Search in sources :

Example 1 with AuthorizationCodeDataProvider

use of org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeDataProvider in project cxf by apache.

the class AuthorizationCodeGrantHandler method createAccessToken.

public ServerAccessToken createAccessToken(Client client, MultivaluedMap<String, String> params) throws OAuthServiceException {
    // Get the grant representation from the provider
    String codeValue = params.getFirst(OAuthConstants.AUTHORIZATION_CODE_VALUE);
    ServerAuthorizationCodeGrant grant = ((AuthorizationCodeDataProvider) getDataProvider()).removeCodeGrant(codeValue);
    if (grant == null) {
        return null;
    }
    // check it has not expired, the client ids are the same
    if (OAuthUtils.isExpired(grant.getIssuedAt(), grant.getExpiresIn())) {
        throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
    }
    if (!grant.getClient().getClientId().equals(client.getClientId())) {
        throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
    }
    // redirect URIs must match too
    String expectedRedirectUri = grant.getRedirectUri();
    String providedRedirectUri = params.getFirst(OAuthConstants.REDIRECT_URI);
    if (providedRedirectUri != null) {
        if (!providedRedirectUri.equals(expectedRedirectUri)) {
            throw new OAuthServiceException(OAuthConstants.INVALID_REQUEST);
        }
    } else if (expectedRedirectUri == null && !isCanSupportPublicClients() || expectedRedirectUri != null && (client.getRedirectUris().size() != 1 || !client.getRedirectUris().contains(expectedRedirectUri))) {
        throw new OAuthServiceException(OAuthConstants.INVALID_REQUEST);
    }
    String clientCodeVerifier = params.getFirst(OAuthConstants.AUTHORIZATION_CODE_VERIFIER);
    String clientCodeChallenge = grant.getClientCodeChallenge();
    String clientCodeChallengeMethod = grant.getClientCodeChallengeMethod();
    if (!compareCodeVerifierWithChallenge(client, clientCodeVerifier, clientCodeChallenge, clientCodeChallengeMethod)) {
        throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
    }
    List<String> audiences = getAudiences(client, params, grant.getAudience());
    return doCreateAccessToken(client, grant, getSingleGrantType(), clientCodeVerifier, audiences);
}
Also used : OAuthServiceException(org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)

Example 2 with AuthorizationCodeDataProvider

use of org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeDataProvider in project cxf by apache.

the class AuthorizationCodeGrantService method getGrantRepresentation.

public ServerAuthorizationCodeGrant getGrantRepresentation(OAuthRedirectionState state, Client client, List<String> requestedScope, List<String> approvedScope, UserSubject userSubject, ServerAccessToken preauthorizedToken) {
    AuthorizationCodeRegistration codeReg = createCodeRegistration(state, client, requestedScope, approvedScope, userSubject, preauthorizedToken);
    ServerAuthorizationCodeGrant grant = ((AuthorizationCodeDataProvider) getDataProvider()).createCodeGrant(codeReg);
    if (grant.getExpiresIn() > RECOMMENDED_CODE_EXPIRY_TIME_SECS) {
        LOG.warning("Code expiry time exceeds 10 minutes");
    }
    return grant;
}
Also used : AuthorizationCodeRegistration(org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeRegistration) AuthorizationCodeDataProvider(org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeDataProvider) ServerAuthorizationCodeGrant(org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant)

Aggregations

AuthorizationCodeDataProvider (org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeDataProvider)1 AuthorizationCodeRegistration (org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeRegistration)1 ServerAuthorizationCodeGrant (org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant)1 OAuthServiceException (org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)1