Search in sources :

Example 1 with ClientAssertionService

use of io.gravitee.am.gateway.handler.oauth2.service.assertion.ClientAssertionService in project gravitee-access-management by gravitee-io.

the class CIBAProvider method initRouter.

private void initRouter() {
    final Router cibaRouter = Router.router(vertx);
    final String certificateHeader = environment.getProperty(ConstantKeys.HTTP_SSL_CERTIFICATE_HEADER);
    final Handler<RoutingContext> clientAuthHandler = ClientAuthHandler.create(clientSyncService, clientAssertionService, jwkService, domain, certificateHeader);
    cibaRouter.route(HttpMethod.OPTIONS, AUTHENTICATION_ENDPOINT).handler(corsHandler);
    cibaRouter.route(HttpMethod.POST, AUTHENTICATION_ENDPOINT).handler(corsHandler).handler(clientAuthHandler).handler(new AuthorizationRequestParseProviderConfigurationHandler(this.openIDDiscoveryService)).handler(new AuthenticationRequestParseRequestObjectHandler(this.requestObjectService, this.domain)).handler(new AuthenticationRequestParametersHandler(domain, jwsService, jwkService, userService)).handler(new AuthenticationRequestAcknowledgeHandler(authService, domain, jwtService));
    // To process the callback content we perform authentication of the caller that must be registered as AM client.
    // If a plugin need a non authenticate webhook, we should create another endpoint without clientAuthHandler.
    cibaRouter.route(HttpMethod.OPTIONS, AUTHENTICATION_CALLBACK_ENDPOINT).handler(corsHandler);
    cibaRouter.route(HttpMethod.POST, AUTHENTICATION_CALLBACK_ENDPOINT).handler(corsHandler).handler(clientAuthHandler).handler(new AuthenticationRequestCallbackHandler(authService));
    errorHandler(cibaRouter);
    router.mountSubRouter(path(), cibaRouter);
}
Also used : AuthenticationRequestParametersHandler(io.gravitee.am.gateway.handler.ciba.resources.handler.AuthenticationRequestParametersHandler) RoutingContext(io.vertx.reactivex.ext.web.RoutingContext) AuthenticationRequestAcknowledgeHandler(io.gravitee.am.gateway.handler.ciba.resources.handler.AuthenticationRequestAcknowledgeHandler) Router(io.vertx.reactivex.ext.web.Router) AuthenticationRequestCallbackHandler(io.gravitee.am.gateway.handler.ciba.resources.handler.AuthenticationRequestCallbackHandler) AuthenticationRequestParseRequestObjectHandler(io.gravitee.am.gateway.handler.ciba.resources.handler.AuthenticationRequestParseRequestObjectHandler) AuthorizationRequestParseProviderConfigurationHandler(io.gravitee.am.gateway.handler.oauth2.resources.handler.authorization.AuthorizationRequestParseProviderConfigurationHandler)

Example 2 with ClientAssertionService

use of io.gravitee.am.gateway.handler.oauth2.service.assertion.ClientAssertionService in project gravitee-access-management by gravitee-io.

the class ClientAuthHandlerTest method setUp.

@Override
public void setUp() throws Exception {
    super.setUp();
    router.post("/oauth/token").handler(ClientAuthHandler.create(clientSyncService, clientAssertionService, jwkService, domain, null)).handler(rc -> rc.response().setStatusCode(200).end()).failureHandler(new ExceptionHandler());
}
Also used : ClientAuthenticationMethod(io.gravitee.am.common.oidc.ClientAuthenticationMethod) Client(io.gravitee.am.model.oidc.Client) Mock(org.mockito.Mock) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) Maybe(io.reactivex.Maybe) RunWith(org.junit.runner.RunWith) Domain(io.gravitee.am.model.Domain) Test(org.junit.Test) Mockito.when(org.mockito.Mockito.when) HttpStatusCode(io.gravitee.common.http.HttpStatusCode) ClientAssertionService(io.gravitee.am.gateway.handler.oauth2.service.assertion.ClientAssertionService) HttpMethod(io.vertx.core.http.HttpMethod) ExceptionHandler(io.gravitee.am.gateway.handler.oauth2.resources.handler.ExceptionHandler) RxWebTestBase(io.gravitee.am.gateway.handler.common.vertx.RxWebTestBase) ClientSyncService(io.gravitee.am.gateway.handler.common.client.ClientSyncService) JWKService(io.gravitee.am.gateway.handler.oidc.service.jwk.JWKService) MockitoJUnitRunner(org.mockito.junit.MockitoJUnitRunner) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) Mockito.mock(org.mockito.Mockito.mock) ExceptionHandler(io.gravitee.am.gateway.handler.oauth2.resources.handler.ExceptionHandler)

Example 3 with ClientAssertionService

use of io.gravitee.am.gateway.handler.oauth2.service.assertion.ClientAssertionService in project gravitee-access-management by gravitee-io.

the class OAuth2Provider method initRouter.

private void initRouter() {
    // Create the OAuth 2.0 router
    final Router oauth2Router = Router.router(vertx);
    // client auth handler
    final String certificateHeader = environment.getProperty(ConstantKeys.HTTP_SSL_CERTIFICATE_HEADER);
    final Handler<RoutingContext> clientAuthHandler = ClientAuthHandler.create(clientSyncService, clientAssertionService, jwkService, domain, certificateHeader);
    // static handler
    staticHandler(oauth2Router);
    // session cookie handler
    sessionAndCookieHandler(oauth2Router);
    // CSRF handler
    csrfHandler(oauth2Router);
    // CSP Handler
    cspHandler(oauth2Router);
    AuthenticationFlowContextHandler authenticationFlowContextHandler = new AuthenticationFlowContextHandler(authenticationFlowContextService, environment);
    // Authorization endpoint
    oauth2Router.route(HttpMethod.OPTIONS, "/authorize").handler(corsHandler);
    oauth2Router.route(HttpMethod.GET, "/authorize").handler(corsHandler).handler(new AuthorizationRequestTransactionHandler(transactionHeader)).handler(new AuthorizationRequestParseProviderConfigurationHandler(openIDDiscoveryService)).handler(new AuthorizationRequestParseRequiredParametersHandler()).handler(new AuthorizationRequestParseClientHandler(clientSyncService)).handler(new AuthorizationRequestParseRequestObjectHandler(requestObjectService, domain, parService)).handler(new AuthorizationRequestParseIdTokenHintHandler(idTokenService)).handler(new AuthorizationRequestParseParametersHandler(domain)).handler(authenticationFlowContextHandler).handler(authenticationFlowHandler.create()).handler(new AuthorizationRequestResolveHandler(scopeManager)).handler(new AuthorizationRequestEndUserConsentHandler(userConsentService)).handler(new AuthorizationEndpoint(flow, thymeleafTemplateEngine, parService)).failureHandler(new AuthorizationRequestFailureHandler(openIDDiscoveryService, jwtService, jweService, environment));
    // Authorization consent endpoint
    Handler<RoutingContext> userConsentPrepareContextHandler = new UserConsentPrepareContextHandler(clientSyncService);
    oauth2Router.route(HttpMethod.GET, "/consent").handler(new AuthorizationRequestParseClientHandler(clientSyncService)).handler(new AuthorizationRequestParseProviderConfigurationHandler(openIDDiscoveryService)).handler(new AuthorizationRequestParseRequestObjectHandler(requestObjectService, domain, parService)).handler(new AuthorizationRequestResolveHandler(scopeManager)).handler(userConsentPrepareContextHandler).handler(authenticationFlowContextHandler).handler(policyChainHandler.create(ExtensionPoint.PRE_CONSENT)).handler(new UserConsentEndpoint(userConsentService, thymeleafTemplateEngine, domain));
    oauth2Router.route(HttpMethod.POST, "/consent").handler(new AuthorizationRequestParseClientHandler(clientSyncService)).handler(new AuthorizationRequestParseProviderConfigurationHandler(openIDDiscoveryService)).handler(new AuthorizationRequestParseRequestObjectHandler(requestObjectService, domain, parService)).handler(new AuthorizationRequestResolveHandler(scopeManager)).handler(userConsentPrepareContextHandler).handler(authenticationFlowContextHandler).handler(new UserConsentProcessHandler(userConsentService, domain)).handler(policyChainHandler.create(ExtensionPoint.POST_CONSENT)).handler(new UserConsentPostEndpoint());
    oauth2Router.route("/consent").failureHandler(new UserConsentFailureHandler());
    // Token endpoint
    oauth2Router.route(HttpMethod.OPTIONS, "/token").handler(corsHandler);
    oauth2Router.route(HttpMethod.POST, "/token").handler(corsHandler).handler(new TokenRequestParseHandler()).handler(clientAuthHandler).handler(new TokenEndpoint(tokenGranter));
    // Introspection endpoint
    oauth2Router.route(HttpMethod.POST, "/introspect").consumes(MediaType.APPLICATION_FORM_URLENCODED).handler(clientAuthHandler).handler(new IntrospectionEndpoint(introspectionService));
    // Revocation endpoint
    oauth2Router.route(HttpMethod.OPTIONS, "/revoke").handler(corsHandler);
    oauth2Router.route(HttpMethod.POST, "/revoke").consumes(MediaType.APPLICATION_FORM_URLENCODED).handler(corsHandler).handler(clientAuthHandler).handler(new RevocationTokenEndpoint(revocationTokenService));
    // Error endpoint
    oauth2Router.route(HttpMethod.GET, "/error").handler(new ErrorEndpoint(domain, thymeleafTemplateEngine, clientSyncService, jwtService));
    // Pushed Authorization Request
    oauth2Router.route(HttpMethod.POST, "/par").handler(clientAuthHandler).handler(new PushedAuthorizationRequestEndpoint(parService));
    oauth2Router.route("/par").handler(new PushedAuthorizationRequestEndpoint.MethodNotAllowedHandler());
    // error handler
    errorHandler(oauth2Router);
    // mount OAuth 2.0 router
    router.mountSubRouter(path(), oauth2Router);
}
Also used : UserConsentProcessHandler(io.gravitee.am.gateway.handler.oauth2.resources.handler.authorization.consent.UserConsentProcessHandler) RevocationTokenEndpoint(io.gravitee.am.gateway.handler.oauth2.resources.endpoint.revocation.RevocationTokenEndpoint) IntrospectionEndpoint(io.gravitee.am.gateway.handler.oauth2.resources.endpoint.introspection.IntrospectionEndpoint) RevocationTokenEndpoint(io.gravitee.am.gateway.handler.oauth2.resources.endpoint.revocation.RevocationTokenEndpoint) TokenEndpoint(io.gravitee.am.gateway.handler.oauth2.resources.endpoint.token.TokenEndpoint) RoutingContext(io.vertx.reactivex.ext.web.RoutingContext) UserConsentEndpoint(io.gravitee.am.gateway.handler.oauth2.resources.endpoint.authorization.consent.UserConsentEndpoint) UserConsentFailureHandler(io.gravitee.am.gateway.handler.oauth2.resources.handler.authorization.consent.UserConsentFailureHandler) Router(io.vertx.reactivex.ext.web.Router) AuthorizationEndpoint(io.gravitee.am.gateway.handler.oauth2.resources.endpoint.authorization.AuthorizationEndpoint) UserConsentPrepareContextHandler(io.gravitee.am.gateway.handler.oauth2.resources.handler.authorization.consent.UserConsentPrepareContextHandler) ErrorEndpoint(io.gravitee.am.gateway.handler.common.vertx.web.endpoint.ErrorEndpoint) PushedAuthorizationRequestEndpoint(io.gravitee.am.gateway.handler.oauth2.resources.endpoint.par.PushedAuthorizationRequestEndpoint) TokenRequestParseHandler(io.gravitee.am.gateway.handler.oauth2.resources.handler.token.TokenRequestParseHandler) UserConsentPostEndpoint(io.gravitee.am.gateway.handler.oauth2.resources.endpoint.authorization.consent.UserConsentPostEndpoint)

Aggregations

Router (io.vertx.reactivex.ext.web.Router)2 RoutingContext (io.vertx.reactivex.ext.web.RoutingContext)2 ClientAuthenticationMethod (io.gravitee.am.common.oidc.ClientAuthenticationMethod)1 AuthenticationRequestAcknowledgeHandler (io.gravitee.am.gateway.handler.ciba.resources.handler.AuthenticationRequestAcknowledgeHandler)1 AuthenticationRequestCallbackHandler (io.gravitee.am.gateway.handler.ciba.resources.handler.AuthenticationRequestCallbackHandler)1 AuthenticationRequestParametersHandler (io.gravitee.am.gateway.handler.ciba.resources.handler.AuthenticationRequestParametersHandler)1 AuthenticationRequestParseRequestObjectHandler (io.gravitee.am.gateway.handler.ciba.resources.handler.AuthenticationRequestParseRequestObjectHandler)1 ClientSyncService (io.gravitee.am.gateway.handler.common.client.ClientSyncService)1 RxWebTestBase (io.gravitee.am.gateway.handler.common.vertx.RxWebTestBase)1 ErrorEndpoint (io.gravitee.am.gateway.handler.common.vertx.web.endpoint.ErrorEndpoint)1 AuthorizationEndpoint (io.gravitee.am.gateway.handler.oauth2.resources.endpoint.authorization.AuthorizationEndpoint)1 UserConsentEndpoint (io.gravitee.am.gateway.handler.oauth2.resources.endpoint.authorization.consent.UserConsentEndpoint)1 UserConsentPostEndpoint (io.gravitee.am.gateway.handler.oauth2.resources.endpoint.authorization.consent.UserConsentPostEndpoint)1 IntrospectionEndpoint (io.gravitee.am.gateway.handler.oauth2.resources.endpoint.introspection.IntrospectionEndpoint)1 PushedAuthorizationRequestEndpoint (io.gravitee.am.gateway.handler.oauth2.resources.endpoint.par.PushedAuthorizationRequestEndpoint)1 RevocationTokenEndpoint (io.gravitee.am.gateway.handler.oauth2.resources.endpoint.revocation.RevocationTokenEndpoint)1 TokenEndpoint (io.gravitee.am.gateway.handler.oauth2.resources.endpoint.token.TokenEndpoint)1 ExceptionHandler (io.gravitee.am.gateway.handler.oauth2.resources.handler.ExceptionHandler)1 AuthorizationRequestParseProviderConfigurationHandler (io.gravitee.am.gateway.handler.oauth2.resources.handler.authorization.AuthorizationRequestParseProviderConfigurationHandler)1 UserConsentFailureHandler (io.gravitee.am.gateway.handler.oauth2.resources.handler.authorization.consent.UserConsentFailureHandler)1