Search in sources :

Example 1 with SocialIdentityProviderEntity

use of io.gravitee.rest.api.model.configuration.identity.SocialIdentityProviderEntity in project gravitee-management-rest-api by gravitee-io.

the class OAuth2AuthenticationResource method tokenExchange.

@POST
@Path("exchange")
@Produces(MediaType.APPLICATION_JSON)
public Response tokenExchange(@PathParam(value = "identity") final String identity, @QueryParam(value = "token") final String token, @Context final HttpServletResponse servletResponse) throws IOException {
    SocialIdentityProviderEntity identityProvider = socialIdentityProviderService.findById(identity, new IdentityProviderActivationService.ActivationTarget(GraviteeContext.getCurrentOrganization(), IdentityProviderActivationReferenceType.ORGANIZATION));
    if (identityProvider != null) {
        if (identityProvider.getTokenIntrospectionEndpoint() != null) {
            // Step1. Check the token by invoking the introspection endpoint
            final MultivaluedStringMap introspectData = new MultivaluedStringMap();
            introspectData.add(TOKEN, token);
            Response response = client.target(identityProvider.getTokenIntrospectionEndpoint()).request(javax.ws.rs.core.MediaType.APPLICATION_JSON_TYPE).header(HttpHeaders.AUTHORIZATION, String.format("Basic %s", Base64.getEncoder().encodeToString((identityProvider.getClientId() + ':' + identityProvider.getClientSecret()).getBytes()))).post(Entity.form(introspectData));
            introspectData.clear();
            if (response.getStatus() == Response.Status.OK.getStatusCode()) {
                JsonNode introspectPayload = response.readEntity(JsonNode.class);
                boolean active = introspectPayload.path("active").asBoolean(true);
                if (active) {
                    return authenticateUser(identityProvider, servletResponse, token, null, null);
                } else {
                    return Response.status(Response.Status.UNAUTHORIZED).entity(introspectPayload).build();
                }
            } else {
                LOGGER.error("Token exchange failed with status {}: {}\n{}", response.getStatus(), response.getStatusInfo(), getResponseEntityAsString(response));
            }
            return Response.status(response.getStatusInfo()).entity(response.getEntity()).build();
        } else {
            return Response.status(Response.Status.BAD_REQUEST).entity("Token exchange is not supported for this identity provider").build();
        }
    }
    return Response.status(Response.Status.NOT_FOUND).build();
}
Also used : HttpServletResponse(javax.servlet.http.HttpServletResponse) Response(javax.ws.rs.core.Response) MultivaluedStringMap(org.glassfish.jersey.internal.util.collection.MultivaluedStringMap) IdentityProviderActivationService(io.gravitee.rest.api.service.configuration.identity.IdentityProviderActivationService) JsonNode(com.fasterxml.jackson.databind.JsonNode) SocialIdentityProviderEntity(io.gravitee.rest.api.model.configuration.identity.SocialIdentityProviderEntity)

Example 2 with SocialIdentityProviderEntity

use of io.gravitee.rest.api.model.configuration.identity.SocialIdentityProviderEntity in project gravitee-management-rest-api by gravitee-io.

the class OAuth2AuthenticationResource method exchangeAuthorizationCode.

@POST
@Produces(MediaType.APPLICATION_JSON)
public Response exchangeAuthorizationCode(@PathParam(value = "identity") String identity, @Valid @NotNull final Payload payload, @Context final HttpServletResponse servletResponse) throws IOException {
    SocialIdentityProviderEntity identityProvider = socialIdentityProviderService.findById(identity, new IdentityProviderActivationService.ActivationTarget(GraviteeContext.getCurrentOrganization(), IdentityProviderActivationReferenceType.ORGANIZATION));
    if (identityProvider != null) {
        // Step 1. Exchange authorization code for access token.
        final MultivaluedStringMap accessData = new MultivaluedStringMap();
        accessData.add(CLIENT_ID_KEY, payload.getClientId());
        accessData.add(REDIRECT_URI_KEY, payload.getRedirectUri());
        accessData.add(CLIENT_SECRET, identityProvider.getClientSecret());
        accessData.add(CODE_KEY, payload.getCode());
        accessData.add(GRANT_TYPE_KEY, AUTH_CODE);
        Response response = client.target(identityProvider.getTokenEndpoint()).request(javax.ws.rs.core.MediaType.APPLICATION_JSON_TYPE).post(Entity.form(accessData));
        accessData.clear();
        if (response.getStatus() == Response.Status.OK.getStatusCode()) {
            final Map<String, Object> responseEntity = getResponseEntity(response);
            final String accessToken = (String) responseEntity.get(ACCESS_TOKEN_PROPERTY);
            final String idToken = (String) responseEntity.get(ID_TOKEN_PROPERTY);
            return authenticateUser(identityProvider, servletResponse, accessToken, idToken, payload.getState());
        } else {
            LOGGER.error("Exchange authorization code failed with status {}: {}\n{}", response.getStatus(), response.getStatusInfo(), getResponseEntityAsString(response));
        }
        return Response.status(Response.Status.UNAUTHORIZED).build();
    }
    return Response.status(Response.Status.NOT_FOUND).build();
}
Also used : HttpServletResponse(javax.servlet.http.HttpServletResponse) Response(javax.ws.rs.core.Response) MultivaluedStringMap(org.glassfish.jersey.internal.util.collection.MultivaluedStringMap) IdentityProviderActivationService(io.gravitee.rest.api.service.configuration.identity.IdentityProviderActivationService) SocialIdentityProviderEntity(io.gravitee.rest.api.model.configuration.identity.SocialIdentityProviderEntity)

Example 3 with SocialIdentityProviderEntity

use of io.gravitee.rest.api.model.configuration.identity.SocialIdentityProviderEntity in project gravitee-management-rest-api by gravitee-io.

the class OAuth2AuthenticationResource method exchangeAuthorizationCode.

@POST
@Produces(MediaType.APPLICATION_JSON)
public Response exchangeAuthorizationCode(@PathParam(value = "identity") String identity, @Valid @NotNull(message = "Input must not be null.") final PayloadInput payloadInput, @Context final HttpServletResponse servletResponse) throws IOException {
    SocialIdentityProviderEntity identityProvider = socialIdentityProviderService.findById(identity, new IdentityProviderActivationService.ActivationTarget(GraviteeContext.getCurrentEnvironment(), IdentityProviderActivationReferenceType.ENVIRONMENT));
    if (identityProvider != null) {
        // Step 1. Exchange authorization code for access token.
        final MultivaluedStringMap accessData = new MultivaluedStringMap();
        accessData.add(CLIENT_ID_KEY, payloadInput.getClientId());
        accessData.add(REDIRECT_URI_KEY, payloadInput.getRedirectUri());
        accessData.add(CLIENT_SECRET, identityProvider.getClientSecret());
        accessData.add(CODE_KEY, payloadInput.getCode());
        accessData.add(CODE_VERIFIER_KEY, payloadInput.getCodeVerifier());
        accessData.add(GRANT_TYPE_KEY, payloadInput.getGrantType());
        Response response = client.target(identityProvider.getTokenEndpoint()).request(javax.ws.rs.core.MediaType.APPLICATION_JSON_TYPE).post(Entity.form(accessData));
        accessData.clear();
        if (response.getStatus() == Response.Status.OK.getStatusCode()) {
            final Map<String, Object> responseEntity = getResponseEntity(response);
            final String accessToken = (String) responseEntity.get(ACCESS_TOKEN_PROPERTY);
            final String idToken = (String) responseEntity.get(ID_TOKEN_PROPERTY);
            return authenticateUser(identityProvider, servletResponse, accessToken, idToken, payloadInput.getState());
        } else {
            LOGGER.error("Exchange authorization code failed with status {}: {}\n{}", response.getStatus(), response.getStatusInfo(), getResponseEntityAsString(response));
        }
        return Response.status(Response.Status.UNAUTHORIZED).build();
    }
    return Response.status(Response.Status.NOT_FOUND).build();
}
Also used : HttpServletResponse(javax.servlet.http.HttpServletResponse) Response(javax.ws.rs.core.Response) MultivaluedStringMap(org.glassfish.jersey.internal.util.collection.MultivaluedStringMap) IdentityProviderActivationService(io.gravitee.rest.api.service.configuration.identity.IdentityProviderActivationService) SocialIdentityProviderEntity(io.gravitee.rest.api.model.configuration.identity.SocialIdentityProviderEntity)

Example 4 with SocialIdentityProviderEntity

use of io.gravitee.rest.api.model.configuration.identity.SocialIdentityProviderEntity in project gravitee-management-rest-api by gravitee-io.

the class OAuth2AuthenticationResourceTest method init.

@Before
public void init() {
    identityProvider = new SocialIdentityProviderEntity() {

        @Override
        public String getId() {
            return USER_SOURCE_OAUTH2;
        }

        @Override
        public IdentityProviderType getType() {
            return IdentityProviderType.OIDC;
        }

        @Override
        public String getAuthorizationEndpoint() {
            return null;
        }

        @Override
        public String getTokenEndpoint() {
            return "http://localhost:" + wireMockRule.port() + "/token";
        }

        @Override
        public String getUserInfoEndpoint() {
            return "http://localhost:" + wireMockRule.port() + "/userinfo";
        }

        @Override
        public List<String> getRequiredUrlParams() {
            return null;
        }

        @Override
        public List<String> getOptionalUrlParams() {
            return null;
        }

        @Override
        public List<String> getScopes() {
            return null;
        }

        @Override
        public String getDisplay() {
            return null;
        }

        @Override
        public String getColor() {
            return null;
        }

        @Override
        public String getClientSecret() {
            return "the_client_secret";
        }

        private Map<String, String> userProfileMapping = new HashMap<>();

        @Override
        public Map<String, String> getUserProfileMapping() {
            return userProfileMapping;
        }

        private List<GroupMappingEntity> groupMappings = new ArrayList<>();

        @Override
        public List<GroupMappingEntity> getGroupMappings() {
            return groupMappings;
        }

        private List<RoleMappingEntity> roleMappings = new ArrayList<>();

        @Override
        public List<RoleMappingEntity> getRoleMappings() {
            return roleMappings;
        }

        @Override
        public boolean isEmailRequired() {
            return true;
        }
    };
    when(socialIdentityProviderService.findById(eq(USER_SOURCE_OAUTH2), any())).thenReturn(identityProvider);
    cleanEnvironment();
    cleanRolesGroupMapping();
    reset(userService, groupService, roleService, membershipService);
}
Also used : RoleMappingEntity(io.gravitee.rest.api.model.configuration.identity.RoleMappingEntity) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) ArrayList(java.util.ArrayList) List(java.util.List) GroupMappingEntity(io.gravitee.rest.api.model.configuration.identity.GroupMappingEntity) SocialIdentityProviderEntity(io.gravitee.rest.api.model.configuration.identity.SocialIdentityProviderEntity) IdentityProviderType(io.gravitee.rest.api.model.configuration.identity.IdentityProviderType) HashMap(java.util.HashMap) Map(java.util.Map) Before(org.junit.Before)

Example 5 with SocialIdentityProviderEntity

use of io.gravitee.rest.api.model.configuration.identity.SocialIdentityProviderEntity in project gravitee-management-rest-api by gravitee-io.

the class OAuth2AuthenticationResourceTest method init.

@Before
public void init() {
    identityProvider = new SocialIdentityProviderEntity() {

        private Map<String, String> userProfileMapping = new HashMap<>();

        private List<GroupMappingEntity> groupMappings = new ArrayList<>();

        private List<RoleMappingEntity> roleMappings = new ArrayList<>();

        @Override
        public String getId() {
            return USER_SOURCE_OAUTH2;
        }

        @Override
        public IdentityProviderType getType() {
            return IdentityProviderType.OIDC;
        }

        @Override
        public String getAuthorizationEndpoint() {
            return null;
        }

        @Override
        public String getTokenEndpoint() {
            return "http://localhost:" + wireMockRule.port() + "/token";
        }

        @Override
        public String getUserInfoEndpoint() {
            return "http://localhost:" + wireMockRule.port() + "/userinfo";
        }

        @Override
        public List<String> getRequiredUrlParams() {
            return null;
        }

        @Override
        public List<String> getOptionalUrlParams() {
            return null;
        }

        @Override
        public List<String> getScopes() {
            return null;
        }

        @Override
        public String getDisplay() {
            return null;
        }

        @Override
        public String getColor() {
            return null;
        }

        @Override
        public String getClientSecret() {
            return "the_client_secret";
        }

        @Override
        public Map<String, String> getUserProfileMapping() {
            return userProfileMapping;
        }

        @Override
        public List<GroupMappingEntity> getGroupMappings() {
            return groupMappings;
        }

        @Override
        public List<RoleMappingEntity> getRoleMappings() {
            return roleMappings;
        }

        @Override
        public boolean isEmailRequired() {
            return true;
        }
    };
    when(socialIdentityProviderService.findById(eq(USER_SOURCE_OAUTH2), any())).thenReturn(identityProvider);
    cleanEnvironment();
    cleanRolesGroupMapping();
    reset(userService, groupService, roleService, membershipService);
}
Also used : RoleMappingEntity(io.gravitee.rest.api.model.configuration.identity.RoleMappingEntity) GroupMappingEntity(io.gravitee.rest.api.model.configuration.identity.GroupMappingEntity) SocialIdentityProviderEntity(io.gravitee.rest.api.model.configuration.identity.SocialIdentityProviderEntity) IdentityProviderType(io.gravitee.rest.api.model.configuration.identity.IdentityProviderType) Before(org.junit.Before)

Aggregations

SocialIdentityProviderEntity (io.gravitee.rest.api.model.configuration.identity.SocialIdentityProviderEntity)6 IdentityProviderActivationService (io.gravitee.rest.api.service.configuration.identity.IdentityProviderActivationService)4 HttpServletResponse (javax.servlet.http.HttpServletResponse)4 Response (javax.ws.rs.core.Response)4 MultivaluedStringMap (org.glassfish.jersey.internal.util.collection.MultivaluedStringMap)4 JsonNode (com.fasterxml.jackson.databind.JsonNode)2 GroupMappingEntity (io.gravitee.rest.api.model.configuration.identity.GroupMappingEntity)2 IdentityProviderType (io.gravitee.rest.api.model.configuration.identity.IdentityProviderType)2 RoleMappingEntity (io.gravitee.rest.api.model.configuration.identity.RoleMappingEntity)2 Before (org.junit.Before)2 ArrayList (java.util.ArrayList)1 HashMap (java.util.HashMap)1 List (java.util.List)1 Map (java.util.Map)1