Search in sources :

Example 1 with ClaimsRequest

use of io.gravitee.am.gateway.handler.oidc.service.request.ClaimsRequest in project gravitee-access-management by gravitee-io.

the class AuthorizationRequestParseParametersHandler method parseClaimsParameter.

private void parseClaimsParameter(RoutingContext context) {
    String claims = getOAuthParameter(context, Parameters.CLAIMS);
    OpenIDProviderMetadata openIDProviderMetadata = context.get(PROVIDER_METADATA_CONTEXT_KEY);
    if (claims != null) {
        try {
            ClaimsRequest claimsRequest = claimsRequestResolver.resolve(claims);
            // check acr_values supported
            List<String> acrValuesSupported = openIDProviderMetadata.getAcrValuesSupported();
            if (claimsRequest.getIdTokenClaims() != null && claimsRequest.getIdTokenClaims().get(Claims.acr) != null) {
                ClaimRequest claimRequest = claimsRequest.getIdTokenClaims().get(Claims.acr);
                List<String> acrValuesRequested = claimRequest.getValue() != null ? Collections.singletonList(claimRequest.getValue()) : claimRequest.getValues() != null ? claimRequest.getValues() : Collections.emptyList();
                if (!acrValuesSupported.containsAll(acrValuesRequested)) {
                    throw new InvalidRequestException("Invalid parameter: claims, acr_values requested not supported");
                }
            }
            // save claims request as json string value (will be use for id_token and/or UserInfo endpoint)
            context.request().params().set(Parameters.CLAIMS, Json.encode(claimsRequest));
        } catch (ClaimsRequestSyntaxException e) {
            throw new InvalidRequestException("Invalid parameter: claims");
        }
    }
}
Also used : ClaimRequest(io.gravitee.am.gateway.handler.oidc.service.request.ClaimRequest) OpenIDProviderMetadata(io.gravitee.am.gateway.handler.oidc.service.discovery.OpenIDProviderMetadata) InvalidRequestException(io.gravitee.am.common.exception.oauth2.InvalidRequestException) ClaimsRequestSyntaxException(io.gravitee.am.gateway.handler.oidc.exception.ClaimsRequestSyntaxException) ClaimsRequest(io.gravitee.am.gateway.handler.oidc.service.request.ClaimsRequest)

Aggregations

InvalidRequestException (io.gravitee.am.common.exception.oauth2.InvalidRequestException)1 ClaimsRequestSyntaxException (io.gravitee.am.gateway.handler.oidc.exception.ClaimsRequestSyntaxException)1 OpenIDProviderMetadata (io.gravitee.am.gateway.handler.oidc.service.discovery.OpenIDProviderMetadata)1 ClaimRequest (io.gravitee.am.gateway.handler.oidc.service.request.ClaimRequest)1 ClaimsRequest (io.gravitee.am.gateway.handler.oidc.service.request.ClaimsRequest)1