use of io.gravitee.am.gateway.handler.oauth2.service.token.impl.AccessToken in project gravitee-access-management by gravitee-io.
the class ImplicitFlow method prepareResponse.
@Override
protected Single<AuthorizationResponse> prepareResponse(AuthorizationRequest authorizationRequest, Client client, User endUser) {
OAuth2Request oAuth2Request = authorizationRequest.createOAuth2Request();
oAuth2Request.setGrantType(GrantType.IMPLICIT);
oAuth2Request.setSupportRefreshToken(false);
oAuth2Request.setSubject(endUser.getId());
oAuth2Request.getContext().put(Claims.s_hash, authorizationRequest.getState());
if (io.gravitee.am.common.oidc.ResponseType.ID_TOKEN.equals(authorizationRequest.getResponseType())) {
return idTokenService.create(oAuth2Request, client, endUser).map(idToken -> {
IDTokenResponse response = new IDTokenResponse();
response.setRedirectUri(authorizationRequest.getRedirectUri());
response.setIdToken(idToken);
response.setState(authorizationRequest.getState());
return response;
});
} else {
return tokenService.create(oAuth2Request, client, endUser).map(accessToken -> {
ImplicitResponse response = new ImplicitResponse();
response.setRedirectUri(authorizationRequest.getRedirectUri());
response.setAccessToken(accessToken);
response.setState(authorizationRequest.getState());
return response;
});
}
}
use of io.gravitee.am.gateway.handler.oauth2.service.token.impl.AccessToken in project gravitee-access-management by gravitee-io.
the class TokenEndpoint method handle.
@Override
public void handle(RoutingContext context) {
// Confidential clients or other clients issued client credentials MUST
// authenticate with the authorization server when making requests to the token endpoint.
Client client = context.get(CLIENT_CONTEXT_KEY);
if (client == null) {
throw new InvalidClientException();
}
TokenRequest tokenRequest = tokenRequestFactory.create(context);
// client_id is not required in the token request since the client can be authenticated via a Basic Authentication
if (tokenRequest.getClientId() != null) {
if (!client.getClientId().equals(tokenRequest.getClientId())) {
throw new InvalidClientException();
}
} else {
// set token request client_id with the authenticated client
tokenRequest.setClientId(client.getClientId());
}
// check if client has authorized grant types
if (client.getAuthorizedGrantTypes() == null || client.getAuthorizedGrantTypes().isEmpty()) {
throw new InvalidClientException("Invalid client: client must at least have one grant type configured");
}
if (context.get(ConstantKeys.PEER_CERTIFICATE_THUMBPRINT) != null) {
// preserve certificate thumbprint to add the information into the access token
tokenRequest.setConfirmationMethodX5S256(context.get(ConstantKeys.PEER_CERTIFICATE_THUMBPRINT));
}
tokenGranter.grant(tokenRequest, client).subscribe(accessToken -> context.response().putHeader(HttpHeaders.CACHE_CONTROL, "no-store").putHeader(HttpHeaders.PRAGMA, "no-cache").putHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON).end(Json.encodePrettily(accessToken)), context::fail);
}
use of io.gravitee.am.gateway.handler.oauth2.service.token.impl.AccessToken in project gravitee-access-management by gravitee-io.
the class HybridResponse method buildRedirectUri.
@Override
public String buildRedirectUri() throws URISyntaxException {
UriBuilder uriBuilder = UriBuilder.fromURIString(getRedirectUri());
uriBuilder.addFragmentParameter(Parameters.CODE, getCode());
if (getState() != null) {
uriBuilder.addFragmentParameter(Parameters.STATE, getState());
}
if (getIdToken() != null) {
uriBuilder.addFragmentParameter(ResponseType.ID_TOKEN, getIdToken());
} else {
Token accessToken = getAccessToken();
uriBuilder.addFragmentParameter(Token.ACCESS_TOKEN, accessToken.getValue());
uriBuilder.addFragmentParameter(Token.TOKEN_TYPE, accessToken.getTokenType());
uriBuilder.addFragmentParameter(Token.EXPIRES_IN, String.valueOf(accessToken.getExpiresIn()));
if (accessToken.getScope() != null && !accessToken.getScope().isEmpty()) {
uriBuilder.addFragmentParameter(Token.SCOPE, accessToken.getScope());
}
// additional information
if (accessToken.getAdditionalInformation() != null) {
accessToken.getAdditionalInformation().forEach((k, v) -> uriBuilder.addFragmentParameter(k, String.valueOf(v)));
}
}
return uriBuilder.buildString();
}
use of io.gravitee.am.gateway.handler.oauth2.service.token.impl.AccessToken in project gravitee-access-management by gravitee-io.
the class IntrospectionServiceImpl method convert.
private IntrospectionResponse convert(AccessToken accessToken, User user) {
IntrospectionResponse introspectionResponse = new IntrospectionResponse();
introspectionResponse.setActive(true);
introspectionResponse.setClientId(accessToken.getClientId());
introspectionResponse.setExp(accessToken.getExpireAt().getTime() / 1000);
introspectionResponse.setIat(accessToken.getCreatedAt().getTime() / 1000);
introspectionResponse.setTokenType(accessToken.getTokenType());
introspectionResponse.setSub(accessToken.getSubject());
if (user != null) {
introspectionResponse.setUsername(user.getUsername());
}
if (accessToken.getScope() != null && !accessToken.getScope().isEmpty()) {
introspectionResponse.setScope(accessToken.getScope());
}
if (accessToken.getAdditionalInformation() != null && !accessToken.getAdditionalInformation().isEmpty()) {
accessToken.getAdditionalInformation().forEach((k, v) -> introspectionResponse.putIfAbsent(k, v));
}
final Map<String, Object> cnf = accessToken.getConfirmationMethod();
if (cnf != null) {
introspectionResponse.setConfirmationMethod(cnf);
}
// remove "aud" claim due to some backend APIs unable to verify the "aud" value
// see <a href="https://github.com/gravitee-io/issues/issues/3111"></a>
introspectionResponse.remove(Claims.aud);
return introspectionResponse;
}
use of io.gravitee.am.gateway.handler.oauth2.service.token.impl.AccessToken in project gravitee-access-management by gravitee-io.
the class ImplicitResponse method buildRedirectUri.
@Override
public String buildRedirectUri() throws URISyntaxException {
Token accessToken = getAccessToken();
UriBuilder uriBuilder = UriBuilder.fromURIString(getRedirectUri());
uriBuilder.addFragmentParameter(Token.ACCESS_TOKEN, accessToken.getValue());
uriBuilder.addFragmentParameter(Token.TOKEN_TYPE, accessToken.getTokenType());
uriBuilder.addFragmentParameter(Token.EXPIRES_IN, String.valueOf(accessToken.getExpiresIn()));
if (accessToken.getScope() != null && !accessToken.getScope().isEmpty()) {
uriBuilder.addFragmentParameter(Token.SCOPE, accessToken.getScope());
}
if (getState() != null) {
uriBuilder.addFragmentParameter(Parameters.STATE, getState());
}
// additional information
if (accessToken.getAdditionalInformation() != null) {
accessToken.getAdditionalInformation().forEach((k, v) -> uriBuilder.addFragmentParameter(k, String.valueOf(v)));
}
return uriBuilder.buildString();
}
Aggregations