use of io.gravitee.am.gateway.handler.oauth2.service.assertion.ClientAssertionService in project gravitee-access-management by gravitee-io.
the class CIBAProvider method initRouter.
private void initRouter() {
final Router cibaRouter = Router.router(vertx);
final String certificateHeader = environment.getProperty(ConstantKeys.HTTP_SSL_CERTIFICATE_HEADER);
final Handler<RoutingContext> clientAuthHandler = ClientAuthHandler.create(clientSyncService, clientAssertionService, jwkService, domain, certificateHeader);
cibaRouter.route(HttpMethod.OPTIONS, AUTHENTICATION_ENDPOINT).handler(corsHandler);
cibaRouter.route(HttpMethod.POST, AUTHENTICATION_ENDPOINT).handler(corsHandler).handler(clientAuthHandler).handler(new AuthorizationRequestParseProviderConfigurationHandler(this.openIDDiscoveryService)).handler(new AuthenticationRequestParseRequestObjectHandler(this.requestObjectService, this.domain)).handler(new AuthenticationRequestParametersHandler(domain, jwsService, jwkService, userService)).handler(new AuthenticationRequestAcknowledgeHandler(authService, domain, jwtService));
// To process the callback content we perform authentication of the caller that must be registered as AM client.
// If a plugin need a non authenticate webhook, we should create another endpoint without clientAuthHandler.
cibaRouter.route(HttpMethod.OPTIONS, AUTHENTICATION_CALLBACK_ENDPOINT).handler(corsHandler);
cibaRouter.route(HttpMethod.POST, AUTHENTICATION_CALLBACK_ENDPOINT).handler(corsHandler).handler(clientAuthHandler).handler(new AuthenticationRequestCallbackHandler(authService));
errorHandler(cibaRouter);
router.mountSubRouter(path(), cibaRouter);
}
use of io.gravitee.am.gateway.handler.oauth2.service.assertion.ClientAssertionService in project gravitee-access-management by gravitee-io.
the class ClientAuthHandlerTest method setUp.
@Override
public void setUp() throws Exception {
super.setUp();
router.post("/oauth/token").handler(ClientAuthHandler.create(clientSyncService, clientAssertionService, jwkService, domain, null)).handler(rc -> rc.response().setStatusCode(200).end()).failureHandler(new ExceptionHandler());
}
use of io.gravitee.am.gateway.handler.oauth2.service.assertion.ClientAssertionService in project gravitee-access-management by gravitee-io.
the class OAuth2Provider method initRouter.
private void initRouter() {
// Create the OAuth 2.0 router
final Router oauth2Router = Router.router(vertx);
// client auth handler
final String certificateHeader = environment.getProperty(ConstantKeys.HTTP_SSL_CERTIFICATE_HEADER);
final Handler<RoutingContext> clientAuthHandler = ClientAuthHandler.create(clientSyncService, clientAssertionService, jwkService, domain, certificateHeader);
// static handler
staticHandler(oauth2Router);
// session cookie handler
sessionAndCookieHandler(oauth2Router);
// CSRF handler
csrfHandler(oauth2Router);
// CSP Handler
cspHandler(oauth2Router);
AuthenticationFlowContextHandler authenticationFlowContextHandler = new AuthenticationFlowContextHandler(authenticationFlowContextService, environment);
// Authorization endpoint
oauth2Router.route(HttpMethod.OPTIONS, "/authorize").handler(corsHandler);
oauth2Router.route(HttpMethod.GET, "/authorize").handler(corsHandler).handler(new AuthorizationRequestTransactionHandler(transactionHeader)).handler(new AuthorizationRequestParseProviderConfigurationHandler(openIDDiscoveryService)).handler(new AuthorizationRequestParseRequiredParametersHandler()).handler(new AuthorizationRequestParseClientHandler(clientSyncService)).handler(new AuthorizationRequestParseRequestObjectHandler(requestObjectService, domain, parService)).handler(new AuthorizationRequestParseIdTokenHintHandler(idTokenService)).handler(new AuthorizationRequestParseParametersHandler(domain)).handler(authenticationFlowContextHandler).handler(authenticationFlowHandler.create()).handler(new AuthorizationRequestResolveHandler(scopeManager)).handler(new AuthorizationRequestEndUserConsentHandler(userConsentService)).handler(new AuthorizationEndpoint(flow, thymeleafTemplateEngine, parService)).failureHandler(new AuthorizationRequestFailureHandler(openIDDiscoveryService, jwtService, jweService, environment));
// Authorization consent endpoint
Handler<RoutingContext> userConsentPrepareContextHandler = new UserConsentPrepareContextHandler(clientSyncService);
oauth2Router.route(HttpMethod.GET, "/consent").handler(new AuthorizationRequestParseClientHandler(clientSyncService)).handler(new AuthorizationRequestParseProviderConfigurationHandler(openIDDiscoveryService)).handler(new AuthorizationRequestParseRequestObjectHandler(requestObjectService, domain, parService)).handler(new AuthorizationRequestResolveHandler(scopeManager)).handler(userConsentPrepareContextHandler).handler(authenticationFlowContextHandler).handler(policyChainHandler.create(ExtensionPoint.PRE_CONSENT)).handler(new UserConsentEndpoint(userConsentService, thymeleafTemplateEngine, domain));
oauth2Router.route(HttpMethod.POST, "/consent").handler(new AuthorizationRequestParseClientHandler(clientSyncService)).handler(new AuthorizationRequestParseProviderConfigurationHandler(openIDDiscoveryService)).handler(new AuthorizationRequestParseRequestObjectHandler(requestObjectService, domain, parService)).handler(new AuthorizationRequestResolveHandler(scopeManager)).handler(userConsentPrepareContextHandler).handler(authenticationFlowContextHandler).handler(new UserConsentProcessHandler(userConsentService, domain)).handler(policyChainHandler.create(ExtensionPoint.POST_CONSENT)).handler(new UserConsentPostEndpoint());
oauth2Router.route("/consent").failureHandler(new UserConsentFailureHandler());
// Token endpoint
oauth2Router.route(HttpMethod.OPTIONS, "/token").handler(corsHandler);
oauth2Router.route(HttpMethod.POST, "/token").handler(corsHandler).handler(new TokenRequestParseHandler()).handler(clientAuthHandler).handler(new TokenEndpoint(tokenGranter));
// Introspection endpoint
oauth2Router.route(HttpMethod.POST, "/introspect").consumes(MediaType.APPLICATION_FORM_URLENCODED).handler(clientAuthHandler).handler(new IntrospectionEndpoint(introspectionService));
// Revocation endpoint
oauth2Router.route(HttpMethod.OPTIONS, "/revoke").handler(corsHandler);
oauth2Router.route(HttpMethod.POST, "/revoke").consumes(MediaType.APPLICATION_FORM_URLENCODED).handler(corsHandler).handler(clientAuthHandler).handler(new RevocationTokenEndpoint(revocationTokenService));
// Error endpoint
oauth2Router.route(HttpMethod.GET, "/error").handler(new ErrorEndpoint(domain, thymeleafTemplateEngine, clientSyncService, jwtService));
// Pushed Authorization Request
oauth2Router.route(HttpMethod.POST, "/par").handler(clientAuthHandler).handler(new PushedAuthorizationRequestEndpoint(parService));
oauth2Router.route("/par").handler(new PushedAuthorizationRequestEndpoint.MethodNotAllowedHandler());
// error handler
errorHandler(oauth2Router);
// mount OAuth 2.0 router
router.mountSubRouter(path(), oauth2Router);
}
Aggregations