Search in sources :

Example 1 with ProvidedRedirectURI

use of oidc.model.ProvidedRedirectURI in project OpenConext-oidcng by OpenConext.

the class AuthorizationEndpoint method validateRedirectionURI.

public static ProvidedRedirectURI validateRedirectionURI(URI redirectionURI, OpenIDClient client) throws UnsupportedEncodingException {
    List<String> registeredRedirectUrls = client.getRedirectUrls();
    if (registeredRedirectUrls == null) {
        throw new IllegalArgumentException(String.format("Client %s must have at least one redirectURI configured to use the Authorization flow", client.getClientId()));
    }
    if (redirectionURI == null) {
        return registeredRedirectUrls.stream().findFirst().map(s -> new ProvidedRedirectURI(s, false)).orElseThrow(() -> new IllegalArgumentException(String.format("Client %s must have at least one redirectURI configured to use the Authorization flow", client.getClientId())));
    }
    String redirectURI = URLDecoder.decode(redirectionURI.toString(), "UTF-8");
    Optional<ProvidedRedirectURI> optionalProvidedRedirectURI = registeredRedirectUrls.stream().map(url -> new ProvidedRedirectURI(url, true)).filter(providedRedirectURI -> providedRedirectURI.equalsIgnorePort(redirectURI)).findFirst();
    if (!optionalProvidedRedirectURI.isPresent()) {
        throw new RedirectMismatchException(String.format("Client %s with registered redirect URI's %s requested authorization with redirectURI %s", client.getClientId(), registeredRedirectUrls, redirectURI));
    }
    return optionalProvidedRedirectURI.get();
}
Also used : LocaleContextHolder(org.springframework.context.i18n.LocaleContextHolder) UriComponentsBuilder(org.springframework.web.util.UriComponentsBuilder) AuthorizationCodeRepository(oidc.repository.AuthorizationCodeRepository) RequestParam(org.springframework.web.bind.annotation.RequestParam) Arrays(java.util.Arrays) Prompt(com.nimbusds.openid.connect.sdk.Prompt) ProvidedRedirectURI(oidc.model.ProvidedRedirectURI) URLDecoder(java.net.URLDecoder) URISyntaxException(java.net.URISyntaxException) JOSEException(com.nimbusds.jose.JOSEException) User(oidc.model.User) OidcSamlAuthentication(oidc.user.OidcSamlAuthentication) Autowired(org.springframework.beans.factory.annotation.Autowired) ResponseMode(com.nimbusds.oauth2.sdk.ResponseMode) ResponseType(com.nimbusds.oauth2.sdk.ResponseType) RedirectView(org.springframework.web.servlet.view.RedirectView) Locale(java.util.Locale) Map(java.util.Map) UnsupportedPromptValueException(oidc.exceptions.UnsupportedPromptValueException) URI(java.net.URI) SecurityContextHolder(org.springframework.security.core.context.SecurityContextHolder) Collectors.toSet(java.util.stream.Collectors.toSet) HttpSession(javax.servlet.http.HttpSession) PostMapping(org.springframework.web.bind.annotation.PostMapping) MediaType(org.springframework.http.MediaType) Set(java.util.Set) Collectors(java.util.stream.Collectors) ModelAndView(org.springframework.web.servlet.ModelAndView) List(java.util.List) AuthenticationRequest(com.nimbusds.openid.connect.sdk.AuthenticationRequest) OIDCResponseTypeValue(com.nimbusds.openid.connect.sdk.OIDCResponseTypeValue) CollectionUtils(org.springframework.util.CollectionUtils) InvalidScopeException(oidc.exceptions.InvalidScopeException) OpenIDClientRepository(oidc.repository.OpenIDClientRepository) Optional(java.util.Optional) TokenGenerator(oidc.secure.TokenGenerator) LogFactory(org.apache.commons.logging.LogFactory) Authentication(org.springframework.security.core.Authentication) Nonce(com.nimbusds.openid.connect.sdk.Nonce) UnsupportedEncodingException(java.io.UnsupportedEncodingException) CodeChallengeMethod(com.nimbusds.oauth2.sdk.pkce.CodeChallengeMethod) AuthorizationCode(oidc.model.AuthorizationCode) GrantType(com.nimbusds.oauth2.sdk.GrantType) RedirectMismatchException(oidc.exceptions.RedirectMismatchException) HashMap(java.util.HashMap) UnknownClientException(oidc.exceptions.UnknownClientException) Controller(org.springframework.stereotype.Controller) ArrayList(java.util.ArrayList) Value(org.springframework.beans.factory.annotation.Value) LinkedHashMap(java.util.LinkedHashMap) CodeChallenge(com.nimbusds.oauth2.sdk.pkce.CodeChallenge) KeyGenerator(oidc.crypto.KeyGenerator) HttpServletRequest(javax.servlet.http.HttpServletRequest) TokenValue(oidc.model.TokenValue) GetMapping(org.springframework.web.bind.annotation.GetMapping) ParseException(com.nimbusds.oauth2.sdk.ParseException) OpenIDClient(oidc.model.OpenIDClient) MDCContext(oidc.log.MDCContext) JWTRequest(oidc.secure.JWTRequest) Scope(com.nimbusds.oauth2.sdk.Scope) State(com.nimbusds.oauth2.sdk.id.State) MultiValueMap(org.springframework.util.MultiValueMap) InvalidGrantException(oidc.exceptions.InvalidGrantException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) AccessTokenRepository(oidc.repository.AccessTokenRepository) EncryptedTokenValue(oidc.model.EncryptedTokenValue) AuthorizationRequest(com.nimbusds.oauth2.sdk.AuthorizationRequest) UserRepository(oidc.repository.UserRepository) AccessToken(oidc.model.AccessToken) Collectors.toList(java.util.stream.Collectors.toList) BadJOSEException(com.nimbusds.jose.proc.BadJOSEException) Log(org.apache.commons.logging.Log) Collections(java.util.Collections) LinkedMultiValueMap(org.springframework.util.LinkedMultiValueMap) StringUtils(org.springframework.util.StringUtils) ProvidedRedirectURI(oidc.model.ProvidedRedirectURI) RedirectMismatchException(oidc.exceptions.RedirectMismatchException)

Example 2 with ProvidedRedirectURI

use of oidc.model.ProvidedRedirectURI in project OpenConext-oidcng by OpenConext.

the class AuthorizationEndpointUnitTest method doValidateRedirectionUri.

@SuppressWarnings("unchecked")
private void doValidateRedirectionUri(String clientRedirectUri, String requestRedirectUri) throws IOException, ParseException {
    AuthorizationRequest authorizationRequest = authorizationRequest(new FluentMap<String, String>().p("client_id", "http://oidc-rp").p("response_type", "code").p("redirect_uri", requestRedirectUri));
    OpenIDClient client = openIDClient(clientRedirectUri, "open_id", "authorization_code");
    ProvidedRedirectURI redirectUri = AuthorizationEndpoint.validateRedirectionURI(authorizationRequest.getRedirectionURI(), client);
    assertEquals(redirectUri.getRedirectURI(), requestRedirectUri != null ? requestRedirectUri : clientRedirectUri);
}
Also used : AuthorizationRequest(com.nimbusds.oauth2.sdk.AuthorizationRequest) OpenIDClient(oidc.model.OpenIDClient) ProvidedRedirectURI(oidc.model.ProvidedRedirectURI)

Aggregations

AuthorizationRequest (com.nimbusds.oauth2.sdk.AuthorizationRequest)2 JOSEException (com.nimbusds.jose.JOSEException)1 BadJOSEException (com.nimbusds.jose.proc.BadJOSEException)1 GrantType (com.nimbusds.oauth2.sdk.GrantType)1 ParseException (com.nimbusds.oauth2.sdk.ParseException)1 ResponseMode (com.nimbusds.oauth2.sdk.ResponseMode)1 ResponseType (com.nimbusds.oauth2.sdk.ResponseType)1 Scope (com.nimbusds.oauth2.sdk.Scope)1 State (com.nimbusds.oauth2.sdk.id.State)1 CodeChallenge (com.nimbusds.oauth2.sdk.pkce.CodeChallenge)1 CodeChallengeMethod (com.nimbusds.oauth2.sdk.pkce.CodeChallengeMethod)1 AuthenticationRequest (com.nimbusds.openid.connect.sdk.AuthenticationRequest)1 Nonce (com.nimbusds.openid.connect.sdk.Nonce)1 OIDCResponseTypeValue (com.nimbusds.openid.connect.sdk.OIDCResponseTypeValue)1 Prompt (com.nimbusds.openid.connect.sdk.Prompt)1 IOException (java.io.IOException)1 UnsupportedEncodingException (java.io.UnsupportedEncodingException)1 URI (java.net.URI)1 URISyntaxException (java.net.URISyntaxException)1 URLDecoder (java.net.URLDecoder)1