Example 1 with InvalidRequestException
use of io.gravitee.am.common.exception.oauth2.InvalidRequestException in project gravitee-access-management by gravitee-io.
the class UserAuthProviderImpl method parseClient.
private void parseClient(String clientId, Handler<AsyncResult<Client>> authHandler) {
logger.debug("Attempt authentication with client " + clientId);
clientSyncService.findByClientId(clientId).subscribe(client -> authHandler.handle(Future.succeededFuture(client)), error -> authHandler.handle(Future.failedFuture(new ServerErrorException("Server error: unable to find client with client_id " + clientId))), () -> authHandler.handle(Future.failedFuture(new InvalidRequestException("No client found for client_id " + clientId))));
}
Also used :
InvalidRequestException(io.gravitee.am.common.exception.oauth2.InvalidRequestException)
ServerErrorException(io.gravitee.am.common.exception.oauth2.ServerErrorException)
Example 2 with InvalidRequestException
use of io.gravitee.am.common.exception.oauth2.InvalidRequestException in project gravitee-access-management by gravitee-io.
the class SSOSessionHandler method checkClient.
private void checkClient(RoutingContext context, io.gravitee.am.model.User user, Handler<AsyncResult<Void>> handler) {
final String clientId = context.request().getParam(Parameters.CLIENT_ID);
// no client to check, continue
if (clientId == null) {
handler.handle(Future.succeededFuture());
return;
}
// no client to check for the user, continue
if (user.getClient() == null) {
handler.handle(Future.succeededFuture());
return;
}
// check if both clients (requested and user client) share the same identity provider
Single.zip(getClient(clientId), getClient(user.getClient()), (optRequestedClient, optUserClient) -> {
Client requestedClient = optRequestedClient.get();
Client userClient = optUserClient.get();
// no client to check, continue
if (requestedClient == null) {
return Completable.complete();
}
// no client to check for the user, continue
if (userClient == null) {
return Completable.complete();
}
// if same client, nothing to do, continue
if (userClient.getId().equals(requestedClient.getId())) {
return Completable.complete();
}
// both clients are sharing the same provider, continue
if (requestedClient.getClientId() != null && requestedClient.getIdentityProviders().stream().anyMatch(appIdp -> appIdp.getIdentity().equals(user.getSource()))) {
return Completable.complete();
}
// throw error
throw new InvalidRequestException("User is not on a shared identity provider");
}).subscribe(__ -> handler.handle(Future.succeededFuture()), error -> handler.handle(Future.failedFuture(error)));
}
Also used :
AccountStatusException(io.gravitee.am.common.exception.authentication.AccountStatusException)
AccountIllegalStateException(io.gravitee.am.common.exception.authentication.AccountIllegalStateException)
AuthenticationFlowContextService(io.gravitee.am.service.AuthenticationFlowContextService)
Logger(org.slf4j.Logger)
User(io.vertx.reactivex.ext.auth.User)
Client(io.gravitee.am.model.oidc.Client)
AccountDisabledException(io.gravitee.am.common.exception.authentication.AccountDisabledException)
Completable(io.reactivex.Completable)
Maybe(io.reactivex.Maybe)
LoggerFactory(org.slf4j.LoggerFactory)
ConstantKeys(io.gravitee.am.common.utils.ConstantKeys)
CookieSession(io.gravitee.am.gateway.handler.common.vertx.web.handler.impl.CookieSession)
Single(io.reactivex.Single)
Future(io.vertx.core.Future)
RoutingContext(io.vertx.reactivex.ext.web.RoutingContext)
InvalidRequestException(io.gravitee.am.common.exception.oauth2.InvalidRequestException)
Optional(java.util.Optional)
ClientSyncService(io.gravitee.am.gateway.handler.common.client.ClientSyncService)
AsyncResult(io.vertx.core.AsyncResult)
Handler(io.vertx.core.Handler)
Parameters(io.gravitee.am.common.oauth2.Parameters)
HttpException(io.vertx.ext.web.handler.HttpException)
InvalidRequestException(io.gravitee.am.common.exception.oauth2.InvalidRequestException)
Client(io.gravitee.am.model.oidc.Client)
Example 3 with InvalidRequestException
use of io.gravitee.am.common.exception.oauth2.InvalidRequestException in project gravitee-access-management by gravitee-io.
the class ClientRequestParseHandler method handle.
@Override
public void handle(RoutingContext context) {
final String clientId = context.request().getParam(Parameters.CLIENT_ID);
if (clientId == null || clientId.isEmpty()) {
if (required) {
context.fail(new InvalidRequestException("Missing parameter: client_id is required"));
} else {
context.next();
}
return;
}
authenticate(clientId, authHandler -> {
if (authHandler.failed()) {
if (continueOnError) {
context.next();
} else {
context.fail(authHandler.cause());
}
return;
}
Client safeClient = new Client(authHandler.result());
safeClient.setClientSecret(null);
context.put(CLIENT_CONTEXT_KEY, safeClient);
context.next();
});
}
Also used :
InvalidRequestException(io.gravitee.am.common.exception.oauth2.InvalidRequestException)
Client(io.gravitee.am.model.oidc.Client)
Example 4 with InvalidRequestException
use of io.gravitee.am.common.exception.oauth2.InvalidRequestException in project gravitee-access-management by gravitee-io.
the class LogoutCallbackEndpoint method restoreCurrentSession.
/**
* Restore current session (user and application) to properly sign out the user.
*
* @param routingContext the routing context
* @param handler handler holding the potential current session
*/
private void restoreCurrentSession(RoutingContext routingContext, Handler<AsyncResult<UserToken>> handler) {
// The OP SHOULD accept ID Tokens when the RP identified by the ID Token's aud claim and/or sid claim has a current session
// or had a recent session at the OP, even when the exp time has passed.
final MultiMap originalLogoutQueryParams = routingContext.get(ConstantKeys.PARAM_CONTEXT_KEY);
if (originalLogoutQueryParams != null && originalLogoutQueryParams.contains(ConstantKeys.ID_TOKEN_HINT_KEY)) {
final String idToken = originalLogoutQueryParams.get(ConstantKeys.ID_TOKEN_HINT_KEY);
userService.extractSessionFromIdToken(idToken).map(userToken -> {
// check if the user ids match
if (userToken.getUser() != null && routingContext.user() != null) {
User endUser = ((io.gravitee.am.gateway.handler.common.vertx.web.auth.user.User) routingContext.user().getDelegate()).getUser();
if (!userToken.getUser().getId().equals(endUser.getId())) {
throw new UserNotFoundException(userToken.getUser().getId());
}
}
return userToken;
}).subscribe(currentSession -> handler.handle(Future.succeededFuture(currentSession)), error -> handler.handle(Future.succeededFuture(new UserToken())));
return;
}
if (routingContext.get(Parameters.CLIENT_ID) == null) {
logger.error("Unable to restore client for logout callback");
handler.handle(Future.failedFuture(new InvalidRequestException("Invalid state")));
return;
}
final User endUser = routingContext.user() != null ? ((io.gravitee.am.gateway.handler.common.vertx.web.auth.user.User) routingContext.user().getDelegate()).getUser() : null;
final String clientId = routingContext.get(Parameters.CLIENT_ID);
clientSyncService.findByClientId(clientId).subscribe(client -> handler.handle(Future.succeededFuture(new UserToken(endUser, client))), ex -> {
logger.error("An error has occurred when getting client {}", clientId, ex);
handler.handle(Future.failedFuture(new BadClientCredentialsException()));
}, () -> {
logger.error("Unknown client {}", clientId);
handler.handle(Future.failedFuture(new BadClientCredentialsException()));
});
}
Also used :
BadClientCredentialsException(io.gravitee.am.common.exception.oauth2.BadClientCredentialsException)
AuthenticationFlowContextService(io.gravitee.am.service.AuthenticationFlowContextService)
RequestUtils(io.gravitee.am.gateway.handler.common.vertx.utils.RequestUtils)
Logger(org.slf4j.Logger)
HttpServerRequest(io.vertx.reactivex.core.http.HttpServerRequest)
Client(io.gravitee.am.model.oidc.Client)
CertificateManager(io.gravitee.am.gateway.handler.common.certificate.CertificateManager)
LoggerFactory(org.slf4j.LoggerFactory)
UserService(io.gravitee.am.gateway.handler.root.service.user.UserService)
ConstantKeys(io.gravitee.am.common.utils.ConstantKeys)
Domain(io.gravitee.am.model.Domain)
Future(io.vertx.core.Future)
RoutingContext(io.vertx.reactivex.ext.web.RoutingContext)
UserNotFoundException(io.gravitee.am.service.exception.UserNotFoundException)
MultiMap(io.vertx.reactivex.core.MultiMap)
InvalidRequestException(io.gravitee.am.common.exception.oauth2.InvalidRequestException)
UserToken(io.gravitee.am.gateway.handler.root.service.user.model.UserToken)
JWTService(io.gravitee.am.gateway.handler.common.jwt.JWTService)
ClientSyncService(io.gravitee.am.gateway.handler.common.client.ClientSyncService)
AsyncResult(io.vertx.core.AsyncResult)
User(io.gravitee.am.model.User)
Handler(io.vertx.core.Handler)
Parameters(io.gravitee.am.common.oauth2.Parameters)
StringUtils(org.springframework.util.StringUtils)
UserNotFoundException(io.gravitee.am.service.exception.UserNotFoundException)
User(io.gravitee.am.model.User)
MultiMap(io.vertx.reactivex.core.MultiMap)
BadClientCredentialsException(io.gravitee.am.common.exception.oauth2.BadClientCredentialsException)
InvalidRequestException(io.gravitee.am.common.exception.oauth2.InvalidRequestException)
UserToken(io.gravitee.am.gateway.handler.root.service.user.model.UserToken)
Example 5 with InvalidRequestException
use of io.gravitee.am.common.exception.oauth2.InvalidRequestException in project gravitee-access-management by gravitee-io.
the class LoginSocialAuthenticationHandler method handle.
@Override
public void handle(RoutingContext routingContext) {
final Client client = routingContext.get(CLIENT_CONTEXT_KEY);
// fetch client identity providers
getSocialIdentityProviders(client.getIdentityProviders(), identityProvidersResultHandler -> {
if (identityProvidersResultHandler.failed()) {
logger.error("Unable to fetch client social identity providers", identityProvidersResultHandler.cause());
routingContext.fail(new InvalidRequestException("Unable to fetch client social identity providers"));
}
List<IdentityProvider> socialIdentityProviders = identityProvidersResultHandler.result();
// no social provider, continue
if (socialIdentityProviders == null || socialIdentityProviders.isEmpty()) {
routingContext.next();
return;
}
// client enable social connect
// get social identity providers information to correctly build the login page
enhanceSocialIdentityProviders(socialIdentityProviders, routingContext, resultHandler -> {
if (resultHandler.failed()) {
logger.error("Unable to enhance client social identity providers", resultHandler.cause());
routingContext.fail(new InvalidRequestException("Unable to enhance client social identity providers"));
}
// put social providers in context data
final List<SocialProviderData> socialProviderData = resultHandler.result();
if (socialProviderData != null) {
List<SocialProviderData> filteredSocialProviderData = socialProviderData.stream().filter(providerData -> providerData.getIdentityProvider() != null && providerData.getAuthorizeUrl() != null).collect(Collectors.toList());
List<IdentityProvider> providers = filteredSocialProviderData.stream().map(SocialProviderData::getIdentityProvider).collect(Collectors.toList());
Map<String, String> authorizeUrls = filteredSocialProviderData.stream().collect(Collectors.toMap(o -> o.getIdentityProvider().getId(), SocialProviderData::getAuthorizeUrl));
// backwards compatibility
routingContext.put(OAUTH2_PROVIDER_CONTEXT_KEY, providers);
routingContext.put(SOCIAL_PROVIDER_CONTEXT_KEY, providers);
routingContext.put(SOCIAL_AUTHORIZE_URL_CONTEXT_KEY, authorizeUrls);
}
// continue
routingContext.next();
});
});
}
Also used :
java.util(java.util)
Client(io.gravitee.am.model.oidc.Client)
ACTION_KEY(io.gravitee.am.common.utils.ConstantKeys.ACTION_KEY)
Maybe(io.reactivex.Maybe)
LoggerFactory(org.slf4j.LoggerFactory)
IdentityProviderManager(io.gravitee.am.gateway.handler.common.auth.idp.IdentityProviderManager)
IdentityProvider(io.gravitee.am.model.IdentityProvider)
ApplicationIdentityProvider(io.gravitee.am.model.idp.ApplicationIdentityProvider)
InvalidRequestException(io.gravitee.am.common.exception.oauth2.InvalidRequestException)
JWTService(io.gravitee.am.gateway.handler.common.jwt.JWTService)
Observable(io.reactivex.Observable)
AsyncResult(io.vertx.core.AsyncResult)
SocialAuthenticationProvider(io.gravitee.am.identityprovider.api.social.SocialAuthenticationProvider)
UriBuilder(io.gravitee.am.common.web.UriBuilder)
Logger(org.slf4j.Logger)
JWT(io.gravitee.am.common.jwt.JWT)
CertificateManager(io.gravitee.am.gateway.handler.common.certificate.CertificateManager)
Request(io.gravitee.am.identityprovider.api.common.Request)
Future(io.vertx.core.Future)
RoutingContext(io.vertx.reactivex.ext.web.RoutingContext)
Collectors(java.util.stream.Collectors)
UriBuilderRequest(io.gravitee.am.gateway.handler.common.vertx.utils.UriBuilderRequest)
HttpMethod(io.gravitee.common.http.HttpMethod)
CLIENT_CONTEXT_KEY(io.gravitee.am.common.utils.ConstantKeys.CLIENT_CONTEXT_KEY)
CONTEXT_PATH(io.gravitee.am.gateway.handler.common.vertx.utils.UriBuilderRequest.CONTEXT_PATH)
Handler(io.vertx.core.Handler)
InvalidRequestException(io.gravitee.am.common.exception.oauth2.InvalidRequestException)
IdentityProvider(io.gravitee.am.model.IdentityProvider)
ApplicationIdentityProvider(io.gravitee.am.model.idp.ApplicationIdentityProvider)
Client(io.gravitee.am.model.oidc.Client)
Aggregations
InvalidRequestException (io.gravitee.am.common.exception.oauth2.InvalidRequestException)37
Client (io.gravitee.am.model.oidc.Client)20
ConstantKeys (io.gravitee.am.common.utils.ConstantKeys)10
User (io.gravitee.am.model.User)9
RoutingContext (io.vertx.reactivex.ext.web.RoutingContext)9
JsonObject (io.vertx.core.json.JsonObject)8
Domain (io.gravitee.am.model.Domain)6
ParseException (java.text.ParseException)6
Date (java.util.Date)6
Parameters (io.gravitee.am.common.oauth2.Parameters)5
DefaultUser (io.gravitee.am.identityprovider.api.DefaultUser)5
Handler (io.vertx.core.Handler)5
Collectors (java.util.stream.Collectors)5
Logger (org.slf4j.Logger)5
LoggerFactory (org.slf4j.LoggerFactory)5
JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)4
AsyncResult (io.vertx.core.AsyncResult)4
Future (io.vertx.core.Future)4
HttpServerRequest (io.vertx.reactivex.core.http.HttpServerRequest)4
StandardCharsets (java.nio.charset.StandardCharsets)4
