use of io.gravitee.am.identityprovider.twitter.authentication.utils.OAuthCredentials in project gravitee-access-management by gravitee-io.
the class TwitterAuthenticationProvider method authenticate.
@Override
protected Maybe<Token> authenticate(Authentication authentication) {
final String oauthToken = authentication.getContext().request().parameters().getFirst(configuration.getCodeParameter());
final String tokenVerifier = authentication.getContext().request().parameters().getFirst(configuration.getTokenVerifier());
if (oauthToken == null || oauthToken.isEmpty() || tokenMemory.getIfPresent(oauthToken) == null) {
LOGGER.debug("OAuth Token is missing, skip authentication");
return Maybe.error(new BadCredentialsException("Missing OAuth Token"));
}
if (tokenVerifier == null || tokenVerifier.isEmpty()) {
LOGGER.debug("Token Verifier is missing, skip authentication");
return Maybe.error(new BadCredentialsException("Missing Token Verifier"));
}
Map<String, String> parameters = Maps.<String, String>builder().put(OAUTH_VERIFIER, tokenVerifier).build();
Map<String, String> oauthParams = Maps.<String, String>builder().put(OAUTH_CONSUMER_KEY, configuration.getClientId()).put(OAUTH_TOKEN, oauthToken).put(OAUTH_SIGNATURE_METHOD, OAUTH_SIGNATURE_METHOD_VALUE).put(OAUTH_VERSION, OAUTH_VERSION_VALUE).build();
String authorization = getAuthorizationHeader("POST", configuration.getAccessTokenUri(), parameters, oauthParams, new OAuthCredentials(configuration, oauthToken, tokenMemory.getIfPresent(oauthToken)));
tokenMemory.invalidate(oauthToken);
MultiMap form = MultiMap.caseInsensitiveMultiMap().set(OAUTH_VERIFIER, tokenVerifier);
return client.postAbs(configuration.getAccessTokenUri()).putHeader(HttpHeaders.AUTHORIZATION, authorization).rxSendForm(form).toMaybe().flatMap(httpResponse -> {
if (httpResponse.statusCode() != 200) {
return Maybe.error(new BadCredentialsException(httpResponse.bodyAsString()));
}
String[] tokenInfo = httpResponse.bodyAsString().split("&");
String token = "";
String secret = "";
for (String pairString : tokenInfo) {
String[] pair = pairString.split("=");
if (pair.length > 1) {
if (pair[0].equalsIgnoreCase(OAUTH_TOKEN)) {
token = pair[1];
}
if (pair[0].equalsIgnoreCase(OAUTH_TOKEN_SECRET)) {
secret = pair[1];
}
}
}
return Maybe.just(new Token(token, secret, TokenTypeHint.ACCESS_TOKEN));
});
}
use of io.gravitee.am.identityprovider.twitter.authentication.utils.OAuthCredentials in project gravitee-access-management by gravitee-io.
the class TwitterAuthenticationProvider method profile.
@Override
protected Maybe<User> profile(Token token, Authentication authentication) {
Map<String, String> parameters = Maps.<String, String>builder().put("include_email", "true").build();
Map<String, String> oauthParams = Maps.<String, String>builder().put(OAUTH_CONSUMER_KEY, configuration.getClientId()).put(OAUTH_TOKEN, token.getValue()).put(OAUTH_SIGNATURE_METHOD, OAUTH_SIGNATURE_METHOD_VALUE).put(OAUTH_VERSION, OAUTH_VERSION_VALUE).build();
String authorization = getAuthorizationHeader("GET", configuration.getUserProfileUri(), parameters, oauthParams, new OAuthCredentials(configuration, token.getValue(), token.getSecret()));
return client.getAbs(configuration.getUserProfileUri() + "?include_email=true").putHeader(HttpHeaders.AUTHORIZATION, authorization).rxSend().toMaybe().flatMap(httpResponse -> {
if (httpResponse.statusCode() != 200) {
return Maybe.error(new BadCredentialsException(httpResponse.bodyAsString()));
}
JsonObject jsonObject = httpResponse.bodyAsJsonObject();
DefaultUser user = new DefaultUser(jsonObject.getString(TWITTER_SCREEN_NAME));
user.setId(jsonObject.getString(TWITTER_ID));
Map<String, Object> additionalInfos = new HashMap<>();
additionalInfos.putAll(applyUserMapping(authentication.getContext(), jsonObject.getMap()));
user.setAdditionalInformation(additionalInfos);
user.setRoles(applyRoleMapping(authentication.getContext(), jsonObject.getMap()));
return Maybe.just(user);
});
}
use of io.gravitee.am.identityprovider.twitter.authentication.utils.OAuthCredentials in project gravitee-access-management by gravitee-io.
the class TwitterAuthenticationProvider method asyncSignInUrl.
@Override
public Maybe<Request> asyncSignInUrl(String redirectUri, String state) {
try {
if (!StringUtils.isEmpty(state)) {
// Add state to redirect uri if specified. Note: Twitter is not oidc compliant and does not allow to specify a 'state' query parameter on its own authorization url.
final UriBuilder uriBuilder = UriBuilder.fromURIString(redirectUri).addParameter(Parameters.STATE, state);
redirectUri = uriBuilder.buildString();
}
Map<String, String> parameters = Maps.<String, String>builder().put(OAUTH_CALLBACK, redirectUri).put(OAUTH_CONSUMER_KEY, configuration.getClientId()).put(OAUTH_SIGNATURE_METHOD, OAUTH_SIGNATURE_METHOD_VALUE).put(OAUTH_VERSION, OAUTH_VERSION_VALUE).build();
String authorization = getAuthorizationHeader("POST", configuration.getRequestTokenUrl(), emptyMap(), parameters, new OAuthCredentials(configuration));
return getClient().postAbs(getConfiguration().getRequestTokenUrl()).putHeader(HttpHeaders.AUTHORIZATION, authorization).rxSend().toMaybe().map(httpResponse -> {
if (httpResponse.statusCode() != 200) {
throw new BadCredentialsException(httpResponse.statusMessage());
}
String body = httpResponse.bodyAsString();
String[] tokenResponse = body.split("&");
String token = null;
String tokenSecret = null;
String callbackState = null;
for (String responsePair : tokenResponse) {
String[] pair = responsePair.split("=");
if (pair.length > 1) {
if (OAUTH_TOKEN.equals(pair[0])) {
token = pair[1];
}
if (OAUTH_TOKEN_SECRET.equals(pair[0])) {
tokenSecret = pair[1];
}
if ("oauth_callback_confirmed".equals(pair[0])) {
callbackState = pair[1];
}
}
}
if ("true".equalsIgnoreCase(callbackState)) {
// preserve toke & token secret for the next steps
tokenMemory.put(token, tokenSecret);
UriBuilder builder = UriBuilder.fromHttpUrl(configuration.getUserAuthorizationUri());
builder.addParameter(OAUTH_TOKEN, token);
Request request = new Request();
request.setMethod(HttpMethod.GET);
request.setUri(builder.build().toString());
return request;
}
throw new BadCredentialsException("Token returned by Twitter mismatch");
});
} catch (BadCredentialsException e) {
LOGGER.error("An error occurs while building Sign In URL", e);
return Maybe.empty();
}
}
Aggregations