use of oidc.model.EncryptedTokenValue in project OpenConext-oidcng by OpenConext.
the class AuthorizationEndpoint method authorizationEndpointResponse.
private Map<String, Object> authorizationEndpointResponse(User user, OpenIDClient client, AuthorizationRequest authorizationRequest, List<String> scopes, ResponseType responseType, State state) {
Map<String, Object> result = new LinkedHashMap<>();
EncryptedTokenValue encryptedAccessToken = tokenGenerator.generateAccessTokenWithEmbeddedUserInfo(user, client, scopes);
if (responseType.contains(ResponseType.Value.TOKEN.getValue()) || !isOpenIDRequest(authorizationRequest)) {
String unspecifiedUrnHash = KeyGenerator.oneWayHash(user.getUnspecifiedNameId(), this.salt);
AccessToken accessToken = new AccessToken(encryptedAccessToken.getJwtId(), user.getSub(), client.getClientId(), scopes, encryptedAccessToken.getKeyId(), accessTokenValidity(client), false, null, unspecifiedUrnHash);
accessTokenRepository.insert(accessToken);
result.put("access_token", encryptedAccessToken.getValue());
result.put("token_type", "Bearer");
}
if (responseType.contains(ResponseType.Value.CODE.getValue())) {
AuthorizationCode authorizationCode = createAndSaveAuthorizationCode(authorizationRequest, client, user);
result.put("code", authorizationCode.getCode());
}
if (responseType.contains(OIDCResponseTypeValue.ID_TOKEN.getValue()) && isOpenIDRequest(scopes) && isOpenIDRequest(authorizationRequest)) {
AuthenticationRequest authenticationRequest = (AuthenticationRequest) authorizationRequest;
List<String> claims = getClaims(authorizationRequest);
TokenValue tokenValue = tokenGenerator.generateIDTokenForAuthorizationEndpoint(user, client, authenticationRequest.getNonce(), responseType, encryptedAccessToken.getValue(), claims, Optional.ofNullable((String) result.get("code")), state);
result.put("id_token", tokenValue.getValue());
}
result.put("expires_in", client.getAccessTokenValidity());
if (state != null) {
result.put("state", state.getValue());
}
return result;
}
use of oidc.model.EncryptedTokenValue in project OpenConext-oidcng by OpenConext.
the class TokenEndpoint method tokenEndpointResponse.
private Map<String, Object> tokenEndpointResponse(Optional<User> user, OpenIDClient client, List<String> scopes, List<String> idTokenClaims, boolean clientCredentials, String nonce, Optional<Long> authorizationTime, Optional<String> authorizationCodeId) {
Map<String, Object> map = new LinkedHashMap<>();
EncryptedTokenValue encryptedAccessToken = user.map(u -> tokenGenerator.generateAccessTokenWithEmbeddedUserInfo(u, client, scopes)).orElse(tokenGenerator.generateAccessToken(client, scopes));
String sub = user.map(User::getSub).orElse(client.getClientId());
String unspecifiedUrnHash = user.map(u -> KeyGenerator.oneWayHash(u.getUnspecifiedNameId(), this.salt)).orElse(null);
AccessToken accessToken = new AccessToken(encryptedAccessToken.getJwtId(), sub, client.getClientId(), scopes, encryptedAccessToken.getKeyId(), accessTokenValidity(client), !user.isPresent(), authorizationCodeId.orElse(null), unspecifiedUrnHash);
accessToken = accessTokenRepository.insert(accessToken);
map.put("access_token", encryptedAccessToken.getValue());
map.put("token_type", "Bearer");
if (client.getGrants().contains(GrantType.REFRESH_TOKEN.getValue())) {
EncryptedTokenValue encryptedRefreshToken = user.map(u -> tokenGenerator.generateRefreshTokenWithEmbeddedUserInfo(u, client)).orElse(tokenGenerator.generateRefreshToken(client));
String refreshTokenValue = encryptedRefreshToken.getValue();
refreshTokenRepository.insert(new RefreshToken(encryptedRefreshToken.getJwtId(), accessToken, refreshTokenValidity(client)));
map.put("refresh_token", refreshTokenValue);
}
map.put("expires_in", client.getAccessTokenValidity());
if (isOpenIDRequest(scopes) && !clientCredentials) {
TokenValue tokenValue = tokenGenerator.generateIDTokenForTokenEndpoint(user, client, nonce, idTokenClaims, scopes, authorizationTime);
map.put("id_token", tokenValue.getValue());
}
return map;
}
use of oidc.model.EncryptedTokenValue in project OpenConext-oidcng by OpenConext.
the class TokenGeneratorTest method doEncryptAndDecryptAccessToken.
private String doEncryptAndDecryptAccessToken(boolean verify) throws IOException, ParseException {
User user = new User("sub", "unspecifiedNameId", "http://mockidp", "clientId", getUserInfo(), emptyList());
String clientId = "mock-sp";
OpenIDClient client = mongoTemplate.find(Query.query(Criteria.where("clientId").is(clientId)), OpenIDClient.class).get(0);
EncryptedTokenValue encryptedAccessToken = tokenGenerator.generateAccessTokenWithEmbeddedUserInfo(user, client, Arrays.asList("openid", "groups"));
String accessToken = encryptedAccessToken.getValue();
SignedJWT signedJWT = verify ? tokenGenerator.parseAndValidateSignedJWT(accessToken).get() : SignedJWT.parse(accessToken);
User convertedUser = tokenGenerator.decryptAccessTokenWithEmbeddedUserInfo(signedJWT);
assertEquals(user, convertedUser);
assertEquals("openid groups", signedJWT.getJWTClaimsSet().getStringClaim("scope"));
return accessToken;
}
Aggregations