Example 6 with SocialIdentityProviderEntity
use of io.gravitee.rest.api.model.configuration.identity.SocialIdentityProviderEntity in project gravitee-management-rest-api by gravitee-io.
the class OAuth2AuthenticationResource method tokenExchange.
@POST
@Path("_exchange")
@Produces(MediaType.APPLICATION_JSON)
public Response tokenExchange(@PathParam(value = "identity") final String identity, @QueryParam(value = "token") final String token, @Context final HttpServletResponse servletResponse) {
SocialIdentityProviderEntity identityProvider = socialIdentityProviderService.findById(identity, new IdentityProviderActivationService.ActivationTarget(GraviteeContext.getCurrentEnvironment(), IdentityProviderActivationReferenceType.ENVIRONMENT));
if (identityProvider != null) {
if (identityProvider.getTokenIntrospectionEndpoint() != null) {
// Step1. Check the token by invoking the introspection endpoint
final MultivaluedStringMap introspectData = new MultivaluedStringMap();
introspectData.add(TOKEN, token);
Response response = client.target(identityProvider.getTokenIntrospectionEndpoint()).request(javax.ws.rs.core.MediaType.APPLICATION_JSON_TYPE).header(HttpHeaders.AUTHORIZATION, String.format("Basic %s", Base64.getEncoder().encodeToString((identityProvider.getClientId() + ':' + identityProvider.getClientSecret()).getBytes()))).post(Entity.form(introspectData));
introspectData.clear();
if (response.getStatus() == Response.Status.OK.getStatusCode()) {
JsonNode introspectPayload = response.readEntity(JsonNode.class);
boolean active = introspectPayload.path("active").asBoolean(true);
if (active) {
return authenticateUser(identityProvider, servletResponse, token, null, null);
} else {
return Response.status(Response.Status.UNAUTHORIZED).entity(introspectPayload).build();
}
} else {
LOGGER.error("Token exchange failed with status {}: {}\n{}", response.getStatus(), response.getStatusInfo(), getResponseEntityAsString(response));
}
return Response.status(response.getStatusInfo()).entity(response.getEntity()).build();
} else {
return Response.status(Response.Status.BAD_REQUEST).entity("Token exchange is not supported for this identity provider").build();
}
}
return Response.status(Response.Status.NOT_FOUND).build();
}
Also used :
HttpServletResponse(javax.servlet.http.HttpServletResponse)
Response(javax.ws.rs.core.Response)
MultivaluedStringMap(org.glassfish.jersey.internal.util.collection.MultivaluedStringMap)
IdentityProviderActivationService(io.gravitee.rest.api.service.configuration.identity.IdentityProviderActivationService)
JsonNode(com.fasterxml.jackson.databind.JsonNode)
SocialIdentityProviderEntity(io.gravitee.rest.api.model.configuration.identity.SocialIdentityProviderEntity)
Aggregations
SocialIdentityProviderEntity (io.gravitee.rest.api.model.configuration.identity.SocialIdentityProviderEntity)6
IdentityProviderActivationService (io.gravitee.rest.api.service.configuration.identity.IdentityProviderActivationService)4
HttpServletResponse (javax.servlet.http.HttpServletResponse)4
Response (javax.ws.rs.core.Response)4
MultivaluedStringMap (org.glassfish.jersey.internal.util.collection.MultivaluedStringMap)4
JsonNode (com.fasterxml.jackson.databind.JsonNode)2
GroupMappingEntity (io.gravitee.rest.api.model.configuration.identity.GroupMappingEntity)2
IdentityProviderType (io.gravitee.rest.api.model.configuration.identity.IdentityProviderType)2
RoleMappingEntity (io.gravitee.rest.api.model.configuration.identity.RoleMappingEntity)2
Before (org.junit.Before)2
ArrayList (java.util.ArrayList)1
HashMap (java.util.HashMap)1
List (java.util.List)1
Map (java.util.Map)1
