Examples with TokenResponse it.spid.cie.oidc.schemas.TokenResponse used on opensource projects

Example 1 with TokenResponse

use of it.spid.cie.oidc.schemas.TokenResponse in project spid-cie-oidc-java by italia.

the class RelyingPartyHandler method doGetUserInfo.

protected JSONObject doGetUserInfo(String state, String code) throws OIDCException {
    if (Validator.isNullOrEmpty(code) || Validator.isNullOrEmpty(state)) {
        throw new SchemaException.Validation("Authn response object validation failed");
    }
    List<AuthnRequest> authnRequests = persistence.findAuthnRequests(state);
    if (authnRequests.isEmpty()) {
        throw new RelyingPartyException.Generic("No AuthnRequest");
    }
    AuthnRequest authnRequest = ListUtil.getLast(authnRequests);
    AuthnToken authnToken = new AuthnToken().setAuthnRequestId(authnRequest.getStorageId()).setCode(code);
    authnToken = persistence.storeOIDCAuthnToken(authnToken);
    // Get clientId configuration. In this situation "clientId" refers this
    // RelyingParty
    FederationEntity entityConf = persistence.fetchFederationEntity(authnRequest.getClientId(), true);
    if (entityConf == null) {
        throw new RelyingPartyException.Generic("RelyingParty %s not found", authnRequest.getClientId());
    } else if (!Objects.equals(options.getClientId(), authnRequest.getClientId())) {
        throw new RelyingPartyException.Generic("Invalid RelyingParty %s", authnRequest.getClientId());
    }
    JSONObject authnData = new JSONObject(authnRequest.getData());
    JSONObject providerConfiguration = new JSONObject(authnRequest.getProviderConfiguration());
    JSONObject jsonTokenResponse = oauth2Helper.performAccessTokenRequest(authnData.optString("redirect_uri"), state, code, authnRequest.getProviderId(), entityConf, providerConfiguration.optString("token_endpoint"), authnData.optString("code_verifier"));
    TokenResponse tokenResponse = TokenResponse.of(jsonTokenResponse);
    if (logger.isDebugEnabled()) {
        logger.debug("TokenResponse=" + tokenResponse.toString());
    }
    JWKSet providerJwks = JWTHelper.getJWKSetFromJSON(providerConfiguration.optJSONObject("jwks"));
    try {
        jwtHelper.verifyJWS(tokenResponse.getAccessToken(), providerJwks);
    } catch (Exception e) {
        throw new RelyingPartyException.Authentication("Authentication token validation error.");
    }
    try {
        jwtHelper.verifyJWS(tokenResponse.getIdToken(), providerJwks);
    } catch (Exception e) {
        throw new RelyingPartyException.Authentication("ID token validation error.");
    }
    // Update AuthenticationToken
    authnToken.setAccessToken(tokenResponse.getAccessToken());
    authnToken.setIdToken(tokenResponse.getIdToken());
    authnToken.setTokenType(tokenResponse.getTokenType());
    authnToken.setScope(jsonTokenResponse.optString("scope"));
    authnToken.setExpiresIn(tokenResponse.getExpiresIn());
    authnToken = persistence.storeOIDCAuthnToken(authnToken);
    JWKSet entityJwks = JWTHelper.getJWKSetFromJSON(entityConf.getJwks());
    JSONObject userInfo = oidcHelper.getUserInfo(state, tokenResponse.getAccessToken(), providerConfiguration, true, entityJwks);
    // TODO: userKey from options
    authnToken.setUserKey(userInfo.optString("https://attributes.spid.gov.it/email"));
    authnToken = persistence.storeOIDCAuthnToken(authnToken);
    return userInfo;
}