Search in sources :

Example 1 with RedirectMismatchException

use of io.gravitee.am.gateway.handler.oauth2.exception.RedirectMismatchException in project gravitee-access-management by gravitee-io.

the class AuthorizationRequestFailureHandler method processOAuth2Exception.

private void processOAuth2Exception(AuthorizationRequest authorizationRequest, OAuth2Exception oAuth2Exception, Client client, String defaultErrorURL, RoutingContext context, Handler<AsyncResult<String>> handler) {
    final String clientId = authorizationRequest.getClientId();
    // no client available or missing redirect_uri, go to default error page
    if (clientId == null || client == null || authorizationRequest.getRedirectUri() == null) {
        authorizationRequest.setRedirectUri(defaultErrorURL);
    }
    // user set a wrong redirect_uri, go to default error page
    if (oAuth2Exception instanceof RedirectMismatchException) {
        authorizationRequest.setRedirectUri(defaultErrorURL);
    }
    // check if the redirect_uri request parameter is allowed
    if (client != null && client.getRedirectUris() != null && authorizationRequest.getRedirectUri() != null && !client.getRedirectUris().contains(authorizationRequest.getRedirectUri())) {
        authorizationRequest.setRedirectUri(defaultErrorURL);
    }
    // return to the default error page to avoid redirect using wrong response mode
    if (oAuth2Exception instanceof InvalidRequestObjectException && context.get(ConstantKeys.REQUEST_OBJECT_KEY) == null) {
        authorizationRequest.setRedirectUri(defaultErrorURL);
    }
    // Process error response
    try {
        // Response Mode is not supplied by the client, process the response as usual
        if (client == null || authorizationRequest.getResponseMode() == null || !authorizationRequest.getResponseMode().endsWith("jwt")) {
            // redirect user
            handler.handle(Future.succeededFuture(buildRedirectUri(oAuth2Exception.getOAuth2ErrorCode(), oAuth2Exception.getMessage(), authorizationRequest, context)));
            return;
        }
        // Otherwise the JWT contains the error response parameters
        JWTOAuth2Exception jwtException = new JWTOAuth2Exception(oAuth2Exception, authorizationRequest.getState());
        jwtException.setIss(openIDDiscoveryService.getIssuer(authorizationRequest.getOrigin()));
        jwtException.setAud(client.getClientId());
        // There is nothing about expiration. We admit to use the one settled for authorization code validity
        jwtException.setExp(Instant.now().plusSeconds(this.codeValidityInSec).getEpochSecond());
        // Sign if needed, else return unsigned JWT
        jwtService.encodeAuthorization(jwtException.build(), client).flatMap(authorization -> jweService.encryptAuthorization(authorization, client)).subscribe(jwt -> handler.handle(Future.succeededFuture(jwtException.buildRedirectUri(authorizationRequest.getRedirectUri(), authorizationRequest.getResponseType(), authorizationRequest.getResponseMode(), jwt))), ex -> handler.handle(Future.failedFuture(ex)));
    } catch (Exception e) {
        handler.handle(Future.failedFuture(e));
    }
}
Also used : Json(io.vertx.core.json.Json) HttpHeaders(io.gravitee.common.http.HttpHeaders) RedirectMismatchException(io.gravitee.am.gateway.handler.oauth2.exception.RedirectMismatchException) Client(io.gravitee.am.model.oidc.Client) ResponseTypeUtils.isImplicitFlow(io.gravitee.am.service.utils.ResponseTypeUtils.isImplicitFlow) AuthorizationRequestFactory(io.gravitee.am.gateway.handler.oauth2.resources.request.AuthorizationRequestFactory) URISyntaxException(java.net.URISyntaxException) LoggerFactory(org.slf4j.LoggerFactory) ConstantKeys(io.gravitee.am.common.utils.ConstantKeys) PolicyChainException(io.gravitee.am.gateway.policy.PolicyChainException) HttpStatusCode(io.gravitee.common.http.HttpStatusCode) LinkedHashMap(java.util.LinkedHashMap) OAuth2Exception(io.gravitee.am.common.exception.oauth2.OAuth2Exception) JWTService(io.gravitee.am.gateway.handler.common.jwt.JWTService) Map(java.util.Map) AsyncResult(io.vertx.core.AsyncResult) URI(java.net.URI) HttpException(io.vertx.ext.web.handler.HttpException) ResponseTypeUtils.isHybridFlow(io.gravitee.am.service.utils.ResponseTypeUtils.isHybridFlow) UriBuilder(io.gravitee.am.common.web.UriBuilder) Logger(org.slf4j.Logger) JWEService(io.gravitee.am.gateway.handler.oidc.service.jwe.JWEService) InvalidRequestObjectException(io.gravitee.am.common.exception.oauth2.InvalidRequestObjectException) AuthorizationRequest(io.gravitee.am.gateway.handler.oauth2.service.request.AuthorizationRequest) Instant(java.time.Instant) Future(io.vertx.core.Future) RoutingContext(io.vertx.reactivex.ext.web.RoutingContext) UriBuilderRequest(io.gravitee.am.gateway.handler.common.vertx.utils.UriBuilderRequest) OAuth2ErrorResponse(io.gravitee.am.gateway.handler.oauth2.service.response.OAuth2ErrorResponse) MediaType(io.gravitee.common.http.MediaType) Environment(org.springframework.core.env.Environment) JWTOAuth2Exception(io.gravitee.am.gateway.handler.oauth2.exception.JWTOAuth2Exception) CONTEXT_PATH(io.gravitee.am.gateway.handler.common.vertx.utils.UriBuilderRequest.CONTEXT_PATH) Handler(io.vertx.core.Handler) Parameters(io.gravitee.am.common.oauth2.Parameters) OpenIDDiscoveryService(io.gravitee.am.gateway.handler.oidc.service.discovery.OpenIDDiscoveryService) JWTOAuth2Exception(io.gravitee.am.gateway.handler.oauth2.exception.JWTOAuth2Exception) RedirectMismatchException(io.gravitee.am.gateway.handler.oauth2.exception.RedirectMismatchException) InvalidRequestObjectException(io.gravitee.am.common.exception.oauth2.InvalidRequestObjectException) RedirectMismatchException(io.gravitee.am.gateway.handler.oauth2.exception.RedirectMismatchException) URISyntaxException(java.net.URISyntaxException) PolicyChainException(io.gravitee.am.gateway.policy.PolicyChainException) OAuth2Exception(io.gravitee.am.common.exception.oauth2.OAuth2Exception) HttpException(io.vertx.ext.web.handler.HttpException) InvalidRequestObjectException(io.gravitee.am.common.exception.oauth2.InvalidRequestObjectException) JWTOAuth2Exception(io.gravitee.am.gateway.handler.oauth2.exception.JWTOAuth2Exception)

Aggregations

InvalidRequestObjectException (io.gravitee.am.common.exception.oauth2.InvalidRequestObjectException)1 OAuth2Exception (io.gravitee.am.common.exception.oauth2.OAuth2Exception)1 Parameters (io.gravitee.am.common.oauth2.Parameters)1 ConstantKeys (io.gravitee.am.common.utils.ConstantKeys)1 UriBuilder (io.gravitee.am.common.web.UriBuilder)1 JWTService (io.gravitee.am.gateway.handler.common.jwt.JWTService)1 UriBuilderRequest (io.gravitee.am.gateway.handler.common.vertx.utils.UriBuilderRequest)1 CONTEXT_PATH (io.gravitee.am.gateway.handler.common.vertx.utils.UriBuilderRequest.CONTEXT_PATH)1 JWTOAuth2Exception (io.gravitee.am.gateway.handler.oauth2.exception.JWTOAuth2Exception)1 RedirectMismatchException (io.gravitee.am.gateway.handler.oauth2.exception.RedirectMismatchException)1 AuthorizationRequestFactory (io.gravitee.am.gateway.handler.oauth2.resources.request.AuthorizationRequestFactory)1 AuthorizationRequest (io.gravitee.am.gateway.handler.oauth2.service.request.AuthorizationRequest)1 OAuth2ErrorResponse (io.gravitee.am.gateway.handler.oauth2.service.response.OAuth2ErrorResponse)1 OpenIDDiscoveryService (io.gravitee.am.gateway.handler.oidc.service.discovery.OpenIDDiscoveryService)1 JWEService (io.gravitee.am.gateway.handler.oidc.service.jwe.JWEService)1 PolicyChainException (io.gravitee.am.gateway.policy.PolicyChainException)1 Client (io.gravitee.am.model.oidc.Client)1 ResponseTypeUtils.isHybridFlow (io.gravitee.am.service.utils.ResponseTypeUtils.isHybridFlow)1 ResponseTypeUtils.isImplicitFlow (io.gravitee.am.service.utils.ResponseTypeUtils.isImplicitFlow)1 HttpHeaders (io.gravitee.common.http.HttpHeaders)1