Example 1 with Scope
use of oidc.model.Scope in project OpenConext-oidcng by OpenConext.
the class TokenController method convertToken.
private Map<String, Object> convertToken(AccessToken token) {
Map<String, Object> result = new HashMap<>();
result.put("id", token.getId());
Optional<OpenIDClient> optionalClient = openIDClientRepository.findOptionalByClientId(token.getClientId());
if (!optionalClient.isPresent()) {
return result;
}
OpenIDClient openIDClient = optionalClient.get();
result.put("clientId", openIDClient.getClientId());
result.put("clientName", openIDClient.getName());
List<OpenIDClient> resourceServers = openIDClient.getAllowedResourceServers().stream().map(rs -> openIDClientRepository.findOptionalByClientId(rs)).filter(Optional::isPresent).map(Optional::get).collect(toList());
result.put("audiences", resourceServers.stream().map(OpenIDClient::getName));
result.put("createdAt", token.getCreatedAt());
result.put("expiresIn", token.getExpiresIn());
result.put("type", token instanceof RefreshToken ? TokenType.REFRESH : TokenType.ACCESS);
Map<String, Scope> allScopes = resourceServers.stream().map(OpenIDClient::getScopes).flatMap(List::stream).filter(distinctByKey(Scope::getName)).collect(toMap(Scope::getName, s -> s));
List<Scope> scopes = token.getScopes().stream().filter(name -> !name.equalsIgnoreCase("openid")).map(allScopes::get).filter(Objects::nonNull).collect(toList());
result.put("scopes", scopes);
return result;
}
Also used :
TokenType(oidc.model.TokenType)
RequestParam(org.springframework.web.bind.annotation.RequestParam)
java.util(java.util)
URLDecoder(java.net.URLDecoder)
PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)
RefreshTokenRepository(oidc.repository.RefreshTokenRepository)
Function(java.util.function.Function)
Value(org.springframework.beans.factory.annotation.Value)
RequestBody(org.springframework.web.bind.annotation.RequestBody)
KeyGenerator(oidc.crypto.KeyGenerator)
PutMapping(org.springframework.web.bind.annotation.PutMapping)
Charset(java.nio.charset.Charset)
Collectors.toMap(java.util.stream.Collectors.toMap)
GetMapping(org.springframework.web.bind.annotation.GetMapping)
OpenIDClient(oidc.model.OpenIDClient)
TokenRepresentation(oidc.model.TokenRepresentation)
Predicate(java.util.function.Predicate)
ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap)
AccessTokenRepository(oidc.repository.AccessTokenRepository)
RestController(org.springframework.web.bind.annotation.RestController)
Collectors(java.util.stream.Collectors)
HttpStatus(org.springframework.http.HttpStatus)
AccessToken(oidc.model.AccessToken)
Collectors.toList(java.util.stream.Collectors.toList)
Stream(java.util.stream.Stream)
OpenIDClientRepository(oidc.repository.OpenIDClientRepository)
Scope(oidc.model.Scope)
Log(org.apache.commons.logging.Log)
ResponseEntity(org.springframework.http.ResponseEntity)
LogFactory(org.apache.commons.logging.LogFactory)
Authentication(org.springframework.security.core.Authentication)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
RefreshToken(oidc.model.RefreshToken)
ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap)
OpenIDClient(oidc.model.OpenIDClient)
RefreshToken(oidc.model.RefreshToken)
Scope(oidc.model.Scope)
Collectors.toList(java.util.stream.Collectors.toList)
Example 2 with Scope
use of oidc.model.Scope in project OpenConext-oidcng by OpenConext.
the class AuthnRequestConverterUnitTest method testSamlForceAuthn.
@Test
public void testSamlForceAuthn() throws Exception {
OpenIDClient openIDClient = new OpenIDClient("clientId", singletonList("http://redirect"), singletonList(new Scope("openid")), singletonList("authorization_code"));
when(openIDClientRepository.findOptionalByClientId("mock_sp")).thenReturn(Optional.of(openIDClient));
MockHttpServletRequest request = new MockHttpServletRequest("GET", "http://localhost/oidc/authorize");
request.addParameter("max_age", "-1");
request.addParameter("response_type", "code");
request.addParameter("client_id", "mock_sp");
HttpServletRequest servletRequest = new MockHttpServletRequest();
CustomSaml2AuthenticationRequestContext ctx = new CustomSaml2AuthenticationRequestContext(relyingParty, servletRequest);
when(requestCache.getRequest(any(HttpServletRequest.class), any())).thenReturn(new DefaultSavedRequest(request, portResolver));
AuthnRequest authnRequest = subject.convert(ctx);
assertTrue(authnRequest.isForceAuthn());
}
Also used :
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Scope(oidc.model.Scope)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
OpenIDClient(oidc.model.OpenIDClient)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
DefaultSavedRequest(org.springframework.security.web.savedrequest.DefaultSavedRequest)
Test(org.junit.Test)
SignedJWTTest(oidc.secure.SignedJWTTest)
Example 3 with Scope
use of oidc.model.Scope in project OpenConext-oidcng by OpenConext.
the class AuthnRequestConverterUnitTest method testSaml.
@Test
public void testSaml() throws Exception {
OpenIDClient openIDClient = new OpenIDClient("clientId", singletonList("http://redirect"), singletonList(new Scope("openid")), singletonList("authorization_code"));
String cert = readFile("keys/certificate.crt");
setCertificateFields(openIDClient, cert, null, null);
when(openIDClientRepository.findOptionalByClientId("mock_sp")).thenReturn(Optional.of(openIDClient));
MockHttpServletRequest request = new MockHttpServletRequest("GET", "http://localhost/oidc/authorize");
request.addParameter("client_id", "mock_sp");
request.addParameter("response_type", "code");
request.addParameter("acr_values", "http://loa1");
request.addParameter("prompt", "login");
request.addParameter("login_hint", "http://idp");
String keyID = getCertificateKeyIDFromCertificate(cert);
SignedJWT signedJWT = signedJWT(openIDClient.getClientId(), keyID, openIDClient.getRedirectUrls().get(0));
request.addParameter("request", signedJWT.serialize());
HttpServletRequest servletRequest = new MockHttpServletRequest();
CustomSaml2AuthenticationRequestContext ctx = new CustomSaml2AuthenticationRequestContext(relyingParty, servletRequest);
when(requestCache.getRequest(any(HttpServletRequest.class), any())).thenReturn(new DefaultSavedRequest(request, portResolver));
AuthnRequest authnRequest = subject.convert(ctx);
assertTrue(authnRequest.isForceAuthn());
assertEquals("loa1", authnRequest.getRequestedAuthnContext().getAuthnContextClassRefs().get(0).getAuthnContextClassRef());
assertEquals("http://idp", authnRequest.getScoping().getIDPList().getIDPEntrys().get(0).getProviderID());
}
Also used :
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Scope(oidc.model.Scope)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
OpenIDClient(oidc.model.OpenIDClient)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
SignedJWT(com.nimbusds.jwt.SignedJWT)
DefaultSavedRequest(org.springframework.security.web.savedrequest.DefaultSavedRequest)
Test(org.junit.Test)
SignedJWTTest(oidc.secure.SignedJWTTest)
Aggregations
OpenIDClient (oidc.model.OpenIDClient)3
Scope (oidc.model.Scope)3
HttpServletRequest (javax.servlet.http.HttpServletRequest)2
SignedJWTTest (oidc.secure.SignedJWTTest)2
Test (org.junit.Test)2
AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)2
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)2
DefaultSavedRequest (org.springframework.security.web.savedrequest.DefaultSavedRequest)2
SignedJWT (com.nimbusds.jwt.SignedJWT)1
UnsupportedEncodingException (java.io.UnsupportedEncodingException)1
URLDecoder (java.net.URLDecoder)1
Charset (java.nio.charset.Charset)1
java.util (java.util)1
ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)1
Function (java.util.function.Function)1
Predicate (java.util.function.Predicate)1
Collectors (java.util.stream.Collectors)1
Collectors.toList (java.util.stream.Collectors.toList)1
Collectors.toMap (java.util.stream.Collectors.toMap)1
Stream (java.util.stream.Stream)1
