Example 21 with ServerAccessToken
use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.
the class ResourceOwnerGrantHandler method createAccessToken.
public ServerAccessToken createAccessToken(Client client, MultivaluedMap<String, String> params) throws OAuthServiceException {
String ownerName = params.getFirst(OAuthConstants.RESOURCE_OWNER_NAME);
String ownerPassword = params.getFirst(OAuthConstants.RESOURCE_OWNER_PASSWORD);
if (ownerName == null || ownerPassword == null) {
throw new OAuthServiceException(new OAuthError(OAuthConstants.INVALID_REQUEST));
}
UserSubject subject = loginHandler.createSubject(client, ownerName, ownerPassword);
if (subject == null) {
throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
}
return doCreateAccessToken(client, subject, params);
}
Also used :
OAuthError(org.apache.cxf.rs.security.oauth2.common.OAuthError)
UserSubject(org.apache.cxf.rs.security.oauth2.common.UserSubject)
OAuthServiceException(org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)
Example 22 with ServerAccessToken
use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.
the class AbstractGrantHandler method doCreateAccessToken.
protected ServerAccessToken doCreateAccessToken(Client client, UserSubject subject, String requestedGrant, List<String> requestedScopes, List<String> audiences) {
ServerAccessToken token = getPreAuthorizedToken(client, subject, requestedGrant, requestedScopes, audiences);
if (token != null) {
return token;
}
// Delegate to the data provider to create the one
AccessTokenRegistration reg = new AccessTokenRegistration();
reg.setClient(client);
reg.setGrantType(requestedGrant);
reg.setSubject(subject);
reg.setRequestedScope(requestedScopes);
reg.setApprovedScope(getApprovedScopes(client, subject, requestedScopes));
reg.setAudiences(audiences);
return dataProvider.createAccessToken(reg);
}
Also used :
ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken)
AccessTokenRegistration(org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration)
Example 23 with ServerAccessToken
use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.
the class AuthorizationCodeGrantHandler method doCreateAccessToken.
private ServerAccessToken doCreateAccessToken(Client client, ServerAuthorizationCodeGrant grant, String requestedGrant, String codeVerifier, List<String> audiences) {
if (grant.isPreauthorizedTokenAvailable()) {
ServerAccessToken token = getPreAuthorizedToken(client, grant.getSubject(), requestedGrant, grant.getRequestedScopes(), getAudiences(client, grant.getAudience()));
if (token != null) {
if (grant.getNonce() != null) {
JAXRSUtils.getCurrentMessage().getExchange().put(OAuthConstants.NONCE, grant.getNonce());
}
return token;
}
// creating a completely new token can be wrong - though this needs to be reviewed
throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
}
if (!client.getAllowedGrantTypes().isEmpty() && !client.getAllowedGrantTypes().contains(requestedGrant)) {
throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
}
// Delegate to the data provider to create the one
AccessTokenRegistration reg = new AccessTokenRegistration();
reg.setGrantCode(grant.getCode());
reg.setClient(client);
reg.setGrantType(requestedGrant);
reg.setSubject(grant.getSubject());
reg.setRequestedScope(grant.getRequestedScopes());
reg.setNonce(grant.getNonce());
if (grant.getApprovedScopes() != null) {
reg.setApprovedScope(grant.getApprovedScopes());
} else {
reg.setApprovedScope(Collections.emptyList());
}
reg.setAudiences(audiences);
reg.setResponseType(grant.getResponseType());
reg.setClientCodeVerifier(codeVerifier);
reg.getExtraProperties().putAll(grant.getExtraProperties());
return getDataProvider().createAccessToken(reg);
}
Also used :
ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken)
OAuthServiceException(org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)
AccessTokenRegistration(org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration)
Example 24 with ServerAccessToken
use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.
the class AuthorizationCodeGrantHandler method createAccessToken.
public ServerAccessToken createAccessToken(Client client, MultivaluedMap<String, String> params) throws OAuthServiceException {
// Get the grant representation from the provider
String codeValue = params.getFirst(OAuthConstants.AUTHORIZATION_CODE_VALUE);
ServerAuthorizationCodeGrant grant = ((AuthorizationCodeDataProvider) getDataProvider()).removeCodeGrant(codeValue);
if (grant == null) {
return null;
}
// check it has not expired, the client ids are the same
if (OAuthUtils.isExpired(grant.getIssuedAt(), grant.getExpiresIn())) {
throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
}
if (!grant.getClient().getClientId().equals(client.getClientId())) {
throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
}
// redirect URIs must match too
String expectedRedirectUri = grant.getRedirectUri();
String providedRedirectUri = params.getFirst(OAuthConstants.REDIRECT_URI);
if (providedRedirectUri != null) {
if (!providedRedirectUri.equals(expectedRedirectUri)) {
throw new OAuthServiceException(OAuthConstants.INVALID_REQUEST);
}
} else if (expectedRedirectUri == null && !isCanSupportPublicClients() || expectedRedirectUri != null && (client.getRedirectUris().size() != 1 || !client.getRedirectUris().contains(expectedRedirectUri))) {
throw new OAuthServiceException(OAuthConstants.INVALID_REQUEST);
}
String clientCodeVerifier = params.getFirst(OAuthConstants.AUTHORIZATION_CODE_VERIFIER);
String clientCodeChallenge = grant.getClientCodeChallenge();
String clientCodeChallengeMethod = grant.getClientCodeChallengeMethod();
if (!compareCodeVerifierWithChallenge(client, clientCodeVerifier, clientCodeChallenge, clientCodeChallengeMethod)) {
throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
}
List<String> audiences = getAudiences(client, params, grant.getAudience());
return doCreateAccessToken(client, grant, getSingleGrantType(), clientCodeVerifier, audiences);
}
Also used :
OAuthServiceException(org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)
Example 25 with ServerAccessToken
use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.
the class JPAOAuthDataProvider method doRevokeAccessToken.
@Override
protected void doRevokeAccessToken(final ServerAccessToken at) {
executeInTransaction(em -> {
ServerAccessToken tokenToRemove = em.getReference(at.getClass(), at.getTokenKey());
em.remove(tokenToRemove);
return null;
});
}
Also used :
ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken)
Aggregations
ServerAccessToken (org.apache.cxf.rs.security.oauth2.common.ServerAccessToken)54
AccessTokenRegistration (org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration)24
Client (org.apache.cxf.rs.security.oauth2.common.Client)24
Test (org.junit.Test)21
OAuthPermission (org.apache.cxf.rs.security.oauth2.common.OAuthPermission)15
RefreshToken (org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken)15
UserSubject (org.apache.cxf.rs.security.oauth2.common.UserSubject)12
OAuthServiceException (org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)11
BearerAccessToken (org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken)7
ClientAccessToken (org.apache.cxf.rs.security.oauth2.common.ClientAccessToken)6
ServerAuthorizationCodeGrant (org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant)6
JoseJwtConsumer (org.apache.cxf.rs.security.jose.jwt.JoseJwtConsumer)5
JwtClaims (org.apache.cxf.rs.security.jose.jwt.JwtClaims)5
ArrayList (java.util.ArrayList)4
ByteArrayInputStream (java.io.ByteArrayInputStream)3
LinkedList (java.util.LinkedList)3
Map (java.util.Map)3
JwtToken (org.apache.cxf.rs.security.jose.jwt.JwtToken)3
Ignore (org.junit.Ignore)3
ByteArrayOutputStream (java.io.ByteArrayOutputStream)2
