Search in sources :

Example 1 with RefreshToken

use of de.ids_mannheim.korap.oauth2.entity.RefreshToken in project Kustvakt by KorAP.

the class OpenIdTokenService method createsAccessTokenResponse.

private AccessTokenResponse createsAccessTokenResponse(Authorization authorization) throws KustvaktException {
    Set<AccessScope> scopes = authorization.getScopes();
    String[] scopeArray = scopes.stream().map(scope -> scope.toString()).toArray(String[]::new);
    Scope scope = new Scope(scopeArray);
    AccessToken accessToken = new BearerAccessToken(config.getAccessTokenExpiry(), scope);
    RefreshToken refreshToken = new RefreshToken();
    de.ids_mannheim.korap.oauth2.entity.RefreshToken rt = refreshDao.storeRefreshToken(refreshToken.getValue(), authorization.getUserId(), authorization.getUserAuthenticationTime(), authorization.getClientId(), scopes);
    tokenDao.storeAccessToken(accessToken.getValue(), rt, scopes, authorization.getUserId(), authorization.getClientId(), authorization.getUserAuthenticationTime());
    return createsAccessTokenResponse(accessToken, refreshToken, scope, authorization.getClientId(), authorization.getUserId(), authorization.getUserAuthenticationTime(), authorization.getNonce());
}
Also used : RefreshToken(com.nimbusds.oauth2.sdk.token.RefreshToken) Date(java.util.Date) ZonedDateTime(java.time.ZonedDateTime) OIDCTokenResponse(com.nimbusds.openid.connect.sdk.OIDCTokenResponse) JOSEException(com.nimbusds.jose.JOSEException) ClientAuthentication(com.nimbusds.oauth2.sdk.auth.ClientAuthentication) Autowired(org.springframework.beans.factory.annotation.Autowired) OAuth2TokenService(de.ids_mannheim.korap.oauth2.service.OAuth2TokenService) ResourceOwnerPasswordCredentialsGrant(com.nimbusds.oauth2.sdk.ResourceOwnerPasswordCredentialsGrant) ClientAuthenticationMethod(com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod) URI(java.net.URI) AccessTokenResponse(com.nimbusds.oauth2.sdk.AccessTokenResponse) Authorization(de.ids_mannheim.korap.oauth2.entity.Authorization) RefreshTokenDao(de.ids_mannheim.korap.oauth2.dao.RefreshTokenDao) AccessToken(com.nimbusds.oauth2.sdk.token.AccessToken) Tokens(com.nimbusds.oauth2.sdk.token.Tokens) OAuth2Client(de.ids_mannheim.korap.oauth2.entity.OAuth2Client) Set(java.util.Set) JWSAlgorithm(com.nimbusds.jose.JWSAlgorithm) JWSHeader(com.nimbusds.jose.JWSHeader) SignedJWT(com.nimbusds.jwt.SignedJWT) TokenRequest(com.nimbusds.oauth2.sdk.TokenRequest) RSASSASigner(com.nimbusds.jose.crypto.RSASSASigner) JWSSigner(com.nimbusds.jose.JWSSigner) TimeUtils(de.ids_mannheim.korap.utils.TimeUtils) PrivateKey(java.security.PrivateKey) AccessScope(de.ids_mannheim.korap.oauth2.entity.AccessScope) Nonce(com.nimbusds.openid.connect.sdk.Nonce) GrantType(com.nimbusds.oauth2.sdk.GrantType) JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) Audience(com.nimbusds.oauth2.sdk.id.Audience) ArrayList(java.util.ArrayList) HashSet(java.util.HashSet) Issuer(com.nimbusds.oauth2.sdk.id.Issuer) ClientSecretBasic(com.nimbusds.oauth2.sdk.auth.ClientSecretBasic) Subject(com.nimbusds.oauth2.sdk.id.Subject) Service(org.springframework.stereotype.Service) StatusCodes(de.ids_mannheim.korap.exceptions.StatusCodes) ParseException(com.nimbusds.oauth2.sdk.ParseException) IDTokenClaimsSet(com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet) ClientID(com.nimbusds.oauth2.sdk.id.ClientID) AuthorizationGrant(com.nimbusds.oauth2.sdk.AuthorizationGrant) ClientSecretPost(com.nimbusds.oauth2.sdk.auth.ClientSecretPost) BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken) AuthorizationCodeGrant(com.nimbusds.oauth2.sdk.AuthorizationCodeGrant) Scope(com.nimbusds.oauth2.sdk.Scope) KustvaktException(de.ids_mannheim.korap.exceptions.KustvaktException) OIDCTokens(com.nimbusds.openid.connect.sdk.token.OIDCTokens) AccessTokenDao(de.ids_mannheim.korap.oauth2.dao.AccessTokenDao) OAuth2Error(de.ids_mannheim.korap.oauth2.constant.OAuth2Error) RefreshToken(com.nimbusds.oauth2.sdk.token.RefreshToken) AccessScope(de.ids_mannheim.korap.oauth2.entity.AccessScope) Scope(com.nimbusds.oauth2.sdk.Scope) AccessToken(com.nimbusds.oauth2.sdk.token.AccessToken) BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken) BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken) AccessScope(de.ids_mannheim.korap.oauth2.entity.AccessScope)

Example 2 with RefreshToken

use of de.ids_mannheim.korap.oauth2.entity.RefreshToken in project Kustvakt by KorAP.

the class OAuth2ClientService method revokeAllAuthorizationsByClientId.

public void revokeAllAuthorizationsByClientId(String clientId) throws KustvaktException {
    // revoke all related authorization codes
    List<Authorization> authList = authorizationDao.retrieveAuthorizationsByClientId(clientId);
    for (Authorization authorization : authList) {
        authorization.setRevoked(true);
        authorizationDao.updateAuthorization(authorization);
    }
    // revoke all related access tokens
    List<AccessToken> tokens = tokenDao.retrieveAccessTokenByClientId(clientId, null);
    for (AccessToken token : tokens) {
        token.setRevoked(true);
        tokenDao.updateAccessToken(token);
    }
    List<RefreshToken> refreshTokens = refreshDao.retrieveRefreshTokenByClientId(clientId, null);
    for (RefreshToken token : refreshTokens) {
        token.setRevoked(true);
        refreshDao.updateRefreshToken(token);
    }
}
Also used : Authorization(de.ids_mannheim.korap.oauth2.entity.Authorization) RefreshToken(de.ids_mannheim.korap.oauth2.entity.RefreshToken) AccessToken(de.ids_mannheim.korap.oauth2.entity.AccessToken)

Example 3 with RefreshToken

use of de.ids_mannheim.korap.oauth2.entity.RefreshToken in project Kustvakt by KorAP.

the class AccessTokenDao method storeAccessToken.

public void storeAccessToken(String token, RefreshToken refreshToken, Set<AccessScope> scopes, String userId, String clientId, ZonedDateTime authenticationTime) throws KustvaktException {
    ParameterChecker.checkStringValue(token, "access_token");
    // ParameterChecker.checkObjectValue(refreshToken, "refresh
    // token");
    ParameterChecker.checkObjectValue(scopes, "scopes");
    // ParameterChecker.checkStringValue(userId, "username");
    ParameterChecker.checkStringValue(clientId, "client_id");
    ParameterChecker.checkObjectValue(authenticationTime, "authentication time");
    ZonedDateTime now = ZonedDateTime.now(ZoneId.of(Attributes.DEFAULT_TIME_ZONE));
    ZonedDateTime expiry;
    AccessToken accessToken = new AccessToken();
    if (refreshToken != null) {
        accessToken.setRefreshToken(refreshToken);
        expiry = now.plusSeconds(config.getAccessTokenExpiry());
    } else {
        expiry = now.plusSeconds(config.getAccessTokenLongExpiry());
    }
    OAuth2Client client = clientDao.retrieveClientById(clientId);
    accessToken.setCreatedDate(now);
    accessToken.setExpiryDate(expiry);
    accessToken.setToken(token);
    accessToken.setScopes(scopes);
    accessToken.setUserId(userId);
    accessToken.setClient(client);
    accessToken.setUserAuthenticationTime(authenticationTime);
    entityManager.persist(accessToken);
}
Also used : ZonedDateTime(java.time.ZonedDateTime) AccessToken(de.ids_mannheim.korap.oauth2.entity.AccessToken) OAuth2Client(de.ids_mannheim.korap.oauth2.entity.OAuth2Client)

Example 4 with RefreshToken

use of de.ids_mannheim.korap.oauth2.entity.RefreshToken in project Kustvakt by KorAP.

the class OltuTokenService method revokeAllClientTokensViaSuperClient.

public void revokeAllClientTokensViaSuperClient(String username, OAuth2RevokeAllTokenSuperRequest revokeTokenRequest) throws KustvaktException {
    String superClientId = revokeTokenRequest.getSuperClientId();
    String superClientSecret = revokeTokenRequest.getSuperClientSecret();
    OAuth2Client superClient = clientService.authenticateClient(superClientId, superClientSecret);
    if (!superClient.isSuper()) {
        throw new KustvaktException(StatusCodes.CLIENT_AUTHENTICATION_FAILED);
    }
    String clientId = revokeTokenRequest.getClientId();
    OAuth2Client client = clientService.retrieveClient(clientId);
    if (clientService.isPublicClient(client)) {
        List<AccessToken> accessTokens = tokenDao.retrieveAccessTokenByClientId(clientId, username);
        for (AccessToken t : accessTokens) {
            revokeAccessToken(t);
        }
    } else {
        List<RefreshToken> refreshTokens = refreshDao.retrieveRefreshTokenByClientId(clientId, username);
        for (RefreshToken r : refreshTokens) {
            revokeRefreshToken(r);
        }
    }
}
Also used : KustvaktException(de.ids_mannheim.korap.exceptions.KustvaktException) RefreshToken(de.ids_mannheim.korap.oauth2.entity.RefreshToken) OAuth2Client(de.ids_mannheim.korap.oauth2.entity.OAuth2Client) AccessToken(de.ids_mannheim.korap.oauth2.entity.AccessToken)

Example 5 with RefreshToken

use of de.ids_mannheim.korap.oauth2.entity.RefreshToken in project Kustvakt by KorAP.

the class OltuTokenService method createsAccessTokenResponse.

/**
 * Creates an OAuthResponse containing an access token of type
 * Bearer. By default, MD generator is used to generates access
 * token of 128 bit values, represented in hexadecimal comprising
 * 32 bytes. The generated value is subsequently encoded in
 * Base64.
 *
 * <br /><br />
 * Additionally, a refresh token is issued for confidential clients.
 * It can be used to request a new access token without requiring user
 * re-authentication.
 *
 * @param scopes
 *            a set of access token scopes in String
 * @param accessScopes
 *            a set of access token scopes in {@link AccessScope}
 * @param clientId
 *            a client id
 * @param userId
 *            a user id
 * @param authenticationTime
 *            the user authentication time
 * @return an {@link OAuthResponse}
 * @throws OAuthSystemException
 * @throws KustvaktException
 */
private OAuthResponse createsAccessTokenResponse(Set<String> scopes, Set<AccessScope> accessScopes, String clientId, String userId, ZonedDateTime authenticationTime, boolean isPublicClient) throws OAuthSystemException, KustvaktException {
    String random = randomGenerator.createRandomCode();
    random += randomGenerator.createRandomCode();
    if (isPublicClient) {
        return createsAccessTokenResponse(scopes, accessScopes, clientId, userId, authenticationTime);
    } else {
        RefreshToken refreshToken = refreshDao.storeRefreshToken(random, userId, authenticationTime, clientId, accessScopes);
        return createsAccessTokenResponse(scopes, accessScopes, clientId, userId, authenticationTime, refreshToken);
    }
}
Also used : RefreshToken(de.ids_mannheim.korap.oauth2.entity.RefreshToken)

Aggregations

RefreshToken (de.ids_mannheim.korap.oauth2.entity.RefreshToken)13 OAuth2Client (de.ids_mannheim.korap.oauth2.entity.OAuth2Client)11 ZonedDateTime (java.time.ZonedDateTime)7 KustvaktException (de.ids_mannheim.korap.exceptions.KustvaktException)6 AccessToken (de.ids_mannheim.korap.oauth2.entity.AccessToken)5 CriteriaBuilder (javax.persistence.criteria.CriteriaBuilder)5 Predicate (javax.persistence.criteria.Predicate)5 AccessScope (de.ids_mannheim.korap.oauth2.entity.AccessScope)4 Scope (com.nimbusds.oauth2.sdk.Scope)2 AccessToken (com.nimbusds.oauth2.sdk.token.AccessToken)2 BearerAccessToken (com.nimbusds.oauth2.sdk.token.BearerAccessToken)2 RefreshToken (com.nimbusds.oauth2.sdk.token.RefreshToken)2 Authorization (de.ids_mannheim.korap.oauth2.entity.Authorization)2 HashSet (java.util.HashSet)2 NoResultException (javax.persistence.NoResultException)2 JsonNode (com.fasterxml.jackson.databind.JsonNode)1 JOSEException (com.nimbusds.jose.JOSEException)1 JWSAlgorithm (com.nimbusds.jose.JWSAlgorithm)1 JWSHeader (com.nimbusds.jose.JWSHeader)1 JWSSigner (com.nimbusds.jose.JWSSigner)1