Examples with Client org.apache.cxf.rs.security.oauth2.common.Client used on opensource projects

Example 61 with Client

use of org.apache.cxf.rs.security.oauth2.common.Client in project cxf by apache.

the class RefreshTokenGrantHandler method createAccessToken.

public ServerAccessToken createAccessToken(Client client, MultivaluedMap<String, String> params) throws OAuthServiceException {
    String refreshToken = params.getFirst(OAuthConstants.REFRESH_TOKEN);
    List<String> requestedScopes = OAuthUtils.getRequestedScopes(client, params.getFirst(OAuthConstants.SCOPE), useAllClientScopes, partialMatchScopeValidation, false);
    final ServerAccessToken st = dataProvider.refreshAccessToken(client, refreshToken, requestedScopes);
    st.setGrantType(OAuthConstants.REFRESH_TOKEN_GRANT);
    return st;
}

Example 62 with Client

use of org.apache.cxf.rs.security.oauth2.common.Client in project cxf by apache.

the class OAuthClientUtils method getAccessToken.

/**
 * Obtains the access token from OAuth AccessToken Service
 * using the initialized web client
 * @param accessTokenService the AccessToken client
 * @param consumer {@link Consumer} representing the registered client.
 * @param grant {@link AccessTokenGrant} grant
 * @param extraParams extra parameters
 * @param defaultTokenType default expected token type - some early
 *        well-known OAuth2 services do not return a required token_type parameter
 * @param setAuthorizationHeader if set to true then HTTP Basic scheme
 *           will be used to pass client id and secret, otherwise they will
 *           be passed in the form payload
 * @return {@link ClientAccessToken} access token
 * @throws OAuthServiceException
 */
public static ClientAccessToken getAccessToken(WebClient accessTokenService, Consumer consumer, AccessTokenGrant grant, Map<String, String> extraParams, String defaultTokenType, boolean setAuthorizationHeader) throws OAuthServiceException {
    if (accessTokenService == null) {
        throw new OAuthServiceException(OAuthConstants.SERVER_ERROR);
    }
    Form form = new Form(grant.toMap());
    if (extraParams != null) {
        for (Map.Entry<String, String> entry : extraParams.entrySet()) {
            form.param(entry.getKey(), entry.getValue());
        }
    }
    if (consumer != null) {
        boolean secretAvailable = !StringUtils.isEmpty(consumer.getClientSecret());
        if (setAuthorizationHeader && secretAvailable) {
            accessTokenService.replaceHeader(HttpHeaders.AUTHORIZATION, DefaultBasicAuthSupplier.getBasicAuthHeader(consumer.getClientId(), consumer.getClientSecret()));
        } else {
            form.param(OAuthConstants.CLIENT_ID, consumer.getClientId());
            if (secretAvailable) {
                form.param(OAuthConstants.CLIENT_SECRET, consumer.getClientSecret());
            }
        }
    } else {
    // in this case the AccessToken service is expected to find a mapping between
    // the authenticated credentials and the client registration id
    }
    Response response = accessTokenService.form(form);
    final Map<String, String> map;
    try {
        map = response.getMediaType() == null || response.getMediaType().isCompatible(MediaType.APPLICATION_JSON_TYPE) ? new OAuthJSONProvider().readJSONResponse((InputStream) response.getEntity()) : Collections.emptyMap();
    } catch (Exception ex) {
        throw new ResponseProcessingException(response, ex);
    }
    if (200 == response.getStatus()) {
        ClientAccessToken token = fromMapToClientToken(map, defaultTokenType);
        if (token == null) {
            throw new OAuthServiceException(OAuthConstants.SERVER_ERROR);
        }
        return token;
    } else if (response.getStatus() >= 400 && map.containsKey(OAuthConstants.ERROR_KEY)) {
        OAuthError error = new OAuthError(map.get(OAuthConstants.ERROR_KEY), map.get(OAuthConstants.ERROR_DESCRIPTION_KEY));
        error.setErrorUri(map.get(OAuthConstants.ERROR_URI_KEY));
        throw new OAuthServiceException(error);
    }
    throw new OAuthServiceException(OAuthConstants.SERVER_ERROR);
}

Example 63 with Client

use of org.apache.cxf.rs.security.oauth2.common.Client in project cxf by apache.

the class JwtBearerGrantHandler method createAccessToken.

@Override
public ServerAccessToken createAccessToken(Client client, MultivaluedMap<String, String> params) throws OAuthServiceException {
    String assertion = params.getFirst(Constants.CLIENT_GRANT_ASSERTION_PARAM);
    if (assertion == null) {
        throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
    }
    try {
        JwsJwtCompactConsumer jwsReader = getJwsReader(assertion);
        JwtToken jwtToken = jwsReader.getJwtToken();
        validateSignature(new JwsHeaders(jwtToken.getJwsHeaders()), jwsReader.getUnsignedEncodedSequence(), jwsReader.getDecodedSignature());
        validateClaims(client, jwtToken.getClaims());
        UserSubject grantSubject = new UserSubject(jwtToken.getClaims().getSubject());
        return doCreateAccessToken(client, grantSubject, Constants.JWT_BEARER_GRANT, OAuthUtils.parseScope(params.getFirst(OAuthConstants.SCOPE)));
    } catch (OAuthServiceException ex) {
        throw ex;
    } catch (Exception ex) {
        throw new OAuthServiceException(OAuthConstants.INVALID_GRANT, ex);
    }
}

Example 64 with Client

use of org.apache.cxf.rs.security.oauth2.common.Client in project cxf by apache.

the class ResourceOwnerGrantHandler method createAccessToken.

public ServerAccessToken createAccessToken(Client client, MultivaluedMap<String, String> params) throws OAuthServiceException {
    String ownerName = params.getFirst(OAuthConstants.RESOURCE_OWNER_NAME);
    String ownerPassword = params.getFirst(OAuthConstants.RESOURCE_OWNER_PASSWORD);
    if (ownerName == null || ownerPassword == null) {
        throw new OAuthServiceException(new OAuthError(OAuthConstants.INVALID_REQUEST));
    }
    UserSubject subject = loginHandler.createSubject(client, ownerName, ownerPassword);
    if (subject == null) {
        throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
    }
    return doCreateAccessToken(client, subject, params);
}

Example 65 with Client

use of org.apache.cxf.rs.security.oauth2.common.Client in project cxf by apache.

the class AbstractGrantHandler method doCreateAccessToken.

protected ServerAccessToken doCreateAccessToken(Client client, UserSubject subject, String requestedGrant, List<String> requestedScopes, List<String> audiences) {
    ServerAccessToken token = getPreAuthorizedToken(client, subject, requestedGrant, requestedScopes, audiences);
    if (token != null) {
        return token;
    }
    // Delegate to the data provider to create the one
    AccessTokenRegistration reg = new AccessTokenRegistration();
    reg.setClient(client);
    reg.setGrantType(requestedGrant);
    reg.setSubject(subject);
    reg.setRequestedScope(requestedScopes);
    reg.setApprovedScope(getApprovedScopes(client, subject, requestedScopes));
    reg.setAudiences(audiences);
    return dataProvider.createAccessToken(reg);
}