use of io.gravitee.am.gateway.handler.oauth2.resources.endpoint.authorization.AuthorizationEndpoint in project gravitee-access-management by gravitee-io.
the class AuthorizationEndpointTest method setUp.
@Override
public void setUp() throws Exception {
super.setUp();
AuthorizationEndpoint authorizationEndpointHandler = new AuthorizationEndpoint(flow, thymeleafTemplateEngine, parService);
// set openid provider service
OpenIDProviderMetadata openIDProviderMetadata = new OpenIDProviderMetadata();
openIDProviderMetadata.setResponseTypesSupported(Arrays.asList(ResponseType.CODE, ResponseType.TOKEN, io.gravitee.am.common.oidc.ResponseType.CODE_ID_TOKEN, io.gravitee.am.common.oidc.ResponseType.CODE_TOKEN, io.gravitee.am.common.oidc.ResponseType.CODE_ID_TOKEN_TOKEN, io.gravitee.am.common.oidc.ResponseType.ID_TOKEN_TOKEN, io.gravitee.am.common.oidc.ResponseType.ID_TOKEN));
openIDProviderMetadata.setResponseModesSupported(Arrays.asList(io.gravitee.am.common.oauth2.ResponseMode.QUERY, io.gravitee.am.common.oauth2.ResponseMode.FRAGMENT, ResponseMode.QUERY_JWT, ResponseMode.FRAGMENT_JWT, ResponseMode.JWT));
when(openIDDiscoveryService.getConfiguration(anyString())).thenReturn(openIDProviderMetadata);
when(environment.getProperty("authorization.code.validity", Integer.class, 60000)).thenReturn(60000);
// set technical routes
SessionHandler sessionHandler = SessionHandler.create(LocalSessionStore.create(vertx));
router.route().order(-1).handler(sessionHandler).handler(routingContext -> {
routingContext.put(CONTEXT_PATH, "/test");
routingContext.next();
});
// set Authorization endpoint routes
router.route(HttpMethod.GET, "/oauth/authorize").handler(new AuthorizationRequestParseProviderConfigurationHandler(openIDDiscoveryService)).handler(new AuthorizationRequestParseRequiredParametersHandler()).handler(new AuthorizationRequestParseClientHandler(clientSyncService)).handler(new AuthorizationRequestParseParametersHandler(domain)).handler(new AuthorizationRequestResolveHandler(scopeManager)).handler(authorizationEndpointHandler);
router.route().failureHandler(new AuthorizationRequestFailureHandler(openIDDiscoveryService, jwtService, jweService, environment));
when(parService.deleteRequestUri(any())).thenReturn(Completable.complete());
}
use of io.gravitee.am.gateway.handler.oauth2.resources.endpoint.authorization.AuthorizationEndpoint in project gravitee-access-management by gravitee-io.
the class OAuth2Provider method initRouter.
private void initRouter() {
// Create the OAuth 2.0 router
final Router oauth2Router = Router.router(vertx);
// client auth handler
final String certificateHeader = environment.getProperty(ConstantKeys.HTTP_SSL_CERTIFICATE_HEADER);
final Handler<RoutingContext> clientAuthHandler = ClientAuthHandler.create(clientSyncService, clientAssertionService, jwkService, domain, certificateHeader);
// static handler
staticHandler(oauth2Router);
// session cookie handler
sessionAndCookieHandler(oauth2Router);
// CSRF handler
csrfHandler(oauth2Router);
// CSP Handler
cspHandler(oauth2Router);
AuthenticationFlowContextHandler authenticationFlowContextHandler = new AuthenticationFlowContextHandler(authenticationFlowContextService, environment);
// Authorization endpoint
oauth2Router.route(HttpMethod.OPTIONS, "/authorize").handler(corsHandler);
oauth2Router.route(HttpMethod.GET, "/authorize").handler(corsHandler).handler(new AuthorizationRequestTransactionHandler(transactionHeader)).handler(new AuthorizationRequestParseProviderConfigurationHandler(openIDDiscoveryService)).handler(new AuthorizationRequestParseRequiredParametersHandler()).handler(new AuthorizationRequestParseClientHandler(clientSyncService)).handler(new AuthorizationRequestParseRequestObjectHandler(requestObjectService, domain, parService)).handler(new AuthorizationRequestParseIdTokenHintHandler(idTokenService)).handler(new AuthorizationRequestParseParametersHandler(domain)).handler(authenticationFlowContextHandler).handler(authenticationFlowHandler.create()).handler(new AuthorizationRequestResolveHandler(scopeManager)).handler(new AuthorizationRequestEndUserConsentHandler(userConsentService)).handler(new AuthorizationEndpoint(flow, thymeleafTemplateEngine, parService)).failureHandler(new AuthorizationRequestFailureHandler(openIDDiscoveryService, jwtService, jweService, environment));
// Authorization consent endpoint
Handler<RoutingContext> userConsentPrepareContextHandler = new UserConsentPrepareContextHandler(clientSyncService);
oauth2Router.route(HttpMethod.GET, "/consent").handler(new AuthorizationRequestParseClientHandler(clientSyncService)).handler(new AuthorizationRequestParseProviderConfigurationHandler(openIDDiscoveryService)).handler(new AuthorizationRequestParseRequestObjectHandler(requestObjectService, domain, parService)).handler(new AuthorizationRequestResolveHandler(scopeManager)).handler(userConsentPrepareContextHandler).handler(authenticationFlowContextHandler).handler(policyChainHandler.create(ExtensionPoint.PRE_CONSENT)).handler(new UserConsentEndpoint(userConsentService, thymeleafTemplateEngine, domain));
oauth2Router.route(HttpMethod.POST, "/consent").handler(new AuthorizationRequestParseClientHandler(clientSyncService)).handler(new AuthorizationRequestParseProviderConfigurationHandler(openIDDiscoveryService)).handler(new AuthorizationRequestParseRequestObjectHandler(requestObjectService, domain, parService)).handler(new AuthorizationRequestResolveHandler(scopeManager)).handler(userConsentPrepareContextHandler).handler(authenticationFlowContextHandler).handler(new UserConsentProcessHandler(userConsentService, domain)).handler(policyChainHandler.create(ExtensionPoint.POST_CONSENT)).handler(new UserConsentPostEndpoint());
oauth2Router.route("/consent").failureHandler(new UserConsentFailureHandler());
// Token endpoint
oauth2Router.route(HttpMethod.OPTIONS, "/token").handler(corsHandler);
oauth2Router.route(HttpMethod.POST, "/token").handler(corsHandler).handler(new TokenRequestParseHandler()).handler(clientAuthHandler).handler(new TokenEndpoint(tokenGranter));
// Introspection endpoint
oauth2Router.route(HttpMethod.POST, "/introspect").consumes(MediaType.APPLICATION_FORM_URLENCODED).handler(clientAuthHandler).handler(new IntrospectionEndpoint(introspectionService));
// Revocation endpoint
oauth2Router.route(HttpMethod.OPTIONS, "/revoke").handler(corsHandler);
oauth2Router.route(HttpMethod.POST, "/revoke").consumes(MediaType.APPLICATION_FORM_URLENCODED).handler(corsHandler).handler(clientAuthHandler).handler(new RevocationTokenEndpoint(revocationTokenService));
// Error endpoint
oauth2Router.route(HttpMethod.GET, "/error").handler(new ErrorEndpoint(domain, thymeleafTemplateEngine, clientSyncService, jwtService));
// Pushed Authorization Request
oauth2Router.route(HttpMethod.POST, "/par").handler(clientAuthHandler).handler(new PushedAuthorizationRequestEndpoint(parService));
oauth2Router.route("/par").handler(new PushedAuthorizationRequestEndpoint.MethodNotAllowedHandler());
// error handler
errorHandler(oauth2Router);
// mount OAuth 2.0 router
router.mountSubRouter(path(), oauth2Router);
}
Aggregations