Search in sources :

Example 1 with JwtAuthorizationRequest

use of io.jans.as.server.model.authorize.JwtAuthorizationRequest in project jans by JanssenProject.

the class AuthorizeAction method getRequestedClaims.

public List<String> getRequestedClaims() {
    Set<String> result = new HashSet<String>();
    String requestJwt = request;
    if (StringUtils.isBlank(requestJwt) && StringUtils.isNotBlank(requestUri)) {
        try {
            URI reqUri = new URI(requestUri);
            String reqUriHash = reqUri.getFragment();
            String reqUriWithoutFragment = reqUri.getScheme() + ":" + reqUri.getSchemeSpecificPart();
            javax.ws.rs.client.Client clientRequest = ClientBuilder.newClient();
            try {
                Response clientResponse = clientRequest.target(reqUriWithoutFragment).request().buildGet().invoke();
                clientRequest.close();
                int status = clientResponse.getStatus();
                if (status == 200) {
                    String entity = clientResponse.readEntity(String.class);
                    if (StringUtils.isBlank(reqUriHash)) {
                        requestJwt = entity;
                    } else {
                        String hash = Base64Util.base64urlencode(JwtUtil.getMessageDigestSHA256(entity));
                        if (StringUtils.equals(reqUriHash, hash)) {
                            requestJwt = entity;
                        }
                    }
                }
            } finally {
                clientRequest.close();
            }
        } catch (Exception e) {
            log.error(e.getMessage(), e);
        }
    }
    if (StringUtils.isNotBlank(requestJwt)) {
        try {
            Client client = clientService.getClient(clientId);
            if (client != null) {
                JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(appConfiguration, cryptoProvider, request, client);
                if (jwtAuthorizationRequest.getUserInfoMember() != null) {
                    for (Claim claim : jwtAuthorizationRequest.getUserInfoMember().getClaims()) {
                        result.add(claim.getName());
                    }
                }
                if (jwtAuthorizationRequest.getIdTokenMember() != null) {
                    for (Claim claim : jwtAuthorizationRequest.getIdTokenMember().getClaims()) {
                        result.add(claim.getName());
                    }
                }
            }
        } catch (EntryPersistenceException | InvalidJwtException e) {
            log.error(e.getMessage(), e);
        }
    }
    return new ArrayList<>(result);
}
Also used : InvalidJwtException(io.jans.as.model.exception.InvalidJwtException) EntryPersistenceException(io.jans.orm.exception.EntryPersistenceException) URI(java.net.URI) InvalidJwtException(io.jans.as.model.exception.InvalidJwtException) AcrChangedException(io.jans.as.server.model.exception.AcrChangedException) WebApplicationException(javax.ws.rs.WebApplicationException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) EntryPersistenceException(io.jans.orm.exception.EntryPersistenceException) IOException(java.io.IOException) Response(javax.ws.rs.core.Response) HttpServletResponse(javax.servlet.http.HttpServletResponse) JwtAuthorizationRequest(io.jans.as.server.model.authorize.JwtAuthorizationRequest) Client(io.jans.as.common.model.registration.Client) Claim(io.jans.as.server.model.authorize.Claim)

Example 2 with JwtAuthorizationRequest

use of io.jans.as.server.model.authorize.JwtAuthorizationRequest in project jans by JanssenProject.

the class BackchannelAuthorizeRestWebServiceImpl method requestBackchannelAuthorizationPost.

@Override
public Response requestBackchannelAuthorizationPost(String clientId, String scope, String clientNotificationToken, String acrValues, String loginHintToken, String idTokenHint, String loginHint, String bindingMessage, String userCodeParam, Integer requestedExpiry, String request, String requestUri, HttpServletRequest httpRequest, HttpServletResponse httpResponse, SecurityContext securityContext) {
    // it may be encoded
    scope = ServerUtil.urlDecode(scope);
    OAuth2AuditLog oAuth2AuditLog = new OAuth2AuditLog(ServerUtil.getIpAddress(httpRequest), Action.BACKCHANNEL_AUTHENTICATION);
    oAuth2AuditLog.setClientId(clientId);
    oAuth2AuditLog.setScope(scope);
    // ATTENTION : please do not add more parameter in this debug method because it will not work with Seam 2.2.2.Final,
    // there is limit of 10 parameters (hardcoded), see: org.jboss.seam.core.Interpolator#interpolate
    log.debug("Attempting to request backchannel authorization: " + "clientId = {}, scope = {}, clientNotificationToken = {}, acrValues = {}, loginHintToken = {}, " + "idTokenHint = {}, loginHint = {}, bindingMessage = {}, userCodeParam = {}, requestedExpiry = {}, " + "request= {}", clientId, scope, clientNotificationToken, acrValues, loginHintToken, idTokenHint, loginHint, bindingMessage, userCodeParam, requestedExpiry, request);
    log.debug("Attempting to request backchannel authorization: " + "isSecure = {}", securityContext.isSecure());
    errorResponseFactory.validateComponentEnabled(ComponentType.CIBA);
    Response.ResponseBuilder builder = Response.ok();
    SessionClient sessionClient = identity.getSessionClient();
    Client client = null;
    if (sessionClient != null) {
        client = sessionClient.getClient();
    }
    if (client == null) {
        // 401
        builder = Response.status(Response.Status.UNAUTHORIZED.getStatusCode());
        builder.entity(errorResponseFactory.getErrorAsJson(INVALID_CLIENT));
        return builder.build();
    }
    if (!cibaRequestService.hasCibaCompatibility(client)) {
        // 401
        builder = Response.status(Response.Status.BAD_REQUEST.getStatusCode());
        builder.entity(errorResponseFactory.getErrorAsJson(INVALID_REQUEST));
        return builder.build();
    }
    List<String> scopes = new ArrayList<>();
    if (StringHelper.isNotEmpty(scope)) {
        Set<String> grantedScopes = scopeChecker.checkScopesPolicy(client, scope);
        scopes.addAll(grantedScopes);
    }
    JwtAuthorizationRequest jwtRequest = null;
    if (StringUtils.isNotBlank(request) || StringUtils.isNotBlank(requestUri)) {
        jwtRequest = JwtAuthorizationRequest.createJwtRequest(request, requestUri, client, null, cryptoProvider, appConfiguration);
        if (jwtRequest == null) {
            log.error("The JWT couldn't be processed");
            // 400
            builder = Response.status(Response.Status.BAD_REQUEST.getStatusCode());
            builder.entity(errorResponseFactory.getErrorAsJson(INVALID_REQUEST));
            throw new WebApplicationException(builder.build());
        }
        authorizeRestWebServiceValidator.validateCibaRequestObject(jwtRequest, client.getClientId());
        // JWT wins
        if (!jwtRequest.getScopes().isEmpty()) {
            scopes.addAll(scopeChecker.checkScopesPolicy(client, jwtRequest.getScopes()));
        }
        if (StringUtils.isNotBlank(jwtRequest.getClientNotificationToken())) {
            clientNotificationToken = jwtRequest.getClientNotificationToken();
        }
        if (StringUtils.isNotBlank(jwtRequest.getAcrValues())) {
            acrValues = jwtRequest.getAcrValues();
        }
        if (StringUtils.isNotBlank(jwtRequest.getLoginHintToken())) {
            loginHintToken = jwtRequest.getLoginHintToken();
        }
        if (StringUtils.isNotBlank(jwtRequest.getIdTokenHint())) {
            idTokenHint = jwtRequest.getIdTokenHint();
        }
        if (StringUtils.isNotBlank(jwtRequest.getLoginHint())) {
            loginHint = jwtRequest.getLoginHint();
        }
        if (StringUtils.isNotBlank(jwtRequest.getBindingMessage())) {
            bindingMessage = jwtRequest.getBindingMessage();
        }
        if (StringUtils.isNotBlank(jwtRequest.getUserCode())) {
            userCodeParam = jwtRequest.getUserCode();
        }
        if (jwtRequest.getRequestedExpiry() != null) {
            requestedExpiry = jwtRequest.getRequestedExpiry();
        } else if (jwtRequest.getExp() != null) {
            requestedExpiry = Math.toIntExact(jwtRequest.getExp() - System.currentTimeMillis() / 1000);
        }
    }
    if (appConfiguration.isFapi() && jwtRequest == null) {
        // 400
        builder = Response.status(Response.Status.BAD_REQUEST.getStatusCode());
        builder.entity(errorResponseFactory.getErrorAsJson(INVALID_REQUEST));
        return builder.build();
    }
    User user = null;
    try {
        if (Strings.isNotBlank(loginHint)) {
            // login_hint
            user = userService.getUniqueUserByAttributes(appConfiguration.getBackchannelLoginHintClaims(), loginHint);
        } else if (Strings.isNotBlank(idTokenHint)) {
            // id_token_hint
            AuthorizationGrant authorizationGrant = authorizationGrantList.getAuthorizationGrantByIdToken(idTokenHint);
            if (authorizationGrant == null) {
                // 400
                builder = Response.status(Response.Status.BAD_REQUEST.getStatusCode());
                builder.entity(errorResponseFactory.getErrorAsJson(UNKNOWN_USER_ID));
                return builder.build();
            }
            user = authorizationGrant.getUser();
        }
        if (Strings.isNotBlank(loginHintToken)) {
            // login_hint_token
            Jwt jwt = Jwt.parse(loginHintToken);
            SignatureAlgorithm algorithm = jwt.getHeader().getSignatureAlgorithm();
            String keyId = jwt.getHeader().getKeyId();
            if (algorithm == null || Strings.isBlank(keyId)) {
                // 400
                builder = Response.status(Response.Status.BAD_REQUEST.getStatusCode());
                builder.entity(errorResponseFactory.getErrorAsJson(UNKNOWN_USER_ID));
                return builder.build();
            }
            boolean validSignature = false;
            if (algorithm.getFamily() == AlgorithmFamily.RSA) {
                RSAPublicKey publicKey = JwkClient.getRSAPublicKey(client.getJwksUri(), keyId);
                RSASigner rsaSigner = new RSASigner(algorithm, publicKey);
                validSignature = rsaSigner.validate(jwt);
            } else if (algorithm.getFamily() == AlgorithmFamily.EC) {
                ECDSAPublicKey publicKey = JwkClient.getECDSAPublicKey(client.getJwksUri(), keyId);
                ECDSASigner ecdsaSigner = new ECDSASigner(algorithm, publicKey);
                validSignature = ecdsaSigner.validate(jwt);
            }
            if (!validSignature) {
                // 400
                builder = Response.status(Response.Status.BAD_REQUEST.getStatusCode());
                builder.entity(errorResponseFactory.getErrorAsJson(UNKNOWN_USER_ID));
                return builder.build();
            }
            JSONObject subject = jwt.getClaims().getClaimAsJSON("subject");
            if (subject == null || !subject.has("subject_type") || !subject.has(subject.getString("subject_type"))) {
                // 400
                builder = Response.status(Response.Status.BAD_REQUEST.getStatusCode());
                builder.entity(errorResponseFactory.getErrorAsJson(UNKNOWN_USER_ID));
                return builder.build();
            }
            String subjectTypeKey = subject.getString("subject_type");
            String subjectTypeValue = subject.getString(subjectTypeKey);
            user = userService.getUniqueUserByAttributes(appConfiguration.getBackchannelLoginHintClaims(), subjectTypeValue);
        }
    } catch (InvalidJwtException e) {
        log.error(e.getMessage(), e);
    } catch (JSONException e) {
        log.error(e.getMessage(), e);
    }
    if (user == null) {
        // 400
        builder = Response.status(Response.Status.BAD_REQUEST.getStatusCode());
        builder.entity(errorResponseFactory.getErrorAsJson(UNKNOWN_USER_ID));
        return builder.build();
    }
    try {
        String userCode = (String) user.getAttribute("jansBackchannelUsrCode", true, false);
        DefaultErrorResponse cibaAuthorizeParamsValidation = cibaAuthorizeParamsValidatorService.validateParams(scopes, clientNotificationToken, client.getBackchannelTokenDeliveryMode(), loginHintToken, idTokenHint, loginHint, bindingMessage, client.getBackchannelUserCodeParameter(), userCodeParam, userCode, requestedExpiry);
        if (cibaAuthorizeParamsValidation != null) {
            builder = Response.status(cibaAuthorizeParamsValidation.getStatus());
            builder.entity(errorResponseFactory.errorAsJson(cibaAuthorizeParamsValidation.getType(), cibaAuthorizeParamsValidation.getReason()));
            return builder.build();
        }
        String deviceRegistrationToken = (String) user.getAttribute("jansBackchannelDeviceRegistrationTkn", true, false);
        if (deviceRegistrationToken == null) {
            // 401
            builder = Response.status(Response.Status.UNAUTHORIZED.getStatusCode());
            builder.entity(errorResponseFactory.getErrorAsJson(UNAUTHORIZED_END_USER_DEVICE));
            return builder.build();
        }
        int expiresIn = requestedExpiry != null ? requestedExpiry : appConfiguration.getBackchannelAuthenticationResponseExpiresIn();
        Integer interval = client.getBackchannelTokenDeliveryMode() == BackchannelTokenDeliveryMode.PUSH ? null : appConfiguration.getBackchannelAuthenticationResponseInterval();
        long currentTime = new Date().getTime();
        CibaRequestCacheControl cibaRequestCacheControl = new CibaRequestCacheControl(user, client, expiresIn, scopes, clientNotificationToken, bindingMessage, currentTime, acrValues);
        cibaRequestService.save(cibaRequestCacheControl, expiresIn);
        String authReqId = cibaRequestCacheControl.getAuthReqId();
        // Notify End-User to obtain Consent/Authorization
        cibaEndUserNotificationService.notifyEndUser(cibaRequestCacheControl.getScopesAsString(), cibaRequestCacheControl.getAcrValues(), authReqId, deviceRegistrationToken);
        builder.entity(getJSONObject(authReqId, expiresIn, interval).toString(4).replace("\\/", "/"));
        builder.type(MediaType.APPLICATION_JSON_TYPE);
        builder.cacheControl(ServerUtil.cacheControl(true, false));
    } catch (JSONException e) {
        builder = Response.status(400);
        builder.entity(errorResponseFactory.getErrorAsJson(INVALID_REQUEST));
        log.error(e.getMessage(), e);
    } catch (InvalidClaimException e) {
        builder = Response.status(400);
        builder.entity(errorResponseFactory.getErrorAsJson(INVALID_REQUEST));
        log.error(e.getMessage(), e);
    }
    applicationAuditLogger.sendMessage(oAuth2AuditLog);
    return builder.build();
}
Also used : InvalidJwtException(io.jans.as.model.exception.InvalidJwtException) User(io.jans.as.common.model.common.User) WebApplicationException(javax.ws.rs.WebApplicationException) SessionClient(io.jans.as.server.model.session.SessionClient) OAuth2AuditLog(io.jans.as.server.model.audit.OAuth2AuditLog) ArrayList(java.util.ArrayList) CibaRequestCacheControl(io.jans.as.server.model.common.CibaRequestCacheControl) SignatureAlgorithm(io.jans.as.model.crypto.signature.SignatureAlgorithm) InvalidClaimException(io.jans.as.model.exception.InvalidClaimException) RSAPublicKey(io.jans.as.model.crypto.signature.RSAPublicKey) RSASigner(io.jans.as.model.jws.RSASigner) JwtAuthorizationRequest(io.jans.as.server.model.authorize.JwtAuthorizationRequest) JwkClient(io.jans.as.client.JwkClient) Client(io.jans.as.common.model.registration.Client) SessionClient(io.jans.as.server.model.session.SessionClient) DefaultErrorResponse(io.jans.as.model.error.DefaultErrorResponse) AuthorizationGrant(io.jans.as.server.model.common.AuthorizationGrant) ECDSAPublicKey(io.jans.as.model.crypto.signature.ECDSAPublicKey) ECDSASigner(io.jans.as.model.jws.ECDSASigner) Jwt(io.jans.as.model.jwt.Jwt) JSONException(org.json.JSONException) Date(java.util.Date) Response(javax.ws.rs.core.Response) DefaultErrorResponse(io.jans.as.model.error.DefaultErrorResponse) HttpServletResponse(javax.servlet.http.HttpServletResponse) JSONObject(org.json.JSONObject)

Example 3 with JwtAuthorizationRequest

use of io.jans.as.server.model.authorize.JwtAuthorizationRequest in project jans by JanssenProject.

the class ParValidator method validateRequestObject.

public void validateRequestObject(RedirectUriResponse redirectUriResponse, Par par, Client client) {
    final String request = par.getAttributes().getRequest();
    if (StringUtils.isBlank(request)) {
        return;
    }
    try {
        JwtAuthorizationRequest jwtRequest = JwtAuthorizationRequest.createJwtRequest(request, null, client, redirectUriResponse, cryptoProvider, appConfiguration);
        if (jwtRequest == null) {
            throw authorizeRestWebServiceValidator.createInvalidJwtRequestException(redirectUriResponse, "Failed to parse jwt.");
        }
        validateRequestUriIsAbsent(jwtRequest.getJsonPayload().optString("request_uri"), AuthorizeErrorResponseType.INVALID_REQUEST_OBJECT);
        setStateIntoPar(redirectUriResponse, par, jwtRequest);
        authorizeRestWebServiceValidator.validateRequestObject(jwtRequest, redirectUriResponse);
        if (!jwtRequest.getResponseTypes().isEmpty()) {
            par.getAttributes().setResponseType(jwtRequest.getJsonPayload().optString("response_type"));
        }
        if (StringUtils.isNotBlank(jwtRequest.getClientId())) {
            par.getAttributes().setClientId(jwtRequest.getClientId());
        }
        if (jwtRequest.getNbf() != null) {
            par.getAttributes().setNbf(jwtRequest.getNbf());
        }
        if (jwtRequest.getExp() != null) {
            par.setTtl(jwtRequest.getExp());
            par.setExpirationDate(Util.createExpirationDate(jwtRequest.getExp()));
        }
        if (jwtRequest.getExp() != null) {
            par.setTtl(ServerUtil.calculateTtl(jwtRequest.getExp()));
            par.setExpirationDate(new Date(jwtRequest.getExp() * 1000L));
        }
        if (!jwtRequest.getScopes().isEmpty()) {
            // JWT wins
            Set<String> scopes = scopeChecker.checkScopesPolicy(client, Lists.newArrayList(jwtRequest.getScopes()));
            par.getAttributes().setScope(implode(scopes, " "));
        }
        if (StringUtils.isNotBlank(jwtRequest.getRedirectUri())) {
            par.getAttributes().setRedirectUri(jwtRequest.getRedirectUri());
        }
        if (StringUtils.isNotBlank(jwtRequest.getNonce())) {
            par.getAttributes().setNonce(jwtRequest.getNonce());
        }
        if (StringUtils.isNotBlank(jwtRequest.getCodeChallenge())) {
            par.getAttributes().setCodeChallenge(jwtRequest.getCodeChallenge());
        }
        if (StringUtils.isNotBlank(jwtRequest.getCodeChallengeMethod())) {
            par.getAttributes().setCodeChallengeMethod(jwtRequest.getCodeChallengeMethod());
        }
        if (jwtRequest.getDisplay() != null && StringUtils.isNotBlank(jwtRequest.getDisplay().getParamName())) {
            par.getAttributes().setDisplay(jwtRequest.getDisplay().getParamName());
        }
        if (!jwtRequest.getPrompts().isEmpty()) {
            par.getAttributes().setPrompt(jwtRequest.getJsonPayload().optString("prompt"));
        }
        if (jwtRequest.getResponseMode() != null) {
            redirectUriResponse.getRedirectUri().setResponseMode(jwtRequest.getResponseMode());
            par.getAttributes().setResponseMode(jwtRequest.getJsonPayload().optString("response_mode"));
        }
        setParAttributesFromIdTokenMember(par, jwtRequest);
        requestParameterService.getCustomParameters(jwtRequest, par.getAttributes().getCustomParameters());
    } catch (WebApplicationException e) {
        throw e;
    } catch (Exception e) {
        log.error("Invalid JWT authorization request. Message : " + e.getMessage(), e);
        throw authorizeRestWebServiceValidator.createInvalidJwtRequestException(redirectUriResponse, "Invalid JWT authorization request");
    }
}
Also used : WebApplicationException(javax.ws.rs.WebApplicationException) JwtAuthorizationRequest(io.jans.as.server.model.authorize.JwtAuthorizationRequest) Date(java.util.Date) WebApplicationException(javax.ws.rs.WebApplicationException)

Example 4 with JwtAuthorizationRequest

use of io.jans.as.server.model.authorize.JwtAuthorizationRequest in project jans by JanssenProject.

the class AuthorizationGrantList method asGrant.

public AuthorizationGrant asGrant(TokenEntity tokenEntity) {
    if (tokenEntity != null) {
        final AuthorizationGrantType grantType = AuthorizationGrantType.fromString(tokenEntity.getGrantType());
        if (grantType != null) {
            final User user = userService.getUser(tokenEntity.getUserId());
            final Client client = clientService.getClient(tokenEntity.getClientId());
            final Date authenticationTime = tokenEntity.getAuthenticationTime();
            final String nonce = tokenEntity.getNonce();
            AuthorizationGrant result;
            switch(grantType) {
                case AUTHORIZATION_CODE:
                    AuthorizationCodeGrant authorizationCodeGrant = grantInstance.select(AuthorizationCodeGrant.class).get();
                    authorizationCodeGrant.init(user, client, authenticationTime);
                    result = authorizationCodeGrant;
                    break;
                case CLIENT_CREDENTIALS:
                    ClientCredentialsGrant clientCredentialsGrant = grantInstance.select(ClientCredentialsGrant.class).get();
                    clientCredentialsGrant.init(user, client);
                    result = clientCredentialsGrant;
                    break;
                case IMPLICIT:
                    ImplicitGrant implicitGrant = grantInstance.select(ImplicitGrant.class).get();
                    implicitGrant.init(user, client, authenticationTime);
                    result = implicitGrant;
                    break;
                case RESOURCE_OWNER_PASSWORD_CREDENTIALS:
                    ResourceOwnerPasswordCredentialsGrant resourceOwnerPasswordCredentialsGrant = grantInstance.select(ResourceOwnerPasswordCredentialsGrant.class).get();
                    resourceOwnerPasswordCredentialsGrant.init(user, client);
                    result = resourceOwnerPasswordCredentialsGrant;
                    break;
                case CIBA:
                    CIBAGrant cibaGrant = grantInstance.select(CIBAGrant.class).get();
                    cibaGrant.init(user, AuthorizationGrantType.CIBA, client, tokenEntity.getCreationDate());
                    result = cibaGrant;
                    break;
                case DEVICE_CODE:
                    DeviceCodeGrant deviceCodeGrant = grantInstance.select(DeviceCodeGrant.class).get();
                    deviceCodeGrant.init(user, AuthorizationGrantType.DEVICE_CODE, client, tokenEntity.getCreationDate());
                    result = deviceCodeGrant;
                    break;
                default:
                    return null;
            }
            final String grantId = tokenEntity.getGrantId();
            final String jwtRequest = tokenEntity.getJwtRequest();
            final String authMode = tokenEntity.getAuthMode();
            final String sessionDn = tokenEntity.getSessionDn();
            final String claims = tokenEntity.getClaims();
            result.setTokenBindingHash(tokenEntity.getTokenBindingHash());
            result.setNonce(nonce);
            result.setX5cs256(tokenEntity.getAttributes().getX5cs256());
            result.setTokenEntity(tokenEntity);
            if (StringUtils.isNotBlank(grantId)) {
                result.setGrantId(grantId);
            }
            result.setScopes(Util.splittedStringAsList(tokenEntity.getScope(), " "));
            result.setCodeChallenge(tokenEntity.getCodeChallenge());
            result.setCodeChallengeMethod(tokenEntity.getCodeChallengeMethod());
            if (StringUtils.isNotBlank(jwtRequest)) {
                try {
                    result.setJwtAuthorizationRequest(new JwtAuthorizationRequest(appConfiguration, cryptoProvider, jwtRequest, client));
                } catch (Exception e) {
                    log.trace(e.getMessage(), e);
                }
            }
            result.setAcrValues(authMode);
            result.setSessionDn(sessionDn);
            result.setClaims(claims);
            if (tokenEntity.getTokenTypeEnum() != null) {
                switch(tokenEntity.getTokenTypeEnum()) {
                    case AUTHORIZATION_CODE:
                        if (result instanceof AuthorizationCodeGrant) {
                            final AuthorizationCode code = new AuthorizationCode(tokenEntity.getTokenCode(), tokenEntity.getCreationDate(), tokenEntity.getExpirationDate());
                            final AuthorizationCodeGrant g = (AuthorizationCodeGrant) result;
                            g.setAuthorizationCode(code);
                        }
                        break;
                    case REFRESH_TOKEN:
                        final RefreshToken refreshToken = new RefreshToken(tokenEntity.getTokenCode(), tokenEntity.getCreationDate(), tokenEntity.getExpirationDate());
                        result.setRefreshTokens(Collections.singletonList(refreshToken));
                        break;
                    case ACCESS_TOKEN:
                        final AccessToken accessToken = new AccessToken(tokenEntity.getTokenCode(), tokenEntity.getCreationDate(), tokenEntity.getExpirationDate());
                        accessToken.setDpop(tokenEntity.getDpop());
                        result.setAccessTokens(Collections.singletonList(accessToken));
                        break;
                    case ID_TOKEN:
                        final IdToken idToken = new IdToken(tokenEntity.getTokenCode(), tokenEntity.getCreationDate(), tokenEntity.getExpirationDate());
                        result.setIdToken(idToken);
                        break;
                    case LONG_LIVED_ACCESS_TOKEN:
                        final AccessToken longLivedAccessToken = new AccessToken(tokenEntity.getTokenCode(), tokenEntity.getCreationDate(), tokenEntity.getExpirationDate());
                        result.setLongLivedAccessToken(longLivedAccessToken);
                        break;
                }
            }
            return result;
        }
    }
    return null;
}
Also used : User(io.jans.as.common.model.common.User) Date(java.util.Date) JwtAuthorizationRequest(io.jans.as.server.model.authorize.JwtAuthorizationRequest) Client(io.jans.as.common.model.registration.Client)

Example 5 with JwtAuthorizationRequest

use of io.jans.as.server.model.authorize.JwtAuthorizationRequest in project jans by JanssenProject.

the class AuthorizationGrant method initTokenFromGrant.

private void initTokenFromGrant(TokenEntity token) {
    final String nonce = getNonce();
    if (nonce != null) {
        token.setNonce(nonce);
    }
    token.setScope(getScopesAsString());
    token.setAuthMode(getAcrValues());
    token.setSessionDn(getSessionDn());
    token.setAuthenticationTime(getAuthenticationTime());
    token.setCodeChallenge(getCodeChallenge());
    token.setCodeChallengeMethod(getCodeChallengeMethod());
    token.setClaims(getClaims());
    final JwtAuthorizationRequest jwtRequest = getJwtAuthorizationRequest();
    if (jwtRequest != null && StringUtils.isNotBlank(jwtRequest.getEncodedJwt())) {
        token.setJwtRequest(jwtRequest.getEncodedJwt());
    }
}
Also used : JwtAuthorizationRequest(io.jans.as.server.model.authorize.JwtAuthorizationRequest)

Aggregations

JwtAuthorizationRequest (io.jans.as.server.model.authorize.JwtAuthorizationRequest)6 Client (io.jans.as.common.model.registration.Client)4 Date (java.util.Date)3 WebApplicationException (javax.ws.rs.WebApplicationException)3 User (io.jans.as.common.model.common.User)2 InvalidJwtException (io.jans.as.model.exception.InvalidJwtException)2 Claim (io.jans.as.server.model.authorize.Claim)2 HttpServletResponse (javax.servlet.http.HttpServletResponse)2 Response (javax.ws.rs.core.Response)2 JSONObject (org.json.JSONObject)2 JwkClient (io.jans.as.client.JwkClient)1 ECDSAPublicKey (io.jans.as.model.crypto.signature.ECDSAPublicKey)1 RSAPublicKey (io.jans.as.model.crypto.signature.RSAPublicKey)1 SignatureAlgorithm (io.jans.as.model.crypto.signature.SignatureAlgorithm)1 DefaultErrorResponse (io.jans.as.model.error.DefaultErrorResponse)1 InvalidClaimException (io.jans.as.model.exception.InvalidClaimException)1 ECDSASigner (io.jans.as.model.jws.ECDSASigner)1 RSASigner (io.jans.as.model.jws.RSASigner)1 Jwt (io.jans.as.model.jwt.Jwt)1 JwtSubClaimObject (io.jans.as.model.jwt.JwtSubClaimObject)1