use of io.gravitee.am.model.http.NameValuePair in project gravitee-access-management by gravitee-io.
the class AbstractOpenIDConnectAuthenticationProvider method authenticate.
protected Maybe<Token> authenticate(Authentication authentication) {
// implicit flow, retrieve the hashValue of the URL (#access_token=....&token_type=...)
if (AuthenticationFlow.IMPLICIT_FLOW.equals(authenticationFlow())) {
final String hashValue = authentication.getContext().request().parameters().getFirst(HASH_VALUE_PARAMETER);
Map<String, String> hashValues = getParams(hashValue.substring(1));
// implicit flow was used with response_type=id_token token, access token is already fetched, continue
if (ResponseType.ID_TOKEN_TOKEN.equals(getConfiguration().getResponseType())) {
String accessToken = hashValues.get(ACCESS_TOKEN_PARAMETER);
// We store the token is option is enabled
if (getConfiguration().isStoreOriginalTokens()) {
if (!Strings.isNullOrEmpty(accessToken)) {
authentication.getContext().set(ACCESS_TOKEN_PARAMETER, accessToken);
}
}
// put the id_token in context for later use
authentication.getContext().set(ID_TOKEN_PARAMETER, hashValues.get(ID_TOKEN_PARAMETER));
return Maybe.just(new Token(accessToken, TokenTypeHint.ACCESS_TOKEN));
}
// implicit flow was used with response_type=id_token, id token is already fetched, continue
if (ResponseType.ID_TOKEN.equals(getConfiguration().getResponseType())) {
String idToken = hashValues.get(ID_TOKEN_PARAMETER);
// put the id_token in context for later use
authentication.getContext().set(ID_TOKEN_PARAMETER, idToken);
return Maybe.just(new Token(idToken, TokenTypeHint.ID_TOKEN));
}
}
// authorization code flow, exchange code for an access token
// prepare body request parameters
final String authorizationCode = authentication.getContext().request().parameters().getFirst(getConfiguration().getCodeParameter());
if (authorizationCode == null || authorizationCode.isEmpty()) {
LOGGER.debug("Authorization code is missing, skip authentication");
return Maybe.error(new BadCredentialsException("Missing authorization code"));
}
final List<NameValuePair> urlParameters = new ArrayList<>();
final HttpRequest<Buffer> tokenRequest = getClient().postAbs(getConfiguration().getAccessTokenUri());
if (ClientAuthenticationMethod.CLIENT_SECRET_BASIC.equals(this.getConfiguration().getClientAuthenticationMethod())) {
tokenRequest.basicAuthentication(getConfiguration().getClientId(), getConfiguration().getClientSecret());
} else {
urlParameters.add(new BasicNameValuePair(Parameters.CLIENT_SECRET, getConfiguration().getClientSecret()));
}
urlParameters.add(new BasicNameValuePair(Parameters.CLIENT_ID, getConfiguration().getClientId()));
urlParameters.add(new BasicNameValuePair(Parameters.REDIRECT_URI, String.valueOf(authentication.getContext().get(Parameters.REDIRECT_URI))));
urlParameters.add(new BasicNameValuePair(Parameters.CODE, authorizationCode));
urlParameters.add(new BasicNameValuePair(Parameters.GRANT_TYPE, "authorization_code"));
String bodyRequest = URLEncodedUtils.format(urlParameters);
return tokenRequest.putHeader(HttpHeaders.CONTENT_LENGTH, String.valueOf(bodyRequest.length())).putHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_FORM_URLENCODED).rxSendBuffer(Buffer.buffer(bodyRequest)).toMaybe().map(httpResponse -> {
if (httpResponse.statusCode() != 200) {
throw new BadCredentialsException(httpResponse.statusMessage());
}
JsonObject response = httpResponse.bodyAsJsonObject();
String accessToken = response.getString(ACCESS_TOKEN_PARAMETER);
// We store the token is option is enabled
if (getConfiguration().isStoreOriginalTokens()) {
if (!Strings.isNullOrEmpty(accessToken)) {
authentication.getContext().set(ACCESS_TOKEN_PARAMETER, accessToken);
}
}
// ID Token is always stored for SSO
String idToken = response.getString(ID_TOKEN_PARAMETER);
if (!Strings.isNullOrEmpty(idToken)) {
authentication.getContext().set(ID_TOKEN_PARAMETER, idToken);
}
return new Token(accessToken, TokenTypeHint.ACCESS_TOKEN);
});
}
use of io.gravitee.am.model.http.NameValuePair in project gravitee-access-management by gravitee-io.
the class URLEncodedUtils method format.
public static String format(final Iterable<? extends NameValuePair> parameters) {
final StringBuilder result = new StringBuilder();
for (final NameValuePair parameter : parameters) {
final String parameterName = parameter.getName();
final String parameterValue = parameter.getValue();
if (result.length() > 0) {
result.append(QP_SEP_A);
}
result.append(parameterName);
if (parameterValue != null) {
result.append(NAME_VALUE_SEPARATOR);
result.append(parameterValue);
}
}
return result.toString();
}
use of io.gravitee.am.model.http.NameValuePair in project gravitee-access-management by gravitee-io.
the class FranceConnectAuthenticationProvider method authenticate.
@Override
protected Maybe<Token> authenticate(Authentication authentication) {
// prepare body request parameters
final String authorizationCode = authentication.getContext().request().parameters().getFirst(configuration.getCodeParameter());
if (authorizationCode == null || authorizationCode.isEmpty()) {
LOGGER.debug("Authorization code is missing, skip authentication");
return Maybe.error(new BadCredentialsException("Missing authorization code"));
}
List<NameValuePair> urlParameters = new ArrayList<>();
urlParameters.add(new BasicNameValuePair(CLIENT_ID, configuration.getClientId()));
urlParameters.add(new BasicNameValuePair(CLIENT_SECRET, configuration.getClientSecret()));
urlParameters.add(new BasicNameValuePair(Parameters.GRANT_TYPE, "authorization_code"));
if (getConfiguration().getEnvironment() == FranceConnectIdentityProviderConfiguration.Environment.DEVELOPMENT) {
// NOTE: Port is being proxied by nginx. Please have a look to the README.adoc file
QueryStringDecoder decoder = new QueryStringDecoder((String) authentication.getContext().get(REDIRECT_URI));
urlParameters.add(new BasicNameValuePair(Parameters.REDIRECT_URI, "http://localhost:4242/callback"));
} else {
urlParameters.add(new BasicNameValuePair(Parameters.REDIRECT_URI, (String) authentication.getContext().get(REDIRECT_URI)));
}
urlParameters.add(new BasicNameValuePair(CODE, authorizationCode));
String bodyRequest = URLEncodedUtils.format(urlParameters);
return client.postAbs(configuration.getAccessTokenUri()).putHeader(HttpHeaders.CONTENT_LENGTH, String.valueOf(bodyRequest.length())).putHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_FORM_URLENCODED).rxSendBuffer(Buffer.buffer(bodyRequest)).toMaybe().map(httpResponse -> {
if (httpResponse.statusCode() != 200) {
throw new BadCredentialsException(httpResponse.statusMessage());
}
JsonObject response = httpResponse.bodyAsJsonObject();
String accessToken = response.getString(ACCESS_TOKEN_PARAMETER);
String idToken = response.getString(ID_TOKEN_PARAMETER);
if (getConfiguration().isStoreOriginalTokens()) {
if (!Strings.isNullOrEmpty(accessToken)) {
authentication.getContext().set(ACCESS_TOKEN_PARAMETER, accessToken);
}
}
if (!Strings.isNullOrEmpty(idToken)) {
authentication.getContext().set(ID_TOKEN_PARAMETER, idToken);
}
return new Token(accessToken, TokenTypeHint.ACCESS_TOKEN);
});
}
use of io.gravitee.am.model.http.NameValuePair in project gravitee-access-management by gravitee-io.
the class LinkedinAuthenticationProvider method authenticate.
@Override
protected Maybe<Token> authenticate(Authentication authentication) {
// prepare body request parameters
final String authorizationCode = authentication.getContext().request().parameters().getFirst(configuration.getCodeParameter());
if (authorizationCode == null || authorizationCode.isEmpty()) {
LOGGER.debug("Authorization code is missing, skip authentication");
return Maybe.error(new BadCredentialsException("Missing authorization code"));
}
List<NameValuePair> urlParameters = new ArrayList<>();
urlParameters.add(new BasicNameValuePair(CLIENT_ID, configuration.getClientId()));
urlParameters.add(new BasicNameValuePair(CLIENT_SECRET, configuration.getClientSecret()));
urlParameters.add(new BasicNameValuePair(REDIRECT_URI, (String) authentication.getContext().get(REDIRECT_URI)));
urlParameters.add(new BasicNameValuePair(CODE, authorizationCode));
urlParameters.add(new BasicNameValuePair(GRANT_TYPE, "authorization_code"));
String bodyRequest = URLEncodedUtils.format(urlParameters);
return client.postAbs(configuration.getAccessTokenUri()).putHeader(HttpHeaders.CONTENT_LENGTH, String.valueOf(bodyRequest.length())).putHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_FORM_URLENCODED).rxSendBuffer(Buffer.buffer(bodyRequest)).toMaybe().map(httpResponse -> {
if (httpResponse.statusCode() != 200) {
throw new BadCredentialsException(httpResponse.statusMessage());
}
JsonObject response = httpResponse.bodyAsJsonObject();
String accessToken = response.getString("access_token");
return new Token(accessToken, TokenTypeHint.ACCESS_TOKEN);
});
}
use of io.gravitee.am.model.http.NameValuePair in project gravitee-access-management by gravitee-io.
the class GithubAuthenticationProvider method authenticate.
@Override
protected Maybe<Token> authenticate(Authentication authentication) {
// prepare body request parameters
final String authorizationCode = authentication.getContext().request().parameters().getFirst(configuration.getCodeParameter());
if (authorizationCode == null || authorizationCode.isEmpty()) {
LOGGER.debug("Authorization code is missing, skip authentication");
return Maybe.error(new BadCredentialsException("Missing authorization code"));
}
List<NameValuePair> urlParameters = new ArrayList<>();
urlParameters.add(new BasicNameValuePair(CLIENT_ID, configuration.getClientId()));
urlParameters.add(new BasicNameValuePair(CLIENT_SECRET, configuration.getClientSecret()));
urlParameters.add(new BasicNameValuePair(REDIRECT_URI, (String) authentication.getContext().get(REDIRECT_URI)));
urlParameters.add(new BasicNameValuePair(CODE, authorizationCode));
String bodyRequest = URLEncodedUtils.format(urlParameters);
return client.postAbs(configuration.getAccessTokenUri()).putHeader(HttpHeaders.CONTENT_LENGTH, String.valueOf(bodyRequest.length())).putHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_FORM_URLENCODED).rxSendBuffer(Buffer.buffer(bodyRequest)).toMaybe().map(httpResponse -> {
if (httpResponse.statusCode() != 200) {
throw new BadCredentialsException(httpResponse.statusMessage());
}
Map<String, String> bodyResponse = URLEncodedUtils.format(httpResponse.bodyAsString());
return new Token(bodyResponse.get("access_token"), TokenTypeHint.ACCESS_TOKEN);
});
}
Aggregations