use of io.gravitee.rest.api.model.configuration.identity.SocialIdentityProviderEntity in project gravitee-management-rest-api by gravitee-io.
the class OAuth2AuthenticationResource method tokenExchange.
@POST
@Path("exchange")
@Produces(MediaType.APPLICATION_JSON)
public Response tokenExchange(@PathParam(value = "identity") final String identity, @QueryParam(value = "token") final String token, @Context final HttpServletResponse servletResponse) throws IOException {
SocialIdentityProviderEntity identityProvider = socialIdentityProviderService.findById(identity, new IdentityProviderActivationService.ActivationTarget(GraviteeContext.getCurrentOrganization(), IdentityProviderActivationReferenceType.ORGANIZATION));
if (identityProvider != null) {
if (identityProvider.getTokenIntrospectionEndpoint() != null) {
// Step1. Check the token by invoking the introspection endpoint
final MultivaluedStringMap introspectData = new MultivaluedStringMap();
introspectData.add(TOKEN, token);
Response response = client.target(identityProvider.getTokenIntrospectionEndpoint()).request(javax.ws.rs.core.MediaType.APPLICATION_JSON_TYPE).header(HttpHeaders.AUTHORIZATION, String.format("Basic %s", Base64.getEncoder().encodeToString((identityProvider.getClientId() + ':' + identityProvider.getClientSecret()).getBytes()))).post(Entity.form(introspectData));
introspectData.clear();
if (response.getStatus() == Response.Status.OK.getStatusCode()) {
JsonNode introspectPayload = response.readEntity(JsonNode.class);
boolean active = introspectPayload.path("active").asBoolean(true);
if (active) {
return authenticateUser(identityProvider, servletResponse, token, null, null);
} else {
return Response.status(Response.Status.UNAUTHORIZED).entity(introspectPayload).build();
}
} else {
LOGGER.error("Token exchange failed with status {}: {}\n{}", response.getStatus(), response.getStatusInfo(), getResponseEntityAsString(response));
}
return Response.status(response.getStatusInfo()).entity(response.getEntity()).build();
} else {
return Response.status(Response.Status.BAD_REQUEST).entity("Token exchange is not supported for this identity provider").build();
}
}
return Response.status(Response.Status.NOT_FOUND).build();
}
use of io.gravitee.rest.api.model.configuration.identity.SocialIdentityProviderEntity in project gravitee-management-rest-api by gravitee-io.
the class OAuth2AuthenticationResource method exchangeAuthorizationCode.
@POST
@Produces(MediaType.APPLICATION_JSON)
public Response exchangeAuthorizationCode(@PathParam(value = "identity") String identity, @Valid @NotNull final Payload payload, @Context final HttpServletResponse servletResponse) throws IOException {
SocialIdentityProviderEntity identityProvider = socialIdentityProviderService.findById(identity, new IdentityProviderActivationService.ActivationTarget(GraviteeContext.getCurrentOrganization(), IdentityProviderActivationReferenceType.ORGANIZATION));
if (identityProvider != null) {
// Step 1. Exchange authorization code for access token.
final MultivaluedStringMap accessData = new MultivaluedStringMap();
accessData.add(CLIENT_ID_KEY, payload.getClientId());
accessData.add(REDIRECT_URI_KEY, payload.getRedirectUri());
accessData.add(CLIENT_SECRET, identityProvider.getClientSecret());
accessData.add(CODE_KEY, payload.getCode());
accessData.add(GRANT_TYPE_KEY, AUTH_CODE);
Response response = client.target(identityProvider.getTokenEndpoint()).request(javax.ws.rs.core.MediaType.APPLICATION_JSON_TYPE).post(Entity.form(accessData));
accessData.clear();
if (response.getStatus() == Response.Status.OK.getStatusCode()) {
final Map<String, Object> responseEntity = getResponseEntity(response);
final String accessToken = (String) responseEntity.get(ACCESS_TOKEN_PROPERTY);
final String idToken = (String) responseEntity.get(ID_TOKEN_PROPERTY);
return authenticateUser(identityProvider, servletResponse, accessToken, idToken, payload.getState());
} else {
LOGGER.error("Exchange authorization code failed with status {}: {}\n{}", response.getStatus(), response.getStatusInfo(), getResponseEntityAsString(response));
}
return Response.status(Response.Status.UNAUTHORIZED).build();
}
return Response.status(Response.Status.NOT_FOUND).build();
}
use of io.gravitee.rest.api.model.configuration.identity.SocialIdentityProviderEntity in project gravitee-management-rest-api by gravitee-io.
the class OAuth2AuthenticationResource method exchangeAuthorizationCode.
@POST
@Produces(MediaType.APPLICATION_JSON)
public Response exchangeAuthorizationCode(@PathParam(value = "identity") String identity, @Valid @NotNull(message = "Input must not be null.") final PayloadInput payloadInput, @Context final HttpServletResponse servletResponse) throws IOException {
SocialIdentityProviderEntity identityProvider = socialIdentityProviderService.findById(identity, new IdentityProviderActivationService.ActivationTarget(GraviteeContext.getCurrentEnvironment(), IdentityProviderActivationReferenceType.ENVIRONMENT));
if (identityProvider != null) {
// Step 1. Exchange authorization code for access token.
final MultivaluedStringMap accessData = new MultivaluedStringMap();
accessData.add(CLIENT_ID_KEY, payloadInput.getClientId());
accessData.add(REDIRECT_URI_KEY, payloadInput.getRedirectUri());
accessData.add(CLIENT_SECRET, identityProvider.getClientSecret());
accessData.add(CODE_KEY, payloadInput.getCode());
accessData.add(CODE_VERIFIER_KEY, payloadInput.getCodeVerifier());
accessData.add(GRANT_TYPE_KEY, payloadInput.getGrantType());
Response response = client.target(identityProvider.getTokenEndpoint()).request(javax.ws.rs.core.MediaType.APPLICATION_JSON_TYPE).post(Entity.form(accessData));
accessData.clear();
if (response.getStatus() == Response.Status.OK.getStatusCode()) {
final Map<String, Object> responseEntity = getResponseEntity(response);
final String accessToken = (String) responseEntity.get(ACCESS_TOKEN_PROPERTY);
final String idToken = (String) responseEntity.get(ID_TOKEN_PROPERTY);
return authenticateUser(identityProvider, servletResponse, accessToken, idToken, payloadInput.getState());
} else {
LOGGER.error("Exchange authorization code failed with status {}: {}\n{}", response.getStatus(), response.getStatusInfo(), getResponseEntityAsString(response));
}
return Response.status(Response.Status.UNAUTHORIZED).build();
}
return Response.status(Response.Status.NOT_FOUND).build();
}
use of io.gravitee.rest.api.model.configuration.identity.SocialIdentityProviderEntity in project gravitee-management-rest-api by gravitee-io.
the class OAuth2AuthenticationResourceTest method init.
@Before
public void init() {
identityProvider = new SocialIdentityProviderEntity() {
@Override
public String getId() {
return USER_SOURCE_OAUTH2;
}
@Override
public IdentityProviderType getType() {
return IdentityProviderType.OIDC;
}
@Override
public String getAuthorizationEndpoint() {
return null;
}
@Override
public String getTokenEndpoint() {
return "http://localhost:" + wireMockRule.port() + "/token";
}
@Override
public String getUserInfoEndpoint() {
return "http://localhost:" + wireMockRule.port() + "/userinfo";
}
@Override
public List<String> getRequiredUrlParams() {
return null;
}
@Override
public List<String> getOptionalUrlParams() {
return null;
}
@Override
public List<String> getScopes() {
return null;
}
@Override
public String getDisplay() {
return null;
}
@Override
public String getColor() {
return null;
}
@Override
public String getClientSecret() {
return "the_client_secret";
}
private Map<String, String> userProfileMapping = new HashMap<>();
@Override
public Map<String, String> getUserProfileMapping() {
return userProfileMapping;
}
private List<GroupMappingEntity> groupMappings = new ArrayList<>();
@Override
public List<GroupMappingEntity> getGroupMappings() {
return groupMappings;
}
private List<RoleMappingEntity> roleMappings = new ArrayList<>();
@Override
public List<RoleMappingEntity> getRoleMappings() {
return roleMappings;
}
@Override
public boolean isEmailRequired() {
return true;
}
};
when(socialIdentityProviderService.findById(eq(USER_SOURCE_OAUTH2), any())).thenReturn(identityProvider);
cleanEnvironment();
cleanRolesGroupMapping();
reset(userService, groupService, roleService, membershipService);
}
use of io.gravitee.rest.api.model.configuration.identity.SocialIdentityProviderEntity in project gravitee-management-rest-api by gravitee-io.
the class OAuth2AuthenticationResourceTest method init.
@Before
public void init() {
identityProvider = new SocialIdentityProviderEntity() {
private Map<String, String> userProfileMapping = new HashMap<>();
private List<GroupMappingEntity> groupMappings = new ArrayList<>();
private List<RoleMappingEntity> roleMappings = new ArrayList<>();
@Override
public String getId() {
return USER_SOURCE_OAUTH2;
}
@Override
public IdentityProviderType getType() {
return IdentityProviderType.OIDC;
}
@Override
public String getAuthorizationEndpoint() {
return null;
}
@Override
public String getTokenEndpoint() {
return "http://localhost:" + wireMockRule.port() + "/token";
}
@Override
public String getUserInfoEndpoint() {
return "http://localhost:" + wireMockRule.port() + "/userinfo";
}
@Override
public List<String> getRequiredUrlParams() {
return null;
}
@Override
public List<String> getOptionalUrlParams() {
return null;
}
@Override
public List<String> getScopes() {
return null;
}
@Override
public String getDisplay() {
return null;
}
@Override
public String getColor() {
return null;
}
@Override
public String getClientSecret() {
return "the_client_secret";
}
@Override
public Map<String, String> getUserProfileMapping() {
return userProfileMapping;
}
@Override
public List<GroupMappingEntity> getGroupMappings() {
return groupMappings;
}
@Override
public List<RoleMappingEntity> getRoleMappings() {
return roleMappings;
}
@Override
public boolean isEmailRequired() {
return true;
}
};
when(socialIdentityProviderService.findById(eq(USER_SOURCE_OAUTH2), any())).thenReturn(identityProvider);
cleanEnvironment();
cleanRolesGroupMapping();
reset(userService, groupService, roleService, membershipService);
}
Aggregations