Examples with OAuthError org.apache.cxf.rs.security.oauth2.common.OAuthError used on opensource projects

Example 1 with OAuthError

use of org.apache.cxf.rs.security.oauth2.common.OAuthError in project cxf by apache.

the class OAuthClientUtils method getAccessToken.

/**
 * Obtains the access token from OAuth AccessToken Service
 * using the initialized web client
 * @param accessTokenService the AccessToken client
 * @param consumer {@link Consumer} representing the registered client.
 * @param grant {@link AccessTokenGrant} grant
 * @param extraParams extra parameters
 * @param defaultTokenType default expected token type - some early
 *        well-known OAuth2 services do not return a required token_type parameter
 * @param setAuthorizationHeader if set to true then HTTP Basic scheme
 *           will be used to pass client id and secret, otherwise they will
 *           be passed in the form payload
 * @return {@link ClientAccessToken} access token
 * @throws OAuthServiceException
 */
public static ClientAccessToken getAccessToken(WebClient accessTokenService, Consumer consumer, AccessTokenGrant grant, Map<String, String> extraParams, String defaultTokenType, boolean setAuthorizationHeader) throws OAuthServiceException {
    if (accessTokenService == null) {
        throw new OAuthServiceException(OAuthConstants.SERVER_ERROR);
    }
    Form form = new Form(grant.toMap());
    if (extraParams != null) {
        for (Map.Entry<String, String> entry : extraParams.entrySet()) {
            form.param(entry.getKey(), entry.getValue());
        }
    }
    if (consumer != null) {
        boolean secretAvailable = !StringUtils.isEmpty(consumer.getClientSecret());
        if (setAuthorizationHeader && secretAvailable) {
            StringBuilder sb = new StringBuilder();
            sb.append("Basic ");
            try {
                String data = consumer.getClientId() + ":" + consumer.getClientSecret();
                sb.append(Base64Utility.encode(data.getBytes(StandardCharsets.UTF_8)));
            } catch (Exception ex) {
                throw new ProcessingException(ex);
            }
            accessTokenService.replaceHeader("Authorization", sb.toString());
        } else {
            form.param(OAuthConstants.CLIENT_ID, consumer.getClientId());
            if (secretAvailable) {
                form.param(OAuthConstants.CLIENT_SECRET, consumer.getClientSecret());
            }
        }
    } else {
    // in this case the AccessToken service is expected to find a mapping between
    // the authenticated credentials and the client registration id
    }
    Response response = accessTokenService.form(form);
    Map<String, String> map = null;
    try {
        map = new OAuthJSONProvider().readJSONResponse((InputStream) response.getEntity());
    } catch (IOException ex) {
        throw new ResponseProcessingException(response, ex);
    }
    if (200 == response.getStatus()) {
        ClientAccessToken token = fromMapToClientToken(map, defaultTokenType);
        if (token == null) {
            throw new OAuthServiceException(OAuthConstants.SERVER_ERROR);
        }
        return token;
    } else if (response.getStatus() >= 400 && map.containsKey(OAuthConstants.ERROR_KEY)) {
        OAuthError error = new OAuthError(map.get(OAuthConstants.ERROR_KEY), map.get(OAuthConstants.ERROR_DESCRIPTION_KEY));
        error.setErrorUri(map.get(OAuthConstants.ERROR_URI_KEY));
        throw new OAuthServiceException(error);
    }
    throw new OAuthServiceException(OAuthConstants.SERVER_ERROR);
}

Example 2 with OAuthError

use of org.apache.cxf.rs.security.oauth2.common.OAuthError in project cxf by apache.

the class ResourceOwnerGrantHandler method createAccessToken.

public ServerAccessToken createAccessToken(Client client, MultivaluedMap<String, String> params) throws OAuthServiceException {
    String ownerName = params.getFirst(OAuthConstants.RESOURCE_OWNER_NAME);
    String ownerPassword = params.getFirst(OAuthConstants.RESOURCE_OWNER_PASSWORD);
    if (ownerName == null || ownerPassword == null) {
        throw new OAuthServiceException(new OAuthError(OAuthConstants.INVALID_REQUEST));
    }
    UserSubject subject = loginHandler.createSubject(client, ownerName, ownerPassword);
    if (subject == null) {
        throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
    }
    return doCreateAccessToken(client, subject, params);
}

Example 3 with OAuthError

use of org.apache.cxf.rs.security.oauth2.common.OAuthError in project cxf by apache.

the class OidcImplicitService method canAuthorizationBeSkipped.

@Override
protected boolean canAuthorizationBeSkipped(MultivaluedMap<String, String> params, Client client, UserSubject userSubject, List<String> requestedScope, List<OAuthPermission> permissions) {
    List<String> promptValues = OidcUtils.getPromptValues(params);
    if (promptValues.contains(OidcUtils.PROMPT_CONSENT_VALUE)) {
        // Displaying the consent screen is preferred by the client
        return false;
    }
    // Check the pre-configured consent
    boolean preConfiguredConsentForScopes = super.canAuthorizationBeSkipped(params, client, userSubject, requestedScope, permissions);
    if (!preConfiguredConsentForScopes && promptValues.contains(OidcUtils.PROMPT_NONE_VALUE)) {
        // An error is returned if client does not have pre-configured consent for the requested scopes/claims
        LOG.log(Level.FINE, "Prompt 'none' request can not be met");
        throw new OAuthServiceException(new OAuthError(OidcUtils.CONSENT_REQUIRED_ERROR));
    }
    return preConfiguredConsentForScopes;
}

Example 4 with OAuthError

use of org.apache.cxf.rs.security.oauth2.common.OAuthError in project cxf by apache.

the class OidcAuthorizationCodeService method canAuthorizationBeSkipped.

@Override
protected boolean canAuthorizationBeSkipped(MultivaluedMap<String, String> params, Client client, UserSubject userSubject, List<String> requestedScope, List<OAuthPermission> permissions) {
    List<String> promptValues = OidcUtils.getPromptValues(params);
    if (promptValues.contains(OidcUtils.PROMPT_CONSENT_VALUE)) {
        // Displaying the consent screen is preferred by the client
        return false;
    }
    // Check the pre-configured consent
    boolean preConfiguredConsentForScopes = super.canAuthorizationBeSkipped(params, client, userSubject, requestedScope, permissions);
    if (!preConfiguredConsentForScopes && promptValues.contains(OidcUtils.PROMPT_NONE_VALUE)) {
        // An error is returned if client does not have pre-configured consent for the requested scopes/claims
        LOG.log(Level.FINE, "Prompt 'none' request can not be met");
        throw new OAuthServiceException(new OAuthError(OidcUtils.CONSENT_REQUIRED_ERROR));
    }
    return preConfiguredConsentForScopes;
}

Example 5 with OAuthError

use of org.apache.cxf.rs.security.oauth2.common.OAuthError in project cxf by apache.

the class AbstractOAuthService method reportInvalidRequestError.

protected void reportInvalidRequestError(String errorDescription, MediaType mt) {
    OAuthError error = new OAuthError(OAuthConstants.INVALID_REQUEST, errorDescription);
    reportInvalidRequestError(error, mt);
}