use of io.gravitee.am.gateway.handler.oidc.service.request.ClaimsRequest in project gravitee-access-management by gravitee-io.
the class AuthorizationRequestParseParametersHandler method parseClaimsParameter.
private void parseClaimsParameter(RoutingContext context) {
String claims = getOAuthParameter(context, Parameters.CLAIMS);
OpenIDProviderMetadata openIDProviderMetadata = context.get(PROVIDER_METADATA_CONTEXT_KEY);
if (claims != null) {
try {
ClaimsRequest claimsRequest = claimsRequestResolver.resolve(claims);
// check acr_values supported
List<String> acrValuesSupported = openIDProviderMetadata.getAcrValuesSupported();
if (claimsRequest.getIdTokenClaims() != null && claimsRequest.getIdTokenClaims().get(Claims.acr) != null) {
ClaimRequest claimRequest = claimsRequest.getIdTokenClaims().get(Claims.acr);
List<String> acrValuesRequested = claimRequest.getValue() != null ? Collections.singletonList(claimRequest.getValue()) : claimRequest.getValues() != null ? claimRequest.getValues() : Collections.emptyList();
if (!acrValuesSupported.containsAll(acrValuesRequested)) {
throw new InvalidRequestException("Invalid parameter: claims, acr_values requested not supported");
}
}
// save claims request as json string value (will be use for id_token and/or UserInfo endpoint)
context.request().params().set(Parameters.CLAIMS, Json.encode(claimsRequest));
} catch (ClaimsRequestSyntaxException e) {
throw new InvalidRequestException("Invalid parameter: claims");
}
}
}
Aggregations