Examples with OAuth2Request io.gravitee.am.gateway.handler.oauth2.service.request.OAuth2Request used on opensource projects

Example 11 with OAuth2Request

use of io.gravitee.am.gateway.handler.oauth2.service.request.OAuth2Request in project gravitee-access-management by gravitee-io.

the class UmaTokenGranterTest method grant_client_extendRptCase.

@Test
public void grant_client_extendRptCase() {
    parameters.remove(CLAIM_TOKEN);
    parameters.remove(CLAIM_TOKEN_FORMAT);
    parameters.add(RPT, RPT_OLD_TOKEN);
    tokenRequest.setScopes(new HashSet<>(Arrays.asList("scopeD")));
    // Set RPT as Client bearer.
    when(rpt.getSub()).thenReturn(CLIENT_ID);
    TestObserver<Token> testObserver = umaTokenGranter.grant(tokenRequest, client).test();
    testObserver.assertComplete().assertNoErrors().assertValue(token -> "success".equals(token.getValue()) && token.isUpgraded());
    OAuth2Request result = oauth2RequestCaptor.getValue();
    assertNull(result.getSubject());
    assertTrue(assertExtendedRptPermissions(result.getPermissions()));
    assertFalse(result.isSupportRefreshToken());
}

Example 12 with OAuth2Request

use of io.gravitee.am.gateway.handler.oauth2.service.request.OAuth2Request in project gravitee-access-management by gravitee-io.

the class HybridFlow method prepareResponse.

@Override
protected Single<AuthorizationResponse> prepareResponse(AuthorizationRequest authorizationRequest, Client client, User endUser) {
    // Authorization Code is always returned when using the Hybrid Flow.
    return authorizationCodeService.create(authorizationRequest, endUser).flatMap(code -> {
        // prepare response
        HybridResponse hybridResponse = new HybridResponse();
        hybridResponse.setRedirectUri(authorizationRequest.getRedirectUri());
        hybridResponse.setState(authorizationRequest.getState());
        hybridResponse.setCode(code.getCode());
        OAuth2Request oAuth2Request = authorizationRequest.createOAuth2Request();
        oAuth2Request.setGrantType(GrantType.HYBRID);
        oAuth2Request.setSubject(endUser.getId());
        oAuth2Request.getContext().put(Claims.c_hash, code.getCode());
        oAuth2Request.getContext().put(Claims.s_hash, authorizationRequest.getState());
        switch(authorizationRequest.getResponseType()) {
            // code id_token response type MUST include both an Authorization Code and an id_token
            case ResponseType.CODE_ID_TOKEN:
                return idTokenService.create(oAuth2Request, client, endUser).map(idToken -> {
                    hybridResponse.setIdToken(idToken);
                    return hybridResponse;
                });
            // others Hybrid Flow response type MUST include at least an Access Token, an Access Token Type and optionally an ID Token
            default:
                return tokenService.create(oAuth2Request, client, endUser).map(accessToken -> {
                    hybridResponse.setAccessToken(accessToken);
                    return hybridResponse;
                });
        }
    });
}

Example 13 with OAuth2Request

use of io.gravitee.am.gateway.handler.oauth2.service.request.OAuth2Request in project gravitee-access-management by gravitee-io.

the class UMATokenGranter method executePolicies.

/**
 * The resource owner works with the authorization server to configure policy conditions (authorization grant rules), which the authorization server executes in the process of issuing access tokens.
 * The authorization process makes use of claims gathered from the requesting party and client in order to satisfy all operative operative policy conditions.
 * @param oAuth2Request OAuth 2.0 Token Request
 * @param client client
 * @param endUser requesting party
 * @return
 */
private Single<OAuth2Request> executePolicies(OAuth2Request oAuth2Request, Client client, User endUser) {
    List<PermissionRequest> permissionRequests = oAuth2Request.getPermissions();
    if (permissionRequests == null || permissionRequests.isEmpty()) {
        return Single.just(oAuth2Request);
    }
    List<String> resourceIds = permissionRequests.stream().map(PermissionRequest::getResourceId).collect(Collectors.toList());
    // find access policies for the given resources
    return resourceService.findAccessPoliciesByResources(resourceIds).map(accessPolicy -> {
        Rule rule = new DefaultRule(accessPolicy);
        Optional<PermissionRequest> permission = permissionRequests.stream().filter(permissionRequest -> permissionRequest.getResourceId().equals(accessPolicy.getResource())).findFirst();
        if (permission.isPresent()) {
            ((DefaultRule) rule).setMetadata(Collections.singletonMap("permissionRequest", permission.get()));
        }
        return rule;
    }).toList().flatMap(rules -> {
        // no policy registered, continue
        if (rules.isEmpty()) {
            return Single.just(oAuth2Request);
        }
        // prepare the execution context
        ExecutionContext simpleExecutionContext = new SimpleExecutionContext(oAuth2Request, oAuth2Request.getHttpResponse());
        ExecutionContext executionContext = executionContextFactory.create(simpleExecutionContext);
        executionContext.setAttribute("client", new ClientProperties(client));
        if (endUser != null) {
            executionContext.setAttribute("user", new UserProperties(endUser));
        }
        // execute the policies
        return rulesEngine.fire(rules, executionContext).toSingleDefault(oAuth2Request).onErrorResumeNext(ex -> Single.error(new InvalidGrantException("Policy conditions are not met for actual request parameters")));
    });
}

Example 14 with OAuth2Request

use of io.gravitee.am.gateway.handler.oauth2.service.request.OAuth2Request in project gravitee-access-management by gravitee-io.

the class TokenServiceImpl method create.

@Override
public Single<Token> create(OAuth2Request oAuth2Request, Client client, User endUser) {
    // create execution context
    return Single.fromCallable(() -> createExecutionContext(oAuth2Request, client, endUser)).flatMap(executionContext -> {
        // create JWT access token
        JWT accessToken = createAccessTokenJWT(oAuth2Request, client, endUser, executionContext);
        // create JWT refresh token
        JWT refreshToken = oAuth2Request.isSupportRefreshToken() ? createRefreshTokenJWT(oAuth2Request, client, endUser, accessToken) : null;
        // and create token response (+ enhance information)
        return Single.zip(jwtService.encode(accessToken, client), (refreshToken != null ? jwtService.encode(refreshToken, client).map(Optional::of) : Single.just(Optional.<String>empty())), (encodedAccessToken, optionalEncodedRefreshToken) -> convert(accessToken, encodedAccessToken, optionalEncodedRefreshToken.orElse(null), oAuth2Request)).flatMap(accessToken1 -> tokenEnhancer.enhance(accessToken1, oAuth2Request, client, endUser, executionContext)).doOnSuccess(token -> storeTokens(accessToken, refreshToken, oAuth2Request));
    });
}

Example 15 with OAuth2Request

use of io.gravitee.am.gateway.handler.oauth2.service.request.OAuth2Request in project gravitee-access-management by gravitee-io.

the class TokenEnhancerTest method shouldEnhanceToken_withIDToken.

@Test
public void shouldEnhanceToken_withIDToken() {
    OAuth2Request oAuth2Request = new OAuth2Request();
    oAuth2Request.setClientId("client-id");
    oAuth2Request.setScopes(Collections.singleton("openid"));
    Client client = new Client();
    Token accessToken = new AccessToken("token-id");
    String idTokenPayload = "payload";
    when(idTokenService.create(oAuth2Request, client, null, null)).thenReturn(Single.just(idTokenPayload));
    TestObserver<Token> testObserver = tokenEnhancer.enhance(accessToken, oAuth2Request, client, null, null).test();
    testObserver.assertComplete();
    testObserver.assertNoErrors();
    testObserver.assertValue(accessToken1 -> accessToken1.getAdditionalInformation().containsKey("id_token"));
    verify(idTokenService, times(1)).create(any(), any(), any(), any());
}