Example 1 with AccessToken
use of io.gravitee.am.gateway.handler.oauth2.service.token.impl.AccessToken in project gravitee-access-management by gravitee-io.
the class ImplicitFlow method prepareResponse.
@Override
protected Single<AuthorizationResponse> prepareResponse(AuthorizationRequest authorizationRequest, Client client, User endUser) {
OAuth2Request oAuth2Request = authorizationRequest.createOAuth2Request();
oAuth2Request.setGrantType(GrantType.IMPLICIT);
oAuth2Request.setSupportRefreshToken(false);
oAuth2Request.setSubject(endUser.getId());
oAuth2Request.getContext().put(Claims.s_hash, authorizationRequest.getState());
if (io.gravitee.am.common.oidc.ResponseType.ID_TOKEN.equals(authorizationRequest.getResponseType())) {
return idTokenService.create(oAuth2Request, client, endUser).map(idToken -> {
IDTokenResponse response = new IDTokenResponse();
response.setRedirectUri(authorizationRequest.getRedirectUri());
response.setIdToken(idToken);
response.setState(authorizationRequest.getState());
return response;
});
} else {
return tokenService.create(oAuth2Request, client, endUser).map(accessToken -> {
ImplicitResponse response = new ImplicitResponse();
response.setRedirectUri(authorizationRequest.getRedirectUri());
response.setAccessToken(accessToken);
response.setState(authorizationRequest.getState());
return response;
});
}
}
Also used :
OAuth2Request(io.gravitee.am.gateway.handler.oauth2.service.request.OAuth2Request)
ImplicitResponse(io.gravitee.am.gateway.handler.oauth2.service.response.ImplicitResponse)
IDTokenResponse(io.gravitee.am.gateway.handler.oauth2.service.response.IDTokenResponse)
Example 2 with AccessToken
use of io.gravitee.am.gateway.handler.oauth2.service.token.impl.AccessToken in project gravitee-access-management by gravitee-io.
the class TokenEndpoint method handle.
@Override
public void handle(RoutingContext context) {
// Confidential clients or other clients issued client credentials MUST
// authenticate with the authorization server when making requests to the token endpoint.
Client client = context.get(CLIENT_CONTEXT_KEY);
if (client == null) {
throw new InvalidClientException();
}
TokenRequest tokenRequest = tokenRequestFactory.create(context);
// client_id is not required in the token request since the client can be authenticated via a Basic Authentication
if (tokenRequest.getClientId() != null) {
if (!client.getClientId().equals(tokenRequest.getClientId())) {
throw new InvalidClientException();
}
} else {
// set token request client_id with the authenticated client
tokenRequest.setClientId(client.getClientId());
}
// check if client has authorized grant types
if (client.getAuthorizedGrantTypes() == null || client.getAuthorizedGrantTypes().isEmpty()) {
throw new InvalidClientException("Invalid client: client must at least have one grant type configured");
}
if (context.get(ConstantKeys.PEER_CERTIFICATE_THUMBPRINT) != null) {
// preserve certificate thumbprint to add the information into the access token
tokenRequest.setConfirmationMethodX5S256(context.get(ConstantKeys.PEER_CERTIFICATE_THUMBPRINT));
}
tokenGranter.grant(tokenRequest, client).subscribe(accessToken -> context.response().putHeader(HttpHeaders.CACHE_CONTROL, "no-store").putHeader(HttpHeaders.PRAGMA, "no-cache").putHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON).end(Json.encodePrettily(accessToken)), context::fail);
}
Also used :
InvalidClientException(io.gravitee.am.gateway.handler.oauth2.exception.InvalidClientException)
TokenRequest(io.gravitee.am.gateway.handler.oauth2.service.request.TokenRequest)
Client(io.gravitee.am.model.oidc.Client)
Example 3 with AccessToken
use of io.gravitee.am.gateway.handler.oauth2.service.token.impl.AccessToken in project gravitee-access-management by gravitee-io.
the class HybridResponse method buildRedirectUri.
@Override
public String buildRedirectUri() throws URISyntaxException {
UriBuilder uriBuilder = UriBuilder.fromURIString(getRedirectUri());
uriBuilder.addFragmentParameter(Parameters.CODE, getCode());
if (getState() != null) {
uriBuilder.addFragmentParameter(Parameters.STATE, getState());
}
if (getIdToken() != null) {
uriBuilder.addFragmentParameter(ResponseType.ID_TOKEN, getIdToken());
} else {
Token accessToken = getAccessToken();
uriBuilder.addFragmentParameter(Token.ACCESS_TOKEN, accessToken.getValue());
uriBuilder.addFragmentParameter(Token.TOKEN_TYPE, accessToken.getTokenType());
uriBuilder.addFragmentParameter(Token.EXPIRES_IN, String.valueOf(accessToken.getExpiresIn()));
if (accessToken.getScope() != null && !accessToken.getScope().isEmpty()) {
uriBuilder.addFragmentParameter(Token.SCOPE, accessToken.getScope());
}
// additional information
if (accessToken.getAdditionalInformation() != null) {
accessToken.getAdditionalInformation().forEach((k, v) -> uriBuilder.addFragmentParameter(k, String.valueOf(v)));
}
}
return uriBuilder.buildString();
}
Also used :
Token(io.gravitee.am.gateway.handler.oauth2.service.token.Token)
UriBuilder(io.gravitee.am.common.web.UriBuilder)
Example 4 with AccessToken
use of io.gravitee.am.gateway.handler.oauth2.service.token.impl.AccessToken in project gravitee-access-management by gravitee-io.
the class IntrospectionServiceImpl method convert.
private IntrospectionResponse convert(AccessToken accessToken, User user) {
IntrospectionResponse introspectionResponse = new IntrospectionResponse();
introspectionResponse.setActive(true);
introspectionResponse.setClientId(accessToken.getClientId());
introspectionResponse.setExp(accessToken.getExpireAt().getTime() / 1000);
introspectionResponse.setIat(accessToken.getCreatedAt().getTime() / 1000);
introspectionResponse.setTokenType(accessToken.getTokenType());
introspectionResponse.setSub(accessToken.getSubject());
if (user != null) {
introspectionResponse.setUsername(user.getUsername());
}
if (accessToken.getScope() != null && !accessToken.getScope().isEmpty()) {
introspectionResponse.setScope(accessToken.getScope());
}
if (accessToken.getAdditionalInformation() != null && !accessToken.getAdditionalInformation().isEmpty()) {
accessToken.getAdditionalInformation().forEach((k, v) -> introspectionResponse.putIfAbsent(k, v));
}
final Map<String, Object> cnf = accessToken.getConfirmationMethod();
if (cnf != null) {
introspectionResponse.setConfirmationMethod(cnf);
}
// remove "aud" claim due to some backend APIs unable to verify the "aud" value
// see <a href="https://github.com/gravitee-io/issues/issues/3111"></a>
introspectionResponse.remove(Claims.aud);
return introspectionResponse;
}
Also used :
IntrospectionResponse(io.gravitee.am.gateway.handler.oauth2.service.introspection.IntrospectionResponse)
Example 5 with AccessToken
use of io.gravitee.am.gateway.handler.oauth2.service.token.impl.AccessToken in project gravitee-access-management by gravitee-io.
the class ImplicitResponse method buildRedirectUri.
@Override
public String buildRedirectUri() throws URISyntaxException {
Token accessToken = getAccessToken();
UriBuilder uriBuilder = UriBuilder.fromURIString(getRedirectUri());
uriBuilder.addFragmentParameter(Token.ACCESS_TOKEN, accessToken.getValue());
uriBuilder.addFragmentParameter(Token.TOKEN_TYPE, accessToken.getTokenType());
uriBuilder.addFragmentParameter(Token.EXPIRES_IN, String.valueOf(accessToken.getExpiresIn()));
if (accessToken.getScope() != null && !accessToken.getScope().isEmpty()) {
uriBuilder.addFragmentParameter(Token.SCOPE, accessToken.getScope());
}
if (getState() != null) {
uriBuilder.addFragmentParameter(Parameters.STATE, getState());
}
// additional information
if (accessToken.getAdditionalInformation() != null) {
accessToken.getAdditionalInformation().forEach((k, v) -> uriBuilder.addFragmentParameter(k, String.valueOf(v)));
}
return uriBuilder.buildString();
}
Also used :
Token(io.gravitee.am.gateway.handler.oauth2.service.token.Token)
UriBuilder(io.gravitee.am.common.web.UriBuilder)
Aggregations
Test (org.junit.Test)23
AccessToken (io.gravitee.am.gateway.handler.oauth2.service.token.impl.AccessToken)22
Client (io.gravitee.am.model.oidc.Client)19
Token (io.gravitee.am.gateway.handler.oauth2.service.token.Token)14
OAuth2Request (io.gravitee.am.gateway.handler.oauth2.service.request.OAuth2Request)10
AuthorizationRequest (io.gravitee.am.gateway.handler.oauth2.service.request.AuthorizationRequest)7
User (io.vertx.reactivex.ext.auth.User)5
JWT (io.gravitee.am.common.jwt.JWT)4
TokenRequest (io.gravitee.am.gateway.handler.oauth2.service.request.TokenRequest)4
ApplicationScopeSettings (io.gravitee.am.model.application.ApplicationScopeSettings)4
ReactableExecutionContext (io.gravitee.am.gateway.handler.context.ReactableExecutionContext)3
User (io.gravitee.am.model.User)3
PermissionRequest (io.gravitee.am.model.uma.PermissionRequest)3
RefreshToken (io.gravitee.am.repository.oauth2.model.RefreshToken)3
LinkedMultiValueMap (io.gravitee.common.util.LinkedMultiValueMap)3
ExecutionContext (io.gravitee.gateway.api.ExecutionContext)3
UriBuilder (io.gravitee.am.common.web.UriBuilder)2
TokenClaim (io.gravitee.am.model.TokenClaim)2
JWTException (io.gravitee.am.common.exception.jwt.JWTException)1
InvalidTokenException (io.gravitee.am.common.exception.oauth2.InvalidTokenException)1
