Examples with ClientAccessToken org.apache.cxf.rs.security.oauth2.common.ClientAccessToken used on opensource projects

Example 96 with ClientAccessToken

use of org.apache.cxf.rs.security.oauth2.common.ClientAccessToken in project cxf by apache.

the class DirectAuthorizationService method authorize.

@POST
@Consumes("application/x-www-form-urlencoded")
@Produces("text/html")
public Response authorize(MultivaluedMap<String, String> params) {
    SecurityContext sc = getAndValidateSecurityContext(params);
    Client client = getClient(params);
    // Create a UserSubject representing the end user
    UserSubject userSubject = createUserSubject(sc, params);
    AccessTokenRegistration reg = new AccessTokenRegistration();
    reg.setClient(client);
    reg.setGrantType(OAuthConstants.DIRECT_TOKEN_GRANT);
    reg.setSubject(userSubject);
    String providedScope = params.getFirst(OAuthConstants.SCOPE);
    List<String> requestedScope = OAuthUtils.getRequestedScopes(client, providedScope, useAllClientScopes, partialMatchScopeValidation);
    reg.setRequestedScope(requestedScope);
    reg.setApprovedScope(requestedScope);
    ServerAccessToken token = getDataProvider().createAccessToken(reg);
    ClientAccessToken clientToken = OAuthUtils.toClientAccessToken(token, isWriteOptionalParameters());
    return Response.ok(clientToken).build();
}

Example 97 with ClientAccessToken

use of org.apache.cxf.rs.security.oauth2.common.ClientAccessToken in project cxf by apache.

the class ClientCodeRequestFilter method processCodeResponse.

protected void processCodeResponse(ContainerRequestContext rc, UriInfo ui, MultivaluedMap<String, String> requestParams) {
    MultivaluedMap<String, String> state = null;
    if (clientStateManager != null) {
        state = clientStateManager.fromRedirectState(mc, requestParams);
    }
    String codeParam = requestParams.getFirst(OAuthConstants.AUTHORIZATION_CODE_VALUE);
    ClientAccessToken at = null;
    if (codeParam != null) {
        AuthorizationCodeGrant grant = prepareCodeGrant(codeParam, getAbsoluteRedirectUri(ui));
        if (state != null) {
            grant.setCodeVerifier(state.getFirst(OAuthConstants.AUTHORIZATION_CODE_VERIFIER));
        }
        at = OAuthClientUtils.getAccessToken(accessTokenServiceClient, consumer, grant, useAuthorizationHeader);
    }
    ClientTokenContext tokenContext = initializeClientTokenContext(rc, at, requestParams, state);
    if (at != null && clientTokenContextManager != null) {
        clientTokenContextManager.setClientTokenContext(mc, tokenContext);
    }
    setClientCodeRequest(tokenContext);
}

Example 98 with ClientAccessToken

use of org.apache.cxf.rs.security.oauth2.common.ClientAccessToken in project cxf by apache.

the class BearerAuthSupplier method refreshAccessToken.

private boolean refreshAccessToken(AuthorizationPolicy authPolicy) {
    ClientAccessToken at = getClientAccessToken();
    if (at.getRefreshToken() == null) {
        return false;
    }
    // Client id and secret are needed to refresh the tokens
    // AuthorizationPolicy can hold them by default, Consumer can also be injected into this supplier
    // and checked if the policy is null.
    // Client TLS authentication is also fine as an alternative authentication mechanism,
    // how can we check here that a 2-way TLS has been set up ?
    Consumer theConsumer = consumer;
    if (theConsumer == null && authPolicy != null && authPolicy.getUserName() != null && authPolicy.getPassword() != null) {
        theConsumer = new Consumer(authPolicy.getUserName(), authPolicy.getPassword());
    }
    if (theConsumer == null) {
        return false;
    }
    // Can WebCient be safely constructed at HttpConduit initialization time ?
    // If yes then createAccessTokenServiceClient() can be called inside
    // setAccessTokenServiceUri, though given that the token refreshment would
    // not be done on every request the current approach is quite reasonable
    WebClient accessTokenService = createAccessTokenServiceClient();
    setClientAccessToken(OAuthClientUtils.refreshAccessToken(accessTokenService, theConsumer, at));
    return true;
}

Example 99 with ClientAccessToken

use of org.apache.cxf.rs.security.oauth2.common.ClientAccessToken in project cxf by apache.

the class OAuthClientUtils method appendTokenData.

private static void appendTokenData(StringBuilder sb, ClientAccessToken token, HttpRequestProperties httpProps) throws OAuthServiceException {
    // this should all be handled by token specific serializers
    String tokenType = token.getTokenType().toLowerCase();
    if (OAuthConstants.BEARER_TOKEN_TYPE.equalsIgnoreCase(tokenType)) {
        sb.append(OAuthConstants.BEARER_AUTHORIZATION_SCHEME);
        sb.append(' ');
        sb.append(token.getTokenKey());
    } else if (OAuthConstants.HAWK_TOKEN_TYPE.equalsIgnoreCase(tokenType)) {
        if (httpProps == null) {
            throw new IllegalArgumentException("MAC scheme requires HTTP Request properties");
        }
        HawkAuthorizationScheme macAuthData = new HawkAuthorizationScheme(httpProps, token);
        String macAlgo = token.getParameters().get(OAuthConstants.HAWK_TOKEN_ALGORITHM);
        String macKey = token.getParameters().get(OAuthConstants.HAWK_TOKEN_KEY);
        sb.append(macAuthData.toAuthorizationHeader(macAlgo, macKey));
    } else {
        throw new ProcessingException(new OAuthServiceException("Unsupported token type"));
    }
}

Example 100 with ClientAccessToken

use of org.apache.cxf.rs.security.oauth2.common.ClientAccessToken in project cxf by apache.

the class OAuthClientUtils method getAccessToken.

/**
 * Obtains the access token from OAuth AccessToken Service
 * @param accessTokenServiceUri the AccessToken endpoint address
 * @param consumer {@link Consumer} representing the registered client
 * @param grant {@link AccessTokenGrant} grant
 * @param setAuthorizationHeader if set to true then HTTP Basic scheme
 *           will be used to pass client id and secret, otherwise they will
 *           be passed in the form payload
 * @return {@link ClientAccessToken} access token
 * @throws OAuthServiceException
 */
public static ClientAccessToken getAccessToken(String accessTokenServiceUri, Consumer consumer, AccessTokenGrant grant, boolean setAuthorizationHeader) throws OAuthServiceException {
    OAuthJSONProvider provider = new OAuthJSONProvider();
    WebClient accessTokenService = WebClient.create(accessTokenServiceUri, Collections.singletonList(provider));
    accessTokenService.accept("application/json");
    return getAccessToken(accessTokenService, consumer, grant, setAuthorizationHeader);
}