Examples with Client org.apache.cxf.rs.security.oauth2.common.Client used on opensource projects

Example 76 with Client

use of org.apache.cxf.rs.security.oauth2.common.Client in project cxf by apache.

the class OidcHybridService method prepareHybrideCode.

protected ServerAuthorizationCodeGrant prepareHybrideCode(OAuthRedirectionState state, Client client, List<String> requestedScope, List<String> approvedScope, UserSubject userSubject, ServerAccessToken preAuthorizedToken) {
    ServerAuthorizationCodeGrant codeGrant = null;
    if (state.getResponseType() != null && state.getResponseType().startsWith(OAuthConstants.CODE_RESPONSE_TYPE)) {
        codeGrant = codeService.getGrantRepresentation(state, client, requestedScope, approvedScope, userSubject, preAuthorizedToken);
        JAXRSUtils.getCurrentMessage().getExchange().put(OAuthConstants.AUTHORIZATION_CODE_VALUE, codeGrant.getCode());
    }
    return codeGrant;
}

Example 77 with Client

use of org.apache.cxf.rs.security.oauth2.common.Client in project cxf by apache.

the class UserInfoService method getUserInfo.

@GET
@Produces({ "application/json", "application/jwt" })
public Response getUserInfo() {
    OAuthContext oauth = OAuthContextUtils.getContext(mc);
    // Check the access token has the "openid" scope
    if (!oauth.getPermissions().stream().map(OAuthPermission::getPermission).anyMatch(OidcUtils.OPENID_SCOPE::equals)) {
        return Response.status(Status.UNAUTHORIZED).build();
    }
    UserInfo userInfo = null;
    if (userInfoProvider != null) {
        userInfo = userInfoProvider.getUserInfo(oauth.getClientId(), oauth.getSubject(), OAuthUtils.convertPermissionsToScopeList(oauth.getPermissions()));
    } else if (oauth.getSubject() instanceof OidcUserSubject) {
        OidcUserSubject oidcUserSubject = (OidcUserSubject) oauth.getSubject();
        userInfo = oidcUserSubject.getUserInfo();
        if (userInfo == null) {
            userInfo = createFromIdToken(oidcUserSubject.getIdToken());
        }
    }
    if (userInfo == null) {
        // Consider customizing the error code in case of UserInfo being not available
        return Response.serverError().build();
    }
    final Object responseEntity;
    // UserInfo may be returned in a clear form as JSON
    if (super.isJwsRequired() || super.isJweRequired()) {
        Client client = null;
        if (oauthDataProvider != null) {
            client = oauthDataProvider.getClient(oauth.getClientId());
        }
        responseEntity = super.processJwt(new JwtToken(userInfo), client);
    } else {
        responseEntity = convertUserInfoToResponseEntity(userInfo);
    }
    return Response.ok(responseEntity).build();
}

Example 78 with Client

use of org.apache.cxf.rs.security.oauth2.common.Client in project cxf by apache.

the class OidcDynamicRegistrationService method createNewClient.

@Override
protected Client createNewClient(ClientRegistration request) {
    Client client = super.createNewClient(request);
    List<String> postLogoutUris = request.getListStringProperty(POST_LOGOUT_LOGOUT_URIS);
    if (postLogoutUris != null) {
        client.getProperties().put(POST_LOGOUT_LOGOUT_URIS, String.join(" ", postLogoutUris));
    }
    String backChannelLogoutUri = request.getStringProperty(BACK_CHANNEL_LOGOUT_URI);
    if (backChannelLogoutUri != null) {
        client.getProperties().put(BACK_CHANNEL_LOGOUT_URI, backChannelLogoutUri);
    }
    return client;
}

Example 79 with Client

use of org.apache.cxf.rs.security.oauth2.common.Client in project cxf by apache.

the class OidcImplicitService method canAuthorizationBeSkipped.

@Override
protected boolean canAuthorizationBeSkipped(MultivaluedMap<String, String> params, Client client, UserSubject userSubject, List<String> requestedScope, List<OAuthPermission> permissions) {
    List<String> promptValues = OidcUtils.getPromptValues(params);
    if (promptValues.contains(OidcUtils.PROMPT_CONSENT_VALUE)) {
        // Displaying the consent screen is preferred by the client
        return false;
    }
    // Check the pre-configured consent
    boolean preConfiguredConsentForScopes = super.canAuthorizationBeSkipped(params, client, userSubject, requestedScope, permissions);
    if (!preConfiguredConsentForScopes && promptValues.contains(OidcUtils.PROMPT_NONE_VALUE)) {
        // An error is returned if client does not have pre-configured consent for the requested scopes/claims
        LOG.log(Level.FINE, "Prompt 'none' request can not be met");
        throw new OAuthServiceException(new OAuthError(OidcUtils.CONSENT_REQUIRED_ERROR));
    }
    return preConfiguredConsentForScopes;
}

Example 80 with Client

use of org.apache.cxf.rs.security.oauth2.common.Client in project cxf by apache.

the class HawkAccessTokenValidatorTest method testValidateAccessToken.

@Test
public void testValidateAccessToken() throws Exception {
    HawkAccessToken macAccessToken = new HawkAccessToken(new Client("testClientId", "testClientSecret", true), HmacAlgorithm.HmacSHA256, -1);
    HttpServletRequest httpRequest = mockHttpRequest();
    UriInfo uriInfo = mockUriInfo();
    EasyMock.expect(dataProvider.getAccessToken(macAccessToken.getTokenKey())).andReturn(macAccessToken);
    EasyMock.expect(messageContext.getHttpServletRequest()).andReturn(httpRequest);
    EasyMock.expect(messageContext.getUriInfo()).andReturn(uriInfo);
    EasyMock.replay(dataProvider, messageContext, httpRequest, uriInfo);
    String authData = getClientAuthHeader(macAccessToken);
    AccessTokenValidation tokenValidation = validator.validateAccessToken(messageContext, OAuthConstants.HAWK_AUTHORIZATION_SCHEME, authData.split(" ")[1], null);
    assertNotNull(tokenValidation);
    EasyMock.verify(dataProvider, messageContext, httpRequest);
}