Examples with TokenRequest io.gravitee.am.gateway.handler.oauth2.service.request.TokenRequest used on opensource projects

Example 1 with TokenRequest

use of io.gravitee.am.gateway.handler.oauth2.service.request.TokenRequest in project gravitee-access-management by gravitee-io.

the class TokenServiceTest method shouldRefresh.

@Test
public void shouldRefresh() {
    String clientId = "client-id";
    TokenRequest tokenRequest = new TokenRequest();
    tokenRequest.setClientId(clientId);
    Client client = new Client();
    client.setId(clientId);
    client.setClientId(clientId);
    String token = "refresh-token";
    RefreshToken refreshToken = new RefreshToken();
    refreshToken.setId(token);
    refreshToken.setToken(token);
    refreshToken.setSubject("subject");
    refreshToken.setExpireAt(new Date(System.currentTimeMillis() + 10000));
    JWT jwt = new JWT();
    jwt.setJti(token);
    jwt.setAud(clientId);
    jwt.setExp(refreshToken.getExpireAt().getTime() / 1000l);
    when(jwtService.decodeAndVerify(any(), any(Client.class))).thenReturn(Single.just(jwt));
    when(refreshTokenRepository.findByToken(any())).thenReturn(Maybe.just(refreshToken));
    when(refreshTokenRepository.delete(anyString())).thenReturn(Completable.complete());
    TestObserver<Token> testObserver = tokenService.refresh(refreshToken.getToken(), tokenRequest, client).test();
    testObserver.assertComplete();
    testObserver.assertNoErrors();
    verify(refreshTokenRepository, times(1)).findByToken(any());
    verify(refreshTokenRepository, times(1)).delete(anyString());
}

Example 2 with TokenRequest

use of io.gravitee.am.gateway.handler.oauth2.service.request.TokenRequest in project gravitee-access-management by gravitee-io.

the class TokenServiceTest method shouldNotRefresh_notTheSameClient.

@Test
public void shouldNotRefresh_notTheSameClient() {
    String clientId = "client-id";
    TokenRequest tokenRequest = new TokenRequest();
    tokenRequest.setClientId("wrong-client-id");
    String token = "refresh-token";
    RefreshToken refreshToken = new RefreshToken();
    refreshToken.setId(token);
    refreshToken.setToken(token);
    refreshToken.setExpireAt(new Date(System.currentTimeMillis() + 10000));
    Client client = new Client();
    client.setClientId(clientId);
    JWT jwt = new JWT();
    jwt.setJti(token);
    jwt.setAud(clientId);
    jwt.setExp(refreshToken.getExpireAt().getTime() / 1000l);
    when(jwtService.decodeAndVerify(any(), any(Client.class))).thenReturn(Single.just(jwt));
    when(refreshTokenRepository.findByToken(any())).thenReturn(Maybe.just(refreshToken));
    TestObserver<Token> testObserver = tokenService.refresh(refreshToken.getToken(), tokenRequest, client).test();
    testObserver.assertNotComplete();
    testObserver.assertError(InvalidGrantException.class);
    verify(refreshTokenRepository, times(1)).findByToken(any());
    verify(refreshTokenRepository, never()).delete(anyString());
    verify(accessTokenRepository, never()).create(any());
}

Example 3 with TokenRequest

use of io.gravitee.am.gateway.handler.oauth2.service.request.TokenRequest in project gravitee-access-management by gravitee-io.

the class TokenServiceTest method shouldNotRefresh_refreshNotFound.

@Test
public void shouldNotRefresh_refreshNotFound() {
    String clientId = "client-id";
    TokenRequest tokenRequest = new TokenRequest();
    tokenRequest.setClientId(clientId);
    String token = "refresh-token";
    RefreshToken refreshToken = new RefreshToken();
    refreshToken.setId(token);
    refreshToken.setToken(token);
    refreshToken.setExpireAt(new Date(System.currentTimeMillis() + 10000));
    Client client = new Client();
    client.setClientId(clientId);
    JWT jwt = new JWT();
    jwt.setJti(token);
    jwt.setAud(clientId);
    jwt.setExp(refreshToken.getExpireAt().getTime() / 1000l);
    when(jwtService.decodeAndVerify(eq("encoded"), any(Client.class))).thenReturn(Single.just(jwt));
    when(refreshTokenRepository.findByToken(any())).thenReturn(Maybe.empty());
    TestObserver<Token> testObserver = tokenService.refresh("encoded", tokenRequest, client).test();
    testObserver.assertNotComplete();
    testObserver.assertError(InvalidGrantException.class);
    verify(refreshTokenRepository, times(1)).findByToken(any());
    verify(refreshTokenRepository, never()).delete(anyString());
    verify(accessTokenRepository, never()).create(any());
}

Example 4 with TokenRequest

use of io.gravitee.am.gateway.handler.oauth2.service.request.TokenRequest in project gravitee-access-management by gravitee-io.

the class CibaTokenGranter method parseRequest.

@Override
protected Single<TokenRequest> parseRequest(TokenRequest tokenRequest, Client client) {
    MultiValueMap<String, String> parameters = tokenRequest.parameters();
    final String authReqId = parameters.getFirst(Parameters.AUTH_REQ_ID);
    if (isEmpty(authReqId)) {
        return Single.error(new InvalidRequestException("Missing parameter: auth_req_id"));
    }
    return super.parseRequest(tokenRequest, client).flatMap(tokenRequest1 -> authenticationRequestService.retrieve(domain, authReqId).map(cibaRequest -> {
        if (!cibaRequest.getClientId().equals(client.getClientId())) {
            logger.warn("client_id '{}' requests token using not owned authentication request '{}'", client.getId(), authReqId);
            throw new AuthenticationRequestNotFoundException("Authentication request not found");
        }
        return cibaRequest;
    }).map(cibaRequest -> {
        // set resource owner
        tokenRequest1.setSubject(cibaRequest.getSubject());
        // set original scopes
        tokenRequest1.setScopes(cibaRequest.getScopes());
        // store only the AuthenticationFlowContext.data attributes in order to simplify EL templating
        // and provide an up to date set of data if the enrichAuthFlow Policy ius used multiple time in a step
        // {#context.attributes['authFlow']['entry']}
        tokenRequest1.getContext().put(AUTH_FLOW_CONTEXT_ATTRIBUTES_KEY, emptyMap());
        return tokenRequest1;
    }));
}

Example 5 with TokenRequest

use of io.gravitee.am.gateway.handler.oauth2.service.request.TokenRequest in project gravitee-access-management by gravitee-io.

the class TokenEndpoint method handle.

@Override
public void handle(RoutingContext context) {
    // Confidential clients or other clients issued client credentials MUST
    // authenticate with the authorization server when making requests to the token endpoint.
    Client client = context.get(CLIENT_CONTEXT_KEY);
    if (client == null) {
        throw new InvalidClientException();
    }
    TokenRequest tokenRequest = tokenRequestFactory.create(context);
    // client_id is not required in the token request since the client can be authenticated via a Basic Authentication
    if (tokenRequest.getClientId() != null) {
        if (!client.getClientId().equals(tokenRequest.getClientId())) {
            throw new InvalidClientException();
        }
    } else {
        // set token request client_id with the authenticated client
        tokenRequest.setClientId(client.getClientId());
    }
    // check if client has authorized grant types
    if (client.getAuthorizedGrantTypes() == null || client.getAuthorizedGrantTypes().isEmpty()) {
        throw new InvalidClientException("Invalid client: client must at least have one grant type configured");
    }
    if (context.get(ConstantKeys.PEER_CERTIFICATE_THUMBPRINT) != null) {
        // preserve certificate thumbprint to add the information into the access token
        tokenRequest.setConfirmationMethodX5S256(context.get(ConstantKeys.PEER_CERTIFICATE_THUMBPRINT));
    }
    tokenGranter.grant(tokenRequest, client).subscribe(accessToken -> context.response().putHeader(HttpHeaders.CACHE_CONTROL, "no-store").putHeader(HttpHeaders.PRAGMA, "no-cache").putHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON).end(Json.encodePrettily(accessToken)), context::fail);
}