Examples with OAuth2Service io.trino.server.security.oauth2.OAuth2Service used on opensource projects

Example 1 with OAuth2Service

use of io.trino.server.security.oauth2.OAuth2Service in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuthServiceComponent method activate.

protected void activate(ComponentContext context) {
    try {
        // initialize the OAuth Server configuration
        OAuthServerConfiguration oauthServerConfig = OAuthServerConfiguration.getInstance();
        if (OAuthCache.getInstance().isEnabled()) {
            log.debug("OAuth Caching is enabled. Initializing the cache.");
        }
        IdentityOathEventListener listener = new IdentityOathEventListener();
        serviceRegistration = context.getBundleContext().registerService(UserOperationEventListener.class.getName(), listener, null);
        log.debug("Identity Oath Event Listener is enabled");
        context.getBundleContext().registerService(AbstractEventHandler.class.getName(), new IdentityOauthEventHandler(), null);
        if (log.isDebugEnabled()) {
            log.debug("Identity Oauth Event handler is enabled");
        }
        OAuth2Service oauth2Service = new OAuth2Service();
        context.getBundleContext().registerService(OAuth2Service.class.getName(), oauth2Service, null);
        OAuthComponentServiceHolder.getInstance().setOauth2Service(oauth2Service);
        // We need to explicitly populate the OAuthTokenIssuerMap since it's used for token validation.
        oauthServerConfig.populateOAuthTokenIssuerMap();
        OAuthAdminServiceImpl oauthAdminService = new OAuthAdminServiceImpl();
        OAuthComponentServiceHolder.getInstance().setOAuthAdminService(oauthAdminService);
        OAuth2ServiceComponentHolder.getInstance().setOAuthAdminService(oauthAdminService);
        context.getBundleContext().registerService(OAuthEventInterceptor.class, new OAuthTokenSessionMappingEventHandler(), null);
        if (log.isDebugEnabled()) {
            log.debug("OAuthTokenSessionMapping Event Handler is enabled");
        }
        context.getBundleContext().registerService(OAuthAdminServiceImpl.class.getName(), oauthAdminService, null);
        if (log.isDebugEnabled()) {
            log.debug("Identity OAuth bundle is activated");
        }
    } catch (Throwable e) {
        String errMsg = "Error occurred while activating OAuth Service Component";
        log.error(errMsg, e);
        throw new RuntimeException(errMsg, e);
    }
}

Example 2 with OAuth2Service

use of io.trino.server.security.oauth2.OAuth2Service in project trino by trinodb.

the class OAuth2Service method startOAuth2Challenge.

public Response startOAuth2Challenge(URI callbackUri, Optional<String> handlerState) {
    Instant challengeExpiration = now().plus(challengeTimeout);
    String state = newJwtBuilder().signWith(stateHmac).setAudience(STATE_AUDIENCE_UI).claim(HANDLER_STATE_CLAIM, handlerState.orElse(null)).setExpiration(Date.from(challengeExpiration)).compact();
    Optional<String> nonce;
    // since this scope is required in order to obtain the ID token which carriers the nonce back to the server
    if (scopes.contains(OPENID_SCOPE)) {
        nonce = Optional.of(randomNonce());
    } else {
        nonce = Optional.empty();
    }
    Response.ResponseBuilder response = Response.seeOther(client.getAuthorizationUri(state, callbackUri, nonce.map(OAuth2Service::hashNonce)));
    nonce.ifPresent(nce -> response.cookie(NonceCookie.create(nce, challengeExpiration)));
    return response.build();
}

Example 3 with OAuth2Service

use of io.trino.server.security.oauth2.OAuth2Service in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuth2ServiceComponent method activate.

protected void activate(ComponentContext context) {
    try {
        if (OAuth2ServiceComponentHolder.getInstance().getScopeClaimMappingDAO() == null) {
            OAuth2ServiceComponentHolder.getInstance().setScopeClaimMappingDAO(new ScopeClaimMappingDAOImpl());
        }
        loadScopeConfigFile();
        loadOauthScopeBinding();
        int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
        boolean isRecordExist = OAuthTokenPersistenceFactory.getInstance().getScopeClaimMappingDAO().hasScopesPopulated(tenantId);
        if (!isRecordExist) {
            OAuth2Util.initiateOIDCScopes(tenantId);
        }
        TenantCreationEventListener scopeTenantMgtListener = new TenantCreationEventListener();
        bundleContext = context.getBundleContext();
        // Registering TenantCreationEventListener
        ServiceRegistration scopeTenantMgtListenerSR = bundleContext.registerService(TenantMgtListener.class.getName(), scopeTenantMgtListener, null);
        if (scopeTenantMgtListenerSR != null) {
            if (log.isDebugEnabled()) {
                log.debug(" TenantMgtListener is registered");
            }
        } else {
            log.error("TenantMgtListener could not be registered");
        }
        // iniating oauth scopes
        OAuth2Util.initiateOAuthScopePermissionsBindings(tenantId);
        // exposing server configuration as a service
        OAuthServerConfiguration oauthServerConfig = OAuthServerConfiguration.getInstance();
        bundleContext.registerService(OAuthServerConfiguration.class.getName(), oauthServerConfig, null);
        OAuth2TokenValidationService tokenValidationService = new OAuth2TokenValidationService();
        bundleContext.registerService(OAuth2TokenValidationService.class.getName(), tokenValidationService, null);
        OAuthClientAuthnService clientAuthnService = new OAuthClientAuthnService();
        bundleContext.registerService(OAuthClientAuthnService.class.getName(), clientAuthnService, null);
        BasicAuthClientAuthenticator basicAuthClientAuthenticator = new BasicAuthClientAuthenticator();
        bundleContext.registerService(OAuthClientAuthenticator.class.getName(), basicAuthClientAuthenticator, null);
        PublicClientAuthenticator publicClientAuthenticator = new PublicClientAuthenticator();
        bundleContext.registerService(OAuthClientAuthenticator.class.getName(), publicClientAuthenticator, null);
        // Register cookie based access token binder.
        CookieBasedTokenBinder cookieBasedTokenBinder = new CookieBasedTokenBinder();
        bundleContext.registerService(TokenBinderInfo.class.getName(), cookieBasedTokenBinder, null);
        // SSO session based access token binder.
        SSOSessionBasedTokenBinder ssoSessionBasedTokenBinder = new SSOSessionBasedTokenBinder();
        bundleContext.registerService(TokenBinderInfo.class.getName(), ssoSessionBasedTokenBinder, null);
        if (log.isDebugEnabled()) {
            log.debug("Identity OAuth bundle is activated");
        }
        if (OAuth2ServiceComponentHolder.getKeyIDProvider() == null) {
            KeyIDProvider defaultKeyIDProvider = new DefaultKeyIDProviderImpl();
            OAuth2ServiceComponentHolder.setKeyIDProvider(defaultKeyIDProvider);
            if (log.isDebugEnabled()) {
                log.debug("Key ID Provider " + DefaultKeyIDProviderImpl.class.getSimpleName() + " registered as the default Key ID Provider implementation.");
            }
        }
        ServiceRegistration tenantMgtListenerSR = bundleContext.registerService(TenantMgtListener.class.getName(), new OAuthTenantMgtListenerImpl(), null);
        if (tenantMgtListenerSR != null) {
            if (log.isDebugEnabled()) {
                log.debug("OAuth - TenantMgtListener registered.");
            }
        } else {
            log.error("OAuth - TenantMgtListener could not be registered.");
        }
        ServiceRegistration userStoreConfigEventSR = bundleContext.registerService(UserStoreConfigListener.class.getName(), new OAuthUserStoreConfigListenerImpl(), null);
        if (userStoreConfigEventSR != null) {
            if (log.isDebugEnabled()) {
                log.debug("OAuth - UserStoreConfigListener registered.");
            }
        } else {
            log.error("OAuth - UserStoreConfigListener could not be registered.");
        }
        ServiceRegistration oauthApplicationMgtListenerSR = bundleContext.registerService(ApplicationMgtListener.class.getName(), new OAuthApplicationMgtListener(), null);
        if (oauthApplicationMgtListenerSR != null) {
            if (log.isDebugEnabled()) {
                log.debug("OAuth - ApplicationMgtListener registered.");
            }
        } else {
            log.error("OAuth - ApplicationMgtListener could not be registered.");
        }
        // PKCE enabled by default.
        OAuth2ServiceComponentHolder.setPkceEnabled(true);
        // Register device auth service.
        ServiceRegistration deviceAuthService = bundleContext.registerService(DeviceAuthService.class.getName(), new DeviceAuthServiceImpl(), null);
        if (deviceAuthService != null) {
            if (log.isDebugEnabled()) {
                log.debug("DeviceAuthService registered.");
            }
        } else {
            log.error("DeviceAuthService could not be registered.");
        }
        // Register the default OpenIDConnect claim filter
        bundleContext.registerService(OpenIDConnectClaimFilter.class, new OpenIDConnectClaimFilterImpl(), null);
        if (log.isDebugEnabled()) {
            log.debug("Default OpenIDConnect Claim filter registered successfully.");
        }
        bundleContext.registerService(AbstractEventHandler.class.getName(), new TokenBindingExpiryEventHandler(), null);
        if (log.isDebugEnabled()) {
            log.debug("TokenBindingExpiryEventHandler is successfully registered.");
        }
        // Registering OAuth2Service as a OSGIService
        bundleContext.registerService(OAuth2Service.class.getName(), new OAuth2Service(), null);
        // Registering OAuth2ScopeService as a OSGIService
        bundleContext.registerService(OAuth2ScopeService.class.getName(), new OAuth2ScopeService(), null);
    // Note : DO NOT add any activation related code below this point,
    // to make sure the server doesn't start up if any activation failures occur
    } catch (Throwable e) {
        String errMsg = "Error while activating OAuth2ServiceComponent.";
        log.error(errMsg, e);
        throw new RuntimeException(errMsg, e);
    }
    if (checkAudienceEnabled()) {
        if (log.isDebugEnabled()) {
            log.debug("OAuth - OIDC audiences enabled.");
        }
        OAuth2ServiceComponentHolder.setAudienceEnabled(true);
    } else {
        if (log.isDebugEnabled()) {
            log.debug("OAuth - OIDC audiences disabled.");
        }
        OAuth2ServiceComponentHolder.setAudienceEnabled(false);
    }
    if (checkIDPIdColumnAvailable()) {
        if (log.isDebugEnabled()) {
            log.debug("IDP_ID column is available in all relevant tables. " + "Setting isIDPIdColumnEnabled to true.");
        }
        OAuth2ServiceComponentHolder.setIDPIdColumnEnabled(true);
    } else {
        if (log.isDebugEnabled()) {
            log.debug("IDP_ID column is not available in all relevant tables. " + "Setting isIDPIdColumnEnabled to false.");
        }
        OAuth2ServiceComponentHolder.setIDPIdColumnEnabled(false);
    }
}

Example 4 with OAuth2Service

use of io.trino.server.security.oauth2.OAuth2Service in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuth2AuthzEndpoint method getTokenBinder.

private Optional<TokenBinder> getTokenBinder(String clientId) throws OAuthSystemException {
    OAuthAppDO oAuthAppDO;
    try {
        oAuthAppDO = OAuth2Util.getAppInformationByClientId(clientId);
    } catch (IdentityOAuth2Exception | InvalidOAuthClientException e) {
        throw new OAuthSystemException("Failed to retrieve OAuth application with client id: " + clientId, e);
    }
    if (oAuthAppDO == null || StringUtils.isBlank(oAuthAppDO.getTokenBindingType())) {
        return Optional.empty();
    }
    OAuth2Service oAuth2Service = getOAuth2Service();
    List<TokenBinder> supportedTokenBinders = oAuth2Service.getSupportedTokenBinders();
    if (supportedTokenBinders == null || supportedTokenBinders.isEmpty()) {
        return Optional.empty();
    }
    return supportedTokenBinders.stream().filter(t -> t.getBindingType().equals(oAuthAppDO.getTokenBindingType())).findAny();
}

Example 5 with OAuth2Service

use of io.trino.server.security.oauth2.OAuth2Service in project identity-inbound-auth-oauth by wso2-extensions.

the class EndpointUtilTest method mockPrivilegedCarbonContext.

private void mockPrivilegedCarbonContext() {
    mockStatic(PrivilegedCarbonContext.class);
    when(PrivilegedCarbonContext.getThreadLocalCarbonContext()).thenReturn(mockedPrivilegedCarbonContext);
    when(mockedPrivilegedCarbonContext.getOSGiService(OAuthServerConfiguration.class, null)).thenReturn(mockedOAuthServerConfiguration);
    when(mockedPrivilegedCarbonContext.getOSGiService(WebFingerProcessor.class, null)).thenReturn(DefaultWebFingerProcessor.getInstance());
    when(mockedPrivilegedCarbonContext.getOSGiService(OIDCProviderRequestBuilder.class, null)).thenReturn(new DefaultOIDCProviderRequestBuilder());
    when(mockedPrivilegedCarbonContext.getOSGiService(OIDCProcessor.class, null)).thenReturn(DefaultOIDCProcessor.getInstance());
    when(mockedPrivilegedCarbonContext.getOSGiService(OAuth2Service.class, null)).thenReturn(new OAuth2Service());
    when(mockedPrivilegedCarbonContext.getOSGiService(OAuth2TokenValidationService.class, null)).thenReturn(new OAuth2TokenValidationService());
}