationException.TokenValidationError.createNotSupportedAlgorithmException(mHeader.alg));
}
if (providerConfig.issuer != null) {
if (!mClaims.iss.equals(providerConfig.issuer)) {
throw AuthorizationException.fromTemplate(ID_TOKEN_VALIDATION_ERROR, AuthorizationException.TokenValidationError.ISSUER_MISMATCH);
}
Uri issuerUri = Uri.parse(mClaims.iss);
if (!issuerUri.getScheme().equals("https")) {
throw AuthorizationException.fromTemplate(ID_TOKEN_VALIDATION_ERROR, AuthorizationException.TokenValidationError.ISSUER_NOT_HTTPS_URL);
}
if (TextUtils.isEmpty(issuerUri.getHost())) {
throw AuthorizationException.fromTemplate(ID_TOKEN_VALIDATION_ERROR, AuthorizationException.TokenValidationError.ISSUER_HOST_EMPTY);
}
if (issuerUri.getFragment() != null || issuerUri.getQueryParameterNames().size() > 0) {
throw AuthorizationException.fromTemplate(ID_TOKEN_VALIDATION_ERROR, AuthorizationException.TokenValidationError.ISSUER_URL_CONTAIN_OTHER_COMPONENTS);
}
}
String clientId = config.getClientId();
if (!this.mClaims.aud.contains(clientId)) {
throw AuthorizationException.fromTemplate(ID_TOKEN_VALIDATION_ERROR, AuthorizationException.TokenValidationError.AUDIENCE_MISMATCH);
}
validator.validate(this);
if (GrantTypes.AUTHORIZATION_CODE.equals(request.getGrantType())) {
String expectedNonce = request.getNonce();
if (!TextUtils.equals(mClaims.nonce, expectedNonce)) {
throw AuthorizationException.fromTemplate(ID_TOKEN_VALIDATION_ERROR, AuthorizationException.TokenValidationError.NONCE_MISMATCH);
}
}
if (request.getMaxAge() != null && mClaims.auth_time <= 0) {
throw AuthorizationException.fromTemplate(ID_TOKEN_VALIDATION_ERROR, AuthorizationException.TokenValidationError.AUTH_TIME_MISSING);
}
}
use of com.okta.oidc.net.request.ProviderConfiguration in project okta-oidc-android by okta.
the class SyncAuthClientImpl method signIn.
@WorkerThread
@Override
public Result signIn(String sessionToken, @Nullable AuthenticationPayload payload) {
try {
mCancel.set(false);
ProviderConfiguration providerConfiguration = obtainNewConfiguration();
checkIfCanceled();
mOktaState.setCurrentState(State.SIGN_IN_REQUEST);
NativeAuthorizeRequest request = nativeAuthorizeRequest(sessionToken, providerConfiguration, payload);
mCurrentRequest.set(new WeakReference<>(request));
// Save the nativeAuth request in a AuthRequest because it is needed to verify results.
AuthorizeRequest authRequest = new AuthorizeRequest(request.getParameters());
mOktaState.save(authRequest);
AuthorizeResponse authResponse = request.executeRequest(mHttpClient);
checkIfCanceled();
// This flow should never happen but if it does throw a exception.
if (isVerificationFlow(authResponse)) {
return Result.error(new AuthorizationException("Email verification required. Session: " + authResponse.getSessionHint(), null));
}
validateResult(authResponse, authRequest);
mOktaState.setCurrentState(State.TOKEN_EXCHANGE);
TokenRequest requestToken = tokenExchange(authResponse, providerConfiguration, authRequest);
mCurrentRequest.set(new WeakReference<>(requestToken));
TokenResponse tokenResponse = requestToken.executeRequest(mHttpClient);
mOktaState.save(tokenResponse);
return Result.success();
} catch (AuthorizationException e) {
return Result.error(e);
} catch (IOException e) {
return Result.cancel();
} catch (Exception e) {
return Result.error(new AuthorizationException(OTHER.code, e.getMessage(), e));
} finally {
resetCurrentState();
}
}
Aggregations