use of io.jans.as.model.jwt.JwtSubClaimObject in project jans by JanssenProject.
the class IdTokenFactory method fillClaims.
private void fillClaims(JsonWebResponse jwr, IAuthorizationGrant authorizationGrant, AuthorizationCode authorizationCode, AccessToken accessToken, RefreshToken refreshToken, ExecutionContext executionContext) throws Exception {
jwr.getClaims().setIssuer(appConfiguration.getIssuer());
Audience.setAudience(jwr.getClaims(), authorizationGrant.getClient());
int lifeTime = appConfiguration.getIdTokenLifetime();
int lifetimeFromScript = externalUpdateTokenService.getIdTokenLifetimeInSeconds(ExternalUpdateTokenContext.of(executionContext));
if (lifetimeFromScript > 0) {
lifeTime = lifetimeFromScript;
log.trace("Override id token lifetime with value from script: {}", lifetimeFromScript);
}
Calendar calendar = Calendar.getInstance();
Date issuedAt = calendar.getTime();
calendar.add(Calendar.SECOND, lifeTime);
Date expiration = calendar.getTime();
jwr.getClaims().setExpirationTime(expiration);
jwr.getClaims().setIssuedAt(issuedAt);
jwr.setClaim("code", UUID.randomUUID().toString());
if (executionContext.getPreProcessing() != null) {
executionContext.getPreProcessing().apply(jwr);
}
final SessionId session = sessionIdService.getSessionByDn(authorizationGrant.getSessionDn());
if (session != null) {
jwr.setClaim("sid", session.getOutsideSid());
}
if (authorizationGrant.getAcrValues() != null) {
jwr.setClaim(JwtClaimName.AUTHENTICATION_CONTEXT_CLASS_REFERENCE, authorizationGrant.getAcrValues());
setAmrClaim(jwr, authorizationGrant.getAcrValues());
}
String nonce = executionContext.getNonce();
if (StringUtils.isNotBlank(nonce)) {
jwr.setClaim(JwtClaimName.NONCE, nonce);
}
if (authorizationGrant.getAuthenticationTime() != null) {
jwr.getClaims().setClaim(JwtClaimName.AUTHENTICATION_TIME, authorizationGrant.getAuthenticationTime());
}
if (authorizationCode != null) {
String codeHash = AbstractToken.getHash(authorizationCode.getCode(), jwr.getHeader().getSignatureAlgorithm());
jwr.setClaim(JwtClaimName.CODE_HASH, codeHash);
}
if (accessToken != null) {
String accessTokenHash = AbstractToken.getHash(accessToken.getCode(), jwr.getHeader().getSignatureAlgorithm());
jwr.setClaim(JwtClaimName.ACCESS_TOKEN_HASH, accessTokenHash);
}
String state = executionContext.getState();
if (Strings.isNotBlank(state)) {
String stateHash = AbstractToken.getHash(state, jwr.getHeader().getSignatureAlgorithm());
jwr.setClaim(JwtClaimName.STATE_HASH, stateHash);
}
if (authorizationGrant.getGrantType() != null) {
jwr.setClaim("grant", authorizationGrant.getGrantType().getValue());
}
jwr.setClaim(JwtClaimName.OX_OPENID_CONNECT_VERSION, appConfiguration.getOxOpenIdConnectVersion());
User user = authorizationGrant.getUser();
List<Scope> dynamicScopes = new ArrayList<>();
if (executionContext.isIncludeIdTokenClaims() && authorizationGrant.getClient().isIncludeClaimsInIdToken()) {
for (String scopeName : executionContext.getScopes()) {
Scope scope = scopeService.getScopeById(scopeName);
if (scope == null) {
continue;
}
if (DYNAMIC == scope.getScopeType()) {
dynamicScopes.add(scope);
continue;
}
Map<String, Object> claims = scopeService.getClaims(user, scope);
if (Boolean.TRUE.equals(scope.isGroupClaims())) {
JwtSubClaimObject groupClaim = new JwtSubClaimObject();
groupClaim.setName(scope.getId());
for (Map.Entry<String, Object> entry : claims.entrySet()) {
String key = entry.getKey();
Object value = entry.getValue();
if (value instanceof List) {
groupClaim.setClaim(key, (List) value);
} else {
groupClaim.setClaim(key, (String) value);
}
}
jwr.getClaims().setClaim(scope.getId(), groupClaim);
} else {
for (Map.Entry<String, Object> entry : claims.entrySet()) {
String key = entry.getKey();
Object value = entry.getValue();
if (value instanceof List) {
jwr.getClaims().setClaim(key, (List) value);
} else if (value instanceof Boolean) {
jwr.getClaims().setClaim(key, (Boolean) value);
} else if (value instanceof Date) {
jwr.getClaims().setClaim(key, ((Date) value).getTime() / 1000);
} else {
jwr.setClaim(key, (String) value);
}
}
}
jwr.getClaims().setSubjectIdentifier(authorizationGrant.getUser().getAttribute("inum"));
}
}
setClaimsFromJwtAuthorizationRequest(jwr, authorizationGrant, executionContext.getScopes());
setClaimsFromRequestedClaims(executionContext.getClaimsAsString(), jwr, user);
filterClaimsBasedOnAccessToken(jwr, accessToken, authorizationCode);
jwrService.setSubjectIdentifier(jwr, authorizationGrant);
if ((dynamicScopes.size() > 0) && externalDynamicScopeService.isEnabled()) {
final UnmodifiableAuthorizationGrant unmodifiableAuthorizationGrant = new UnmodifiableAuthorizationGrant(authorizationGrant);
DynamicScopeExternalContext dynamicScopeContext = new DynamicScopeExternalContext(dynamicScopes, jwr, unmodifiableAuthorizationGrant);
externalDynamicScopeService.executeExternalUpdateMethods(dynamicScopeContext);
}
processCiba(jwr, authorizationGrant, refreshToken);
if (executionContext.getPostProcessor() != null) {
executionContext.getPostProcessor().apply(jwr);
}
}
use of io.jans.as.model.jwt.JwtSubClaimObject in project jans by JanssenProject.
the class UserInfoRestWebServiceImpl method getJSonResponse.
/**
* Builds a JSon String with the response parameters.
*/
public String getJSonResponse(User user, AuthorizationGrant authorizationGrant, Collection<String> scopes) throws InvalidClaimException, ParseException {
log.trace("Building JSON reponse with next scopes {} for user {} and user custom attributes {}", scopes, user.getUserId(), user.getCustomAttributes());
JsonWebResponse jsonWebResponse = new JsonWebResponse();
// Claims
List<Scope> dynamicScopes = new ArrayList<>();
for (String scopeName : scopes) {
Scope scope = scopeService.getScopeById(scopeName);
if ((scope != null) && (ScopeType.DYNAMIC == scope.getScopeType())) {
dynamicScopes.add(scope);
continue;
}
Map<String, Object> claims = scopeService.getClaims(user, scope);
if (claims == null) {
continue;
}
if (scope == null) {
log.trace("Unable to find scope in persistence. Is it removed? Scope name: {}", scopeName);
}
if (scope != null && Boolean.TRUE.equals(scope.isGroupClaims())) {
JwtSubClaimObject groupClaim = new JwtSubClaimObject();
groupClaim.setName(scope.getId());
for (Map.Entry<String, Object> entry : claims.entrySet()) {
String key = entry.getKey();
Object value = entry.getValue();
if (value instanceof List) {
groupClaim.setClaim(key, (List<String>) value);
} else {
groupClaim.setClaim(key, String.valueOf(value));
}
}
jsonWebResponse.getClaims().setClaim(scope.getId(), groupClaim);
} else {
for (Map.Entry<String, Object> entry : claims.entrySet()) {
String key = entry.getKey();
Object value = entry.getValue();
if (value instanceof List) {
jsonWebResponse.getClaims().setClaim(key, (List<String>) value);
} else if (value instanceof Boolean) {
jsonWebResponse.getClaims().setClaim(key, (Boolean) value);
} else if (value instanceof Date) {
jsonWebResponse.getClaims().setClaim(key, ((Date) value).getTime() / 1000);
} else {
jsonWebResponse.getClaims().setClaim(key, String.valueOf(value));
}
}
}
}
if (authorizationGrant.getClaims() != null) {
JSONObject claimsObj = new JSONObject(authorizationGrant.getClaims());
if (claimsObj.has("userinfo")) {
JSONObject userInfoObj = claimsObj.getJSONObject("userinfo");
for (Iterator<String> it = userInfoObj.keys(); it.hasNext(); ) {
String claimName = it.next();
// ClaimValueType.OPTIONAL.equals(claim.getClaimValue().getClaimValueType());
boolean optional = true;
GluuAttribute gluuAttribute = attributeService.getByClaimName(claimName);
if (gluuAttribute != null) {
String ldapClaimName = gluuAttribute.getName();
Object attribute = user.getAttribute(ldapClaimName, optional, gluuAttribute.getOxMultiValuedAttribute());
jsonWebResponse.getClaims().setClaimFromJsonObject(claimName, attribute);
}
}
}
}
if (authorizationGrant.getJwtAuthorizationRequest() != null && authorizationGrant.getJwtAuthorizationRequest().getUserInfoMember() != null) {
for (Claim claim : authorizationGrant.getJwtAuthorizationRequest().getUserInfoMember().getClaims()) {
// ClaimValueType.OPTIONAL.equals(claim.getClaimValue().getClaimValueType());
boolean optional = true;
GluuAttribute gluuAttribute = attributeService.getByClaimName(claim.getName());
if (gluuAttribute != null) {
Client client = authorizationGrant.getClient();
if (validateRequesteClaim(gluuAttribute, client.getClaims(), scopes)) {
String ldapClaimName = gluuAttribute.getName();
Object attribute = user.getAttribute(ldapClaimName, optional, gluuAttribute.getOxMultiValuedAttribute());
jsonWebResponse.getClaims().setClaimFromJsonObject(claim.getName(), attribute);
}
}
}
}
jsonWebResponse.getClaims().setSubjectIdentifier(authorizationGrant.getSub());
if ((dynamicScopes.size() > 0) && externalDynamicScopeService.isEnabled()) {
final UnmodifiableAuthorizationGrant unmodifiableAuthorizationGrant = new UnmodifiableAuthorizationGrant(authorizationGrant);
DynamicScopeExternalContext dynamicScopeContext = new DynamicScopeExternalContext(dynamicScopes, jsonWebResponse, unmodifiableAuthorizationGrant);
externalDynamicScopeService.executeExternalUpdateMethods(dynamicScopeContext);
}
return jsonWebResponse.toString();
}
Aggregations