Examples with ClientAccessToken - org.apache.cxf.rs.security.oauth2.common.ClientAccessToken

Example 86 with ClientAccessToken

use of org.apache.cxf.rs.security.oauth2.common.ClientAccessToken in project teiid by teiid.

the class SAMLBearerTokenLoginModule method login.

@Override
public boolean login() throws LoginException {
    this.callerSubject = getSubject();
    this.callerPrincipal = getPrincipal();
    final String samlToken = getSAMLResponseToken();
    if (samlToken == null) {
        return false;
    }
    OAuth20CredentialImpl cred = new OAuth20CredentialImpl() {

        protected ClientAccessToken getAccessToken() {
            Consumer consumer = new Consumer(getClientId(), getClientSecret());
            WebClient client = WebClient.create(getAccessTokenURI());
            Saml2BearerGrant grant = null;
            if (scope != null) {
                grant = new Saml2BearerGrant(samlToken, scope);
            } else {
                grant = new Saml2BearerGrant(samlToken);
            }
            return OAuthClientUtils.getAccessToken(client, consumer, grant, null, false);
        }
    };
    cred.setClientId(getClientId());
    cred.setClientSecret(getClientSecret());
    cred.setAccessTokenURI(getAccessTokenURI());
    setCredential(cred);
    return super.login();
}

Also used : Saml2BearerGrant(org.apache.cxf.rs.security.oauth2.grants.saml.Saml2BearerGrant) Consumer(org.apache.cxf.rs.security.oauth2.client.Consumer) WebClient(org.apache.cxf.jaxrs.client.WebClient)

Example 87 with ClientAccessToken

use of org.apache.cxf.rs.security.oauth2.common.ClientAccessToken in project ddf by codice.

the class OAuthSecurityImpl method refreshToken.

/**
 * Attempts to refresh an expired access token
 *
 * @param id The ID to use when storing tokens
 * @param sourceId The ID of the source using OAuth to use when storing tokens
 * @param clientId The client ID registered with the OAuth provider
 * @param clientSecret The client secret registered with the OAuth provider
 * @param discoveryUrl The URL where the OAuth provider's metadata is hosted
 * @param refreshToken The unexpired refresh token to use
 * @param metadata The OAuh provider's metadata
 * @return refreshed access token
 */
private String refreshToken(String id, String sourceId, String clientId, String clientSecret, String discoveryUrl, String refreshToken, OIDCProviderMetadata metadata) {
    if (refreshToken == null || isExpired(refreshToken)) {
        LOGGER.debug("Error refreshing access token: unable to find an unexpired refresh token.");
        return null;
    }
    ClientAccessToken clientAccessToken;
    try {
        LOGGER.debug("Attempting to refresh the user's access token.");
        WebClient webClient = createWebClient(metadata.getTokenEndpointURI());
        Consumer consumer = new Consumer(clientId, clientSecret);
        AccessTokenGrant accessTokenGrant = new RefreshTokenGrant(refreshToken);
        clientAccessToken = OAuthClientUtils.getAccessToken(webClient, consumer, accessTokenGrant);
    } catch (OAuthServiceException e) {
        LOGGER.debug("Error refreshing access token.", e);
        return null;
    }
    // Validate new access token
    try {
        AccessToken accessToken = convertCxfAccessTokenToNimbusdsToken(clientAccessToken);
        OidcTokenValidator.validateAccessToken(accessToken, null, resourceRetriever, metadata, null);
    } catch (OidcValidationException e) {
        LOGGER.debug("Error validating access token.");
        return null;
    }
    // Store new tokens
    String newAccessToken = clientAccessToken.getTokenKey();
    String newRefreshToken = clientAccessToken.getRefreshToken();
    int status = tokenStorage.create(id, sourceId, newAccessToken, newRefreshToken, discoveryUrl);
    if (status != SC_OK) {
        LOGGER.warn("Error updating the token information.");
    }
    return newAccessToken;
}

Also used : Consumer(org.apache.cxf.rs.security.oauth2.client.Consumer) OAuthServiceException(org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException) RefreshTokenGrant(org.apache.cxf.rs.security.oauth2.grants.refresh.RefreshTokenGrant) ClientAccessToken(org.apache.cxf.rs.security.oauth2.common.ClientAccessToken) AccessToken(com.nimbusds.oauth2.sdk.token.AccessToken) BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken) TypelessAccessToken(com.nimbusds.oauth2.sdk.token.TypelessAccessToken) ClientAccessToken(org.apache.cxf.rs.security.oauth2.common.ClientAccessToken) AccessTokenGrant(org.apache.cxf.rs.security.oauth2.common.AccessTokenGrant) WebClient(org.apache.cxf.jaxrs.client.WebClient) OidcValidationException(org.codice.ddf.security.oidc.validator.OidcValidationException)

Example 88 with ClientAccessToken

use of org.apache.cxf.rs.security.oauth2.common.ClientAccessToken in project cxf by apache.

the class OAuthUtils method toClientAccessToken.

public static ClientAccessToken toClientAccessToken(ServerAccessToken serverToken, boolean supportOptionalParams) {
    String tokenKey = serverToken.getEncodedToken() != null ? serverToken.getEncodedToken() : serverToken.getTokenKey();
    ClientAccessToken clientToken = new ClientAccessToken(serverToken.getTokenType(), tokenKey);
    clientToken.setRefreshToken(serverToken.getRefreshToken());
    if (supportOptionalParams) {
        clientToken.setExpiresIn(serverToken.getExpiresIn());
        List<OAuthPermission> perms = serverToken.getScopes();
        String scopeString = OAuthUtils.convertPermissionsToScope(perms);
        if (!StringUtils.isEmpty(scopeString)) {
            clientToken.setApprovedScope(scopeString);
        }
        clientToken.setParameters(new HashMap<String, String>(serverToken.getParameters()));
    }
    return clientToken;
}

Also used : OAuthPermission(org.apache.cxf.rs.security.oauth2.common.OAuthPermission) ClientAccessToken(org.apache.cxf.rs.security.oauth2.common.ClientAccessToken)

Example 89 with ClientAccessToken

use of org.apache.cxf.rs.security.oauth2.common.ClientAccessToken in project cxf by apache.

the class OAuthClientUtilsTest method getAccessToken.

@Test
public void getAccessToken() {
    WebClient accessTokenService = mock(WebClient.class);
    String tokenKey = "tokenKey";
    String response = "{\"" + OAuthConstants.ACCESS_TOKEN + "\":\"" + tokenKey + "\"}";
    expect(accessTokenService.form(anyObject(Form.class))).andReturn(Response.ok(new ByteArrayInputStream(response.getBytes()), MediaType.APPLICATION_JSON).build());
    replay(accessTokenService);
    ClientAccessToken cat = OAuthClientUtils.getAccessToken(accessTokenService, null, new RefreshTokenGrant(""), null, "defaultTokenType", false);
    assertEquals(tokenKey, cat.getTokenKey());
    verify(accessTokenService);
}

Also used : Form(javax.ws.rs.core.Form) ByteArrayInputStream(java.io.ByteArrayInputStream) RefreshTokenGrant(org.apache.cxf.rs.security.oauth2.grants.refresh.RefreshTokenGrant) ClientAccessToken(org.apache.cxf.rs.security.oauth2.common.ClientAccessToken) WebClient(org.apache.cxf.jaxrs.client.WebClient) Test(org.junit.Test)

Example 90 with ClientAccessToken

use of org.apache.cxf.rs.security.oauth2.common.ClientAccessToken in project cxf by apache.

the class OAuthJSONProviderTest method doReadClientAccessToken.

@SuppressWarnings({ "unchecked", "rawtypes" })
public ClientAccessToken doReadClientAccessToken(String response, String expectedTokenType, Map<String, String> expectedParams) throws Exception {
    OAuthJSONProvider provider = new OAuthJSONProvider();
    ClientAccessToken token = (ClientAccessToken) provider.readFrom((Class) ClientAccessToken.class, ClientAccessToken.class, new Annotation[] {}, MediaType.APPLICATION_JSON_TYPE, new MetadataMap<String, String>(), new ByteArrayInputStream(response.getBytes()));
    assertEquals("1234", token.getTokenKey());
    assertTrue(expectedTokenType.equalsIgnoreCase(token.getTokenType()));
    assertEquals("5678", token.getRefreshToken());
    assertEquals(12345, token.getExpiresIn());
    assertEquals("read", token.getApprovedScope());
    Map<String, String> extraParams = token.getParameters();
    if (expectedParams != null) {
        assertEquals(expectedParams, extraParams);
    }
    assertEquals("http://abc", extraParams.get("my_parameter"));
    return token;
}

Also used : MetadataMap(org.apache.cxf.jaxrs.impl.MetadataMap) ByteArrayInputStream(java.io.ByteArrayInputStream) ClientAccessToken(org.apache.cxf.rs.security.oauth2.common.ClientAccessToken) Annotation(java.lang.annotation.Annotation)

Aggregations

ClientAccessToken (org.apache.cxf.rs.security.oauth2.common.ClientAccessToken)134 WebClient (org.apache.cxf.jaxrs.client.WebClient)116 URL (java.net.URL)53 Response (javax.ws.rs.core.Response)51 Form (javax.ws.rs.core.Form)41 Test (org.junit.Test)21 Consumer (org.apache.cxf.rs.security.oauth2.client.Consumer)16 Book (org.apache.cxf.systest.jaxrs.security.Book)12 JwsJwtCompactConsumer (org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer)11 TokenIntrospection (org.apache.cxf.rs.security.oauth2.common.TokenIntrospection)11 OAuthServiceException (org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)8 JsonMapObjectProvider (org.apache.cxf.jaxrs.provider.json.JsonMapObjectProvider)7 OAuthJSONProvider (org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider)7 ClientRegistration (org.apache.cxf.rs.security.oauth2.services.ClientRegistration)7 ClientRegistrationResponse (org.apache.cxf.rs.security.oauth2.services.ClientRegistrationResponse)7 ResponseProcessingException (javax.ws.rs.client.ResponseProcessingException)6 JwtToken (org.apache.cxf.rs.security.jose.jwt.JwtToken)6 AuthorizationCodeGrant (org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeGrant)6 HashMap (java.util.HashMap)4 Produces (javax.ws.rs.Produces)4