Search in sources :

Example 1 with AuthorizationEndpoint

use of io.gravitee.am.gateway.handler.oauth2.resources.endpoint.authorization.AuthorizationEndpoint in project gravitee-access-management by gravitee-io.

the class AuthorizationEndpointTest method setUp.

@Override
public void setUp() throws Exception {
    super.setUp();
    AuthorizationEndpoint authorizationEndpointHandler = new AuthorizationEndpoint(flow, thymeleafTemplateEngine, parService);
    // set openid provider service
    OpenIDProviderMetadata openIDProviderMetadata = new OpenIDProviderMetadata();
    openIDProviderMetadata.setResponseTypesSupported(Arrays.asList(ResponseType.CODE, ResponseType.TOKEN, io.gravitee.am.common.oidc.ResponseType.CODE_ID_TOKEN, io.gravitee.am.common.oidc.ResponseType.CODE_TOKEN, io.gravitee.am.common.oidc.ResponseType.CODE_ID_TOKEN_TOKEN, io.gravitee.am.common.oidc.ResponseType.ID_TOKEN_TOKEN, io.gravitee.am.common.oidc.ResponseType.ID_TOKEN));
    openIDProviderMetadata.setResponseModesSupported(Arrays.asList(io.gravitee.am.common.oauth2.ResponseMode.QUERY, io.gravitee.am.common.oauth2.ResponseMode.FRAGMENT, ResponseMode.QUERY_JWT, ResponseMode.FRAGMENT_JWT, ResponseMode.JWT));
    when(openIDDiscoveryService.getConfiguration(anyString())).thenReturn(openIDProviderMetadata);
    when(environment.getProperty("authorization.code.validity", Integer.class, 60000)).thenReturn(60000);
    // set technical routes
    SessionHandler sessionHandler = SessionHandler.create(LocalSessionStore.create(vertx));
    router.route().order(-1).handler(sessionHandler).handler(routingContext -> {
        routingContext.put(CONTEXT_PATH, "/test");
        routingContext.next();
    });
    // set Authorization endpoint routes
    router.route(HttpMethod.GET, "/oauth/authorize").handler(new AuthorizationRequestParseProviderConfigurationHandler(openIDDiscoveryService)).handler(new AuthorizationRequestParseRequiredParametersHandler()).handler(new AuthorizationRequestParseClientHandler(clientSyncService)).handler(new AuthorizationRequestParseParametersHandler(domain)).handler(new AuthorizationRequestResolveHandler(scopeManager)).handler(authorizationEndpointHandler);
    router.route().failureHandler(new AuthorizationRequestFailureHandler(openIDDiscoveryService, jwtService, jweService, environment));
    when(parService.deleteRequestUri(any())).thenReturn(Completable.complete());
}
Also used : SessionHandler(io.vertx.reactivex.ext.web.handler.SessionHandler) OpenIDProviderMetadata(io.gravitee.am.gateway.handler.oidc.service.discovery.OpenIDProviderMetadata) AuthorizationEndpoint(io.gravitee.am.gateway.handler.oauth2.resources.endpoint.authorization.AuthorizationEndpoint)

Example 2 with AuthorizationEndpoint

use of io.gravitee.am.gateway.handler.oauth2.resources.endpoint.authorization.AuthorizationEndpoint in project gravitee-access-management by gravitee-io.

the class OAuth2Provider method initRouter.

private void initRouter() {
    // Create the OAuth 2.0 router
    final Router oauth2Router = Router.router(vertx);
    // client auth handler
    final String certificateHeader = environment.getProperty(ConstantKeys.HTTP_SSL_CERTIFICATE_HEADER);
    final Handler<RoutingContext> clientAuthHandler = ClientAuthHandler.create(clientSyncService, clientAssertionService, jwkService, domain, certificateHeader);
    // static handler
    staticHandler(oauth2Router);
    // session cookie handler
    sessionAndCookieHandler(oauth2Router);
    // CSRF handler
    csrfHandler(oauth2Router);
    // CSP Handler
    cspHandler(oauth2Router);
    AuthenticationFlowContextHandler authenticationFlowContextHandler = new AuthenticationFlowContextHandler(authenticationFlowContextService, environment);
    // Authorization endpoint
    oauth2Router.route(HttpMethod.OPTIONS, "/authorize").handler(corsHandler);
    oauth2Router.route(HttpMethod.GET, "/authorize").handler(corsHandler).handler(new AuthorizationRequestTransactionHandler(transactionHeader)).handler(new AuthorizationRequestParseProviderConfigurationHandler(openIDDiscoveryService)).handler(new AuthorizationRequestParseRequiredParametersHandler()).handler(new AuthorizationRequestParseClientHandler(clientSyncService)).handler(new AuthorizationRequestParseRequestObjectHandler(requestObjectService, domain, parService)).handler(new AuthorizationRequestParseIdTokenHintHandler(idTokenService)).handler(new AuthorizationRequestParseParametersHandler(domain)).handler(authenticationFlowContextHandler).handler(authenticationFlowHandler.create()).handler(new AuthorizationRequestResolveHandler(scopeManager)).handler(new AuthorizationRequestEndUserConsentHandler(userConsentService)).handler(new AuthorizationEndpoint(flow, thymeleafTemplateEngine, parService)).failureHandler(new AuthorizationRequestFailureHandler(openIDDiscoveryService, jwtService, jweService, environment));
    // Authorization consent endpoint
    Handler<RoutingContext> userConsentPrepareContextHandler = new UserConsentPrepareContextHandler(clientSyncService);
    oauth2Router.route(HttpMethod.GET, "/consent").handler(new AuthorizationRequestParseClientHandler(clientSyncService)).handler(new AuthorizationRequestParseProviderConfigurationHandler(openIDDiscoveryService)).handler(new AuthorizationRequestParseRequestObjectHandler(requestObjectService, domain, parService)).handler(new AuthorizationRequestResolveHandler(scopeManager)).handler(userConsentPrepareContextHandler).handler(authenticationFlowContextHandler).handler(policyChainHandler.create(ExtensionPoint.PRE_CONSENT)).handler(new UserConsentEndpoint(userConsentService, thymeleafTemplateEngine, domain));
    oauth2Router.route(HttpMethod.POST, "/consent").handler(new AuthorizationRequestParseClientHandler(clientSyncService)).handler(new AuthorizationRequestParseProviderConfigurationHandler(openIDDiscoveryService)).handler(new AuthorizationRequestParseRequestObjectHandler(requestObjectService, domain, parService)).handler(new AuthorizationRequestResolveHandler(scopeManager)).handler(userConsentPrepareContextHandler).handler(authenticationFlowContextHandler).handler(new UserConsentProcessHandler(userConsentService, domain)).handler(policyChainHandler.create(ExtensionPoint.POST_CONSENT)).handler(new UserConsentPostEndpoint());
    oauth2Router.route("/consent").failureHandler(new UserConsentFailureHandler());
    // Token endpoint
    oauth2Router.route(HttpMethod.OPTIONS, "/token").handler(corsHandler);
    oauth2Router.route(HttpMethod.POST, "/token").handler(corsHandler).handler(new TokenRequestParseHandler()).handler(clientAuthHandler).handler(new TokenEndpoint(tokenGranter));
    // Introspection endpoint
    oauth2Router.route(HttpMethod.POST, "/introspect").consumes(MediaType.APPLICATION_FORM_URLENCODED).handler(clientAuthHandler).handler(new IntrospectionEndpoint(introspectionService));
    // Revocation endpoint
    oauth2Router.route(HttpMethod.OPTIONS, "/revoke").handler(corsHandler);
    oauth2Router.route(HttpMethod.POST, "/revoke").consumes(MediaType.APPLICATION_FORM_URLENCODED).handler(corsHandler).handler(clientAuthHandler).handler(new RevocationTokenEndpoint(revocationTokenService));
    // Error endpoint
    oauth2Router.route(HttpMethod.GET, "/error").handler(new ErrorEndpoint(domain, thymeleafTemplateEngine, clientSyncService, jwtService));
    // Pushed Authorization Request
    oauth2Router.route(HttpMethod.POST, "/par").handler(clientAuthHandler).handler(new PushedAuthorizationRequestEndpoint(parService));
    oauth2Router.route("/par").handler(new PushedAuthorizationRequestEndpoint.MethodNotAllowedHandler());
    // error handler
    errorHandler(oauth2Router);
    // mount OAuth 2.0 router
    router.mountSubRouter(path(), oauth2Router);
}
Also used : UserConsentProcessHandler(io.gravitee.am.gateway.handler.oauth2.resources.handler.authorization.consent.UserConsentProcessHandler) RevocationTokenEndpoint(io.gravitee.am.gateway.handler.oauth2.resources.endpoint.revocation.RevocationTokenEndpoint) IntrospectionEndpoint(io.gravitee.am.gateway.handler.oauth2.resources.endpoint.introspection.IntrospectionEndpoint) RevocationTokenEndpoint(io.gravitee.am.gateway.handler.oauth2.resources.endpoint.revocation.RevocationTokenEndpoint) TokenEndpoint(io.gravitee.am.gateway.handler.oauth2.resources.endpoint.token.TokenEndpoint) RoutingContext(io.vertx.reactivex.ext.web.RoutingContext) UserConsentEndpoint(io.gravitee.am.gateway.handler.oauth2.resources.endpoint.authorization.consent.UserConsentEndpoint) UserConsentFailureHandler(io.gravitee.am.gateway.handler.oauth2.resources.handler.authorization.consent.UserConsentFailureHandler) Router(io.vertx.reactivex.ext.web.Router) AuthorizationEndpoint(io.gravitee.am.gateway.handler.oauth2.resources.endpoint.authorization.AuthorizationEndpoint) UserConsentPrepareContextHandler(io.gravitee.am.gateway.handler.oauth2.resources.handler.authorization.consent.UserConsentPrepareContextHandler) ErrorEndpoint(io.gravitee.am.gateway.handler.common.vertx.web.endpoint.ErrorEndpoint) PushedAuthorizationRequestEndpoint(io.gravitee.am.gateway.handler.oauth2.resources.endpoint.par.PushedAuthorizationRequestEndpoint) TokenRequestParseHandler(io.gravitee.am.gateway.handler.oauth2.resources.handler.token.TokenRequestParseHandler) UserConsentPostEndpoint(io.gravitee.am.gateway.handler.oauth2.resources.endpoint.authorization.consent.UserConsentPostEndpoint)

Aggregations

AuthorizationEndpoint (io.gravitee.am.gateway.handler.oauth2.resources.endpoint.authorization.AuthorizationEndpoint)2 ErrorEndpoint (io.gravitee.am.gateway.handler.common.vertx.web.endpoint.ErrorEndpoint)1 UserConsentEndpoint (io.gravitee.am.gateway.handler.oauth2.resources.endpoint.authorization.consent.UserConsentEndpoint)1 UserConsentPostEndpoint (io.gravitee.am.gateway.handler.oauth2.resources.endpoint.authorization.consent.UserConsentPostEndpoint)1 IntrospectionEndpoint (io.gravitee.am.gateway.handler.oauth2.resources.endpoint.introspection.IntrospectionEndpoint)1 PushedAuthorizationRequestEndpoint (io.gravitee.am.gateway.handler.oauth2.resources.endpoint.par.PushedAuthorizationRequestEndpoint)1 RevocationTokenEndpoint (io.gravitee.am.gateway.handler.oauth2.resources.endpoint.revocation.RevocationTokenEndpoint)1 TokenEndpoint (io.gravitee.am.gateway.handler.oauth2.resources.endpoint.token.TokenEndpoint)1 UserConsentFailureHandler (io.gravitee.am.gateway.handler.oauth2.resources.handler.authorization.consent.UserConsentFailureHandler)1 UserConsentPrepareContextHandler (io.gravitee.am.gateway.handler.oauth2.resources.handler.authorization.consent.UserConsentPrepareContextHandler)1 UserConsentProcessHandler (io.gravitee.am.gateway.handler.oauth2.resources.handler.authorization.consent.UserConsentProcessHandler)1 TokenRequestParseHandler (io.gravitee.am.gateway.handler.oauth2.resources.handler.token.TokenRequestParseHandler)1 OpenIDProviderMetadata (io.gravitee.am.gateway.handler.oidc.service.discovery.OpenIDProviderMetadata)1 Router (io.vertx.reactivex.ext.web.Router)1 RoutingContext (io.vertx.reactivex.ext.web.RoutingContext)1 SessionHandler (io.vertx.reactivex.ext.web.handler.SessionHandler)1