Example 81 with OAuthSystemException
use of org.apache.amber.oauth2.common.exception.OAuthSystemException in project vcita-platform-java-sdk by SimonIT.
the class OAuthOkHttpClient method execute.
@Override
public <T extends OAuthClientResponse> T execute(OAuthClientRequest request, Map<String, String> headers, String requestMethod, Class<T> responseClass) throws OAuthSystemException, OAuthProblemException {
MediaType mediaType = MediaType.parse("application/json");
Request.Builder requestBuilder = new Request.Builder().url(request.getLocationUri());
if (headers != null) {
for (Entry<String, String> entry : headers.entrySet()) {
if (entry.getKey().equalsIgnoreCase("Content-Type")) {
mediaType = MediaType.parse(entry.getValue());
} else {
requestBuilder.addHeader(entry.getKey(), entry.getValue());
}
}
}
RequestBody body = request.getBody() != null ? RequestBody.create(request.getBody(), mediaType) : null;
requestBuilder.method(requestMethod, body);
try {
Response response = client.newCall(requestBuilder.build()).execute();
return OAuthClientResponseFactory.createCustomResponse(response.body().string(), response.body().contentType().toString(), response.code(), responseClass);
} catch (IOException e) {
throw new OAuthSystemException(e);
}
}
Also used :
OAuthClientResponse(org.apache.oltu.oauth2.client.response.OAuthClientResponse)
Response(okhttp3.Response)
OAuthSystemException(org.apache.oltu.oauth2.common.exception.OAuthSystemException)
Request(okhttp3.Request)
OAuthClientRequest(org.apache.oltu.oauth2.client.request.OAuthClientRequest)
MediaType(okhttp3.MediaType)
IOException(java.io.IOException)
RequestBody(okhttp3.RequestBody)
Example 82 with OAuthSystemException
use of org.apache.amber.oauth2.common.exception.OAuthSystemException in project vcita-client-java-sdk by SimonIT.
the class RetryingOAuth method retryingIntercept.
private Response retryingIntercept(Chain chain, boolean updateTokenAndRetryOnAuthorizationFailure) throws IOException {
Request request = chain.request();
// If the request already has an authorization (e.g. Basic auth), proceed with the request as is
if (request.header("Authorization") != null) {
return chain.proceed(request);
}
// Get the token if it has not yet been acquired
if (getAccessToken() == null) {
updateAccessToken(null);
}
OAuthClientRequest oAuthRequest;
if (getAccessToken() != null) {
// Build the request
Request.Builder requestBuilder = request.newBuilder();
String requestAccessToken = getAccessToken();
try {
oAuthRequest = new OAuthBearerClientRequest(request.url().toString()).setAccessToken(requestAccessToken).buildHeaderMessage();
} catch (OAuthSystemException e) {
throw new IOException(e);
}
Map<String, String> headers = oAuthRequest.getHeaders();
for (String headerName : headers.keySet()) {
requestBuilder.addHeader(headerName, headers.get(headerName));
}
requestBuilder.url(oAuthRequest.getLocationUri());
// Execute the request
Response response = chain.proceed(requestBuilder.build());
// 401/403 response codes most likely indicate an expired access token, unless it happens two times in a row
if (response != null && (response.code() == HttpURLConnection.HTTP_UNAUTHORIZED || response.code() == HttpURLConnection.HTTP_FORBIDDEN) && updateTokenAndRetryOnAuthorizationFailure) {
try {
if (updateAccessToken(requestAccessToken)) {
response.body().close();
return retryingIntercept(chain, false);
}
} catch (Exception e) {
response.body().close();
throw e;
}
}
return response;
} else {
return chain.proceed(chain.request());
}
}
Also used :
OAuthBearerClientRequest(org.apache.oltu.oauth2.client.request.OAuthBearerClientRequest)
OAuthJSONAccessTokenResponse(org.apache.oltu.oauth2.client.response.OAuthJSONAccessTokenResponse)
Response(okhttp3.Response)
OAuthSystemException(org.apache.oltu.oauth2.common.exception.OAuthSystemException)
Request(okhttp3.Request)
OAuthClientRequest(org.apache.oltu.oauth2.client.request.OAuthClientRequest)
OAuthBearerClientRequest(org.apache.oltu.oauth2.client.request.OAuthBearerClientRequest)
IOException(java.io.IOException)
OAuthClientRequest(org.apache.oltu.oauth2.client.request.OAuthClientRequest)
OAuthProblemException(org.apache.oltu.oauth2.common.exception.OAuthProblemException)
ApiException(com.vcita.client.client.ApiException)
IOException(java.io.IOException)
OAuthSystemException(org.apache.oltu.oauth2.common.exception.OAuthSystemException)
Example 83 with OAuthSystemException
use of org.apache.amber.oauth2.common.exception.OAuthSystemException in project identity-inbound-auth-oauth by wso2-extensions.
the class TokenResponseTypeHandler method issue.
@Override
public OAuth2AuthorizeRespDTO issue(OAuthAuthzReqMessageContext oauthAuthzMsgCtx) throws IdentityOAuth2Exception {
OAuthEventInterceptor oAuthEventInterceptorProxy = OAuthComponentServiceHolder.getInstance().getOAuthEventInterceptorProxy();
if (oAuthEventInterceptorProxy != null && oAuthEventInterceptorProxy.isEnabled()) {
Map<String, Object> paramMap = new HashMap<>();
oAuthEventInterceptorProxy.onPreTokenIssue(oauthAuthzMsgCtx, paramMap);
}
OAuth2AuthorizeRespDTO respDTO = new OAuth2AuthorizeRespDTO();
OAuth2AuthorizeReqDTO authorizationReqDTO = oauthAuthzMsgCtx.getAuthorizationReqDTO();
String scope = OAuth2Util.buildScopeString(oauthAuthzMsgCtx.getApprovedScope());
respDTO.setCallbackURI(authorizationReqDTO.getCallbackUrl());
String consumerKey = authorizationReqDTO.getConsumerKey();
String authorizedUserId = null;
try {
authorizedUserId = authorizationReqDTO.getUser().getUserId();
} catch (UserIdNotFoundException e) {
throw new IdentityOAuth2Exception("Error occurred while retrieving the user id for user: " + authorizationReqDTO.getUser().getLoggableUserId());
}
String oAuthCacheKeyString;
String responseType = oauthAuthzMsgCtx.getAuthorizationReqDTO().getResponseType();
String grantType;
// Loading the stored application data.
OAuthAppDO oAuthAppDO;
try {
oAuthAppDO = OAuth2Util.getAppInformationByClientId(consumerKey);
} catch (InvalidOAuthClientException e) {
throw new IdentityOAuth2Exception("Error while retrieving app information for clientId: " + consumerKey, e);
}
if (StringUtils.contains(responseType, OAuthConstants.GrantTypes.TOKEN)) {
grantType = OAuthConstants.GrantTypes.IMPLICIT;
} else {
grantType = responseType;
}
oAuthCacheKeyString = consumerKey + ":" + authorizedUserId + ":" + scope;
OAuthCacheKey cacheKey = new OAuthCacheKey(oAuthCacheKeyString);
String userStoreDomain = null;
// Select the user store domain when multiple user stores are configured.
if (OAuth2Util.checkAccessTokenPartitioningEnabled() && OAuth2Util.checkUserNameAssertionEnabled()) {
userStoreDomain = OAuth2Util.getUserStoreForFederatedUser(authorizationReqDTO.getUser());
}
if (log.isDebugEnabled()) {
log.debug("Service Provider specific expiry time enabled for application : " + consumerKey + ". Application access token expiry time : " + oAuthAppDO.getApplicationAccessTokenExpiryTime() + ", User access token expiry time : " + oAuthAppDO.getUserAccessTokenExpiryTime() + ", Refresh token expiry time : " + oAuthAppDO.getRefreshTokenExpiryTime());
}
String refreshToken = null;
Timestamp refreshTokenIssuedTime = null;
long refreshTokenValidityPeriodInMillis = 0;
AccessTokenDO tokenDO = null;
synchronized ((consumerKey + ":" + authorizedUserId + ":" + scope).intern()) {
AccessTokenDO existingAccessTokenDO = null;
// check if valid access token exists in cache
if (isHashDisabled && cacheEnabled) {
existingAccessTokenDO = (AccessTokenDO) OAuthCache.getInstance().getValueFromCache(cacheKey);
if (existingAccessTokenDO != null) {
if (log.isDebugEnabled()) {
log.debug("Retrieved active Access Token for Client Id : " + consumerKey + ", User ID :" + authorizationReqDTO.getUser().getLoggableUserId() + " and Scope : " + scope + " from cache");
}
long expireTime = OAuth2Util.getTokenExpireTimeMillis(existingAccessTokenDO);
if ((expireTime > 0 || expireTime < 0)) {
// Return still valid existing access token when JWTTokenIssuer is not used.
if (isNotRenewAccessTokenPerRequest(oauthAuthzMsgCtx)) {
if (log.isDebugEnabled()) {
if (expireTime > 0) {
log.debug("Access Token is valid for another " + expireTime + "ms");
} else {
log.debug("Infinite lifetime Access Token found in cache");
}
}
respDTO.setAccessToken(existingAccessTokenDO.getAccessToken());
if (expireTime > 0) {
respDTO.setValidityPeriod(expireTime / 1000);
} else {
respDTO.setValidityPeriod(Long.MAX_VALUE / 1000);
}
respDTO.setScope(oauthAuthzMsgCtx.getApprovedScope());
respDTO.setTokenType(existingAccessTokenDO.getTokenType());
// We only need to deal with id_token and user attributes if the request is OIDC
if (isOIDCRequest(oauthAuthzMsgCtx)) {
buildIdToken(oauthAuthzMsgCtx, respDTO);
}
triggerPostListeners(oauthAuthzMsgCtx, existingAccessTokenDO, respDTO);
return respDTO;
}
} else {
long refreshTokenExpiryTime = OAuth2Util.getRefreshTokenExpireTimeMillis(existingAccessTokenDO);
if (refreshTokenExpiryTime < 0 || refreshTokenExpiryTime > 0) {
if (log.isDebugEnabled()) {
log.debug("Access token has expired, But refresh token is still valid. User existing " + "refresh token.");
}
refreshToken = existingAccessTokenDO.getRefreshToken();
refreshTokenIssuedTime = existingAccessTokenDO.getRefreshTokenIssuedTime();
refreshTokenValidityPeriodInMillis = existingAccessTokenDO.getRefreshTokenValidityPeriodInMillis();
}
// Token is expired. Clear it from cache
OAuthCache.getInstance().clearCacheEntry(cacheKey);
if (log.isDebugEnabled()) {
log.debug("Access Token is expired. Therefore cleared it from cache and marked it as" + " expired in database");
}
}
} else {
if (log.isDebugEnabled()) {
log.debug("No active access token found in cache for Client ID : " + consumerKey + ", User " + "ID" + " : " + authorizationReqDTO.getUser().getLoggableUserId() + " and Scope : " + scope);
}
}
}
// in the database
if (isHashDisabled && existingAccessTokenDO == null) {
existingAccessTokenDO = OAuthTokenPersistenceFactory.getInstance().getAccessTokenDAO().getLatestAccessToken(consumerKey, authorizationReqDTO.getUser(), userStoreDomain, scope, false);
if (existingAccessTokenDO != null) {
if (log.isDebugEnabled()) {
log.debug("Retrieved latest Access Token for Client ID : " + consumerKey + ", User ID :" + authorizationReqDTO.getUser().getLoggableUserId() + " and Scope : " + scope + " from database");
}
long expiryTime = OAuth2Util.getTokenExpireTimeMillis(existingAccessTokenDO);
long refreshTokenExpiryTime = OAuth2Util.getRefreshTokenExpireTimeMillis(existingAccessTokenDO);
if (OAuthConstants.TokenStates.TOKEN_STATE_ACTIVE.equals(existingAccessTokenDO.getTokenState()) && (expiryTime > 0 || expiryTime < 0)) {
// Return still valid existing access token when JWTTokenIssuer is not used.
if (isNotRenewAccessTokenPerRequest(oauthAuthzMsgCtx)) {
// token is active and valid
if (log.isDebugEnabled()) {
if (expiryTime > 0) {
log.debug("Access token is valid for another " + expiryTime + "ms");
} else {
log.debug("Infinite lifetime Access Token found in cache");
}
}
if (cacheEnabled) {
OAuthCache.getInstance().addToCache(cacheKey, existingAccessTokenDO);
if (log.isDebugEnabled()) {
log.debug("Access Token was added to cache for cache key : " + cacheKey.getCacheKeyString());
}
}
respDTO.setAccessToken(existingAccessTokenDO.getAccessToken());
if (expiryTime > 0) {
respDTO.setValidityPeriod(expiryTime / 1000);
} else {
respDTO.setValidityPeriod(Long.MAX_VALUE / 1000);
}
respDTO.setScope(oauthAuthzMsgCtx.getApprovedScope());
respDTO.setTokenType(existingAccessTokenDO.getTokenType());
// we only need to deal with id_token and user attributes if the request is OIDC
if (isOIDCRequest(oauthAuthzMsgCtx)) {
buildIdToken(oauthAuthzMsgCtx, respDTO);
}
triggerPostListeners(oauthAuthzMsgCtx, existingAccessTokenDO, respDTO);
return respDTO;
}
} else {
if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.ACCESS_TOKEN)) {
log.debug("Access Token is " + existingAccessTokenDO.getTokenState());
}
String tokenState = existingAccessTokenDO.getTokenState();
if (OAuthConstants.TokenStates.TOKEN_STATE_ACTIVE.equals(tokenState)) {
// Token is expired. If refresh token is still valid, use it.
if (refreshTokenExpiryTime > 0 || refreshTokenExpiryTime < 0) {
if (log.isDebugEnabled()) {
log.debug("Access token has expired, But refresh token is still valid. User " + "existing refresh token.");
}
refreshToken = existingAccessTokenDO.getRefreshToken();
refreshTokenIssuedTime = existingAccessTokenDO.getRefreshTokenIssuedTime();
refreshTokenValidityPeriodInMillis = existingAccessTokenDO.getRefreshTokenValidityPeriodInMillis();
}
if (log.isDebugEnabled()) {
log.debug("Marked Access Token as expired");
}
} else {
// Token is revoked or inactive
if (log.isDebugEnabled()) {
log.debug("Access Token is " + existingAccessTokenDO.getTokenState());
}
}
}
} else {
if (log.isDebugEnabled()) {
log.debug("No access token found in database for Client ID : " + consumerKey + ", User ID : " + authorizationReqDTO.getUser().getLoggableUserId() + " and Scope : " + scope);
}
}
}
if (log.isDebugEnabled()) {
log.debug("Issuing a new access token for client id: " + consumerKey + ", user : " + authorizationReqDTO.getUser().getLoggableUserId() + "and scope : " + scope);
}
Timestamp timestamp = new Timestamp(new Date().getTime());
// if reusing existing refresh token, use its original issued time
if (refreshTokenIssuedTime == null) {
refreshTokenIssuedTime = timestamp;
}
// Default token validity Period
long validityPeriodInMillis = OAuthServerConfiguration.getInstance().getUserAccessTokenValidityPeriodInSeconds() * 1000;
if (oAuthAppDO.getUserAccessTokenExpiryTime() != 0) {
validityPeriodInMillis = oAuthAppDO.getUserAccessTokenExpiryTime() * 1000;
}
// if a VALID validity period is set through the callback, then use it
long callbackValidityPeriod = oauthAuthzMsgCtx.getValidityPeriod();
if ((callbackValidityPeriod != OAuthConstants.UNASSIGNED_VALIDITY_PERIOD) && callbackValidityPeriod > 0) {
validityPeriodInMillis = callbackValidityPeriod * 1000;
}
// otherwise use existing refresh token's validity period
if (refreshTokenValidityPeriodInMillis == 0) {
if (oAuthAppDO.getRefreshTokenExpiryTime() != 0) {
refreshTokenValidityPeriodInMillis = oAuthAppDO.getRefreshTokenExpiryTime() * 1000;
} else {
refreshTokenValidityPeriodInMillis = OAuthServerConfiguration.getInstance().getRefreshTokenValidityPeriodInSeconds() * 1000;
}
}
// issue a new access token
String accessToken;
// set the validity period. this is needed by downstream handlers.
// if this is set before - then this will override it by the calculated new value.
oauthAuthzMsgCtx.setValidityPeriod(validityPeriodInMillis);
// set the refresh token validity period. this is needed by downstream handlers.
// if this is set before - then this will override it by the calculated new value.
oauthAuthzMsgCtx.setRefreshTokenvalidityPeriod(refreshTokenValidityPeriodInMillis);
// set access token issued time.this is needed by downstream handlers.
oauthAuthzMsgCtx.setAccessTokenIssuedTime(timestamp.getTime());
// set refresh token issued time.this is needed by downstream handlers.
oauthAuthzMsgCtx.setRefreshTokenIssuedTime(refreshTokenIssuedTime.getTime());
try {
OauthTokenIssuer oauthIssuerImpl = OAuth2Util.getOAuthTokenIssuerForOAuthApp(oAuthAppDO);
accessToken = oauthIssuerImpl.accessToken(oauthAuthzMsgCtx);
// regenerate only if refresh token is null
if (refreshToken == null) {
refreshToken = oauthIssuerImpl.refreshToken(oauthAuthzMsgCtx);
}
} catch (OAuthSystemException e) {
throw new IdentityOAuth2Exception("Error occurred while generating access token and refresh token", e);
}
if (OAuth2Util.checkUserNameAssertionEnabled()) {
accessToken = OAuth2Util.addUsernameToToken(authorizationReqDTO.getUser(), accessToken);
refreshToken = OAuth2Util.addUsernameToToken(authorizationReqDTO.getUser(), refreshToken);
}
AccessTokenDO newAccessTokenDO = new AccessTokenDO(consumerKey, authorizationReqDTO.getUser(), oauthAuthzMsgCtx.getApprovedScope(), timestamp, refreshTokenIssuedTime, validityPeriodInMillis, refreshTokenValidityPeriodInMillis, OAuthConstants.UserType.APPLICATION_USER);
newAccessTokenDO.setAccessToken(accessToken);
newAccessTokenDO.setRefreshToken(refreshToken);
newAccessTokenDO.setTokenState(OAuthConstants.TokenStates.TOKEN_STATE_ACTIVE);
newAccessTokenDO.setGrantType(grantType);
String tokenId = UUID.randomUUID().toString();
newAccessTokenDO.setTokenId(tokenId);
oauthAuthzMsgCtx.addProperty(OAuth2Util.ACCESS_TOKEN_DO, newAccessTokenDO);
// Persist the access token in database
try {
OAuthTokenPersistenceFactory.getInstance().getAccessTokenDAO().insertAccessToken(accessToken, authorizationReqDTO.getConsumerKey(), newAccessTokenDO, existingAccessTokenDO, userStoreDomain);
deactivateCurrentAuthorizationCode(newAccessTokenDO.getAuthorizationCode(), newAccessTokenDO.getTokenId());
if (!accessToken.equals(newAccessTokenDO.getAccessToken())) {
// Using latest active token.
accessToken = newAccessTokenDO.getAccessToken();
refreshToken = newAccessTokenDO.getRefreshToken();
}
} catch (IdentityException e) {
throw new IdentityOAuth2Exception("Error occurred while storing new access token : " + accessToken, e);
}
tokenDO = newAccessTokenDO;
if (log.isDebugEnabled()) {
log.debug("Persisted Access Token for " + "Client ID : " + authorizationReqDTO.getConsumerKey() + ", Authorized User : " + authorizationReqDTO.getUser().getLoggableUserId() + ", Timestamp : " + timestamp + ", Validity period (s) : " + newAccessTokenDO.getValidityPeriod() + ", Scope : " + OAuth2Util.buildScopeString(oauthAuthzMsgCtx.getApprovedScope()) + ", Callback URL : " + authorizationReqDTO.getCallbackUrl() + ", Token State : " + OAuthConstants.TokenStates.TOKEN_STATE_ACTIVE + " and User Type : " + OAuthConstants.UserType.APPLICATION_USER);
}
// Add the access token to the cache, if cacheEnabled and the hashing oauth key feature turn on.
if (isHashDisabled && cacheEnabled) {
OAuthCache.getInstance().addToCache(cacheKey, newAccessTokenDO);
// Adding AccessTokenDO to improve validation performance
OAuthCacheKey accessTokenCacheKey = new OAuthCacheKey(accessToken);
OAuthCache.getInstance().addToCache(accessTokenCacheKey, newAccessTokenDO);
if (log.isDebugEnabled()) {
log.debug("Access Token was added to OAuthCache for cache key : " + cacheKey.getCacheKeyString());
log.debug("Access Token was added to OAuthCache for cache key : " + accessTokenCacheKey.getCacheKeyString());
}
}
if (StringUtils.contains(responseType, ResponseType.TOKEN.toString())) {
respDTO.setAccessToken(accessToken);
if (validityPeriodInMillis > 0) {
respDTO.setValidityPeriod(newAccessTokenDO.getValidityPeriod());
} else {
respDTO.setValidityPeriod(Long.MAX_VALUE / 1000);
}
respDTO.setScope(newAccessTokenDO.getScope());
respDTO.setTokenType(newAccessTokenDO.getTokenType());
}
}
// we only need to deal with id_token and user attributes if the request is OIDC
if (isOIDCRequest(oauthAuthzMsgCtx)) {
buildIdToken(oauthAuthzMsgCtx, respDTO);
}
triggerPostListeners(oauthAuthzMsgCtx, tokenDO, respDTO);
return respDTO;
}
Also used :
HashMap(java.util.HashMap)
OAuthSystemException(org.apache.oltu.oauth2.common.exception.OAuthSystemException)
OAuth2AuthorizeReqDTO(org.wso2.carbon.identity.oauth2.dto.OAuth2AuthorizeReqDTO)
UserIdNotFoundException(org.wso2.carbon.identity.application.authentication.framework.exception.UserIdNotFoundException)
IdentityException(org.wso2.carbon.identity.base.IdentityException)
Timestamp(java.sql.Timestamp)
Date(java.util.Date)
AccessTokenDO(org.wso2.carbon.identity.oauth2.model.AccessTokenDO)
OauthTokenIssuer(org.wso2.carbon.identity.oauth2.token.OauthTokenIssuer)
OAuthAppDO(org.wso2.carbon.identity.oauth.dao.OAuthAppDO)
OAuthCacheKey(org.wso2.carbon.identity.oauth.cache.OAuthCacheKey)
IdentityOAuth2Exception(org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception)
OAuth2AuthorizeRespDTO(org.wso2.carbon.identity.oauth2.dto.OAuth2AuthorizeRespDTO)
OAuthEventInterceptor(org.wso2.carbon.identity.oauth.event.OAuthEventInterceptor)
InvalidOAuthClientException(org.wso2.carbon.identity.oauth.common.exception.InvalidOAuthClientException)
Example 84 with OAuthSystemException
use of org.apache.amber.oauth2.common.exception.OAuthSystemException in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuth2AuthzEndpoint method getTokenBinder.
private Optional<TokenBinder> getTokenBinder(String clientId) throws OAuthSystemException {
OAuthAppDO oAuthAppDO;
try {
oAuthAppDO = OAuth2Util.getAppInformationByClientId(clientId);
} catch (IdentityOAuth2Exception | InvalidOAuthClientException e) {
throw new OAuthSystemException("Failed to retrieve OAuth application with client id: " + clientId, e);
}
if (oAuthAppDO == null || StringUtils.isBlank(oAuthAppDO.getTokenBindingType())) {
return Optional.empty();
}
OAuth2Service oAuth2Service = getOAuth2Service();
List<TokenBinder> supportedTokenBinders = oAuth2Service.getSupportedTokenBinders();
if (supportedTokenBinders == null || supportedTokenBinders.isEmpty()) {
return Optional.empty();
}
return supportedTokenBinders.stream().filter(t -> t.getBindingType().equals(oAuthAppDO.getTokenBindingType())).findAny();
}
Also used :
StringUtils(org.apache.commons.lang.StringUtils)
OAuthServerConfiguration(org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration)
Arrays(java.util.Arrays)
Produces(javax.ws.rs.Produces)
AuthorizationGrantCache(org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCache)
Enumeration(java.util.Enumeration)
FrameworkConstants(org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants)
IdentityOAuth2ScopeException(org.wso2.carbon.identity.oauth2.IdentityOAuth2ScopeException)
CarbonOAuthAuthzRequest(org.wso2.carbon.identity.oauth2.model.CarbonOAuthAuthzRequest)
JSONException(org.json.JSONException)
MediaType(javax.ws.rs.core.MediaType)
OAuthError(org.apache.oltu.oauth2.common.error.OAuthError)
AuthenticationResult(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationResult)
Map(java.util.Map)
SessionDataCacheEntry(org.wso2.carbon.identity.oauth.cache.SessionDataCacheEntry)
OpenIDConnectClaimFilterImpl(org.wso2.carbon.identity.openidconnect.OpenIDConnectClaimFilterImpl)
NONCE(org.wso2.carbon.identity.openidconnect.model.Constants.NONCE)
ServiceURLBuilder(org.wso2.carbon.identity.core.ServiceURLBuilder)
OpenIDConnectUserRPStore(org.wso2.carbon.identity.oauth.endpoint.util.OpenIDConnectUserRPStore)
OIDCRequestObjectUtil(org.wso2.carbon.identity.openidconnect.OIDCRequestObjectUtil)
OAuth2Util(org.wso2.carbon.identity.oauth2.util.OAuth2Util)
URIBuilder(org.apache.http.client.utils.URIBuilder)
AuthenticatorFlowStatus(org.wso2.carbon.identity.application.authentication.framework.AuthenticatorFlowStatus)
SCOPE(org.wso2.carbon.identity.openidconnect.model.Constants.SCOPE)
InvalidRequestException(org.wso2.carbon.identity.oauth.endpoint.exception.InvalidRequestException)
EndpointUtil.validateParams(org.wso2.carbon.identity.oauth.endpoint.util.EndpointUtil.validateParams)
Set(java.util.Set)
SignedJWT(com.nimbusds.jwt.SignedJWT)
StandardCharsets(java.nio.charset.StandardCharsets)
InvalidOAuthClientException(org.wso2.carbon.identity.oauth.common.exception.InvalidOAuthClientException)
REQUESTED_CLAIMS(org.wso2.carbon.identity.application.authentication.endpoint.util.Constants.REQUESTED_CLAIMS)
UserIdNotFoundException(org.wso2.carbon.identity.application.authentication.framework.exception.UserIdNotFoundException)
ConsentHandlingFailedException(org.wso2.carbon.identity.oauth.endpoint.exception.ConsentHandlingFailedException)
PASSTHROUGH_TO_COMMONAUTH(org.wso2.carbon.identity.oauth.endpoint.state.OAuthAuthorizeState.PASSTHROUGH_TO_COMMONAUTH)
LogFactory(org.apache.commons.logging.LogFactory)
TENANT_DOMAIN(org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.RequestParams.TENANT_DOMAIN)
REQUEST_PARAM_SP(org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.REQUEST_PARAM_SP)
RequestedClaim(org.wso2.carbon.identity.openidconnect.model.RequestedClaim)
GET(javax.ws.rs.GET)
HttpRequestHeaderHandler(org.wso2.carbon.identity.oauth2.model.HttpRequestHeaderHandler)
OAuthRequestWrapper(org.wso2.carbon.identity.oauth.endpoint.OAuthRequestWrapper)
EndpointUtil.getOAuthServerConfiguration(org.wso2.carbon.identity.oauth.endpoint.util.EndpointUtil.getOAuthServerConfiguration)
ArrayList(java.util.ArrayList)
InvalidRequestParentException(org.wso2.carbon.identity.oauth.endpoint.exception.InvalidRequestParentException)
ClaimMetadataException(org.wso2.carbon.identity.claim.metadata.mgt.exception.ClaimMetadataException)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Encode(org.owasp.encoder.Encode)
RequestObject(org.wso2.carbon.identity.openidconnect.model.RequestObject)
IdentityOAuthAdminException(org.wso2.carbon.identity.oauth.IdentityOAuthAdminException)
RequestObjectException(org.wso2.carbon.identity.oauth2.RequestObjectException)
IdentityOAuth2Exception(org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception)
CommonAuthRequestWrapper(org.wso2.carbon.identity.application.authentication.framework.model.CommonAuthRequestWrapper)
IdentityTenantUtil(org.wso2.carbon.identity.core.util.IdentityTenantUtil)
LinkedHashSet(java.util.LinkedHashSet)
MAX_AGE(org.wso2.carbon.identity.openidconnect.model.Constants.MAX_AGE)
Files(java.nio.file.Files)
ID_TOKEN_HINT(org.wso2.carbon.identity.openidconnect.model.Constants.ID_TOKEN_HINT)
IOException(java.io.IOException)
AUTHENTICATION_RESPONSE(org.wso2.carbon.identity.oauth.endpoint.state.OAuthAuthorizeState.AUTHENTICATION_RESPONSE)
USER_CLAIMS_CONSENT_ONLY(org.wso2.carbon.identity.application.authentication.endpoint.util.Constants.USER_CLAIMS_CONSENT_ONLY)
STATE(org.wso2.carbon.identity.openidconnect.model.Constants.STATE)
EndpointUtil.getErrorPageURL(org.wso2.carbon.identity.oauth.endpoint.util.EndpointUtil.getErrorPageURL)
OAuthMessage(org.wso2.carbon.identity.oauth.endpoint.message.OAuthMessage)
Paths(java.nio.file.Paths)
PROMPT(org.wso2.carbon.identity.openidconnect.model.Constants.PROMPT)
ServletException(javax.servlet.ServletException)
OAuth(org.apache.oltu.oauth2.common.OAuth)
SessionDataCacheKey(org.wso2.carbon.identity.oauth.cache.SessionDataCacheKey)
URISyntaxException(java.net.URISyntaxException)
HttpServletRequestWrapper(javax.servlet.http.HttpServletRequestWrapper)
Path(javax.ws.rs.Path)
Scanner(java.util.Scanner)
AUTH_TIME(org.wso2.carbon.identity.openidconnect.model.Constants.AUTH_TIME)
JSONObject(org.json.JSONObject)
OIDCConstants(org.wso2.carbon.identity.openidconnect.OIDCConstants)
USER_CONSENT_RESPONSE(org.wso2.carbon.identity.oauth.endpoint.state.OAuthAuthorizeState.USER_CONSENT_RESPONSE)
OAuth2ErrorCodes(org.wso2.carbon.identity.oauth.common.OAuth2ErrorCodes)
Consumes(javax.ws.rs.Consumes)
LOGIN_HINT(org.wso2.carbon.identity.openidconnect.model.Constants.LOGIN_HINT)
URLBuilderException(org.wso2.carbon.identity.core.URLBuilderException)
URI(java.net.URI)
ParseException(java.text.ParseException)
INITIAL_REQUEST(org.wso2.carbon.identity.oauth.endpoint.state.OAuthAuthorizeState.INITIAL_REQUEST)
EndpointUtil.getOAuth2Service(org.wso2.carbon.identity.oauth.endpoint.util.EndpointUtil.getOAuth2Service)
OIDCSessionState(org.wso2.carbon.identity.oidc.session.OIDCSessionState)
AuthenticationResultCacheEntry(org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationResultCacheEntry)
Context(javax.ws.rs.core.Context)
EndpointUtil.retrieveStateForErrorURL(org.wso2.carbon.identity.oauth.endpoint.util.EndpointUtil.retrieveStateForErrorURL)
OAuth2Parameters(org.wso2.carbon.identity.oauth2.model.OAuth2Parameters)
ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap)
OAuthASResponse(org.apache.oltu.oauth2.as.response.OAuthASResponse)
OAuth2AuthorizeRespDTO(org.wso2.carbon.identity.oauth2.dto.OAuth2AuthorizeRespDTO)
CommonAuthResponseWrapper(org.wso2.carbon.identity.application.authentication.framework.model.CommonAuthResponseWrapper)
UUID(java.util.UUID)
ServiceProvider(org.wso2.carbon.identity.application.common.model.ServiceProvider)
OIDCSessionManagementUtil(org.wso2.carbon.identity.oidc.session.util.OIDCSessionManagementUtil)
List(java.util.List)
IdentityConstants(org.wso2.carbon.identity.base.IdentityConstants)
HttpHeaders(javax.ws.rs.core.HttpHeaders)
OAuth2Service(org.wso2.carbon.identity.oauth2.OAuth2Service)
Response(javax.ws.rs.core.Response)
OAuthAuthzRequest(org.apache.oltu.oauth2.as.request.OAuthAuthzRequest)
Optional(java.util.Optional)
CommonAuthenticationHandler(org.wso2.carbon.identity.application.authentication.framework.CommonAuthenticationHandler)
SSOConsentServiceException(org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentServiceException)
NameValuePair(org.apache.http.NameValuePair)
AuthHistory(org.wso2.carbon.identity.application.authentication.framework.context.AuthHistory)
FrameworkUtils(org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils)
OAuth2ClientValidationResponseDTO(org.wso2.carbon.identity.oauth2.dto.OAuth2ClientValidationResponseDTO)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
EndpointUtil.getSSOConsentService(org.wso2.carbon.identity.oauth.endpoint.util.EndpointUtil.getSSOConsentService)
ServiceProviderProperty(org.wso2.carbon.identity.application.common.model.ServiceProviderProperty)
OAuthProblemException(org.apache.oltu.oauth2.common.exception.OAuthProblemException)
REDIRECT_URI(org.wso2.carbon.identity.oauth.common.OAuthConstants.OAuth20Params.REDIRECT_URI)
SessionContext(org.wso2.carbon.identity.application.authentication.framework.context.SessionContext)
OAuthAppDO(org.wso2.carbon.identity.oauth.dao.OAuthAppDO)
HashMap(java.util.HashMap)
EndpointUtil(org.wso2.carbon.identity.oauth.endpoint.util.EndpointUtil)
Claim(org.wso2.carbon.identity.application.common.model.Claim)
HashSet(java.util.HashSet)
CarbonUtils(org.wso2.carbon.utils.CarbonUtils)
ClaimMapping(org.wso2.carbon.identity.application.common.model.ClaimMapping)
CollectionUtils(org.apache.commons.collections.CollectionUtils)
OAuthResponse(org.apache.oltu.oauth2.common.message.OAuthResponse)
ExternalClaim(org.wso2.carbon.identity.claim.metadata.mgt.model.ExternalClaim)
LoggerUtils(org.wso2.carbon.identity.central.log.mgt.utils.LoggerUtils)
OAuthErrorDTO(org.wso2.carbon.identity.oauth.dto.OAuthErrorDTO)
ClaimMetaData(org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.ClaimMetaData)
SessionDataCache(org.wso2.carbon.identity.oauth.cache.SessionDataCache)
Cookie(javax.servlet.http.Cookie)
ConsentClaimsData(org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.ConsentClaimsData)
UUIDGenerator(org.wso2.carbon.registry.core.utils.UUIDGenerator)
EndpointUtil.getLoginPageURL(org.wso2.carbon.identity.oauth.endpoint.util.EndpointUtil.getLoginPageURL)
DISPLAY(org.wso2.carbon.identity.openidconnect.model.Constants.DISPLAY)
IdentityOAuth2ClientException(org.wso2.carbon.identity.oauth2.IdentityOAuth2ClientException)
POST(javax.ws.rs.POST)
MapUtils(org.apache.commons.collections.MapUtils)
OAuthConstants(org.wso2.carbon.identity.oauth.common.OAuthConstants)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
OAuth2AuthorizeReqDTO(org.wso2.carbon.identity.oauth2.dto.OAuth2AuthorizeReqDTO)
ClaimMetadataHandler(org.wso2.carbon.identity.claim.metadata.mgt.ClaimMetadataHandler)
AuthorizationGrantCacheEntry(org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCacheEntry)
AuthorizationGrantCacheKey(org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCacheKey)
MANDATORY_CLAIMS(org.wso2.carbon.identity.application.authentication.endpoint.util.Constants.MANDATORY_CLAIMS)
TimeUnit(java.util.concurrent.TimeUnit)
Consumer(java.util.function.Consumer)
MultivaluedMap(javax.ws.rs.core.MultivaluedMap)
TokenBinder(org.wso2.carbon.identity.oauth2.token.bindings.TokenBinder)
URLEncoder(java.net.URLEncoder)
AuthenticatedUser(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser)
OAuthSystemException(org.apache.oltu.oauth2.common.exception.OAuthSystemException)
StringJoiner(java.util.StringJoiner)
IdentityUtil(org.wso2.carbon.identity.core.util.IdentityUtil)
Log(org.apache.commons.logging.Log)
DigestUtils(org.apache.commons.codec.digest.DigestUtils)
Collections(java.util.Collections)
ArrayUtils(org.apache.commons.lang.ArrayUtils)
EndpointUtil.getOAuth2Service(org.wso2.carbon.identity.oauth.endpoint.util.EndpointUtil.getOAuth2Service)
OAuth2Service(org.wso2.carbon.identity.oauth2.OAuth2Service)
OAuthAppDO(org.wso2.carbon.identity.oauth.dao.OAuthAppDO)
IdentityOAuth2Exception(org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception)
OAuthSystemException(org.apache.oltu.oauth2.common.exception.OAuthSystemException)
InvalidOAuthClientException(org.wso2.carbon.identity.oauth.common.exception.InvalidOAuthClientException)
TokenBinder(org.wso2.carbon.identity.oauth2.token.bindings.TokenBinder)
Example 85 with OAuthSystemException
use of org.apache.amber.oauth2.common.exception.OAuthSystemException in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuth2TokenEndpoint method issueAccessToken.
protected Response issueAccessToken(HttpServletRequest request, Map<String, List<String>> paramMap) throws OAuthSystemException, InvalidRequestParentException {
try {
startSuperTenantFlow();
validateRepeatedParams(request, paramMap);
HttpServletRequestWrapper httpRequest = new OAuthRequestWrapper(request, paramMap);
CarbonOAuthTokenRequest oauthRequest = buildCarbonOAuthTokenRequest(httpRequest);
validateOAuthApplication(oauthRequest.getoAuthClientAuthnContext());
OAuth2AccessTokenRespDTO oauth2AccessTokenResp = issueAccessToken(oauthRequest, httpRequest);
if (oauth2AccessTokenResp.getErrorMsg() != null) {
return handleErrorResponse(oauth2AccessTokenResp);
} else {
return buildTokenResponse(oauth2AccessTokenResp);
}
} catch (TokenEndpointBadRequestException | OAuthSystemException | InvalidApplicationClientException e) {
triggerOnTokenExceptionListeners(e, request, paramMap);
throw e;
} finally {
PrivilegedCarbonContext.endTenantFlow();
}
}
Also used :
OAuthRequestWrapper(org.wso2.carbon.identity.oauth.endpoint.OAuthRequestWrapper)
OAuth2AccessTokenRespDTO(org.wso2.carbon.identity.oauth2.dto.OAuth2AccessTokenRespDTO)
TokenEndpointBadRequestException(org.wso2.carbon.identity.oauth.endpoint.exception.TokenEndpointBadRequestException)
HttpServletRequestWrapper(javax.servlet.http.HttpServletRequestWrapper)
OAuthSystemException(org.apache.oltu.oauth2.common.exception.OAuthSystemException)
InvalidApplicationClientException(org.wso2.carbon.identity.oauth.endpoint.exception.InvalidApplicationClientException)
CarbonOAuthTokenRequest(org.wso2.carbon.identity.oauth2.model.CarbonOAuthTokenRequest)
Aggregations
OAuthSystemException (org.apache.oltu.oauth2.common.exception.OAuthSystemException)100
OAuthClientRequest (org.apache.oltu.oauth2.client.request.OAuthClientRequest)47
IOException (java.io.IOException)37
OAuthProblemException (org.apache.oltu.oauth2.common.exception.OAuthProblemException)36
Request (okhttp3.Request)27
Response (okhttp3.Response)27
OAuthJSONAccessTokenResponse (org.apache.oltu.oauth2.client.response.OAuthJSONAccessTokenResponse)20
Builder (okhttp3.Request.Builder)17
OAuthBearerClientRequest (org.apache.oltu.oauth2.client.request.OAuthBearerClientRequest)17
Map (java.util.Map)15
OAuthResponse (org.apache.oltu.oauth2.common.message.OAuthResponse)15
OAuthClientResponse (org.apache.oltu.oauth2.client.response.OAuthClientResponse)14
MediaType (okhttp3.MediaType)13
RequestBody (okhttp3.RequestBody)13
TokenRequestBuilder (org.apache.oltu.oauth2.client.request.OAuthClientRequest.TokenRequestBuilder)12
AuthenticationRequestBuilder (org.apache.oltu.oauth2.client.request.OAuthClientRequest.AuthenticationRequestBuilder)11
Path (javax.ws.rs.Path)10
OAuthClient (org.apache.oltu.oauth2.client.OAuthClient)9
IdentityOAuth2Exception (org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception)9
HashMap (java.util.HashMap)8
