use of org.apache.cxf.rs.security.oauth2.common.Client in project cxf by apache.
the class RefreshTokenGrantHandler method createAccessToken.
public ServerAccessToken createAccessToken(Client client, MultivaluedMap<String, String> params) throws OAuthServiceException {
String refreshToken = params.getFirst(OAuthConstants.REFRESH_TOKEN);
List<String> requestedScopes = OAuthUtils.getRequestedScopes(client, params.getFirst(OAuthConstants.SCOPE), useAllClientScopes, partialMatchScopeValidation, false);
final ServerAccessToken st = dataProvider.refreshAccessToken(client, refreshToken, requestedScopes);
st.setGrantType(OAuthConstants.REFRESH_TOKEN_GRANT);
return st;
}
use of org.apache.cxf.rs.security.oauth2.common.Client in project cxf by apache.
the class OAuthClientUtils method getAccessToken.
/**
* Obtains the access token from OAuth AccessToken Service
* using the initialized web client
* @param accessTokenService the AccessToken client
* @param consumer {@link Consumer} representing the registered client.
* @param grant {@link AccessTokenGrant} grant
* @param extraParams extra parameters
* @param defaultTokenType default expected token type - some early
* well-known OAuth2 services do not return a required token_type parameter
* @param setAuthorizationHeader if set to true then HTTP Basic scheme
* will be used to pass client id and secret, otherwise they will
* be passed in the form payload
* @return {@link ClientAccessToken} access token
* @throws OAuthServiceException
*/
public static ClientAccessToken getAccessToken(WebClient accessTokenService, Consumer consumer, AccessTokenGrant grant, Map<String, String> extraParams, String defaultTokenType, boolean setAuthorizationHeader) throws OAuthServiceException {
if (accessTokenService == null) {
throw new OAuthServiceException(OAuthConstants.SERVER_ERROR);
}
Form form = new Form(grant.toMap());
if (extraParams != null) {
for (Map.Entry<String, String> entry : extraParams.entrySet()) {
form.param(entry.getKey(), entry.getValue());
}
}
if (consumer != null) {
boolean secretAvailable = !StringUtils.isEmpty(consumer.getClientSecret());
if (setAuthorizationHeader && secretAvailable) {
accessTokenService.replaceHeader(HttpHeaders.AUTHORIZATION, DefaultBasicAuthSupplier.getBasicAuthHeader(consumer.getClientId(), consumer.getClientSecret()));
} else {
form.param(OAuthConstants.CLIENT_ID, consumer.getClientId());
if (secretAvailable) {
form.param(OAuthConstants.CLIENT_SECRET, consumer.getClientSecret());
}
}
} else {
// in this case the AccessToken service is expected to find a mapping between
// the authenticated credentials and the client registration id
}
Response response = accessTokenService.form(form);
final Map<String, String> map;
try {
map = response.getMediaType() == null || response.getMediaType().isCompatible(MediaType.APPLICATION_JSON_TYPE) ? new OAuthJSONProvider().readJSONResponse((InputStream) response.getEntity()) : Collections.emptyMap();
} catch (Exception ex) {
throw new ResponseProcessingException(response, ex);
}
if (200 == response.getStatus()) {
ClientAccessToken token = fromMapToClientToken(map, defaultTokenType);
if (token == null) {
throw new OAuthServiceException(OAuthConstants.SERVER_ERROR);
}
return token;
} else if (response.getStatus() >= 400 && map.containsKey(OAuthConstants.ERROR_KEY)) {
OAuthError error = new OAuthError(map.get(OAuthConstants.ERROR_KEY), map.get(OAuthConstants.ERROR_DESCRIPTION_KEY));
error.setErrorUri(map.get(OAuthConstants.ERROR_URI_KEY));
throw new OAuthServiceException(error);
}
throw new OAuthServiceException(OAuthConstants.SERVER_ERROR);
}
use of org.apache.cxf.rs.security.oauth2.common.Client in project cxf by apache.
the class JwtBearerGrantHandler method createAccessToken.
@Override
public ServerAccessToken createAccessToken(Client client, MultivaluedMap<String, String> params) throws OAuthServiceException {
String assertion = params.getFirst(Constants.CLIENT_GRANT_ASSERTION_PARAM);
if (assertion == null) {
throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
}
try {
JwsJwtCompactConsumer jwsReader = getJwsReader(assertion);
JwtToken jwtToken = jwsReader.getJwtToken();
validateSignature(new JwsHeaders(jwtToken.getJwsHeaders()), jwsReader.getUnsignedEncodedSequence(), jwsReader.getDecodedSignature());
validateClaims(client, jwtToken.getClaims());
UserSubject grantSubject = new UserSubject(jwtToken.getClaims().getSubject());
return doCreateAccessToken(client, grantSubject, Constants.JWT_BEARER_GRANT, OAuthUtils.parseScope(params.getFirst(OAuthConstants.SCOPE)));
} catch (OAuthServiceException ex) {
throw ex;
} catch (Exception ex) {
throw new OAuthServiceException(OAuthConstants.INVALID_GRANT, ex);
}
}
use of org.apache.cxf.rs.security.oauth2.common.Client in project cxf by apache.
the class ResourceOwnerGrantHandler method createAccessToken.
public ServerAccessToken createAccessToken(Client client, MultivaluedMap<String, String> params) throws OAuthServiceException {
String ownerName = params.getFirst(OAuthConstants.RESOURCE_OWNER_NAME);
String ownerPassword = params.getFirst(OAuthConstants.RESOURCE_OWNER_PASSWORD);
if (ownerName == null || ownerPassword == null) {
throw new OAuthServiceException(new OAuthError(OAuthConstants.INVALID_REQUEST));
}
UserSubject subject = loginHandler.createSubject(client, ownerName, ownerPassword);
if (subject == null) {
throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
}
return doCreateAccessToken(client, subject, params);
}
use of org.apache.cxf.rs.security.oauth2.common.Client in project cxf by apache.
the class AbstractGrantHandler method doCreateAccessToken.
protected ServerAccessToken doCreateAccessToken(Client client, UserSubject subject, String requestedGrant, List<String> requestedScopes, List<String> audiences) {
ServerAccessToken token = getPreAuthorizedToken(client, subject, requestedGrant, requestedScopes, audiences);
if (token != null) {
return token;
}
// Delegate to the data provider to create the one
AccessTokenRegistration reg = new AccessTokenRegistration();
reg.setClient(client);
reg.setGrantType(requestedGrant);
reg.setSubject(subject);
reg.setRequestedScope(requestedScopes);
reg.setApprovedScope(getApprovedScopes(client, subject, requestedScopes));
reg.setAudiences(audiences);
return dataProvider.createAccessToken(reg);
}
Aggregations