use of com.predic8.membrane.core.interceptor.oauth2.request.NoResponse in project service-proxy by membrane.
the class PasswordFlow method processWithParameters.
@Override
protected Response processWithParameters() throws Exception {
if (!verifyClientThroughParams())
return OAuth2Util.createParameterizedJsonErrorResponse(exc, jsonGen, "error", "unauthorized_client");
Map<String, String> userParams = verifyUserThroughParams();
if (userParams == null)
return OAuth2Util.createParameterizedJsonErrorResponse(exc, jsonGen, "error", "access_denied");
scope = getScope();
token = createTokenForVerifiedUserAndClient();
refreshToken = authServer.getRefreshTokenGenerator().getToken(getUsername(), getClientId(), getClientSecret());
SessionManager.Session session = createSessionForAuthorizedUserWithParams();
synchronized (session) {
session.getUserAttributes().put(ACCESS_TOKEN, token);
session.getUserAttributes().putAll(userParams);
}
authServer.getSessionFinder().addSessionForToken(token, session);
Client client;
try {
synchronized (authServer.getClientList()) {
client = authServer.getClientList().getClient(getClientId());
}
} catch (Exception e) {
return OAuth2Util.createParameterizedJsonErrorResponse(exc, jsonGen, "error", "invalid_client");
}
String grantTypes = client.getGrantTypes();
if (!grantTypes.contains(getGrantType())) {
return OAuth2Util.createParameterizedJsonErrorResponse(exc, jsonGen, "error", "invalid_grant_type");
}
refreshToken = authServer.getRefreshTokenGenerator().getToken(client.getClientId(), client.getClientId(), client.getClientSecret());
if (authServer.isIssueNonSpecIdTokens() && OAuth2Util.isOpenIdScope(scope)) {
idToken = createSignedIdToken(session, client.getClientId(), client);
}
exc.setResponse(getEarlyResponse());
return new NoResponse();
}
use of com.predic8.membrane.core.interceptor.oauth2.request.NoResponse in project service-proxy by membrane.
the class AuthWithoutSessionRequest method processWithParameters.
@Override
protected Response processWithParameters() throws Exception {
Client client;
try {
client = authServer.getClientList().getClient(getClientId());
} catch (Exception e) {
return OAuth2Util.createParameterizedJsonErrorResponse(exc, jsonGen, "error", "unauthorized_client");
}
if (!OAuth2Util.isAbsoluteUri(getRedirectUri()) || !getRedirectUri().equals(client.getCallbackUrl()))
return OAuth2Util.createParameterizedJsonErrorResponse(exc, jsonGen, "error", "invalid_request");
if (promptEqualsNone())
return createParameterizedFormUrlencodedRedirect(exc, getState(), client.getCallbackUrl() + "?error=login_required");
if (!authServer.getSupportedAuthorizationGrants().contains(getResponseType()))
return createParameterizedFormUrlencodedRedirect(exc, getState(), client.getCallbackUrl() + "?error=unsupported_response_type");
String validScopes = verifyScopes(getScope());
if (validScopes.isEmpty())
return createParameterizedFormUrlencodedRedirect(exc, getState(), client.getCallbackUrl() + "?error=invalid_scope");
if (OAuth2Util.isOpenIdScope(validScopes)) {
if (!isCodeRequest())
return createParameterizedFormUrlencodedRedirect(exc, getState(), client.getCallbackUrl() + "?error=invalid_request");
// Parses the claims parameter into a json object. Claim values are always ignored and set to "null" as it is optional to react to those values
addValidClaimsToParams();
} else
removeClaimsWhenNotOpenidScope();
setScope(validScopes);
String invalidScopes = hasGivenInvalidScopes(getScope(), validScopes);
if (!invalidScopes.isEmpty())
setScopeInvalid(invalidScopes);
SessionManager.Session session = authServer.getSessionManager().getOrCreateSession(exc);
addParams(session, params);
return new NoResponse();
}
use of com.predic8.membrane.core.interceptor.oauth2.request.NoResponse in project service-proxy by membrane.
the class RefreshTokenFlow method processWithParameters.
@Override
protected Response processWithParameters() throws Exception {
if (!verifyClientThroughParams())
return OAuth2Util.createParameterizedJsonErrorResponse(exc, jsonGen, "error", "unauthorized_client");
String username;
try {
username = authServer.getRefreshTokenGenerator().getUsername(getRefreshToken());
} catch (NoSuchElementException ex) {
return OAuth2Util.createParameterizedJsonErrorResponse(exc, jsonGen, "error", "invalid_request");
}
params.put(ParamNames.USERNAME, username);
try {
authServer.getRefreshTokenGenerator().invalidateToken(getRefreshToken(), getClientId(), getClientSecret());
} catch (NoSuchElementException ex) {
return OAuth2Util.createParameterizedJsonErrorResponse(exc, jsonGen, "error", "invalid_grant");
}
// TODO check if scope is "narrower" than before
Client client;
try {
synchronized (authServer.getClientList()) {
client = authServer.getClientList().getClient(getClientId());
}
} catch (Exception e) {
return OAuth2Util.createParameterizedJsonErrorResponse(exc, jsonGen, "error", "invalid_client");
}
String grantTypes = client.getGrantTypes();
if (!grantTypes.contains(getGrantType())) {
return OAuth2Util.createParameterizedJsonErrorResponse(exc, jsonGen, "error", "invalid_grant_type");
}
scope = getScope();
token = authServer.getTokenGenerator().getToken(getUsername(), getClientId(), getClientSecret());
refreshToken = authServer.getRefreshTokenGenerator().getToken(getUsername(), getClientId(), getClientSecret());
SessionManager.Session session = getSessionForAuthorizedUserWithParams();
synchronized (session) {
session.getUserAttributes().put(ACCESS_TOKEN, token);
}
authServer.getSessionFinder().addSessionForToken(token, session);
if (OAuth2Util.isOpenIdScope(scope)) {
idToken = createSignedIdToken(session, username, client);
}
return new NoResponse();
}
use of com.predic8.membrane.core.interceptor.oauth2.request.NoResponse in project service-proxy by membrane.
the class CredentialsFlow method processWithParameters.
@Override
protected Response processWithParameters() throws Exception {
if (!verifyClientThroughParams())
return OAuth2Util.createParameterizedJsonErrorResponse(exc, jsonGen, "error", "unauthorized_client");
scope = getScope();
token = createTokenForVerifiedClient();
SessionManager.Session session = createSessionForAuthorizedClientWithParams();
synchronized (session) {
session.getUserAttributes().put(ACCESS_TOKEN, token);
}
Client client;
try {
synchronized (authServer.getClientList()) {
client = authServer.getClientList().getClient(getClientId());
}
} catch (Exception e) {
return OAuth2Util.createParameterizedJsonErrorResponse(exc, jsonGen, "error", "invalid_client");
}
String grantTypes = client.getGrantTypes();
if (!grantTypes.contains(getGrantType())) {
return OAuth2Util.createParameterizedJsonErrorResponse(exc, jsonGen, "error", "invalid_grant_type");
}
authServer.getSessionFinder().addSessionForToken(token, session);
if (authServer.isIssueNonSpecRefreshTokens())
refreshToken = authServer.getRefreshTokenGenerator().getToken(client.getClientId(), client.getClientId(), client.getClientSecret());
if (authServer.isIssueNonSpecIdTokens() && OAuth2Util.isOpenIdScope(scope))
idToken = createSignedIdToken(session, client.getClientId(), client);
exc.setResponse(getEarlyResponse());
return new NoResponse();
}
Aggregations