use of io.gravitee.am.common.exception.oauth2.InvalidRequestException in project gravitee-access-management by gravitee-io.
the class ResourceRegistrationEndpointTest method update_invalidResourceBody.
@Test
public void update_invalidResourceBody() {
when(context.getBodyAsJson()).thenReturn(new JsonObject("{\"description\":\"mydescription\"}"));
endpoint.update(context);
verify(context).fail(errCaptor.capture());
Assert.assertTrue(errCaptor.getValue() instanceof InvalidRequestException);
}
use of io.gravitee.am.common.exception.oauth2.InvalidRequestException in project gravitee-access-management by gravitee-io.
the class AbstractLogoutEndpoint method doRedirect.
/**
* Redirection to RP After Logout
*
* In some cases, the RP will request that the End-User's User Agent to be redirected back to the RP after a logout has been performed.
*
* Post-logout redirection is only done when the logout is RP-initiated, in which case the redirection target is the post_logout_redirect_uri parameter value sent by the initiating RP.
*
* An id_token_hint carring an ID Token for the RP is also REQUIRED when requesting post-logout redirection;
* if it is not supplied with post_logout_redirect_uri, the OP MUST NOT perform post-logout redirection.
*
* The OP also MUST NOT perform post-logout redirection if the post_logout_redirect_uri value supplied does not exactly match one of the previously registered post_logout_redirect_uris values.
*
* The post-logout redirection is performed after the OP has finished notifying the RPs that logged in with the OP for that End-User that they are to log out the End-User.
*
* @param client the OAuth 2.0 client
* @param routingContext the routing context
* @param endSessionEndpoint the End Session Endpoint of the OIDC provider providing the User info
*/
protected void doRedirect(Client client, RoutingContext routingContext, String endSessionEndpoint) {
final HttpServerRequest request = routingContext.request();
// validate request
// see https://openid.net/specs/openid-connect-rpinitiated-1_0.html#RPLogout
// An id_token_hint is REQUIRED when the post_logout_redirect_uri parameter is included.
// for back-compatibility purpose, we skip this validation
// see https://github.com/gravitee-io/issues/issues/5163
/*if (request.getParam(Parameters.POST_LOGOUT_REDIRECT_URI) != null &&
request.getParam(Parameters.ID_TOKEN_HINT) == null) {
routingContext.fail(new InvalidRequestException("Missing parameter: id_token_hint"));
return;
}*/
// redirect to target url
String logoutRedirectUrl = getLogoutRedirectUrl(request.params());
final MultiMap originalLogoutQueryParams = routingContext.get(ConstantKeys.PARAM_CONTEXT_KEY);
if (originalLogoutQueryParams != null) {
// redirect is trigger because of the LogoutCallbackEndpoint, extract the redirect URL from initial logout request
logoutRedirectUrl = getLogoutRedirectUrl(originalLogoutQueryParams);
// clear state set by AM during the OP EndUserSession call
routingContext.request().params().remove(io.gravitee.am.common.oauth2.Parameters.STATE);
// restore parameters from the original logout request
for (Map.Entry<String, String> entry : originalLogoutQueryParams.entries()) {
if (!(LOGOUT_URL_PARAMETER.equals(entry.getKey()) || Parameters.POST_LOGOUT_REDIRECT_URI.equals(entry.getKey()))) {
routingContext.request().params().add(entry.getKey(), originalLogoutQueryParams.get(entry.getKey()));
}
}
}
// The OP also MUST NOT perform post-logout redirection if the post_logout_redirect_uri value supplied
// does not exactly match one of the previously registered post_logout_redirect_uris values.
// if client is null, check security domain options
List<String> registeredUris = client != null ? client.getPostLogoutRedirectUris() : (domain.getOidc() != null ? domain.getOidc().getPostLogoutRedirectUris() : null);
if (!isMatchingRedirectUri(logoutRedirectUrl, registeredUris)) {
routingContext.fail(new InvalidRequestException("The post_logout_redirect_uri MUST match the registered callback URLs"));
return;
}
// redirect the End-User
doRedirect0(routingContext, endSessionEndpoint == null ? logoutRedirectUrl : endSessionEndpoint);
}
Aggregations