Example 1 with TokenCredentials
use of io.vertx.ext.auth.authentication.TokenCredentials in project vertx-web by vert-x3.
the class WebClientOauth2Examples method create.
public void create(Vertx vertx) {
WebClient client = WebClient.create(vertx);
OAuth2WebClient oauth2 = OAuth2WebClient.create(client, OAuth2Auth.create(vertx, new OAuth2Options())).withCredentials(new TokenCredentials("some.jwt.token"));
}
Also used :
WebClient(io.vertx.ext.web.client.WebClient)
OAuth2WebClient(io.vertx.ext.web.client.OAuth2WebClient)
OAuth2WebClient(io.vertx.ext.web.client.OAuth2WebClient)
OAuth2Options(io.vertx.ext.auth.oauth2.OAuth2Options)
TokenCredentials(io.vertx.ext.auth.authentication.TokenCredentials)
Example 2 with TokenCredentials
use of io.vertx.ext.auth.authentication.TokenCredentials in project vertx-web by vert-x3.
the class JWTAuthHandlerImpl method authenticate.
@Override
public void authenticate(RoutingContext context, Handler<AsyncResult<User>> handler) {
parseAuthorization(context, parseAuthorization -> {
if (parseAuthorization.failed()) {
handler.handle(Future.failedFuture(parseAuthorization.cause()));
return;
}
String token = parseAuthorization.result();
int segments = 0;
for (int i = 0; i < token.length(); i++) {
char c = token.charAt(i);
if (c == '.') {
if (++segments == 3) {
handler.handle(Future.failedFuture(new HttpException(400, "Too many segments in token")));
return;
}
continue;
}
if (Character.isLetterOrDigit(c) || c == '-' || c == '_') {
continue;
}
// invalid character
handler.handle(Future.failedFuture(new HttpException(400, "Invalid character in token: " + (int) c)));
return;
}
authProvider.authenticate(new TokenCredentials(token), authn -> {
if (authn.failed()) {
handler.handle(Future.failedFuture(new HttpException(401, authn.cause())));
} else {
handler.handle(authn);
}
});
});
}
Also used :
HttpException(io.vertx.ext.web.handler.HttpException)
TokenCredentials(io.vertx.ext.auth.authentication.TokenCredentials)
Example 3 with TokenCredentials
use of io.vertx.ext.auth.authentication.TokenCredentials in project vertx-web by vert-x3.
the class OAuth2AuthHandlerImpl method authenticate.
@Override
public void authenticate(RoutingContext context, Handler<AsyncResult<User>> handler) {
// when the handler is working as bearer only, then the `Authorization` header is required
parseAuthorization(context, !bearerOnly, parseAuthorization -> {
if (parseAuthorization.failed()) {
handler.handle(Future.failedFuture(parseAuthorization.cause()));
return;
}
// Authorization header can be null when in not in bearerOnly mode
final String token = parseAuthorization.result();
if (token == null) {
// redirect request to the oauth2 server as we know nothing about this request
if (bearerOnly) {
// it's a failure both cases but the cause is not the same
handler.handle(Future.failedFuture("callback route is not configured."));
return;
}
// an infinite redirect loop. In this case an exception must be raised.
if (context.request().method() == HttpMethod.GET && context.normalizedPath().equals(callbackURL.resource())) {
LOG.warn("The callback route is shaded by the OAuth2AuthHandler, ensure the callback route is added BEFORE the OAuth2AuthHandler route!");
handler.handle(Future.failedFuture(new HttpException(500, "Infinite redirect loop [oauth2 callback]")));
} else {
if (context.request().method() != HttpMethod.GET) {
// we can only redirect GET requests
LOG.error("OAuth2 redirect attempt to non GET resource");
context.fail(405, new IllegalStateException("OAuth2 redirect attempt to non GET resource"));
return;
}
// the redirect is processed as a failure to abort the chain
String redirectUri = context.request().uri();
String state = null;
String codeVerifier = null;
final Session session = context.session();
if (session == null) {
if (pkce > 0) {
// we can only handle PKCE with a session
context.fail(500, new IllegalStateException("OAuth2 PKCE requires a session to be present"));
return;
}
} else {
// there's a session we can make this request comply to the Oauth2 spec and add an opaque state
session.put("redirect_uri", context.request().uri());
// create a state value to mitigate replay attacks
state = prng.nextString(6);
// store the state in the session
session.put("state", state);
if (pkce > 0) {
codeVerifier = prng.nextString(pkce);
// store the code verifier in the session
session.put("pkce", codeVerifier);
}
}
handler.handle(Future.failedFuture(new HttpException(302, authURI(redirectUri, state, codeVerifier))));
}
} else {
// continue
final Credentials credentials = scopes.size() > 0 ? new TokenCredentials(token).setScopes(scopes) : new TokenCredentials(token);
authProvider.authenticate(credentials, authn -> {
if (authn.failed()) {
handler.handle(Future.failedFuture(new HttpException(401, authn.cause())));
} else {
handler.handle(authn);
}
});
}
});
}
Also used :
HttpException(io.vertx.ext.web.handler.HttpException)
Credentials(io.vertx.ext.auth.authentication.Credentials)
Oauth2Credentials(io.vertx.ext.auth.oauth2.Oauth2Credentials)
TokenCredentials(io.vertx.ext.auth.authentication.TokenCredentials)
Session(io.vertx.ext.web.Session)
TokenCredentials(io.vertx.ext.auth.authentication.TokenCredentials)
Aggregations
TokenCredentials (io.vertx.ext.auth.authentication.TokenCredentials)3
HttpException (io.vertx.ext.web.handler.HttpException)2
Credentials (io.vertx.ext.auth.authentication.Credentials)1
OAuth2Options (io.vertx.ext.auth.oauth2.OAuth2Options)1
Oauth2Credentials (io.vertx.ext.auth.oauth2.Oauth2Credentials)1
Session (io.vertx.ext.web.Session)1
OAuth2WebClient (io.vertx.ext.web.client.OAuth2WebClient)1
WebClient (io.vertx.ext.web.client.WebClient)1
