Examples with TokenClaim io.gravitee.am.model.TokenClaim used on opensource projects

Search in sources :

Example 1 with TokenClaim

use of io.gravitee.am.model.TokenClaim in project gravitee-access-management by gravitee-io.

the class TokenServiceImpl method enhanceJWT.

private void enhanceJWT(JWT jwt, List<TokenClaim> customClaims, TokenTypeHint tokenTypeHint, ExecutionContext executionContext) {
    if (customClaims != null && !customClaims.isEmpty()) {
        customClaims.stream().filter(tokenClaim -> tokenTypeHint.equals(tokenClaim.getTokenType())).forEach(tokenClaim -> {
            try {
                String claimName = tokenClaim.getClaimName();
                String claimExpression = tokenClaim.getClaimValue();
                Object extValue = (claimExpression != null) ? executionContext.getTemplateEngine().getValue(claimExpression, Object.class) : null;
                if (extValue != null) {
                    jwt.put(claimName, extValue);
                }
            } catch (Exception ex) {
                logger.debug("An error occurs while parsing expression language : {}", tokenClaim.getClaimValue(), ex);
            }
        });
    }
}
Also used : TokenTypeHint(io.gravitee.am.common.oauth2.TokenTypeHint) AccessTokenRepository(io.gravitee.am.repository.oauth2.api.AccessTokenRepository) java.util(java.util) Client(io.gravitee.am.model.oidc.Client) Completable(io.reactivex.Completable) SecureRandomString(io.gravitee.am.common.utils.SecureRandomString) TokenManager(io.gravitee.am.gateway.handler.oauth2.service.token.TokenManager) MultiValueMap(io.gravitee.common.util.MultiValueMap) Maybe(io.reactivex.Maybe) LoggerFactory(org.slf4j.LoggerFactory) Autowired(org.springframework.beans.factory.annotation.Autowired) ConstantKeys(io.gravitee.am.common.utils.ConstantKeys) InvalidTokenException(io.gravitee.am.common.exception.oauth2.InvalidTokenException) TokenService(io.gravitee.am.gateway.handler.oauth2.service.token.TokenService) RefreshTokenRepository(io.gravitee.am.repository.oauth2.api.RefreshTokenRepository) Single(io.reactivex.Single) TokenEnhancer(io.gravitee.am.gateway.handler.oauth2.service.token.TokenEnhancer) JWTException(io.gravitee.am.common.exception.jwt.JWTException) IntrospectionTokenService(io.gravitee.am.gateway.handler.common.oauth2.IntrospectionTokenService) JWTService(io.gravitee.am.gateway.handler.common.jwt.JWTService) User(io.gravitee.am.model.User) ExecutionContextFactory(io.gravitee.am.gateway.handler.context.ExecutionContextFactory) InvalidGrantException(io.gravitee.am.gateway.handler.oauth2.exception.InvalidGrantException) TokenClaim(io.gravitee.am.model.TokenClaim) ClientProperties(io.gravitee.am.model.safe.ClientProperties) PermissionRequest(io.gravitee.am.model.uma.PermissionRequest) Logger(org.slf4j.Logger) ExecutionContext(io.gravitee.gateway.api.ExecutionContext) JWT(io.gravitee.am.common.jwt.JWT) TokenRequest(io.gravitee.am.gateway.handler.oauth2.service.request.TokenRequest) Instant(java.time.Instant) RandomString(io.gravitee.am.common.utils.RandomString) Maps(io.gravitee.common.util.Maps) Token(io.gravitee.am.gateway.handler.oauth2.service.token.Token) Parameters(io.gravitee.am.common.oidc.Parameters) Claims(io.gravitee.am.common.jwt.Claims) UserProperties(io.gravitee.am.model.safe.UserProperties) OAuth2Request(io.gravitee.am.gateway.handler.oauth2.service.request.OAuth2Request) SimpleExecutionContext(io.gravitee.gateway.api.context.SimpleExecutionContext) OpenIDDiscoveryService(io.gravitee.am.gateway.handler.oidc.service.discovery.OpenIDDiscoveryService) SecureRandomString(io.gravitee.am.common.utils.SecureRandomString) RandomString(io.gravitee.am.common.utils.RandomString) InvalidTokenException(io.gravitee.am.common.exception.oauth2.InvalidTokenException) JWTException(io.gravitee.am.common.exception.jwt.JWTException) InvalidGrantException(io.gravitee.am.gateway.handler.oauth2.exception.InvalidGrantException)

Example 2 with TokenClaim

use of io.gravitee.am.model.TokenClaim in project gravitee-access-management by gravitee-io.

the class IDTokenServiceTest method shouldCreateIDToken_customClaims.

@Test
public void shouldCreateIDToken_customClaims() {
    OAuth2Request oAuth2Request = new OAuth2Request();
    oAuth2Request.setClientId("client-id");
    oAuth2Request.setScopes(Collections.singleton("openid"));
    TokenClaim customClaim = new TokenClaim();
    customClaim.setTokenType(TokenTypeHint.ID_TOKEN);
    customClaim.setClaimName("iss");
    customClaim.setClaimValue("https://custom-iss");
    Client client = new Client();
    client.setCertificate("certificate-client");
    client.setClientId("my-client-id");
    client.setTokenCustomClaims(Arrays.asList(customClaim));
    ExecutionContext executionContext = mock(ExecutionContext.class);
    TemplateEngine templateEngine = mock(TemplateEngine.class);
    when(templateEngine.getValue("https://custom-iss", Object.class)).thenReturn("https://custom-iss");
    when(executionContext.getTemplateEngine()).thenReturn(templateEngine);
    String idTokenPayload = "payload";
    io.gravitee.am.gateway.certificate.CertificateProvider defaultCert = new io.gravitee.am.gateway.certificate.CertificateProvider(defaultCertificateProvider);
    ArgumentCaptor<JWT> jwtCaptor = ArgumentCaptor.forClass(JWT.class);
    when(jwtService.encode(jwtCaptor.capture(), any(io.gravitee.am.gateway.certificate.CertificateProvider.class))).thenReturn(Single.just(idTokenPayload));
    when(certificateManager.findByAlgorithm(any())).thenReturn(Maybe.empty());
    when(certificateManager.get(any())).thenReturn(Maybe.empty());
    when(certificateManager.defaultCertificateProvider()).thenReturn(defaultCert);
    TestObserver<String> testObserver = idTokenService.create(oAuth2Request, client, null, executionContext).test();
    testObserver.assertComplete();
    testObserver.assertNoErrors();
    JWT jwt = jwtCaptor.getValue();
    assertNotNull(jwt);
    assertTrue(jwt.get("iss") != null && "https://custom-iss".equals(jwt.get("iss")));
    verify(certificateManager, times(1)).findByAlgorithm(any());
    verify(certificateManager, times(1)).get(anyString());
    verify(certificateManager, times(1)).defaultCertificateProvider();
    verify(jwtService, times(1)).encode(any(), eq(defaultCert));
}
Also used : JWT(io.gravitee.am.common.jwt.JWT) TemplateEngine(io.gravitee.el.TemplateEngine) OAuth2Request(io.gravitee.am.gateway.handler.oauth2.service.request.OAuth2Request) TokenClaim(io.gravitee.am.model.TokenClaim) ExecutionContext(io.gravitee.gateway.api.ExecutionContext) CertificateProvider(io.gravitee.am.certificate.api.CertificateProvider) Client(io.gravitee.am.model.oidc.Client) Test(org.junit.Test)

Example 3 with TokenClaim

use of io.gravitee.am.model.TokenClaim in project gravitee-access-management by gravitee-io.

the class TokenServiceTest method shouldCreateWithCustomClaims.

@Test
public void shouldCreateWithCustomClaims() {
    OAuth2Request oAuth2Request = new OAuth2Request();
    oAuth2Request.getContext().put(ConstantKeys.AUTH_FLOW_CONTEXT_ATTRIBUTES_KEY, new HashMap<>());
    TokenClaim customClaim = new TokenClaim();
    customClaim.setTokenType(TokenTypeHint.ACCESS_TOKEN);
    customClaim.setClaimName("iss");
    customClaim.setClaimValue("https://custom-iss");
    TokenClaim customClaim2 = new TokenClaim();
    customClaim2.setTokenType(TokenTypeHint.ACCESS_TOKEN);
    customClaim2.setClaimName("aud");
    customClaim2.setClaimValue("my-api");
    Client client = new Client();
    client.setClientId("my-client-id");
    client.setTokenCustomClaims(Arrays.asList(customClaim, customClaim2));
    ReactableExecutionContext executionContext = mock(ReactableExecutionContext.class);
    TemplateEngine templateEngine = mock(TemplateEngine.class);
    when(templateEngine.getValue("https://custom-iss", Object.class)).thenReturn("https://custom-iss");
    when(templateEngine.getValue("my-api", Object.class)).thenReturn("my-api");
    when(executionContext.getTemplateEngine()).thenReturn(templateEngine);
    ArgumentCaptor<JWT> jwtCaptor = ArgumentCaptor.forClass(JWT.class);
    when(jwtService.encode(jwtCaptor.capture(), any(Client.class))).thenReturn(Single.just(""));
    when(tokenEnhancer.enhance(any(), any(), any(), any(), any())).thenReturn(Single.just(new AccessToken("token-id")));
    when(executionContextFactory.create(any())).thenReturn(executionContext);
    doNothing().when(tokenManager).storeAccessToken(any());
    TestObserver<Token> testObserver = tokenService.create(oAuth2Request, client, null).test();
    testObserver.assertComplete();
    testObserver.assertNoErrors();
    JWT jwt = jwtCaptor.getValue();
    assertNotNull(jwt);
    assertTrue(jwt.get("iss") != null && "https://custom-iss".equals(jwt.get("iss")));
    assertTrue(jwt.get("aud") != null && "my-api".equals(jwt.get("aud")));
    verify(tokenManager, times(1)).storeAccessToken(any());
    verify(accessTokenRepository, never()).delete(anyString());
    verify(refreshTokenRepository, never()).delete(anyString());
    verify(executionContext).setAttribute(eq(ConstantKeys.AUTH_FLOW_CONTEXT_ATTRIBUTES_KEY), any());
}
Also used : TemplateEngine(io.gravitee.el.TemplateEngine) OAuth2Request(io.gravitee.am.gateway.handler.oauth2.service.request.OAuth2Request) TokenClaim(io.gravitee.am.model.TokenClaim) JWT(io.gravitee.am.common.jwt.JWT) AccessToken(io.gravitee.am.gateway.handler.oauth2.service.token.impl.AccessToken) ReactableExecutionContext(io.gravitee.am.gateway.handler.context.ReactableExecutionContext) RefreshToken(io.gravitee.am.repository.oauth2.model.RefreshToken) AccessToken(io.gravitee.am.gateway.handler.oauth2.service.token.impl.AccessToken) Client(io.gravitee.am.model.oidc.Client) Test(org.junit.Test)

Example 4 with TokenClaim

use of io.gravitee.am.model.TokenClaim in project gravitee-access-management by gravitee-io.

the class MongoApplicationRepository method convert.

private static TokenClaim convert(TokenClaimMongo mongoTokenClaim) {
    TokenClaim tokenClaim = new TokenClaim();
    tokenClaim.setTokenType(TokenTypeHint.from(mongoTokenClaim.getTokenType()));
    tokenClaim.setClaimName(mongoTokenClaim.getClaimName());
    tokenClaim.setClaimValue(mongoTokenClaim.getClaimValue());
    return tokenClaim;
}
Also used : TokenClaim(io.gravitee.am.model.TokenClaim)

Aggregations

TokenClaim (io.gravitee.am.model.TokenClaim)4 JWT (io.gravitee.am.common.jwt.JWT)3 OAuth2Request (io.gravitee.am.gateway.handler.oauth2.service.request.OAuth2Request)3 Client (io.gravitee.am.model.oidc.Client)3 TemplateEngine (io.gravitee.el.TemplateEngine)2 ExecutionContext (io.gravitee.gateway.api.ExecutionContext)2 Test (org.junit.Test)2 CertificateProvider (io.gravitee.am.certificate.api.CertificateProvider)1 JWTException (io.gravitee.am.common.exception.jwt.JWTException)1 InvalidTokenException (io.gravitee.am.common.exception.oauth2.InvalidTokenException)1 Claims (io.gravitee.am.common.jwt.Claims)1 TokenTypeHint (io.gravitee.am.common.oauth2.TokenTypeHint)1 Parameters (io.gravitee.am.common.oidc.Parameters)1 ConstantKeys (io.gravitee.am.common.utils.ConstantKeys)1 RandomString (io.gravitee.am.common.utils.RandomString)1 SecureRandomString (io.gravitee.am.common.utils.SecureRandomString)1 JWTService (io.gravitee.am.gateway.handler.common.jwt.JWTService)1 IntrospectionTokenService (io.gravitee.am.gateway.handler.common.oauth2.IntrospectionTokenService)1 ExecutionContextFactory (io.gravitee.am.gateway.handler.context.ExecutionContextFactory)1 ReactableExecutionContext (io.gravitee.am.gateway.handler.context.ReactableExecutionContext)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial