use of io.micronaut.security.oauth2.configuration.OpenIdClientConfiguration in project micronaut-security by micronaut-projects.
the class OpenIdClientFactory method openIdConfiguration.
/**
* Retrieves OpenID configuration from the provided issuer.
*
* @param oauthClientConfiguration The client configuration
* @param openIdClientConfiguration The openid client configuration
* @param issuerClient The client to request the metadata
* @return The OpenID configuration
*/
@EachBean(OpenIdClientConfiguration.class)
DefaultOpenIdProviderMetadata openIdConfiguration(@Parameter OauthClientConfiguration oauthClientConfiguration, @Parameter OpenIdClientConfiguration openIdClientConfiguration, @Client HttpClient issuerClient) {
DefaultOpenIdProviderMetadata providerMetadata = openIdClientConfiguration.getIssuer().map(issuer -> {
try {
URL configurationUrl = new URL(issuer, StringUtils.prependUri(issuer.getPath(), openIdClientConfiguration.getConfigurationPath()));
if (LOG.isDebugEnabled()) {
LOG.debug("Sending request for OpenID configuration for provider [{}] to URL [{}]", openIdClientConfiguration.getName(), configurationUrl);
}
// TODO NOSONAR this returns ReadTimeoutException - return issuerClient.toBlocking().retrieve(configurationUrl.toString(), DefaultOpenIdProviderMetadata.class);
String json = issuerClient.toBlocking().retrieve(configurationUrl.toString(), String.class);
return jsonMapper.readValue(json.getBytes(StandardCharsets.UTF_8), Argument.of(DefaultOpenIdProviderMetadata.class));
} catch (HttpClientResponseException e) {
throw new BeanInstantiationException("Failed to retrieve OpenID configuration for " + openIdClientConfiguration.getName(), e);
} catch (MalformedURLException e) {
throw new BeanInstantiationException("Failure parsing issuer URL " + issuer.toString(), e);
} catch (IOException e) {
throw new BeanInstantiationException("JSON Processing Exception parsing issuer URL returned JSON " + issuer.toString(), e);
}
}).orElse(new DefaultOpenIdProviderMetadata());
overrideFromConfig(providerMetadata, openIdClientConfiguration, oauthClientConfiguration);
return providerMetadata;
}
use of io.micronaut.security.oauth2.configuration.OpenIdClientConfiguration in project micronaut-security by micronaut-projects.
the class OpenIdClientCondition method matches.
@Override
public boolean matches(ConditionContext context) {
AnnotationMetadataProvider component = context.getComponent();
BeanContext beanContext = context.getBeanContext();
if (beanContext instanceof ApplicationContext && component instanceof ValueResolver) {
Optional<String> optional = ((ValueResolver) component).get(Named.class.getName(), String.class);
if (optional.isPresent()) {
String name = optional.get();
OauthClientConfiguration clientConfiguration = beanContext.getBean(OauthClientConfiguration.class, Qualifiers.byName(name));
OpenIdClientConfiguration openIdClientConfiguration = clientConfiguration.getOpenid().get();
String failureMessagePrefix = "Skipped OpenID client creation for provider [" + name;
if (clientConfiguration.isEnabled()) {
if (openIdClientConfiguration.getIssuer().isPresent() || endpointsManuallyConfigured(openIdClientConfiguration)) {
if (clientConfiguration.getGrantType() == GrantType.AUTHORIZATION_CODE) {
Optional<AuthorizationEndpointConfiguration> authorization = openIdClientConfiguration.getAuthorization();
if (!authorization.isPresent() || authorization.get().getResponseType() == ResponseType.CODE) {
return true;
} else {
context.fail(failureMessagePrefix + "] because the response type is not 'code'");
}
} else {
context.fail(failureMessagePrefix + "] because the grant type is not 'authorization-code'");
}
} else {
context.fail(failureMessagePrefix + "] because no issuer is configured");
}
} else {
context.fail(failureMessagePrefix + "] because the configuration is disabled");
}
return false;
}
}
return true;
}
use of io.micronaut.security.oauth2.configuration.OpenIdClientConfiguration in project micronaut-security by micronaut-projects.
the class OpenIdClientFactory method openIdClient.
/**
* Creates an {@link OpenIdClient} from the provided parameters.
*
* @param openIdClientConfiguration The openid client configuration
* @param clientConfiguration The client configuration
* @param openIdProviderMetadata The open id provider metadata
* @param authenticationMapper The user details mapper
* @param redirectUrlBuilder The redirect URL builder
* @param authorizationResponseHandler The authorization response handler
* @param endSessionEndpointResolver The end session resolver
* @param endSessionCallbackUrlBuilder The end session callback URL builder
* @return The OpenID client, or null if the client configuration does not allow it
*/
@EachBean(OpenIdClientConfiguration.class)
@Requires(condition = OpenIdClientCondition.class)
@SuppressWarnings("java:S107")
DefaultOpenIdClient openIdClient(@Parameter OpenIdClientConfiguration openIdClientConfiguration, @Parameter OauthClientConfiguration clientConfiguration, @Parameter BeanProvider<DefaultOpenIdProviderMetadata> openIdProviderMetadata, @Parameter @Nullable OpenIdAuthenticationMapper authenticationMapper, AuthorizationRedirectHandler redirectUrlBuilder, OpenIdAuthorizationResponseHandler authorizationResponseHandler, EndSessionEndpointResolver endSessionEndpointResolver, EndSessionCallbackUrlBuilder endSessionCallbackUrlBuilder) {
Supplier<OpenIdProviderMetadata> metadataSupplier = SupplierUtil.memoized(openIdProviderMetadata::get);
EndSessionEndpoint endSessionEndpoint = null;
if (openIdClientConfiguration.getEndSession().isEnabled()) {
endSessionEndpoint = endSessionEndpointResolver.resolve(clientConfiguration, metadataSupplier, endSessionCallbackUrlBuilder).orElse(null);
}
return new DefaultOpenIdClient(clientConfiguration, metadataSupplier, authenticationMapper, redirectUrlBuilder, authorizationResponseHandler, beanContext, endSessionEndpoint);
}
use of io.micronaut.security.oauth2.configuration.OpenIdClientConfiguration in project micronaut-security by micronaut-projects.
the class OpenIdClientFactory method overrideFromConfig.
private void overrideFromConfig(DefaultOpenIdProviderMetadata configuration, OpenIdClientConfiguration openIdClientConfiguration, OauthClientConfiguration oauthClientConfiguration) {
openIdClientConfiguration.getJwksUri().ifPresent(configuration::setJwksUri);
oauthClientConfiguration.getIntrospection().ifPresent(introspection -> {
introspection.getUrl().ifPresent(configuration::setIntrospectionEndpoint);
introspection.getAuthMethod().ifPresent(authMethod -> configuration.setIntrospectionEndpointAuthMethodsSupported(Collections.singletonList(authMethod.toString())));
});
oauthClientConfiguration.getRevocation().ifPresent(revocation -> {
revocation.getUrl().ifPresent(configuration::setRevocationEndpoint);
revocation.getAuthMethod().ifPresent(authMethod -> configuration.setRevocationEndpointAuthMethodsSupported(Collections.singletonList(authMethod.toString())));
});
openIdClientConfiguration.getRegistration().flatMap(EndpointConfiguration::getUrl).ifPresent(configuration::setRegistrationEndpoint);
openIdClientConfiguration.getUserInfo().flatMap(EndpointConfiguration::getUrl).ifPresent(configuration::setUserinfoEndpoint);
openIdClientConfiguration.getAuthorization().flatMap(EndpointConfiguration::getUrl).ifPresent(configuration::setAuthorizationEndpoint);
openIdClientConfiguration.getToken().ifPresent(token -> {
token.getUrl().ifPresent(configuration::setTokenEndpoint);
token.getAuthMethod().ifPresent(authMethod -> configuration.setTokenEndpointAuthMethodsSupported(Collections.singletonList(authMethod.toString())));
});
EndSessionEndpointConfiguration endSession = openIdClientConfiguration.getEndSession();
if (endSession.isEnabled()) {
endSession.getUrl().ifPresent(configuration::setEndSessionEndpoint);
}
}
Aggregations