Example 11 with User
use of oidc.model.User in project OpenConext-oidcng by OpenConext.
the class UserInfoEndpoint method userInfo.
private ResponseEntity<Map<String, Object>> userInfo(HttpServletRequest request) throws ParseException, IOException, java.text.ParseException {
HTTPRequest httpRequest = ServletUtils.createHTTPRequest(request);
UserInfoRequest userInfoRequest = UserInfoRequest.parse(httpRequest);
String accessTokenValue = userInfoRequest.getAccessToken().getValue();
MDCContext.mdcContext("action", "Userinfo", "accessTokenValue", accessTokenValue);
Optional<SignedJWT> optionalSignedJWT = tokenGenerator.parseAndValidateSignedJWT(accessTokenValue);
if (!optionalSignedJWT.isPresent()) {
return errorResponse("Access Token not found");
}
SignedJWT signedJWT = optionalSignedJWT.get();
String jwtId = signedJWT.getJWTClaimsSet().getJWTID();
Optional<AccessToken> optionalAccessToken = accessTokenRepository.findByJwtId(jwtId);
if (!optionalAccessToken.isPresent()) {
return errorResponse("Access Token not found");
}
AccessToken accessToken = optionalAccessToken.get();
if (accessToken.isExpired(Clock.systemDefaultZone())) {
return errorResponse("Access Token expired");
}
if (accessToken.isClientCredentials()) {
throw new InvalidGrantException("UserEndpoint not allowed for Client Credentials");
}
User user = tokenGenerator.decryptAccessTokenWithEmbeddedUserInfo(signedJWT);
MDCContext.mdcContext(user);
Map<String, Object> attributes = user.getAttributes();
List<String> acrClaims = user.getAcrClaims();
if (!CollectionUtils.isEmpty(acrClaims)) {
attributes.put("acr", String.join(" ", acrClaims));
}
attributes.put("updated_at", user.getUpdatedAt());
attributes.put("sub", user.getSub());
return ResponseEntity.ok(new TreeMap(attributes));
}
Also used :
HTTPRequest(com.nimbusds.oauth2.sdk.http.HTTPRequest)
User(oidc.model.User)
UserInfoRequest(com.nimbusds.openid.connect.sdk.UserInfoRequest)
SignedJWT(com.nimbusds.jwt.SignedJWT)
TreeMap(java.util.TreeMap)
InvalidGrantException(oidc.exceptions.InvalidGrantException)
AccessToken(oidc.model.AccessToken)
Example 12 with User
use of oidc.model.User in project OpenConext-oidcng by OpenConext.
the class TokenGeneratorTest method defaultAcrValue.
@Test
public void defaultAcrValue() throws IOException, JOSEException, NoSuchAlgorithmException, NoSuchProviderException, ParseException {
User user = new User("sub", "unspecifiedNameId", "http://mockidp", "clientId", getUserInfo(), emptyList());
OpenIDClient client = openIDClient("mock-sp");
TokenValue tokenValue = tokenGenerator.generateIDTokenForTokenEndpoint(Optional.of(user), client, "nonce", emptyList(), emptyList(), Optional.empty());
SignedJWT jwt = SignedJWT.parse(tokenValue.getValue());
Object acr = jwt.getJWTClaimsSet().getClaim("acr");
assertEquals("http://test.surfconext.nl/assurance/loa1", acr);
}
Also used :
User(oidc.model.User)
OpenIDClient(oidc.model.OpenIDClient)
SignedJWT(com.nimbusds.jwt.SignedJWT)
TokenValue(oidc.model.TokenValue)
EncryptedTokenValue(oidc.model.EncryptedTokenValue)
AbstractIntegrationTest(oidc.AbstractIntegrationTest)
Test(org.junit.Test)
Example 13 with User
use of oidc.model.User in project OpenConext-oidcng by OpenConext.
the class TokenGeneratorTest method doEncryptAndDecryptAccessToken.
private String doEncryptAndDecryptAccessToken(boolean verify) throws IOException, ParseException {
User user = new User("sub", "unspecifiedNameId", "http://mockidp", "clientId", getUserInfo(), emptyList());
String clientId = "mock-sp";
OpenIDClient client = mongoTemplate.find(Query.query(Criteria.where("clientId").is(clientId)), OpenIDClient.class).get(0);
EncryptedTokenValue encryptedAccessToken = tokenGenerator.generateAccessTokenWithEmbeddedUserInfo(user, client, Arrays.asList("openid", "groups"));
String accessToken = encryptedAccessToken.getValue();
SignedJWT signedJWT = verify ? tokenGenerator.parseAndValidateSignedJWT(accessToken).get() : SignedJWT.parse(accessToken);
User convertedUser = tokenGenerator.decryptAccessTokenWithEmbeddedUserInfo(signedJWT);
assertEquals(user, convertedUser);
assertEquals("openid groups", signedJWT.getJWTClaimsSet().getStringClaim("scope"));
return accessToken;
}
Also used :
User(oidc.model.User)
OpenIDClient(oidc.model.OpenIDClient)
SignedJWT(com.nimbusds.jwt.SignedJWT)
EncryptedTokenValue(oidc.model.EncryptedTokenValue)
Example 14 with User
use of oidc.model.User in project OpenConext-oidcng by OpenConext.
the class TokenGeneratorTest method invalidAcrValueIsAllowed.
@Test
public void invalidAcrValueIsAllowed() throws IOException, ParseException {
User user = new User("sub", "unspecifiedNameId", "http://mockidp", "clientId", getUserInfo(), Arrays.asList("http://test.surfconext.nl/assurance/loa3", "invalid_acr"));
OpenIDClient client = openIDClient("mock-sp");
TokenValue tokenValue = tokenGenerator.generateIDTokenForTokenEndpoint(Optional.of(user), client, "nonce", emptyList(), emptyList(), Optional.empty());
SignedJWT jwt = SignedJWT.parse(tokenValue.getValue());
Object acr = jwt.getJWTClaimsSet().getClaim("acr");
assertEquals("http://test.surfconext.nl/assurance/loa3 invalid_acr", acr);
}
Also used :
User(oidc.model.User)
OpenIDClient(oidc.model.OpenIDClient)
SignedJWT(com.nimbusds.jwt.SignedJWT)
TokenValue(oidc.model.TokenValue)
EncryptedTokenValue(oidc.model.EncryptedTokenValue)
AbstractIntegrationTest(oidc.AbstractIntegrationTest)
Test(org.junit.Test)
Example 15 with User
use of oidc.model.User in project OpenConext-oidcng by OpenConext.
the class FakeSamlAuthenticationFilter method doFilter.
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
String requestURI = ((HttpServletRequest) request).getRequestURI();
boolean authorizeFlow = authorizeEndpoints.stream().anyMatch(requestURI::contains);
if (authorizeFlow && (authentication == null || !authentication.isAuthenticated()) && !(authentication instanceof OidcSamlAuthentication)) {
User user = getUser(objectMapper, request);
userRepository.deleteAll();
userRepository.insert(user);
request.setAttribute(REDIRECT_URI_VALID, true);
OidcSamlAuthentication samlAuthentication = new OidcSamlAuthentication(getAssertion(), user, "http://localhost");
SecurityContextHolder.getContext().setAuthentication(samlAuthentication);
}
chain.doFilter(request, response);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
User(oidc.model.User)
OidcSamlAuthentication(oidc.user.OidcSamlAuthentication)
Authentication(org.springframework.security.core.Authentication)
OidcSamlAuthentication(oidc.user.OidcSamlAuthentication)
Aggregations
User (oidc.model.User)17
SignedJWT (com.nimbusds.jwt.SignedJWT)7
OpenIDClient (oidc.model.OpenIDClient)7
AuthorizationCode (oidc.model.AuthorizationCode)5
Test (org.junit.Test)5
AbstractIntegrationTest (oidc.AbstractIntegrationTest)4
UnauthorizedException (oidc.exceptions.UnauthorizedException)4
AccessToken (oidc.model.AccessToken)4
EncryptedTokenValue (oidc.model.EncryptedTokenValue)4
OidcSamlAuthentication (oidc.user.OidcSamlAuthentication)4
HTTPRequest (com.nimbusds.oauth2.sdk.http.HTTPRequest)3
Date (java.util.Date)3
UnknownClientException (oidc.exceptions.UnknownClientException)3
AuthenticationRequest (oidc.model.AuthenticationRequest)3
TokenValue (oidc.model.TokenValue)3
JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)2
ClientAuthentication (com.nimbusds.oauth2.sdk.auth.ClientAuthentication)2
PlainClientSecret (com.nimbusds.oauth2.sdk.auth.PlainClientSecret)2
LinkedHashMap (java.util.LinkedHashMap)2
Map (java.util.Map)2
