Search in sources :

Example 1 with TokenResponse

use of io.micronaut.security.oauth2.endpoint.token.response.TokenResponse in project micronaut-security by micronaut-projects.

the class ClientCredentialsHttpClientFilter method doFilter.

@Override
public Publisher<? extends HttpResponse<?>> doFilter(MutableHttpRequest<?> request, ClientFilterChain chain) {
    Optional<OauthClientConfiguration> oauthClientOptional = getClientConfiguration(request);
    if (!oauthClientOptional.isPresent()) {
        if (LOG.isTraceEnabled()) {
            LOG.trace("Did not find any OAuth 2.0 client which should decorate the request with an access token received from client credentials request");
        }
        return chain.proceed(request);
    }
    OauthClientConfiguration oauthClient = oauthClientOptional.get();
    Optional<ClientCredentialsClient> clientCredentialsClientOptional = getClient(oauthClient);
    if (!clientCredentialsClientOptional.isPresent()) {
        if (LOG.isTraceEnabled()) {
            LOG.trace("Could not retrieve client credentials client for OAuth 2.0 client {}", oauthClient.getName());
        }
        return chain.proceed(request);
    }
    ClientCredentialsTokenPropagator tokenHandler = getTokenHandler(oauthClient);
    return Flux.from(clientCredentialsClientOptional.get().requestToken(getScope(oauthClient))).map(TokenResponse::getAccessToken).switchMap(accessToken -> {
        if (StringUtils.isNotEmpty(accessToken)) {
            tokenHandler.writeToken(request, accessToken);
        }
        return chain.proceed(request);
    });
}
Also used : OauthClientConfiguration(io.micronaut.security.oauth2.configuration.OauthClientConfiguration) ClientCredentialsClient(io.micronaut.security.oauth2.client.clientcredentials.ClientCredentialsClient)

Example 2 with TokenResponse

use of io.micronaut.security.oauth2.endpoint.token.response.TokenResponse in project micronaut-security by micronaut-projects.

the class DefaultTokenEndpointClient method secureRequest.

/**
 * Secures the request according to the context's endpoint supported authentication
 * methods.
 *
 * @param request Token endpoint Request
 * @param requestContext The request context
 * @param <G> The token request grant or body
 * @param <R> The token response type
 */
protected <G, R extends TokenResponse> void secureRequest(@NonNull MutableHttpRequest<G> request, TokenRequestContext<G, R> requestContext) {
    List<AuthenticationMethod> authMethodsSupported = requestContext.getEndpoint().getSupportedAuthenticationMethods().orElseGet(() -> Collections.singletonList(AuthenticationMethod.CLIENT_SECRET_BASIC));
    OauthClientConfiguration clientConfiguration = requestContext.getClientConfiguration();
    if (LOG.isTraceEnabled()) {
        LOG.trace("The token endpoint supports [{}] authentication methods", authMethodsSupported);
    }
    if (authMethodsSupported.contains(AuthenticationMethod.CLIENT_SECRET_BASIC)) {
        if (LOG.isTraceEnabled()) {
            LOG.trace("Using client_secret_basic authentication. Adding an Authorization header");
        }
        request.basicAuth(clientConfiguration.getClientId(), clientConfiguration.getClientSecret());
    } else if (authMethodsSupported.contains(AuthenticationMethod.CLIENT_SECRET_POST)) {
        if (LOG.isTraceEnabled()) {
            LOG.trace("Using client_secret_post authentication. The client_id and client_secret will be present in the body");
        }
        request.getBody().filter(SecureGrant.class::isInstance).map(SecureGrant.class::cast).ifPresent(body -> {
            body.setClientId(clientConfiguration.getClientId());
            body.setClientSecret(clientConfiguration.getClientSecret());
        });
    } else {
        if (LOG.isTraceEnabled()) {
            LOG.trace("Unsupported or no authentication method. The client_id will be present in the body");
        }
        request.getBody().filter(SecureGrant.class::isInstance).map(SecureGrant.class::cast).ifPresent(body -> body.setClientId(clientConfiguration.getClientId()));
    }
}
Also used : Logger(org.slf4j.Logger) BeanContext(io.micronaut.context.BeanContext) Publisher(org.reactivestreams.Publisher) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) LoggerFactory(org.slf4j.LoggerFactory) HttpClientConfiguration(io.micronaut.http.client.HttpClientConfiguration) Qualifiers(io.micronaut.inject.qualifiers.Qualifiers) Singleton(jakarta.inject.Singleton) AuthenticationMethod(io.micronaut.security.oauth2.endpoint.AuthenticationMethod) OauthClientConfiguration(io.micronaut.security.oauth2.configuration.OauthClientConfiguration) Supplier(java.util.function.Supplier) TokenResponse(io.micronaut.security.oauth2.endpoint.token.response.TokenResponse) NonNull(io.micronaut.core.annotation.NonNull) List(java.util.List) SecureGrant(io.micronaut.security.oauth2.grants.SecureGrant) MediaType(io.micronaut.http.MediaType) Optional(java.util.Optional) HttpRequest(io.micronaut.http.HttpRequest) SupplierUtil(io.micronaut.core.util.SupplierUtil) MutableHttpRequest(io.micronaut.http.MutableHttpRequest) HttpClient(io.micronaut.http.client.HttpClient) LoadBalancer(io.micronaut.http.client.LoadBalancer) Collections(java.util.Collections) TokenRequestContext(io.micronaut.security.oauth2.endpoint.token.request.context.TokenRequestContext) SecureGrant(io.micronaut.security.oauth2.grants.SecureGrant) AuthenticationMethod(io.micronaut.security.oauth2.endpoint.AuthenticationMethod) OauthClientConfiguration(io.micronaut.security.oauth2.configuration.OauthClientConfiguration)

Aggregations

OauthClientConfiguration (io.micronaut.security.oauth2.configuration.OauthClientConfiguration)2 BeanContext (io.micronaut.context.BeanContext)1 NonNull (io.micronaut.core.annotation.NonNull)1 SupplierUtil (io.micronaut.core.util.SupplierUtil)1 HttpRequest (io.micronaut.http.HttpRequest)1 MediaType (io.micronaut.http.MediaType)1 MutableHttpRequest (io.micronaut.http.MutableHttpRequest)1 HttpClient (io.micronaut.http.client.HttpClient)1 HttpClientConfiguration (io.micronaut.http.client.HttpClientConfiguration)1 LoadBalancer (io.micronaut.http.client.LoadBalancer)1 Qualifiers (io.micronaut.inject.qualifiers.Qualifiers)1 ClientCredentialsClient (io.micronaut.security.oauth2.client.clientcredentials.ClientCredentialsClient)1 AuthenticationMethod (io.micronaut.security.oauth2.endpoint.AuthenticationMethod)1 TokenRequestContext (io.micronaut.security.oauth2.endpoint.token.request.context.TokenRequestContext)1 TokenResponse (io.micronaut.security.oauth2.endpoint.token.response.TokenResponse)1 SecureGrant (io.micronaut.security.oauth2.grants.SecureGrant)1 Singleton (jakarta.inject.Singleton)1 Collections (java.util.Collections)1 List (java.util.List)1 Optional (java.util.Optional)1