use of io.gravitee.am.gateway.handler.oidc.exception.ClaimsRequestSyntaxException in project gravitee-access-management by gravitee-io.
the class ClaimsRequestResolver method resolve.
/**
* @param claims the claims parameter value is represented in an OAuth 2.0 request as UTF-8 encoded JSON
* @return Decoded JSON/POJO claims object
* @throws ClaimsRequestSyntaxException
*/
public ClaimsRequest resolve(String claims) throws ClaimsRequestSyntaxException {
try {
// The claims parameter value is represented in an OAuth 2.0 request as UTF-8 encoded JSON
JsonObject claimsValue = new JsonObject(claims);
ClaimsRequest claimsRequest = new ClaimsRequest();
// set userinfo parameter
claimsRequest.setUserInfoClaims(resolveClaimsRequest(claimsValue, ClaimsRequest.USERINFO));
// set id_token parameter
claimsRequest.setIdTokenClaims(resolveClaimsRequest(claimsValue, ClaimsRequest.ID_TOKEN));
return claimsRequest;
} catch (Exception e) {
throw new ClaimsRequestSyntaxException(e);
}
}
use of io.gravitee.am.gateway.handler.oidc.exception.ClaimsRequestSyntaxException in project gravitee-access-management by gravitee-io.
the class AuthorizationRequestParseParametersHandler method parseClaimsParameter.
private void parseClaimsParameter(RoutingContext context) {
String claims = getOAuthParameter(context, Parameters.CLAIMS);
OpenIDProviderMetadata openIDProviderMetadata = context.get(PROVIDER_METADATA_CONTEXT_KEY);
if (claims != null) {
try {
ClaimsRequest claimsRequest = claimsRequestResolver.resolve(claims);
// check acr_values supported
List<String> acrValuesSupported = openIDProviderMetadata.getAcrValuesSupported();
if (claimsRequest.getIdTokenClaims() != null && claimsRequest.getIdTokenClaims().get(Claims.acr) != null) {
ClaimRequest claimRequest = claimsRequest.getIdTokenClaims().get(Claims.acr);
List<String> acrValuesRequested = claimRequest.getValue() != null ? Collections.singletonList(claimRequest.getValue()) : claimRequest.getValues() != null ? claimRequest.getValues() : Collections.emptyList();
if (!acrValuesSupported.containsAll(acrValuesRequested)) {
throw new InvalidRequestException("Invalid parameter: claims, acr_values requested not supported");
}
}
// save claims request as json string value (will be use for id_token and/or UserInfo endpoint)
context.request().params().set(Parameters.CLAIMS, Json.encode(claimsRequest));
} catch (ClaimsRequestSyntaxException e) {
throw new InvalidRequestException("Invalid parameter: claims");
}
}
}
Aggregations