Example 26 with Client
use of io.jans.as.common.model.registration.Client in project jans by JanssenProject.
the class ClientsResource method getOpenIdConnectClients.
@GET
@ProtectedApi(scopes = { ApiAccessConstants.OPENID_CLIENTS_READ_ACCESS })
public Response getOpenIdConnectClients(@DefaultValue(DEFAULT_LIST_SIZE) @QueryParam(value = ApiConstants.LIMIT) int limit, @DefaultValue("") @QueryParam(value = ApiConstants.PATTERN) String pattern, @DefaultValue(DEFAULT_LIST_START_INDEX) @QueryParam(value = ApiConstants.START_INDEX) int startIndex, @QueryParam(value = ApiConstants.SORT_BY) String sortBy, @QueryParam(value = ApiConstants.SORT_ORDER) String sortOrder) throws EncryptionException {
if (logger.isDebugEnabled()) {
logger.debug("Client serach param - limit:{}, pattern:{}, startIndex:{}, sortBy:{}, sortOrder:{}", escapeLog(limit), escapeLog(pattern), escapeLog(startIndex), escapeLog(sortBy), escapeLog(sortOrder));
}
SearchRequest searchReq = createSearchRequest(clientService.getDnForClient(null), pattern, sortBy, sortOrder, startIndex, limit, null, null);
final List<Client> clients = this.doSearch(searchReq);
log.trace("Client serach result:{}", clients);
return Response.ok(getClients(clients)).build();
}
Also used :
SearchRequest(io.jans.configapi.rest.model.SearchRequest)
Client(io.jans.as.common.model.registration.Client)
ProtectedApi(io.jans.configapi.core.rest.ProtectedApi)
Example 27 with Client
use of io.jans.as.common.model.registration.Client in project jans by JanssenProject.
the class ApiProtectionService method updateScopeForClientIfNeeded.
private void updateScopeForClientIfNeeded(String clientId) {
log.debug(" Internal clientId:{} ", clientId);
if (StringUtils.isBlank(clientId)) {
return;
}
try {
Client client = this.clientService.getClientByInum(clientId);
log.debug("updateScopeForClientIfNeeded() - Verify client:{} ", client);
if (client != null) {
// Assign scope
// Prepare scope array
List<String> scopes = getScopeWithDn(getAllScopes());
log.trace("updateScopeForClientIfNeeded() - All scopes:{}", scopes);
if (client.getScopes() != null) {
List<String> existingScopes = Arrays.asList(client.getScopes());
log.trace("updateScopeForClientIfNeeded() - Clients existing scopes:{} ", existingScopes);
if (scopes == null) {
scopes = new ArrayList<>();
}
scopes.addAll(existingScopes);
}
// Distinct scopes
List<String> distinctScopes = (scopes == null ? Collections.emptyList() : scopes.stream().distinct().collect(Collectors.toList()));
log.debug("updateScopeForClientIfNeeded() - Distinct scopes to add:{} ", distinctScopes);
String[] scopeArray = this.getAllScopesArray(distinctScopes);
log.debug("All Scope to assign to client:{}", Arrays.asList(scopeArray));
client.setScopes(scopeArray);
this.clientService.updateClient(client);
}
client = this.clientService.getClientByInum(clientId);
log.debug(" Verify scopes post assignment, clientId:{}, scopes:{}", clientId, Arrays.asList(client.getScopes()));
} catch (Exception ex) {
log.error("Error while searching internal client", ex);
}
}
Also used :
Client(io.jans.as.common.model.registration.Client)
IOException(java.io.IOException)
WebApplicationException(javax.ws.rs.WebApplicationException)
Example 28 with Client
use of io.jans.as.common.model.registration.Client in project jans by JanssenProject.
the class AuthUtil method assignAllScope.
public void assignAllScope(final String clientId) {
log.trace("Client to be assigned all scope - {} ", clientId);
// Get Client
Client client = this.clientService.getClientByInum(clientId);
if (client == null) {
return;
}
// Prepare scope array
List<String> scopes = getScopeWithDn(getAllScopes());
String[] scopeArray = this.getAllScopesArray(scopes);
log.debug(" scope to be assigned - {} ", Arrays.asList(scopeArray));
// Assign scope
client.setScopes(scopeArray);
this.clientService.updateClient(client);
client = this.clientService.getClientByInum(clientId);
log.debug(" Verify scopes post assignment, clientId: {} , scopes: {}", clientId, Arrays.asList(client.getScopes()));
}
Also used :
Client(io.jans.as.common.model.registration.Client)
Example 29 with Client
use of io.jans.as.common.model.registration.Client in project jans by JanssenProject.
the class AuthorizationGrant method createAccessTokenAsJwt.
private String createAccessTokenAsJwt(AccessToken accessToken, ExecutionContext context) throws Exception {
final User user = getUser();
final Client client = getClient();
SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.fromString(appConfiguration.getDefaultSignatureAlgorithm());
if (client.getAccessTokenSigningAlg() != null && SignatureAlgorithm.fromString(client.getAccessTokenSigningAlg()) != null) {
signatureAlgorithm = SignatureAlgorithm.fromString(client.getAccessTokenSigningAlg());
}
final JwtSigner jwtSigner = new JwtSigner(appConfiguration, webKeysConfiguration, signatureAlgorithm, client.getClientId(), clientService.decryptSecret(client.getClientSecret()));
final Jwt jwt = jwtSigner.newJwt();
jwt.getClaims().setClaim("scope", Lists.newArrayList(getScopes()));
jwt.getClaims().setClaim("client_id", getClientId());
jwt.getClaims().setClaim("username", user != null ? user.getAttribute("displayName") : null);
jwt.getClaims().setClaim("token_type", accessToken.getTokenType().getName());
// guarantee uniqueness : without it we can get race condition
jwt.getClaims().setClaim("code", accessToken.getCode());
jwt.getClaims().setExpirationTime(accessToken.getExpirationDate());
jwt.getClaims().setIssuedAt(accessToken.getCreationDate());
jwt.getClaims().setSubjectIdentifier(getSub());
jwt.getClaims().setClaim("x5t#S256", accessToken.getX5ts256());
// DPoP
final String dpop = context.getDpop();
if (StringUtils.isNotBlank(dpop)) {
jwt.getClaims().setNotBefore(accessToken.getCreationDate());
JSONObject cnf = new JSONObject();
cnf.put("jkt", dpop);
jwt.getClaims().setClaim("cnf", cnf);
}
Audience.setAudience(jwt.getClaims(), getClient());
if (isTrue(client.getAttributes().getRunIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims())) {
runIntrospectionScriptAndInjectValuesIntoJwt(jwt, context);
}
final String accessTokenCode = jwtSigner.sign().toString();
if (log.isTraceEnabled())
log.trace("Created access token JWT: {}", accessTokenCode + ", claims: " + jwt.getClaims().toJsonString());
return accessTokenCode;
}
Also used :
JwtSigner(io.jans.as.server.model.token.JwtSigner)
User(io.jans.as.common.model.common.User)
JSONObject(org.json.JSONObject)
Jwt(io.jans.as.model.jwt.Jwt)
SignatureAlgorithm(io.jans.as.model.crypto.signature.SignatureAlgorithm)
Client(io.jans.as.common.model.registration.Client)
Example 30 with Client
use of io.jans.as.common.model.registration.Client in project jans by JanssenProject.
the class AuthorizationGrantList method asGrant.
public AuthorizationGrant asGrant(TokenEntity tokenEntity) {
if (tokenEntity != null) {
final AuthorizationGrantType grantType = AuthorizationGrantType.fromString(tokenEntity.getGrantType());
if (grantType != null) {
final User user = userService.getUser(tokenEntity.getUserId());
final Client client = clientService.getClient(tokenEntity.getClientId());
final Date authenticationTime = tokenEntity.getAuthenticationTime();
final String nonce = tokenEntity.getNonce();
AuthorizationGrant result;
switch(grantType) {
case AUTHORIZATION_CODE:
AuthorizationCodeGrant authorizationCodeGrant = grantInstance.select(AuthorizationCodeGrant.class).get();
authorizationCodeGrant.init(user, client, authenticationTime);
result = authorizationCodeGrant;
break;
case CLIENT_CREDENTIALS:
ClientCredentialsGrant clientCredentialsGrant = grantInstance.select(ClientCredentialsGrant.class).get();
clientCredentialsGrant.init(user, client);
result = clientCredentialsGrant;
break;
case IMPLICIT:
ImplicitGrant implicitGrant = grantInstance.select(ImplicitGrant.class).get();
implicitGrant.init(user, client, authenticationTime);
result = implicitGrant;
break;
case RESOURCE_OWNER_PASSWORD_CREDENTIALS:
ResourceOwnerPasswordCredentialsGrant resourceOwnerPasswordCredentialsGrant = grantInstance.select(ResourceOwnerPasswordCredentialsGrant.class).get();
resourceOwnerPasswordCredentialsGrant.init(user, client);
result = resourceOwnerPasswordCredentialsGrant;
break;
case CIBA:
CIBAGrant cibaGrant = grantInstance.select(CIBAGrant.class).get();
cibaGrant.init(user, AuthorizationGrantType.CIBA, client, tokenEntity.getCreationDate());
result = cibaGrant;
break;
case DEVICE_CODE:
DeviceCodeGrant deviceCodeGrant = grantInstance.select(DeviceCodeGrant.class).get();
deviceCodeGrant.init(user, AuthorizationGrantType.DEVICE_CODE, client, tokenEntity.getCreationDate());
result = deviceCodeGrant;
break;
default:
return null;
}
final String grantId = tokenEntity.getGrantId();
final String jwtRequest = tokenEntity.getJwtRequest();
final String authMode = tokenEntity.getAuthMode();
final String sessionDn = tokenEntity.getSessionDn();
final String claims = tokenEntity.getClaims();
result.setTokenBindingHash(tokenEntity.getTokenBindingHash());
result.setNonce(nonce);
result.setX5cs256(tokenEntity.getAttributes().getX5cs256());
result.setTokenEntity(tokenEntity);
if (StringUtils.isNotBlank(grantId)) {
result.setGrantId(grantId);
}
result.setScopes(Util.splittedStringAsList(tokenEntity.getScope(), " "));
result.setCodeChallenge(tokenEntity.getCodeChallenge());
result.setCodeChallengeMethod(tokenEntity.getCodeChallengeMethod());
if (StringUtils.isNotBlank(jwtRequest)) {
try {
result.setJwtAuthorizationRequest(new JwtAuthorizationRequest(appConfiguration, cryptoProvider, jwtRequest, client));
} catch (Exception e) {
log.trace(e.getMessage(), e);
}
}
result.setAcrValues(authMode);
result.setSessionDn(sessionDn);
result.setClaims(claims);
if (tokenEntity.getTokenTypeEnum() != null) {
switch(tokenEntity.getTokenTypeEnum()) {
case AUTHORIZATION_CODE:
if (result instanceof AuthorizationCodeGrant) {
final AuthorizationCode code = new AuthorizationCode(tokenEntity.getTokenCode(), tokenEntity.getCreationDate(), tokenEntity.getExpirationDate());
final AuthorizationCodeGrant g = (AuthorizationCodeGrant) result;
g.setAuthorizationCode(code);
}
break;
case REFRESH_TOKEN:
final RefreshToken refreshToken = new RefreshToken(tokenEntity.getTokenCode(), tokenEntity.getCreationDate(), tokenEntity.getExpirationDate());
result.setRefreshTokens(Collections.singletonList(refreshToken));
break;
case ACCESS_TOKEN:
final AccessToken accessToken = new AccessToken(tokenEntity.getTokenCode(), tokenEntity.getCreationDate(), tokenEntity.getExpirationDate());
accessToken.setDpop(tokenEntity.getDpop());
result.setAccessTokens(Collections.singletonList(accessToken));
break;
case ID_TOKEN:
final IdToken idToken = new IdToken(tokenEntity.getTokenCode(), tokenEntity.getCreationDate(), tokenEntity.getExpirationDate());
result.setIdToken(idToken);
break;
case LONG_LIVED_ACCESS_TOKEN:
final AccessToken longLivedAccessToken = new AccessToken(tokenEntity.getTokenCode(), tokenEntity.getCreationDate(), tokenEntity.getExpirationDate());
result.setLongLivedAccessToken(longLivedAccessToken);
break;
}
}
return result;
}
}
return null;
}
Also used :
User(io.jans.as.common.model.common.User)
Date(java.util.Date)
JwtAuthorizationRequest(io.jans.as.server.model.authorize.JwtAuthorizationRequest)
Client(io.jans.as.common.model.registration.Client)
Aggregations
Client (io.jans.as.common.model.registration.Client)70
WebApplicationException (javax.ws.rs.WebApplicationException)20
InvalidJwtException (io.jans.as.model.exception.InvalidJwtException)12
JSONObject (org.json.JSONObject)12
Test (org.testng.annotations.Test)12
User (io.jans.as.common.model.common.User)11
BaseComponentTest (io.jans.as.server.BaseComponentTest)10
Calendar (java.util.Calendar)10
GregorianCalendar (java.util.GregorianCalendar)10
IOException (java.io.IOException)9
OAuth2AuditLog (io.jans.as.server.model.audit.OAuth2AuditLog)8
AuthorizationGrant (io.jans.as.server.model.common.AuthorizationGrant)8
ExecutionContext (io.jans.as.server.model.common.ExecutionContext)8
JSONException (org.json.JSONException)8
Jwt (io.jans.as.model.jwt.Jwt)7
Response (javax.ws.rs.core.Response)7
SessionClient (io.jans.as.server.model.session.SessionClient)6
ProtectedApi (io.jans.configapi.core.rest.ProtectedApi)6
ServletException (javax.servlet.ServletException)6
SignatureAlgorithm (io.jans.as.model.crypto.signature.SignatureAlgorithm)5
