Search in sources :

Example 1 with IDTokenResponse

use of io.gravitee.am.gateway.handler.oauth2.service.response.IDTokenResponse in project gravitee-access-management by gravitee-io.

the class ImplicitFlow method prepareResponse.

@Override
protected Single<AuthorizationResponse> prepareResponse(AuthorizationRequest authorizationRequest, Client client, User endUser) {
    OAuth2Request oAuth2Request = authorizationRequest.createOAuth2Request();
    oAuth2Request.setGrantType(GrantType.IMPLICIT);
    oAuth2Request.setSupportRefreshToken(false);
    oAuth2Request.setSubject(endUser.getId());
    oAuth2Request.getContext().put(Claims.s_hash, authorizationRequest.getState());
    if (io.gravitee.am.common.oidc.ResponseType.ID_TOKEN.equals(authorizationRequest.getResponseType())) {
        return idTokenService.create(oAuth2Request, client, endUser).map(idToken -> {
            IDTokenResponse response = new IDTokenResponse();
            response.setRedirectUri(authorizationRequest.getRedirectUri());
            response.setIdToken(idToken);
            response.setState(authorizationRequest.getState());
            return response;
        });
    } else {
        return tokenService.create(oAuth2Request, client, endUser).map(accessToken -> {
            ImplicitResponse response = new ImplicitResponse();
            response.setRedirectUri(authorizationRequest.getRedirectUri());
            response.setAccessToken(accessToken);
            response.setState(authorizationRequest.getState());
            return response;
        });
    }
}
Also used : OAuth2Request(io.gravitee.am.gateway.handler.oauth2.service.request.OAuth2Request) ImplicitResponse(io.gravitee.am.gateway.handler.oauth2.service.response.ImplicitResponse) IDTokenResponse(io.gravitee.am.gateway.handler.oauth2.service.response.IDTokenResponse)

Example 2 with IDTokenResponse

use of io.gravitee.am.gateway.handler.oauth2.service.response.IDTokenResponse in project gravitee-access-management by gravitee-io.

the class AuthorizationEndpointTest method shouldInvokeAuthorizationEndpoint_implicitFlow.

private void shouldInvokeAuthorizationEndpoint_implicitFlow(String responseType, String expectedCallback, Token accessToken, String idToken) throws Exception {
    final Client client = new Client();
    client.setId("client-id");
    client.setClientId("client-id");
    client.setScopeSettings(Collections.singletonList(new ApplicationScopeSettings("read")));
    client.setRedirectUris(Collections.singletonList("http://localhost:9999/callback"));
    client.setAuthorizedGrantTypes(Arrays.asList(GrantType.IMPLICIT));
    client.setResponseTypes(Arrays.asList(responseType));
    AuthorizationRequest authorizationRequest = new AuthorizationRequest();
    authorizationRequest.setApproved(true);
    authorizationRequest.setResponseType(responseType);
    authorizationRequest.setRedirectUri("http://localhost:9999/callback");
    AuthorizationResponse authorizationResponse = null;
    if (accessToken != null) {
        authorizationResponse = new ImplicitResponse();
        ((ImplicitResponse) authorizationResponse).setAccessToken(accessToken);
    }
    if (idToken != null) {
        authorizationResponse = new IDTokenResponse();
        ((IDTokenResponse) authorizationResponse).setIdToken(idToken);
    }
    authorizationResponse.setRedirectUri(authorizationRequest.getRedirectUri());
    router.route().order(-1).handler(routingContext -> {
        routingContext.setUser(new User(new io.gravitee.am.gateway.handler.common.vertx.web.auth.user.User(new io.gravitee.am.model.User())));
        routingContext.next();
    });
    when(clientSyncService.findByClientId("client-id")).thenReturn(Maybe.just(client));
    when(flow.run(any(), any(), any())).thenReturn(Single.just(authorizationResponse));
    testRequest(HttpMethod.GET, "/oauth/authorize?response_type=" + responseType.replaceAll("\\s", "%20") + "&client_id=client-id&nonce=123&redirect_uri=http://localhost:9999/callback", null, resp -> {
        String location = resp.headers().get("location");
        assertNotNull(location);
        assertEquals("http://localhost:9999/callback#" + expectedCallback, location);
    }, HttpStatusCode.FOUND_302, "Found", null);
}
Also used : AuthorizationRequest(io.gravitee.am.gateway.handler.oauth2.service.request.AuthorizationRequest) User(io.vertx.reactivex.ext.auth.User) ApplicationScopeSettings(io.gravitee.am.model.application.ApplicationScopeSettings) Client(io.gravitee.am.model.oidc.Client)

Aggregations

AuthorizationRequest (io.gravitee.am.gateway.handler.oauth2.service.request.AuthorizationRequest)1 OAuth2Request (io.gravitee.am.gateway.handler.oauth2.service.request.OAuth2Request)1 IDTokenResponse (io.gravitee.am.gateway.handler.oauth2.service.response.IDTokenResponse)1 ImplicitResponse (io.gravitee.am.gateway.handler.oauth2.service.response.ImplicitResponse)1 ApplicationScopeSettings (io.gravitee.am.model.application.ApplicationScopeSettings)1 Client (io.gravitee.am.model.oidc.Client)1 User (io.vertx.reactivex.ext.auth.User)1