use of io.gravitee.am.common.exception.oauth2.InvalidRequestException in project gravitee-access-management by gravitee-io.
the class UserAuthProviderImpl method parseClient.
private void parseClient(String clientId, Handler<AsyncResult<Client>> authHandler) {
logger.debug("Attempt authentication with client " + clientId);
clientSyncService.findByClientId(clientId).subscribe(client -> authHandler.handle(Future.succeededFuture(client)), error -> authHandler.handle(Future.failedFuture(new ServerErrorException("Server error: unable to find client with client_id " + clientId))), () -> authHandler.handle(Future.failedFuture(new InvalidRequestException("No client found for client_id " + clientId))));
}
use of io.gravitee.am.common.exception.oauth2.InvalidRequestException in project gravitee-access-management by gravitee-io.
the class SSOSessionHandler method checkClient.
private void checkClient(RoutingContext context, io.gravitee.am.model.User user, Handler<AsyncResult<Void>> handler) {
final String clientId = context.request().getParam(Parameters.CLIENT_ID);
// no client to check, continue
if (clientId == null) {
handler.handle(Future.succeededFuture());
return;
}
// no client to check for the user, continue
if (user.getClient() == null) {
handler.handle(Future.succeededFuture());
return;
}
// check if both clients (requested and user client) share the same identity provider
Single.zip(getClient(clientId), getClient(user.getClient()), (optRequestedClient, optUserClient) -> {
Client requestedClient = optRequestedClient.get();
Client userClient = optUserClient.get();
// no client to check, continue
if (requestedClient == null) {
return Completable.complete();
}
// no client to check for the user, continue
if (userClient == null) {
return Completable.complete();
}
// if same client, nothing to do, continue
if (userClient.getId().equals(requestedClient.getId())) {
return Completable.complete();
}
// both clients are sharing the same provider, continue
if (requestedClient.getClientId() != null && requestedClient.getIdentityProviders().stream().anyMatch(appIdp -> appIdp.getIdentity().equals(user.getSource()))) {
return Completable.complete();
}
// throw error
throw new InvalidRequestException("User is not on a shared identity provider");
}).subscribe(__ -> handler.handle(Future.succeededFuture()), error -> handler.handle(Future.failedFuture(error)));
}
use of io.gravitee.am.common.exception.oauth2.InvalidRequestException in project gravitee-access-management by gravitee-io.
the class ClientRequestParseHandler method handle.
@Override
public void handle(RoutingContext context) {
final String clientId = context.request().getParam(Parameters.CLIENT_ID);
if (clientId == null || clientId.isEmpty()) {
if (required) {
context.fail(new InvalidRequestException("Missing parameter: client_id is required"));
} else {
context.next();
}
return;
}
authenticate(clientId, authHandler -> {
if (authHandler.failed()) {
if (continueOnError) {
context.next();
} else {
context.fail(authHandler.cause());
}
return;
}
Client safeClient = new Client(authHandler.result());
safeClient.setClientSecret(null);
context.put(CLIENT_CONTEXT_KEY, safeClient);
context.next();
});
}
use of io.gravitee.am.common.exception.oauth2.InvalidRequestException in project gravitee-access-management by gravitee-io.
the class LogoutCallbackEndpoint method restoreCurrentSession.
/**
* Restore current session (user and application) to properly sign out the user.
*
* @param routingContext the routing context
* @param handler handler holding the potential current session
*/
private void restoreCurrentSession(RoutingContext routingContext, Handler<AsyncResult<UserToken>> handler) {
// The OP SHOULD accept ID Tokens when the RP identified by the ID Token's aud claim and/or sid claim has a current session
// or had a recent session at the OP, even when the exp time has passed.
final MultiMap originalLogoutQueryParams = routingContext.get(ConstantKeys.PARAM_CONTEXT_KEY);
if (originalLogoutQueryParams != null && originalLogoutQueryParams.contains(ConstantKeys.ID_TOKEN_HINT_KEY)) {
final String idToken = originalLogoutQueryParams.get(ConstantKeys.ID_TOKEN_HINT_KEY);
userService.extractSessionFromIdToken(idToken).map(userToken -> {
// check if the user ids match
if (userToken.getUser() != null && routingContext.user() != null) {
User endUser = ((io.gravitee.am.gateway.handler.common.vertx.web.auth.user.User) routingContext.user().getDelegate()).getUser();
if (!userToken.getUser().getId().equals(endUser.getId())) {
throw new UserNotFoundException(userToken.getUser().getId());
}
}
return userToken;
}).subscribe(currentSession -> handler.handle(Future.succeededFuture(currentSession)), error -> handler.handle(Future.succeededFuture(new UserToken())));
return;
}
if (routingContext.get(Parameters.CLIENT_ID) == null) {
logger.error("Unable to restore client for logout callback");
handler.handle(Future.failedFuture(new InvalidRequestException("Invalid state")));
return;
}
final User endUser = routingContext.user() != null ? ((io.gravitee.am.gateway.handler.common.vertx.web.auth.user.User) routingContext.user().getDelegate()).getUser() : null;
final String clientId = routingContext.get(Parameters.CLIENT_ID);
clientSyncService.findByClientId(clientId).subscribe(client -> handler.handle(Future.succeededFuture(new UserToken(endUser, client))), ex -> {
logger.error("An error has occurred when getting client {}", clientId, ex);
handler.handle(Future.failedFuture(new BadClientCredentialsException()));
}, () -> {
logger.error("Unknown client {}", clientId);
handler.handle(Future.failedFuture(new BadClientCredentialsException()));
});
}
use of io.gravitee.am.common.exception.oauth2.InvalidRequestException in project gravitee-access-management by gravitee-io.
the class LoginSocialAuthenticationHandler method handle.
@Override
public void handle(RoutingContext routingContext) {
final Client client = routingContext.get(CLIENT_CONTEXT_KEY);
// fetch client identity providers
getSocialIdentityProviders(client.getIdentityProviders(), identityProvidersResultHandler -> {
if (identityProvidersResultHandler.failed()) {
logger.error("Unable to fetch client social identity providers", identityProvidersResultHandler.cause());
routingContext.fail(new InvalidRequestException("Unable to fetch client social identity providers"));
}
List<IdentityProvider> socialIdentityProviders = identityProvidersResultHandler.result();
// no social provider, continue
if (socialIdentityProviders == null || socialIdentityProviders.isEmpty()) {
routingContext.next();
return;
}
// client enable social connect
// get social identity providers information to correctly build the login page
enhanceSocialIdentityProviders(socialIdentityProviders, routingContext, resultHandler -> {
if (resultHandler.failed()) {
logger.error("Unable to enhance client social identity providers", resultHandler.cause());
routingContext.fail(new InvalidRequestException("Unable to enhance client social identity providers"));
}
// put social providers in context data
final List<SocialProviderData> socialProviderData = resultHandler.result();
if (socialProviderData != null) {
List<SocialProviderData> filteredSocialProviderData = socialProviderData.stream().filter(providerData -> providerData.getIdentityProvider() != null && providerData.getAuthorizeUrl() != null).collect(Collectors.toList());
List<IdentityProvider> providers = filteredSocialProviderData.stream().map(SocialProviderData::getIdentityProvider).collect(Collectors.toList());
Map<String, String> authorizeUrls = filteredSocialProviderData.stream().collect(Collectors.toMap(o -> o.getIdentityProvider().getId(), SocialProviderData::getAuthorizeUrl));
// backwards compatibility
routingContext.put(OAUTH2_PROVIDER_CONTEXT_KEY, providers);
routingContext.put(SOCIAL_PROVIDER_CONTEXT_KEY, providers);
routingContext.put(SOCIAL_AUTHORIZE_URL_CONTEXT_KEY, authorizeUrls);
}
// continue
routingContext.next();
});
});
}
Aggregations