Search in sources :

Example 1 with ClaimsRequestSyntaxException

use of io.gravitee.am.gateway.handler.oidc.exception.ClaimsRequestSyntaxException in project gravitee-access-management by gravitee-io.

the class ClaimsRequestResolver method resolve.

/**
 * @param claims the claims parameter value is represented in an OAuth 2.0 request as UTF-8 encoded JSON
 * @return Decoded JSON/POJO claims object
 * @throws ClaimsRequestSyntaxException
 */
public ClaimsRequest resolve(String claims) throws ClaimsRequestSyntaxException {
    try {
        // The claims parameter value is represented in an OAuth 2.0 request as UTF-8 encoded JSON
        JsonObject claimsValue = new JsonObject(claims);
        ClaimsRequest claimsRequest = new ClaimsRequest();
        // set userinfo parameter
        claimsRequest.setUserInfoClaims(resolveClaimsRequest(claimsValue, ClaimsRequest.USERINFO));
        // set id_token parameter
        claimsRequest.setIdTokenClaims(resolveClaimsRequest(claimsValue, ClaimsRequest.ID_TOKEN));
        return claimsRequest;
    } catch (Exception e) {
        throw new ClaimsRequestSyntaxException(e);
    }
}
Also used : JsonObject(io.vertx.core.json.JsonObject) ClaimsRequestSyntaxException(io.gravitee.am.gateway.handler.oidc.exception.ClaimsRequestSyntaxException) ClaimsRequestSyntaxException(io.gravitee.am.gateway.handler.oidc.exception.ClaimsRequestSyntaxException)

Example 2 with ClaimsRequestSyntaxException

use of io.gravitee.am.gateway.handler.oidc.exception.ClaimsRequestSyntaxException in project gravitee-access-management by gravitee-io.

the class AuthorizationRequestParseParametersHandler method parseClaimsParameter.

private void parseClaimsParameter(RoutingContext context) {
    String claims = getOAuthParameter(context, Parameters.CLAIMS);
    OpenIDProviderMetadata openIDProviderMetadata = context.get(PROVIDER_METADATA_CONTEXT_KEY);
    if (claims != null) {
        try {
            ClaimsRequest claimsRequest = claimsRequestResolver.resolve(claims);
            // check acr_values supported
            List<String> acrValuesSupported = openIDProviderMetadata.getAcrValuesSupported();
            if (claimsRequest.getIdTokenClaims() != null && claimsRequest.getIdTokenClaims().get(Claims.acr) != null) {
                ClaimRequest claimRequest = claimsRequest.getIdTokenClaims().get(Claims.acr);
                List<String> acrValuesRequested = claimRequest.getValue() != null ? Collections.singletonList(claimRequest.getValue()) : claimRequest.getValues() != null ? claimRequest.getValues() : Collections.emptyList();
                if (!acrValuesSupported.containsAll(acrValuesRequested)) {
                    throw new InvalidRequestException("Invalid parameter: claims, acr_values requested not supported");
                }
            }
            // save claims request as json string value (will be use for id_token and/or UserInfo endpoint)
            context.request().params().set(Parameters.CLAIMS, Json.encode(claimsRequest));
        } catch (ClaimsRequestSyntaxException e) {
            throw new InvalidRequestException("Invalid parameter: claims");
        }
    }
}
Also used : ClaimRequest(io.gravitee.am.gateway.handler.oidc.service.request.ClaimRequest) OpenIDProviderMetadata(io.gravitee.am.gateway.handler.oidc.service.discovery.OpenIDProviderMetadata) InvalidRequestException(io.gravitee.am.common.exception.oauth2.InvalidRequestException) ClaimsRequestSyntaxException(io.gravitee.am.gateway.handler.oidc.exception.ClaimsRequestSyntaxException) ClaimsRequest(io.gravitee.am.gateway.handler.oidc.service.request.ClaimsRequest)

Aggregations

ClaimsRequestSyntaxException (io.gravitee.am.gateway.handler.oidc.exception.ClaimsRequestSyntaxException)2 InvalidRequestException (io.gravitee.am.common.exception.oauth2.InvalidRequestException)1 OpenIDProviderMetadata (io.gravitee.am.gateway.handler.oidc.service.discovery.OpenIDProviderMetadata)1 ClaimRequest (io.gravitee.am.gateway.handler.oidc.service.request.ClaimRequest)1 ClaimsRequest (io.gravitee.am.gateway.handler.oidc.service.request.ClaimsRequest)1 JsonObject (io.vertx.core.json.JsonObject)1