Examples with Client org.apache.cxf.rs.security.oauth2.common.Client used on opensource projects

Example 56 with Client

use of org.apache.cxf.rs.security.oauth2.common.Client in project cxf by apache.

the class ModelEncryptionSupport method tokenizeServerToken.

private static String tokenizeServerToken(ServerAccessToken token) {
    StringBuilder state = new StringBuilder();
    // 0: key
    state.append(tokenizeString(token.getTokenKey()));
    // 1: type
    state.append(SEP);
    state.append(tokenizeString(token.getTokenType()));
    // 2: expiresIn
    state.append(SEP);
    state.append(token.getExpiresIn());
    // 3: issuedAt
    state.append(SEP);
    state.append(token.getIssuedAt());
    // 4: client id
    state.append(SEP);
    state.append(tokenizeString(token.getClient().getClientId()));
    // 5: refresh token
    state.append(SEP);
    state.append(tokenizeString(token.getRefreshToken()));
    // 6: grant type
    state.append(SEP);
    state.append(tokenizeString(token.getGrantType()));
    // 7: audience
    state.append(SEP);
    state.append(token.getAudiences().toString());
    // 8: other parameters
    state.append(SEP);
    // {key=value, key=value}
    state.append(token.getParameters().toString());
    // 9: permissions
    state.append(SEP);
    if (token.getScopes().isEmpty()) {
        state.append(' ');
    } else {
        for (OAuthPermission p : token.getScopes()) {
            // 9.1
            state.append(tokenizeString(p.getPermission()));
            state.append('.');
            // 9.2
            state.append(tokenizeString(p.getDescription()));
            state.append('.');
            // 9.3
            state.append(p.isDefaultPermission());
            state.append('.');
            // 9.4
            state.append(p.getHttpVerbs().toString());
            state.append('.');
            // 9.5
            state.append(p.getUris().toString());
        }
    }
    state.append(SEP);
    // 10: code verifier
    state.append(tokenizeString(token.getClientCodeVerifier()));
    state.append(SEP);
    // 11: user subject
    tokenizeUserSubject(state, token.getSubject());
    // 13: extra properties
    state.append(SEP);
    // {key=value, key=value}
    state.append(token.getExtraProperties().toString());
    return state.toString();
}

Example 57 with Client

use of org.apache.cxf.rs.security.oauth2.common.Client in project cxf by apache.

the class AbstractOAuthDataProvider method doRefreshAccessToken.

protected ServerAccessToken doRefreshAccessToken(Client client, RefreshToken oldRefreshToken, List<String> restrictedScopes) {
    ServerAccessToken at = createNewAccessToken(client, oldRefreshToken.getSubject());
    at.setAudiences(oldRefreshToken.getAudiences() != null ? new ArrayList<String>(oldRefreshToken.getAudiences()) : null);
    at.setGrantType(oldRefreshToken.getGrantType());
    at.setGrantCode(oldRefreshToken.getGrantCode());
    at.setSubject(oldRefreshToken.getSubject());
    at.setNonce(oldRefreshToken.getNonce());
    at.setClientCodeVerifier(oldRefreshToken.getClientCodeVerifier());
    at.getExtraProperties().putAll(oldRefreshToken.getExtraProperties());
    if (restrictedScopes.isEmpty()) {
        at.setScopes(oldRefreshToken.getScopes() != null ? new ArrayList<OAuthPermission>(oldRefreshToken.getScopes()) : null);
    } else {
        List<OAuthPermission> theNewScopes = convertScopeToPermissions(client, restrictedScopes);
        if (oldRefreshToken.getScopes().containsAll(theNewScopes)) {
            at.setScopes(theNewScopes);
        } else {
            throw new OAuthServiceException("Invalid scopes");
        }
    }
    if (isUseJwtFormatForAccessTokens()) {
        JwtClaims claims = createJwtAccessToken(at);
        String jose = processJwtAccessToken(claims);
        if (isPersistJwtEncoding()) {
            at.setTokenKey(jose);
        } else {
            at.setEncodedToken(jose);
        }
    }
    return at;
}

Example 58 with Client

use of org.apache.cxf.rs.security.oauth2.common.Client in project cxf by apache.

the class AbstractOAuthDataProvider method createJwtAccessToken.

protected JwtClaims createJwtAccessToken(ServerAccessToken at) {
    JwtClaims claims = new JwtClaims();
    claims.setTokenId(at.getTokenKey());
    // 'client_id' or 'cid', default client_id
    String clientIdClaimName = JwtTokenUtils.getClaimName(OAuthConstants.CLIENT_ID, OAuthConstants.CLIENT_ID, getJwtAccessTokenClaimMap());
    claims.setClaim(clientIdClaimName, at.getClient().getClientId());
    claims.setIssuedAt(at.getIssuedAt());
    if (at.getExpiresIn() > 0) {
        claims.setExpiryTime(at.getIssuedAt() + at.getExpiresIn());
    }
    UserSubject userSubject = at.getSubject();
    if (userSubject != null) {
        if (userSubject.getId() != null) {
            claims.setSubject(userSubject.getId());
        }
        // 'username' by default to be consistent with the token introspection response
        final String usernameProp = "username";
        String usernameClaimName = JwtTokenUtils.getClaimName(usernameProp, usernameProp, getJwtAccessTokenClaimMap());
        claims.setClaim(usernameClaimName, userSubject.getLogin());
    }
    if (at.getIssuer() != null) {
        claims.setIssuer(at.getIssuer());
    }
    if (!at.getScopes().isEmpty()) {
        // rfc8693, section 4.2
        claims.setClaim(OAuthConstants.SCOPE, OAuthUtils.convertListOfScopesToString(OAuthUtils.convertPermissionsToScopeList(at.getScopes())));
    }
    // OAuth2 resource indicators (resource server audience)
    if (!at.getAudiences().isEmpty()) {
        List<String> resourceAudiences = at.getAudiences();
        if (resourceAudiences.size() == 1) {
            claims.setAudience(resourceAudiences.get(0));
        } else {
            claims.setAudiences(resourceAudiences);
        }
    }
    if (!at.getExtraProperties().isEmpty()) {
        Map<String, String> actualExtraProps = new HashMap<>();
        for (Map.Entry<String, String> entry : at.getExtraProperties().entrySet()) {
            if (JoseConstants.HEADER_X509_THUMBPRINT_SHA256.equals(entry.getKey())) {
                claims.setClaim(JwtConstants.CLAIM_CONFIRMATION, Collections.singletonMap(JoseConstants.HEADER_X509_THUMBPRINT_SHA256, entry.getValue()));
            } else {
                actualExtraProps.put(entry.getKey(), entry.getValue());
            }
        }
        claims.setClaim("extra_properties", actualExtraProps);
    }
    // Can be used to check at RS/etc which grant was used to get this token issued
    if (at.getGrantType() != null) {
        claims.setClaim(OAuthConstants.GRANT_TYPE, at.getGrantType());
    }
    // code flow was used
    if (at.getGrantCode() != null) {
        claims.setClaim(OAuthConstants.AUTHORIZATION_CODE_GRANT, at.getGrantCode());
    }
    // to have a knowledge which client instance is using this token - might be handy at the RS/etc
    if (at.getClientCodeVerifier() != null) {
        claims.setClaim(OAuthConstants.AUTHORIZATION_CODE_VERIFIER, at.getClientCodeVerifier());
    }
    if (at.getNonce() != null) {
        claims.setClaim(OAuthConstants.NONCE, at.getNonce());
    }
    return claims;
}

Example 59 with Client

use of org.apache.cxf.rs.security.oauth2.common.Client in project cxf by apache.

the class AbstractOAuthDataProvider method removeClient.

@Override
public Client removeClient(String clientId) {
    Client c = doGetClient(clientId);
    removeClientTokens(c);
    doRemoveClient(c);
    return c;
}

Example 60 with Client

use of org.apache.cxf.rs.security.oauth2.common.Client in project cxf by apache.

the class AbstractOAuthDataProvider method getClient.

@Override
public Client getClient(String clientId) {
    Client client = doGetClient(clientId);
    if (client != null) {
        return client;
    }
    String grantType = getCurrentRequestedGrantType();
    if (OAuthConstants.CLIENT_CREDENTIALS_GRANT.equals(grantType)) {
        String clientSecret = getCurrentClientSecret();
        if (clientSecret != null) {
            return createClientCredentialsClient(clientId, clientSecret);
        }
    }
    return null;
}