Example 1 with AccessToken
use of de.ids_mannheim.korap.oauth2.entity.AccessToken in project Kustvakt by KorAP.
the class OpenIdTokenService method createsAccessTokenResponse.
private AccessTokenResponse createsAccessTokenResponse(Authorization authorization) throws KustvaktException {
Set<AccessScope> scopes = authorization.getScopes();
String[] scopeArray = scopes.stream().map(scope -> scope.toString()).toArray(String[]::new);
Scope scope = new Scope(scopeArray);
AccessToken accessToken = new BearerAccessToken(config.getAccessTokenExpiry(), scope);
RefreshToken refreshToken = new RefreshToken();
de.ids_mannheim.korap.oauth2.entity.RefreshToken rt = refreshDao.storeRefreshToken(refreshToken.getValue(), authorization.getUserId(), authorization.getUserAuthenticationTime(), authorization.getClientId(), scopes);
tokenDao.storeAccessToken(accessToken.getValue(), rt, scopes, authorization.getUserId(), authorization.getClientId(), authorization.getUserAuthenticationTime());
return createsAccessTokenResponse(accessToken, refreshToken, scope, authorization.getClientId(), authorization.getUserId(), authorization.getUserAuthenticationTime(), authorization.getNonce());
}
Also used :
RefreshToken(com.nimbusds.oauth2.sdk.token.RefreshToken)
Date(java.util.Date)
ZonedDateTime(java.time.ZonedDateTime)
OIDCTokenResponse(com.nimbusds.openid.connect.sdk.OIDCTokenResponse)
JOSEException(com.nimbusds.jose.JOSEException)
ClientAuthentication(com.nimbusds.oauth2.sdk.auth.ClientAuthentication)
Autowired(org.springframework.beans.factory.annotation.Autowired)
OAuth2TokenService(de.ids_mannheim.korap.oauth2.service.OAuth2TokenService)
ResourceOwnerPasswordCredentialsGrant(com.nimbusds.oauth2.sdk.ResourceOwnerPasswordCredentialsGrant)
ClientAuthenticationMethod(com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod)
URI(java.net.URI)
AccessTokenResponse(com.nimbusds.oauth2.sdk.AccessTokenResponse)
Authorization(de.ids_mannheim.korap.oauth2.entity.Authorization)
RefreshTokenDao(de.ids_mannheim.korap.oauth2.dao.RefreshTokenDao)
AccessToken(com.nimbusds.oauth2.sdk.token.AccessToken)
Tokens(com.nimbusds.oauth2.sdk.token.Tokens)
OAuth2Client(de.ids_mannheim.korap.oauth2.entity.OAuth2Client)
Set(java.util.Set)
JWSAlgorithm(com.nimbusds.jose.JWSAlgorithm)
JWSHeader(com.nimbusds.jose.JWSHeader)
SignedJWT(com.nimbusds.jwt.SignedJWT)
TokenRequest(com.nimbusds.oauth2.sdk.TokenRequest)
RSASSASigner(com.nimbusds.jose.crypto.RSASSASigner)
JWSSigner(com.nimbusds.jose.JWSSigner)
TimeUtils(de.ids_mannheim.korap.utils.TimeUtils)
PrivateKey(java.security.PrivateKey)
AccessScope(de.ids_mannheim.korap.oauth2.entity.AccessScope)
Nonce(com.nimbusds.openid.connect.sdk.Nonce)
GrantType(com.nimbusds.oauth2.sdk.GrantType)
JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet)
Audience(com.nimbusds.oauth2.sdk.id.Audience)
ArrayList(java.util.ArrayList)
HashSet(java.util.HashSet)
Issuer(com.nimbusds.oauth2.sdk.id.Issuer)
ClientSecretBasic(com.nimbusds.oauth2.sdk.auth.ClientSecretBasic)
Subject(com.nimbusds.oauth2.sdk.id.Subject)
Service(org.springframework.stereotype.Service)
StatusCodes(de.ids_mannheim.korap.exceptions.StatusCodes)
ParseException(com.nimbusds.oauth2.sdk.ParseException)
IDTokenClaimsSet(com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet)
ClientID(com.nimbusds.oauth2.sdk.id.ClientID)
AuthorizationGrant(com.nimbusds.oauth2.sdk.AuthorizationGrant)
ClientSecretPost(com.nimbusds.oauth2.sdk.auth.ClientSecretPost)
BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken)
AuthorizationCodeGrant(com.nimbusds.oauth2.sdk.AuthorizationCodeGrant)
Scope(com.nimbusds.oauth2.sdk.Scope)
KustvaktException(de.ids_mannheim.korap.exceptions.KustvaktException)
OIDCTokens(com.nimbusds.openid.connect.sdk.token.OIDCTokens)
AccessTokenDao(de.ids_mannheim.korap.oauth2.dao.AccessTokenDao)
OAuth2Error(de.ids_mannheim.korap.oauth2.constant.OAuth2Error)
RefreshToken(com.nimbusds.oauth2.sdk.token.RefreshToken)
AccessScope(de.ids_mannheim.korap.oauth2.entity.AccessScope)
Scope(com.nimbusds.oauth2.sdk.Scope)
AccessToken(com.nimbusds.oauth2.sdk.token.AccessToken)
BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken)
BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken)
AccessScope(de.ids_mannheim.korap.oauth2.entity.AccessScope)
Example 2 with AccessToken
use of de.ids_mannheim.korap.oauth2.entity.AccessToken in project Kustvakt by KorAP.
the class OAuth2ClientService method revokeAllAuthorizationsByClientId.
public void revokeAllAuthorizationsByClientId(String clientId) throws KustvaktException {
// revoke all related authorization codes
List<Authorization> authList = authorizationDao.retrieveAuthorizationsByClientId(clientId);
for (Authorization authorization : authList) {
authorization.setRevoked(true);
authorizationDao.updateAuthorization(authorization);
}
// revoke all related access tokens
List<AccessToken> tokens = tokenDao.retrieveAccessTokenByClientId(clientId, null);
for (AccessToken token : tokens) {
token.setRevoked(true);
tokenDao.updateAccessToken(token);
}
List<RefreshToken> refreshTokens = refreshDao.retrieveRefreshTokenByClientId(clientId, null);
for (RefreshToken token : refreshTokens) {
token.setRevoked(true);
refreshDao.updateRefreshToken(token);
}
}
Also used :
Authorization(de.ids_mannheim.korap.oauth2.entity.Authorization)
RefreshToken(de.ids_mannheim.korap.oauth2.entity.RefreshToken)
AccessToken(de.ids_mannheim.korap.oauth2.entity.AccessToken)
Example 3 with AccessToken
use of de.ids_mannheim.korap.oauth2.entity.AccessToken in project Kustvakt by KorAP.
the class AccessTokenDao method storeAccessToken.
public void storeAccessToken(String token, RefreshToken refreshToken, Set<AccessScope> scopes, String userId, String clientId, ZonedDateTime authenticationTime) throws KustvaktException {
ParameterChecker.checkStringValue(token, "access_token");
// ParameterChecker.checkObjectValue(refreshToken, "refresh
// token");
ParameterChecker.checkObjectValue(scopes, "scopes");
// ParameterChecker.checkStringValue(userId, "username");
ParameterChecker.checkStringValue(clientId, "client_id");
ParameterChecker.checkObjectValue(authenticationTime, "authentication time");
ZonedDateTime now = ZonedDateTime.now(ZoneId.of(Attributes.DEFAULT_TIME_ZONE));
ZonedDateTime expiry;
AccessToken accessToken = new AccessToken();
if (refreshToken != null) {
accessToken.setRefreshToken(refreshToken);
expiry = now.plusSeconds(config.getAccessTokenExpiry());
} else {
expiry = now.plusSeconds(config.getAccessTokenLongExpiry());
}
OAuth2Client client = clientDao.retrieveClientById(clientId);
accessToken.setCreatedDate(now);
accessToken.setExpiryDate(expiry);
accessToken.setToken(token);
accessToken.setScopes(scopes);
accessToken.setUserId(userId);
accessToken.setClient(client);
accessToken.setUserAuthenticationTime(authenticationTime);
entityManager.persist(accessToken);
}
Also used :
ZonedDateTime(java.time.ZonedDateTime)
AccessToken(de.ids_mannheim.korap.oauth2.entity.AccessToken)
OAuth2Client(de.ids_mannheim.korap.oauth2.entity.OAuth2Client)
Example 4 with AccessToken
use of de.ids_mannheim.korap.oauth2.entity.AccessToken in project Kustvakt by KorAP.
the class OltuTokenService method revokeAllClientTokensViaSuperClient.
public void revokeAllClientTokensViaSuperClient(String username, OAuth2RevokeAllTokenSuperRequest revokeTokenRequest) throws KustvaktException {
String superClientId = revokeTokenRequest.getSuperClientId();
String superClientSecret = revokeTokenRequest.getSuperClientSecret();
OAuth2Client superClient = clientService.authenticateClient(superClientId, superClientSecret);
if (!superClient.isSuper()) {
throw new KustvaktException(StatusCodes.CLIENT_AUTHENTICATION_FAILED);
}
String clientId = revokeTokenRequest.getClientId();
OAuth2Client client = clientService.retrieveClient(clientId);
if (clientService.isPublicClient(client)) {
List<AccessToken> accessTokens = tokenDao.retrieveAccessTokenByClientId(clientId, username);
for (AccessToken t : accessTokens) {
revokeAccessToken(t);
}
} else {
List<RefreshToken> refreshTokens = refreshDao.retrieveRefreshTokenByClientId(clientId, username);
for (RefreshToken r : refreshTokens) {
revokeRefreshToken(r);
}
}
}
Also used :
KustvaktException(de.ids_mannheim.korap.exceptions.KustvaktException)
RefreshToken(de.ids_mannheim.korap.oauth2.entity.RefreshToken)
OAuth2Client(de.ids_mannheim.korap.oauth2.entity.OAuth2Client)
AccessToken(de.ids_mannheim.korap.oauth2.entity.AccessToken)
Example 5 with AccessToken
use of de.ids_mannheim.korap.oauth2.entity.AccessToken in project Kustvakt by KorAP.
the class OltuTokenService method listUserAccessToken.
public List<OAuth2TokenDto> listUserAccessToken(String username, String superClientId, String superClientSecret, String clientId) throws KustvaktException {
OAuth2Client superClient = clientService.authenticateClient(superClientId, superClientSecret);
if (!superClient.isSuper()) {
throw new KustvaktException(StatusCodes.CLIENT_AUTHORIZATION_FAILED, "Only super client is allowed.", OAuth2Error.UNAUTHORIZED_CLIENT);
}
List<AccessToken> tokens = tokenDao.retrieveAccessTokenByUser(username, clientId);
List<OAuth2TokenDto> dtoList = new ArrayList<>(tokens.size());
for (AccessToken t : tokens) {
OAuth2Client tokenClient = t.getClient();
if (tokenClient.getId().equals(superClient.getId())) {
continue;
}
OAuth2TokenDto dto = new OAuth2TokenDto();
dto.setClientId(tokenClient.getId());
dto.setClientName(tokenClient.getName());
dto.setClientUrl(tokenClient.getUrl());
dto.setClientDescription(tokenClient.getDescription());
DateTimeFormatter f = DateTimeFormatter.ISO_DATE_TIME;
dto.setCreatedDate(t.getCreatedDate().format(f));
long difference = ChronoUnit.SECONDS.between(ZonedDateTime.now(), t.getExpiryDate());
dto.setExpiresIn(difference);
dto.setUserAuthenticationTime(t.getUserAuthenticationTime().format(f));
dto.setToken(t.getToken());
Set<AccessScope> accessScopes = t.getScopes();
Set<String> scopes = new HashSet<>(accessScopes.size());
for (AccessScope s : accessScopes) {
scopes.add(s.getId().toString());
}
dto.setScope(scopes);
dtoList.add(dto);
}
return dtoList;
}
Also used :
KustvaktException(de.ids_mannheim.korap.exceptions.KustvaktException)
OAuth2Client(de.ids_mannheim.korap.oauth2.entity.OAuth2Client)
ArrayList(java.util.ArrayList)
OAuth2TokenDto(de.ids_mannheim.korap.oauth2.dto.OAuth2TokenDto)
AccessToken(de.ids_mannheim.korap.oauth2.entity.AccessToken)
DateTimeFormatter(java.time.format.DateTimeFormatter)
AccessScope(de.ids_mannheim.korap.oauth2.entity.AccessScope)
HashSet(java.util.HashSet)
Aggregations
AccessToken (de.ids_mannheim.korap.oauth2.entity.AccessToken)14
OAuth2Client (de.ids_mannheim.korap.oauth2.entity.OAuth2Client)9
KustvaktException (de.ids_mannheim.korap.exceptions.KustvaktException)8
ZonedDateTime (java.time.ZonedDateTime)6
CriteriaBuilder (javax.persistence.criteria.CriteriaBuilder)5
Predicate (javax.persistence.criteria.Predicate)4
AccessScope (de.ids_mannheim.korap.oauth2.entity.AccessScope)3
RefreshToken (de.ids_mannheim.korap.oauth2.entity.RefreshToken)3
Scope (com.nimbusds.oauth2.sdk.Scope)2
AccessToken (com.nimbusds.oauth2.sdk.token.AccessToken)2
BearerAccessToken (com.nimbusds.oauth2.sdk.token.BearerAccessToken)2
RefreshToken (com.nimbusds.oauth2.sdk.token.RefreshToken)2
Authorization (de.ids_mannheim.korap.oauth2.entity.Authorization)2
ArrayList (java.util.ArrayList)2
HashSet (java.util.HashSet)2
JOSEException (com.nimbusds.jose.JOSEException)1
JWSAlgorithm (com.nimbusds.jose.JWSAlgorithm)1
JWSHeader (com.nimbusds.jose.JWSHeader)1
JWSSigner (com.nimbusds.jose.JWSSigner)1
RSASSASigner (com.nimbusds.jose.crypto.RSASSASigner)1
