use of io.gravitee.am.gateway.handler.common.vertx.web.auth.handler.OAuth2AuthResponse in project gravitee-access-management by gravitee-io.
the class OAuth2AuthHandlerImpl method handle.
@Override
public void handle(RoutingContext context) {
parseAuthorization(context, parseHandler -> {
if (parseHandler.failed()) {
processException(context, parseHandler.cause());
return;
}
final String jwtToken = parseHandler.result();
// set raw token to the current context
if (extractRawToken) {
context.put(ConstantKeys.RAW_TOKEN_CONTEXT_KEY, jwtToken);
}
oAuth2AuthProvider.decodeToken(jwtToken, offlineVerification, handler -> {
if (handler.failed()) {
processException(context, handler.cause());
return;
}
OAuth2AuthResponse response = handler.result();
JWT token = response.getToken();
Client client = response.getClient();
// set token to the current context
if (extractToken) {
context.put(ConstantKeys.TOKEN_CONTEXT_KEY, token);
}
// set client to the current context
if (extractClient) {
context.put(ConstantKeys.CLIENT_CONTEXT_KEY, client);
}
// check if current subject can access its own resources
if (selfResource) {
final String resourceId = context.request().getParam(resourceParameter);
if (resourceId != null && resourceId.equals(token.getSub())) {
if (resourceRequiredScope == null || token.hasScope(resourceRequiredScope)) {
context.next();
return;
}
}
}
if (forceEndUserToken) {
if (token.getSub().equals(token.getAud())) {
// token for end user must not contain clientId as subject
processException(context, new InvalidTokenException("The access token was not issued for an End-User"));
return;
}
}
if (forceClientToken) {
if (!token.getSub().equals(token.getAud())) {
// token for end user must not contain clientId as subject
processException(context, new InvalidTokenException("The access token was not issued for a Client"));
return;
}
}
// check required scope
if (requiredScope != null) {
if (!token.hasScope(requiredScope)) {
processException(context, new InsufficientScopeException("Invalid access token scopes. The access token should have at least '" + requiredScope + "' scope"));
return;
}
}
context.next();
});
});
}
Aggregations