use of org.apache.cxf.rs.security.oauth2.common.Client in project cxf by apache.
the class OidcHybridService method prepareHybrideCode.
protected ServerAuthorizationCodeGrant prepareHybrideCode(OAuthRedirectionState state, Client client, List<String> requestedScope, List<String> approvedScope, UserSubject userSubject, ServerAccessToken preAuthorizedToken) {
ServerAuthorizationCodeGrant codeGrant = null;
if (state.getResponseType() != null && state.getResponseType().startsWith(OAuthConstants.CODE_RESPONSE_TYPE)) {
codeGrant = codeService.getGrantRepresentation(state, client, requestedScope, approvedScope, userSubject, preAuthorizedToken);
JAXRSUtils.getCurrentMessage().getExchange().put(OAuthConstants.AUTHORIZATION_CODE_VALUE, codeGrant.getCode());
}
return codeGrant;
}
use of org.apache.cxf.rs.security.oauth2.common.Client in project cxf by apache.
the class UserInfoService method getUserInfo.
@GET
@Produces({ "application/json", "application/jwt" })
public Response getUserInfo() {
OAuthContext oauth = OAuthContextUtils.getContext(mc);
// Check the access token has the "openid" scope
if (!oauth.getPermissions().stream().map(OAuthPermission::getPermission).anyMatch(OidcUtils.OPENID_SCOPE::equals)) {
return Response.status(Status.UNAUTHORIZED).build();
}
UserInfo userInfo = null;
if (userInfoProvider != null) {
userInfo = userInfoProvider.getUserInfo(oauth.getClientId(), oauth.getSubject(), OAuthUtils.convertPermissionsToScopeList(oauth.getPermissions()));
} else if (oauth.getSubject() instanceof OidcUserSubject) {
OidcUserSubject oidcUserSubject = (OidcUserSubject) oauth.getSubject();
userInfo = oidcUserSubject.getUserInfo();
if (userInfo == null) {
userInfo = createFromIdToken(oidcUserSubject.getIdToken());
}
}
if (userInfo == null) {
// Consider customizing the error code in case of UserInfo being not available
return Response.serverError().build();
}
final Object responseEntity;
// UserInfo may be returned in a clear form as JSON
if (super.isJwsRequired() || super.isJweRequired()) {
Client client = null;
if (oauthDataProvider != null) {
client = oauthDataProvider.getClient(oauth.getClientId());
}
responseEntity = super.processJwt(new JwtToken(userInfo), client);
} else {
responseEntity = convertUserInfoToResponseEntity(userInfo);
}
return Response.ok(responseEntity).build();
}
use of org.apache.cxf.rs.security.oauth2.common.Client in project cxf by apache.
the class OidcDynamicRegistrationService method createNewClient.
@Override
protected Client createNewClient(ClientRegistration request) {
Client client = super.createNewClient(request);
List<String> postLogoutUris = request.getListStringProperty(POST_LOGOUT_LOGOUT_URIS);
if (postLogoutUris != null) {
client.getProperties().put(POST_LOGOUT_LOGOUT_URIS, String.join(" ", postLogoutUris));
}
String backChannelLogoutUri = request.getStringProperty(BACK_CHANNEL_LOGOUT_URI);
if (backChannelLogoutUri != null) {
client.getProperties().put(BACK_CHANNEL_LOGOUT_URI, backChannelLogoutUri);
}
return client;
}
use of org.apache.cxf.rs.security.oauth2.common.Client in project cxf by apache.
the class OidcImplicitService method canAuthorizationBeSkipped.
@Override
protected boolean canAuthorizationBeSkipped(MultivaluedMap<String, String> params, Client client, UserSubject userSubject, List<String> requestedScope, List<OAuthPermission> permissions) {
List<String> promptValues = OidcUtils.getPromptValues(params);
if (promptValues.contains(OidcUtils.PROMPT_CONSENT_VALUE)) {
// Displaying the consent screen is preferred by the client
return false;
}
// Check the pre-configured consent
boolean preConfiguredConsentForScopes = super.canAuthorizationBeSkipped(params, client, userSubject, requestedScope, permissions);
if (!preConfiguredConsentForScopes && promptValues.contains(OidcUtils.PROMPT_NONE_VALUE)) {
// An error is returned if client does not have pre-configured consent for the requested scopes/claims
LOG.log(Level.FINE, "Prompt 'none' request can not be met");
throw new OAuthServiceException(new OAuthError(OidcUtils.CONSENT_REQUIRED_ERROR));
}
return preConfiguredConsentForScopes;
}
use of org.apache.cxf.rs.security.oauth2.common.Client in project cxf by apache.
the class HawkAccessTokenValidatorTest method testValidateAccessToken.
@Test
public void testValidateAccessToken() throws Exception {
HawkAccessToken macAccessToken = new HawkAccessToken(new Client("testClientId", "testClientSecret", true), HmacAlgorithm.HmacSHA256, -1);
HttpServletRequest httpRequest = mockHttpRequest();
UriInfo uriInfo = mockUriInfo();
EasyMock.expect(dataProvider.getAccessToken(macAccessToken.getTokenKey())).andReturn(macAccessToken);
EasyMock.expect(messageContext.getHttpServletRequest()).andReturn(httpRequest);
EasyMock.expect(messageContext.getUriInfo()).andReturn(uriInfo);
EasyMock.replay(dataProvider, messageContext, httpRequest, uriInfo);
String authData = getClientAuthHeader(macAccessToken);
AccessTokenValidation tokenValidation = validator.validateAccessToken(messageContext, OAuthConstants.HAWK_AUTHORIZATION_SCHEME, authData.split(" ")[1], null);
assertNotNull(tokenValidation);
EasyMock.verify(dataProvider, messageContext, httpRequest);
}
Aggregations