Example 1 with RedirectMismatchException
use of io.gravitee.am.gateway.handler.oauth2.exception.RedirectMismatchException in project gravitee-access-management by gravitee-io.
the class AuthorizationRequestFailureHandler method processOAuth2Exception.
private void processOAuth2Exception(AuthorizationRequest authorizationRequest, OAuth2Exception oAuth2Exception, Client client, String defaultErrorURL, RoutingContext context, Handler<AsyncResult<String>> handler) {
final String clientId = authorizationRequest.getClientId();
// no client available or missing redirect_uri, go to default error page
if (clientId == null || client == null || authorizationRequest.getRedirectUri() == null) {
authorizationRequest.setRedirectUri(defaultErrorURL);
}
// user set a wrong redirect_uri, go to default error page
if (oAuth2Exception instanceof RedirectMismatchException) {
authorizationRequest.setRedirectUri(defaultErrorURL);
}
// check if the redirect_uri request parameter is allowed
if (client != null && client.getRedirectUris() != null && authorizationRequest.getRedirectUri() != null && !client.getRedirectUris().contains(authorizationRequest.getRedirectUri())) {
authorizationRequest.setRedirectUri(defaultErrorURL);
}
// return to the default error page to avoid redirect using wrong response mode
if (oAuth2Exception instanceof InvalidRequestObjectException && context.get(ConstantKeys.REQUEST_OBJECT_KEY) == null) {
authorizationRequest.setRedirectUri(defaultErrorURL);
}
// Process error response
try {
// Response Mode is not supplied by the client, process the response as usual
if (client == null || authorizationRequest.getResponseMode() == null || !authorizationRequest.getResponseMode().endsWith("jwt")) {
// redirect user
handler.handle(Future.succeededFuture(buildRedirectUri(oAuth2Exception.getOAuth2ErrorCode(), oAuth2Exception.getMessage(), authorizationRequest, context)));
return;
}
// Otherwise the JWT contains the error response parameters
JWTOAuth2Exception jwtException = new JWTOAuth2Exception(oAuth2Exception, authorizationRequest.getState());
jwtException.setIss(openIDDiscoveryService.getIssuer(authorizationRequest.getOrigin()));
jwtException.setAud(client.getClientId());
// There is nothing about expiration. We admit to use the one settled for authorization code validity
jwtException.setExp(Instant.now().plusSeconds(this.codeValidityInSec).getEpochSecond());
// Sign if needed, else return unsigned JWT
jwtService.encodeAuthorization(jwtException.build(), client).flatMap(authorization -> jweService.encryptAuthorization(authorization, client)).subscribe(jwt -> handler.handle(Future.succeededFuture(jwtException.buildRedirectUri(authorizationRequest.getRedirectUri(), authorizationRequest.getResponseType(), authorizationRequest.getResponseMode(), jwt))), ex -> handler.handle(Future.failedFuture(ex)));
} catch (Exception e) {
handler.handle(Future.failedFuture(e));
}
}
Also used :
Json(io.vertx.core.json.Json)
HttpHeaders(io.gravitee.common.http.HttpHeaders)
RedirectMismatchException(io.gravitee.am.gateway.handler.oauth2.exception.RedirectMismatchException)
Client(io.gravitee.am.model.oidc.Client)
ResponseTypeUtils.isImplicitFlow(io.gravitee.am.service.utils.ResponseTypeUtils.isImplicitFlow)
AuthorizationRequestFactory(io.gravitee.am.gateway.handler.oauth2.resources.request.AuthorizationRequestFactory)
URISyntaxException(java.net.URISyntaxException)
LoggerFactory(org.slf4j.LoggerFactory)
ConstantKeys(io.gravitee.am.common.utils.ConstantKeys)
PolicyChainException(io.gravitee.am.gateway.policy.PolicyChainException)
HttpStatusCode(io.gravitee.common.http.HttpStatusCode)
LinkedHashMap(java.util.LinkedHashMap)
OAuth2Exception(io.gravitee.am.common.exception.oauth2.OAuth2Exception)
JWTService(io.gravitee.am.gateway.handler.common.jwt.JWTService)
Map(java.util.Map)
AsyncResult(io.vertx.core.AsyncResult)
URI(java.net.URI)
HttpException(io.vertx.ext.web.handler.HttpException)
ResponseTypeUtils.isHybridFlow(io.gravitee.am.service.utils.ResponseTypeUtils.isHybridFlow)
UriBuilder(io.gravitee.am.common.web.UriBuilder)
Logger(org.slf4j.Logger)
JWEService(io.gravitee.am.gateway.handler.oidc.service.jwe.JWEService)
InvalidRequestObjectException(io.gravitee.am.common.exception.oauth2.InvalidRequestObjectException)
AuthorizationRequest(io.gravitee.am.gateway.handler.oauth2.service.request.AuthorizationRequest)
Instant(java.time.Instant)
Future(io.vertx.core.Future)
RoutingContext(io.vertx.reactivex.ext.web.RoutingContext)
UriBuilderRequest(io.gravitee.am.gateway.handler.common.vertx.utils.UriBuilderRequest)
OAuth2ErrorResponse(io.gravitee.am.gateway.handler.oauth2.service.response.OAuth2ErrorResponse)
MediaType(io.gravitee.common.http.MediaType)
Environment(org.springframework.core.env.Environment)
JWTOAuth2Exception(io.gravitee.am.gateway.handler.oauth2.exception.JWTOAuth2Exception)
CONTEXT_PATH(io.gravitee.am.gateway.handler.common.vertx.utils.UriBuilderRequest.CONTEXT_PATH)
Handler(io.vertx.core.Handler)
Parameters(io.gravitee.am.common.oauth2.Parameters)
OpenIDDiscoveryService(io.gravitee.am.gateway.handler.oidc.service.discovery.OpenIDDiscoveryService)
JWTOAuth2Exception(io.gravitee.am.gateway.handler.oauth2.exception.JWTOAuth2Exception)
RedirectMismatchException(io.gravitee.am.gateway.handler.oauth2.exception.RedirectMismatchException)
InvalidRequestObjectException(io.gravitee.am.common.exception.oauth2.InvalidRequestObjectException)
RedirectMismatchException(io.gravitee.am.gateway.handler.oauth2.exception.RedirectMismatchException)
URISyntaxException(java.net.URISyntaxException)
PolicyChainException(io.gravitee.am.gateway.policy.PolicyChainException)
OAuth2Exception(io.gravitee.am.common.exception.oauth2.OAuth2Exception)
HttpException(io.vertx.ext.web.handler.HttpException)
InvalidRequestObjectException(io.gravitee.am.common.exception.oauth2.InvalidRequestObjectException)
JWTOAuth2Exception(io.gravitee.am.gateway.handler.oauth2.exception.JWTOAuth2Exception)
Aggregations
InvalidRequestObjectException (io.gravitee.am.common.exception.oauth2.InvalidRequestObjectException)1
OAuth2Exception (io.gravitee.am.common.exception.oauth2.OAuth2Exception)1
Parameters (io.gravitee.am.common.oauth2.Parameters)1
ConstantKeys (io.gravitee.am.common.utils.ConstantKeys)1
UriBuilder (io.gravitee.am.common.web.UriBuilder)1
JWTService (io.gravitee.am.gateway.handler.common.jwt.JWTService)1
UriBuilderRequest (io.gravitee.am.gateway.handler.common.vertx.utils.UriBuilderRequest)1
CONTEXT_PATH (io.gravitee.am.gateway.handler.common.vertx.utils.UriBuilderRequest.CONTEXT_PATH)1
JWTOAuth2Exception (io.gravitee.am.gateway.handler.oauth2.exception.JWTOAuth2Exception)1
RedirectMismatchException (io.gravitee.am.gateway.handler.oauth2.exception.RedirectMismatchException)1
AuthorizationRequestFactory (io.gravitee.am.gateway.handler.oauth2.resources.request.AuthorizationRequestFactory)1
AuthorizationRequest (io.gravitee.am.gateway.handler.oauth2.service.request.AuthorizationRequest)1
OAuth2ErrorResponse (io.gravitee.am.gateway.handler.oauth2.service.response.OAuth2ErrorResponse)1
OpenIDDiscoveryService (io.gravitee.am.gateway.handler.oidc.service.discovery.OpenIDDiscoveryService)1
JWEService (io.gravitee.am.gateway.handler.oidc.service.jwe.JWEService)1
PolicyChainException (io.gravitee.am.gateway.policy.PolicyChainException)1
Client (io.gravitee.am.model.oidc.Client)1
ResponseTypeUtils.isHybridFlow (io.gravitee.am.service.utils.ResponseTypeUtils.isHybridFlow)1
ResponseTypeUtils.isImplicitFlow (io.gravitee.am.service.utils.ResponseTypeUtils.isImplicitFlow)1
HttpHeaders (io.gravitee.common.http.HttpHeaders)1
