Search in sources :

Example 1 with TokenCredentials

use of io.vertx.ext.auth.authentication.TokenCredentials in project vertx-web by vert-x3.

the class WebClientOauth2Examples method create.

public void create(Vertx vertx) {
    WebClient client = WebClient.create(vertx);
    OAuth2WebClient oauth2 = OAuth2WebClient.create(client, OAuth2Auth.create(vertx, new OAuth2Options())).withCredentials(new TokenCredentials("some.jwt.token"));
}
Also used : WebClient(io.vertx.ext.web.client.WebClient) OAuth2WebClient(io.vertx.ext.web.client.OAuth2WebClient) OAuth2WebClient(io.vertx.ext.web.client.OAuth2WebClient) OAuth2Options(io.vertx.ext.auth.oauth2.OAuth2Options) TokenCredentials(io.vertx.ext.auth.authentication.TokenCredentials)

Example 2 with TokenCredentials

use of io.vertx.ext.auth.authentication.TokenCredentials in project vertx-web by vert-x3.

the class JWTAuthHandlerImpl method authenticate.

@Override
public void authenticate(RoutingContext context, Handler<AsyncResult<User>> handler) {
    parseAuthorization(context, parseAuthorization -> {
        if (parseAuthorization.failed()) {
            handler.handle(Future.failedFuture(parseAuthorization.cause()));
            return;
        }
        String token = parseAuthorization.result();
        int segments = 0;
        for (int i = 0; i < token.length(); i++) {
            char c = token.charAt(i);
            if (c == '.') {
                if (++segments == 3) {
                    handler.handle(Future.failedFuture(new HttpException(400, "Too many segments in token")));
                    return;
                }
                continue;
            }
            if (Character.isLetterOrDigit(c) || c == '-' || c == '_') {
                continue;
            }
            // invalid character
            handler.handle(Future.failedFuture(new HttpException(400, "Invalid character in token: " + (int) c)));
            return;
        }
        authProvider.authenticate(new TokenCredentials(token), authn -> {
            if (authn.failed()) {
                handler.handle(Future.failedFuture(new HttpException(401, authn.cause())));
            } else {
                handler.handle(authn);
            }
        });
    });
}
Also used : HttpException(io.vertx.ext.web.handler.HttpException) TokenCredentials(io.vertx.ext.auth.authentication.TokenCredentials)

Example 3 with TokenCredentials

use of io.vertx.ext.auth.authentication.TokenCredentials in project vertx-web by vert-x3.

the class OAuth2AuthHandlerImpl method authenticate.

@Override
public void authenticate(RoutingContext context, Handler<AsyncResult<User>> handler) {
    // when the handler is working as bearer only, then the `Authorization` header is required
    parseAuthorization(context, !bearerOnly, parseAuthorization -> {
        if (parseAuthorization.failed()) {
            handler.handle(Future.failedFuture(parseAuthorization.cause()));
            return;
        }
        // Authorization header can be null when in not in bearerOnly mode
        final String token = parseAuthorization.result();
        if (token == null) {
            // redirect request to the oauth2 server as we know nothing about this request
            if (bearerOnly) {
                // it's a failure both cases but the cause is not the same
                handler.handle(Future.failedFuture("callback route is not configured."));
                return;
            }
            // an infinite redirect loop. In this case an exception must be raised.
            if (context.request().method() == HttpMethod.GET && context.normalizedPath().equals(callbackURL.resource())) {
                LOG.warn("The callback route is shaded by the OAuth2AuthHandler, ensure the callback route is added BEFORE the OAuth2AuthHandler route!");
                handler.handle(Future.failedFuture(new HttpException(500, "Infinite redirect loop [oauth2 callback]")));
            } else {
                if (context.request().method() != HttpMethod.GET) {
                    // we can only redirect GET requests
                    LOG.error("OAuth2 redirect attempt to non GET resource");
                    context.fail(405, new IllegalStateException("OAuth2 redirect attempt to non GET resource"));
                    return;
                }
                // the redirect is processed as a failure to abort the chain
                String redirectUri = context.request().uri();
                String state = null;
                String codeVerifier = null;
                final Session session = context.session();
                if (session == null) {
                    if (pkce > 0) {
                        // we can only handle PKCE with a session
                        context.fail(500, new IllegalStateException("OAuth2 PKCE requires a session to be present"));
                        return;
                    }
                } else {
                    // there's a session we can make this request comply to the Oauth2 spec and add an opaque state
                    session.put("redirect_uri", context.request().uri());
                    // create a state value to mitigate replay attacks
                    state = prng.nextString(6);
                    // store the state in the session
                    session.put("state", state);
                    if (pkce > 0) {
                        codeVerifier = prng.nextString(pkce);
                        // store the code verifier in the session
                        session.put("pkce", codeVerifier);
                    }
                }
                handler.handle(Future.failedFuture(new HttpException(302, authURI(redirectUri, state, codeVerifier))));
            }
        } else {
            // continue
            final Credentials credentials = scopes.size() > 0 ? new TokenCredentials(token).setScopes(scopes) : new TokenCredentials(token);
            authProvider.authenticate(credentials, authn -> {
                if (authn.failed()) {
                    handler.handle(Future.failedFuture(new HttpException(401, authn.cause())));
                } else {
                    handler.handle(authn);
                }
            });
        }
    });
}
Also used : HttpException(io.vertx.ext.web.handler.HttpException) Credentials(io.vertx.ext.auth.authentication.Credentials) Oauth2Credentials(io.vertx.ext.auth.oauth2.Oauth2Credentials) TokenCredentials(io.vertx.ext.auth.authentication.TokenCredentials) Session(io.vertx.ext.web.Session) TokenCredentials(io.vertx.ext.auth.authentication.TokenCredentials)

Aggregations

TokenCredentials (io.vertx.ext.auth.authentication.TokenCredentials)3 HttpException (io.vertx.ext.web.handler.HttpException)2 Credentials (io.vertx.ext.auth.authentication.Credentials)1 OAuth2Options (io.vertx.ext.auth.oauth2.OAuth2Options)1 Oauth2Credentials (io.vertx.ext.auth.oauth2.Oauth2Credentials)1 Session (io.vertx.ext.web.Session)1 OAuth2WebClient (io.vertx.ext.web.client.OAuth2WebClient)1 WebClient (io.vertx.ext.web.client.WebClient)1