Search in sources :

Example 1 with BasicNameValuePair

use of io.gravitee.am.model.http.BasicNameValuePair in project gravitee-access-management by gravitee-io.

the class AbstractOpenIDConnectAuthenticationProvider method authenticate.

protected Maybe<Token> authenticate(Authentication authentication) {
    // implicit flow, retrieve the hashValue of the URL (#access_token=....&token_type=...)
    if (AuthenticationFlow.IMPLICIT_FLOW.equals(authenticationFlow())) {
        final String hashValue = authentication.getContext().request().parameters().getFirst(HASH_VALUE_PARAMETER);
        Map<String, String> hashValues = getParams(hashValue.substring(1));
        // implicit flow was used with response_type=id_token token, access token is already fetched, continue
        if (ResponseType.ID_TOKEN_TOKEN.equals(getConfiguration().getResponseType())) {
            String accessToken = hashValues.get(ACCESS_TOKEN_PARAMETER);
            // We store the token is option is enabled
            if (getConfiguration().isStoreOriginalTokens()) {
                if (!Strings.isNullOrEmpty(accessToken)) {
                    authentication.getContext().set(ACCESS_TOKEN_PARAMETER, accessToken);
                }
            }
            // put the id_token in context for later use
            authentication.getContext().set(ID_TOKEN_PARAMETER, hashValues.get(ID_TOKEN_PARAMETER));
            return Maybe.just(new Token(accessToken, TokenTypeHint.ACCESS_TOKEN));
        }
        // implicit flow was used with response_type=id_token, id token is already fetched, continue
        if (ResponseType.ID_TOKEN.equals(getConfiguration().getResponseType())) {
            String idToken = hashValues.get(ID_TOKEN_PARAMETER);
            // put the id_token in context for later use
            authentication.getContext().set(ID_TOKEN_PARAMETER, idToken);
            return Maybe.just(new Token(idToken, TokenTypeHint.ID_TOKEN));
        }
    }
    // authorization code flow, exchange code for an access token
    // prepare body request parameters
    final String authorizationCode = authentication.getContext().request().parameters().getFirst(getConfiguration().getCodeParameter());
    if (authorizationCode == null || authorizationCode.isEmpty()) {
        LOGGER.debug("Authorization code is missing, skip authentication");
        return Maybe.error(new BadCredentialsException("Missing authorization code"));
    }
    final List<NameValuePair> urlParameters = new ArrayList<>();
    final HttpRequest<Buffer> tokenRequest = getClient().postAbs(getConfiguration().getAccessTokenUri());
    if (ClientAuthenticationMethod.CLIENT_SECRET_BASIC.equals(this.getConfiguration().getClientAuthenticationMethod())) {
        tokenRequest.basicAuthentication(getConfiguration().getClientId(), getConfiguration().getClientSecret());
    } else {
        urlParameters.add(new BasicNameValuePair(Parameters.CLIENT_SECRET, getConfiguration().getClientSecret()));
    }
    urlParameters.add(new BasicNameValuePair(Parameters.CLIENT_ID, getConfiguration().getClientId()));
    urlParameters.add(new BasicNameValuePair(Parameters.REDIRECT_URI, String.valueOf(authentication.getContext().get(Parameters.REDIRECT_URI))));
    urlParameters.add(new BasicNameValuePair(Parameters.CODE, authorizationCode));
    urlParameters.add(new BasicNameValuePair(Parameters.GRANT_TYPE, "authorization_code"));
    String bodyRequest = URLEncodedUtils.format(urlParameters);
    return tokenRequest.putHeader(HttpHeaders.CONTENT_LENGTH, String.valueOf(bodyRequest.length())).putHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_FORM_URLENCODED).rxSendBuffer(Buffer.buffer(bodyRequest)).toMaybe().map(httpResponse -> {
        if (httpResponse.statusCode() != 200) {
            throw new BadCredentialsException(httpResponse.statusMessage());
        }
        JsonObject response = httpResponse.bodyAsJsonObject();
        String accessToken = response.getString(ACCESS_TOKEN_PARAMETER);
        // We store the token is option is enabled
        if (getConfiguration().isStoreOriginalTokens()) {
            if (!Strings.isNullOrEmpty(accessToken)) {
                authentication.getContext().set(ACCESS_TOKEN_PARAMETER, accessToken);
            }
        }
        // ID Token is always stored for SSO
        String idToken = response.getString(ID_TOKEN_PARAMETER);
        if (!Strings.isNullOrEmpty(idToken)) {
            authentication.getContext().set(ID_TOKEN_PARAMETER, idToken);
        }
        return new Token(accessToken, TokenTypeHint.ACCESS_TOKEN);
    });
}
Also used : Buffer(io.vertx.reactivex.core.buffer.Buffer) BasicNameValuePair(io.gravitee.am.model.http.BasicNameValuePair) NameValuePair(io.gravitee.am.model.http.NameValuePair) BasicNameValuePair(io.gravitee.am.model.http.BasicNameValuePair) JsonObject(io.vertx.core.json.JsonObject) SecureRandomString(io.gravitee.am.common.utils.SecureRandomString) BadCredentialsException(io.gravitee.am.common.exception.authentication.BadCredentialsException)

Example 2 with BasicNameValuePair

use of io.gravitee.am.model.http.BasicNameValuePair in project gravitee-access-management by gravitee-io.

the class FranceConnectAuthenticationProvider method authenticate.

@Override
protected Maybe<Token> authenticate(Authentication authentication) {
    // prepare body request parameters
    final String authorizationCode = authentication.getContext().request().parameters().getFirst(configuration.getCodeParameter());
    if (authorizationCode == null || authorizationCode.isEmpty()) {
        LOGGER.debug("Authorization code is missing, skip authentication");
        return Maybe.error(new BadCredentialsException("Missing authorization code"));
    }
    List<NameValuePair> urlParameters = new ArrayList<>();
    urlParameters.add(new BasicNameValuePair(CLIENT_ID, configuration.getClientId()));
    urlParameters.add(new BasicNameValuePair(CLIENT_SECRET, configuration.getClientSecret()));
    urlParameters.add(new BasicNameValuePair(Parameters.GRANT_TYPE, "authorization_code"));
    if (getConfiguration().getEnvironment() == FranceConnectIdentityProviderConfiguration.Environment.DEVELOPMENT) {
        // NOTE: Port is being proxied by nginx. Please have a look to the README.adoc file
        QueryStringDecoder decoder = new QueryStringDecoder((String) authentication.getContext().get(REDIRECT_URI));
        urlParameters.add(new BasicNameValuePair(Parameters.REDIRECT_URI, "http://localhost:4242/callback"));
    } else {
        urlParameters.add(new BasicNameValuePair(Parameters.REDIRECT_URI, (String) authentication.getContext().get(REDIRECT_URI)));
    }
    urlParameters.add(new BasicNameValuePair(CODE, authorizationCode));
    String bodyRequest = URLEncodedUtils.format(urlParameters);
    return client.postAbs(configuration.getAccessTokenUri()).putHeader(HttpHeaders.CONTENT_LENGTH, String.valueOf(bodyRequest.length())).putHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_FORM_URLENCODED).rxSendBuffer(Buffer.buffer(bodyRequest)).toMaybe().map(httpResponse -> {
        if (httpResponse.statusCode() != 200) {
            throw new BadCredentialsException(httpResponse.statusMessage());
        }
        JsonObject response = httpResponse.bodyAsJsonObject();
        String accessToken = response.getString(ACCESS_TOKEN_PARAMETER);
        String idToken = response.getString(ID_TOKEN_PARAMETER);
        if (getConfiguration().isStoreOriginalTokens()) {
            if (!Strings.isNullOrEmpty(accessToken)) {
                authentication.getContext().set(ACCESS_TOKEN_PARAMETER, accessToken);
            }
        }
        if (!Strings.isNullOrEmpty(idToken)) {
            authentication.getContext().set(ID_TOKEN_PARAMETER, idToken);
        }
        return new Token(accessToken, TokenTypeHint.ACCESS_TOKEN);
    });
}
Also used : QueryStringDecoder(io.netty.handler.codec.http.QueryStringDecoder) BasicNameValuePair(io.gravitee.am.model.http.BasicNameValuePair) NameValuePair(io.gravitee.am.model.http.NameValuePair) BasicNameValuePair(io.gravitee.am.model.http.BasicNameValuePair) ArrayList(java.util.ArrayList) JsonObject(io.vertx.core.json.JsonObject) SecureRandomString(io.gravitee.am.common.utils.SecureRandomString) BadCredentialsException(io.gravitee.am.common.exception.authentication.BadCredentialsException)

Example 3 with BasicNameValuePair

use of io.gravitee.am.model.http.BasicNameValuePair in project gravitee-access-management by gravitee-io.

the class LinkedinAuthenticationProvider method authenticate.

@Override
protected Maybe<Token> authenticate(Authentication authentication) {
    // prepare body request parameters
    final String authorizationCode = authentication.getContext().request().parameters().getFirst(configuration.getCodeParameter());
    if (authorizationCode == null || authorizationCode.isEmpty()) {
        LOGGER.debug("Authorization code is missing, skip authentication");
        return Maybe.error(new BadCredentialsException("Missing authorization code"));
    }
    List<NameValuePair> urlParameters = new ArrayList<>();
    urlParameters.add(new BasicNameValuePair(CLIENT_ID, configuration.getClientId()));
    urlParameters.add(new BasicNameValuePair(CLIENT_SECRET, configuration.getClientSecret()));
    urlParameters.add(new BasicNameValuePair(REDIRECT_URI, (String) authentication.getContext().get(REDIRECT_URI)));
    urlParameters.add(new BasicNameValuePair(CODE, authorizationCode));
    urlParameters.add(new BasicNameValuePair(GRANT_TYPE, "authorization_code"));
    String bodyRequest = URLEncodedUtils.format(urlParameters);
    return client.postAbs(configuration.getAccessTokenUri()).putHeader(HttpHeaders.CONTENT_LENGTH, String.valueOf(bodyRequest.length())).putHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_FORM_URLENCODED).rxSendBuffer(Buffer.buffer(bodyRequest)).toMaybe().map(httpResponse -> {
        if (httpResponse.statusCode() != 200) {
            throw new BadCredentialsException(httpResponse.statusMessage());
        }
        JsonObject response = httpResponse.bodyAsJsonObject();
        String accessToken = response.getString("access_token");
        return new Token(accessToken, TokenTypeHint.ACCESS_TOKEN);
    });
}
Also used : BasicNameValuePair(io.gravitee.am.model.http.BasicNameValuePair) NameValuePair(io.gravitee.am.model.http.NameValuePair) BasicNameValuePair(io.gravitee.am.model.http.BasicNameValuePair) JsonObject(io.vertx.core.json.JsonObject) BadCredentialsException(io.gravitee.am.common.exception.authentication.BadCredentialsException)

Example 4 with BasicNameValuePair

use of io.gravitee.am.model.http.BasicNameValuePair in project gravitee-access-management by gravitee-io.

the class GithubAuthenticationProvider method authenticate.

@Override
protected Maybe<Token> authenticate(Authentication authentication) {
    // prepare body request parameters
    final String authorizationCode = authentication.getContext().request().parameters().getFirst(configuration.getCodeParameter());
    if (authorizationCode == null || authorizationCode.isEmpty()) {
        LOGGER.debug("Authorization code is missing, skip authentication");
        return Maybe.error(new BadCredentialsException("Missing authorization code"));
    }
    List<NameValuePair> urlParameters = new ArrayList<>();
    urlParameters.add(new BasicNameValuePair(CLIENT_ID, configuration.getClientId()));
    urlParameters.add(new BasicNameValuePair(CLIENT_SECRET, configuration.getClientSecret()));
    urlParameters.add(new BasicNameValuePair(REDIRECT_URI, (String) authentication.getContext().get(REDIRECT_URI)));
    urlParameters.add(new BasicNameValuePair(CODE, authorizationCode));
    String bodyRequest = URLEncodedUtils.format(urlParameters);
    return client.postAbs(configuration.getAccessTokenUri()).putHeader(HttpHeaders.CONTENT_LENGTH, String.valueOf(bodyRequest.length())).putHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_FORM_URLENCODED).rxSendBuffer(Buffer.buffer(bodyRequest)).toMaybe().map(httpResponse -> {
        if (httpResponse.statusCode() != 200) {
            throw new BadCredentialsException(httpResponse.statusMessage());
        }
        Map<String, String> bodyResponse = URLEncodedUtils.format(httpResponse.bodyAsString());
        return new Token(bodyResponse.get("access_token"), TokenTypeHint.ACCESS_TOKEN);
    });
}
Also used : BasicNameValuePair(io.gravitee.am.model.http.BasicNameValuePair) NameValuePair(io.gravitee.am.model.http.NameValuePair) BasicNameValuePair(io.gravitee.am.model.http.BasicNameValuePair) ArrayList(java.util.ArrayList) BadCredentialsException(io.gravitee.am.common.exception.authentication.BadCredentialsException)

Aggregations

BadCredentialsException (io.gravitee.am.common.exception.authentication.BadCredentialsException)4 BasicNameValuePair (io.gravitee.am.model.http.BasicNameValuePair)4 NameValuePair (io.gravitee.am.model.http.NameValuePair)4 JsonObject (io.vertx.core.json.JsonObject)3 SecureRandomString (io.gravitee.am.common.utils.SecureRandomString)2 ArrayList (java.util.ArrayList)2 QueryStringDecoder (io.netty.handler.codec.http.QueryStringDecoder)1 Buffer (io.vertx.reactivex.core.buffer.Buffer)1