Examples with ExpiredLoginHintTokenException - io.gravitee.am.common.exception.oauth2.ExpiredLoginHintTokenException

Example 1 with ExpiredLoginHintTokenException

use of io.gravitee.am.common.exception.oauth2.ExpiredLoginHintTokenException in project gravitee-access-management by gravitee-io.

the class CibaAuthenticationRequestResolver method validateLoginHintToken.

private Single<CibaAuthenticationRequest> validateLoginHintToken(CibaAuthenticationRequest authRequest, JWT jwt) {
    try {
        final Date expirationTime = jwt.getJWTClaimsSet().getExpirationTime();
        if (expirationTime != null) {
            evaluateExp(expirationTime.toInstant().getEpochSecond(), Instant.now(), 0);
        }
        final JSONObject subIdObject = jwt.getJWTClaimsSet().getJSONObjectClaim("sub_id");
        /*
                sub_id is an object specifying the field identifying the user (through format entry)
                Supported format : email and username
                {
                  "sub_id": {
                    "format": "email",
                    "email": "user@acme.fr"
                  }
                }
             */
        final FilterCriteria criteria = new FilterCriteria();
        criteria.setQuoteFilterValue(false);
        final String field = subIdObject.getAsString("format");
        if (!"email".equals(field) && !"username".equals(field)) {
            return Single.error(new InvalidRequestException("Invalid hint, only email and username are supported"));
        }
        criteria.setFilterName(field);
        criteria.setFilterValue(subIdObject.getAsString(field));
        return userService.findByDomainAndCriteria(domain.getId(), criteria).flatMap(users -> {
            if (users.size() != 1) {
                LOGGER.warn("login_hint_token match multiple users or no one");
                return Single.error(new InvalidRequestException("Invalid hint"));
            }
            authRequest.setSubject(users.get(0).getId());
            return Single.just(authRequest);
        });
    } catch (ExpiredJWTException e) {
        return Single.error(new ExpiredLoginHintTokenException("login_token_hint expired"));
    } catch (ParseException e) {
        // should never happen
        LOGGER.warn("login_hint_token can't be read", e);
        return Single.error(new ExpiredLoginHintTokenException("invalid login_token_hint"));
    }
}

Also used : JSONObject(net.minidev.json.JSONObject) ExpiredLoginHintTokenException(io.gravitee.am.common.exception.oauth2.ExpiredLoginHintTokenException) ExpiredJWTException(io.gravitee.am.common.exception.jwt.ExpiredJWTException) InvalidRequestException(io.gravitee.am.common.exception.oauth2.InvalidRequestException) FilterCriteria(io.gravitee.am.repository.management.api.search.FilterCriteria) ParseException(java.text.ParseException) Date(java.util.Date)

Aggregations

ExpiredJWTException (io.gravitee.am.common.exception.jwt.ExpiredJWTException)1 ExpiredLoginHintTokenException (io.gravitee.am.common.exception.oauth2.ExpiredLoginHintTokenException)1 InvalidRequestException (io.gravitee.am.common.exception.oauth2.InvalidRequestException)1 FilterCriteria (io.gravitee.am.repository.management.api.search.FilterCriteria)1 ParseException (java.text.ParseException)1 Date (java.util.Date)1 JSONObject (net.minidev.json.JSONObject)1