Examples with ServerAuthorizationCodeGrant org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant used on opensource projects

Example 1 with ServerAuthorizationCodeGrant

use of org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant in project cxf by apache.

the class AuthorizationCodeGrantHandler method doCreateAccessToken.

private ServerAccessToken doCreateAccessToken(Client client, ServerAuthorizationCodeGrant grant, String requestedGrant, String codeVerifier, List<String> audiences) {
    if (grant.isPreauthorizedTokenAvailable()) {
        ServerAccessToken token = getPreAuthorizedToken(client, grant.getSubject(), requestedGrant, grant.getRequestedScopes(), getAudiences(client, grant.getAudience()));
        if (token != null) {
            if (grant.getNonce() != null) {
                JAXRSUtils.getCurrentMessage().getExchange().put(OAuthConstants.NONCE, grant.getNonce());
            }
            return token;
        }
        // creating a completely new token can be wrong - though this needs to be reviewed
        throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
    }
    if (!client.getAllowedGrantTypes().isEmpty() && !client.getAllowedGrantTypes().contains(requestedGrant)) {
        throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
    }
    // Delegate to the data provider to create the one
    AccessTokenRegistration reg = new AccessTokenRegistration();
    reg.setGrantCode(grant.getCode());
    reg.setClient(client);
    reg.setGrantType(requestedGrant);
    reg.setSubject(grant.getSubject());
    reg.setRequestedScope(grant.getRequestedScopes());
    reg.setNonce(grant.getNonce());
    if (grant.getApprovedScopes() != null) {
        reg.setApprovedScope(grant.getApprovedScopes());
    } else {
        reg.setApprovedScope(Collections.emptyList());
    }
    reg.setAudiences(audiences);
    reg.setResponseType(grant.getResponseType());
    reg.setClientCodeVerifier(codeVerifier);
    reg.getExtraProperties().putAll(grant.getExtraProperties());
    return getDataProvider().createAccessToken(reg);
}

Example 2 with ServerAuthorizationCodeGrant

use of org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant in project cxf by apache.

the class AuthorizationCodeGrantHandler method createAccessToken.

public ServerAccessToken createAccessToken(Client client, MultivaluedMap<String, String> params) throws OAuthServiceException {
    // Get the grant representation from the provider
    String codeValue = params.getFirst(OAuthConstants.AUTHORIZATION_CODE_VALUE);
    ServerAuthorizationCodeGrant grant = ((AuthorizationCodeDataProvider) getDataProvider()).removeCodeGrant(codeValue);
    if (grant == null) {
        return null;
    }
    // check it has not expired, the client ids are the same
    if (OAuthUtils.isExpired(grant.getIssuedAt(), grant.getExpiresIn())) {
        throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
    }
    if (!grant.getClient().getClientId().equals(client.getClientId())) {
        throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
    }
    // redirect URIs must match too
    String expectedRedirectUri = grant.getRedirectUri();
    String providedRedirectUri = params.getFirst(OAuthConstants.REDIRECT_URI);
    if (providedRedirectUri != null) {
        if (expectedRedirectUri == null || !providedRedirectUri.equals(expectedRedirectUri)) {
            throw new OAuthServiceException(OAuthConstants.INVALID_REQUEST);
        }
    } else if (expectedRedirectUri == null && !isCanSupportPublicClients() || expectedRedirectUri != null && (client.getRedirectUris().size() != 1 || !client.getRedirectUris().contains(expectedRedirectUri))) {
        throw new OAuthServiceException(OAuthConstants.INVALID_REQUEST);
    }
    String clientCodeVerifier = params.getFirst(OAuthConstants.AUTHORIZATION_CODE_VERIFIER);
    String clientCodeChallenge = grant.getClientCodeChallenge();
    if (!compareCodeVerifierWithChallenge(client, clientCodeVerifier, clientCodeChallenge)) {
        throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
    }
    List<String> audiences = getAudiences(client, params, grant.getAudience());
    return doCreateAccessToken(client, grant, getSingleGrantType(), clientCodeVerifier, audiences);
}

Example 3 with ServerAuthorizationCodeGrant

use of org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant in project cxf by apache.

the class AuthorizationCodeGrantService method getGrantRepresentation.

public ServerAuthorizationCodeGrant getGrantRepresentation(OAuthRedirectionState state, Client client, List<String> requestedScope, List<String> approvedScope, UserSubject userSubject, ServerAccessToken preauthorizedToken) {
    AuthorizationCodeRegistration codeReg = createCodeRegistration(state, client, requestedScope, approvedScope, userSubject, preauthorizedToken);
    ServerAuthorizationCodeGrant grant = ((AuthorizationCodeDataProvider) getDataProvider()).createCodeGrant(codeReg);
    if (grant.getExpiresIn() > RECOMMENDED_CODE_EXPIRY_TIME_SECS) {
        LOG.warning("Code expiry time exceeds 10 minutes");
    }
    return grant;
}

Example 4 with ServerAuthorizationCodeGrant

use of org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant in project cxf by apache.

the class ModelEncryptionSupport method recreateCodeGrantInternal.

private static ServerAuthorizationCodeGrant recreateCodeGrantInternal(OAuthDataProvider provider, String sequence) {
    String[] parts = getParts(sequence);
    ServerAuthorizationCodeGrant grant = new ServerAuthorizationCodeGrant(provider.getClient(parts[0]), parts[1], Long.parseLong(parts[2]), Long.parseLong(parts[3]));
    grant.setRedirectUri(getStringPart(parts[4]));
    grant.setAudience(getStringPart(parts[5]));
    grant.setClientCodeChallenge(getStringPart(parts[6]));
    grant.setApprovedScopes(parseSimpleList(parts[7]));
    grant.setSubject(recreateUserSubject(parts[8]));
    grant.setExtraProperties(parseSimpleMap(parts[9]));
    return grant;
}

Example 5 with ServerAuthorizationCodeGrant

use of org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant in project cxf by apache.

the class JCacheCodeDataProviderTest method testAddGetDeleteCodeGrants2.

@Ignore
@Test
public void testAddGetDeleteCodeGrants2() {
    Client c = addClient("111", "bob");
    AuthorizationCodeRegistration atr = new AuthorizationCodeRegistration();
    atr.setClient(c);
    atr.setApprovedScope(Collections.singletonList("a"));
    atr.setSubject(c.getResourceOwnerSubject());
    provider.createCodeGrant(atr);
    List<ServerAuthorizationCodeGrant> grants = provider.getCodeGrants(c, c.getResourceOwnerSubject());
    assertNotNull(grants);
    assertEquals(1, grants.size());
    provider.removeClient(c.getClientId());
    grants = provider.getCodeGrants(c, c.getResourceOwnerSubject());
    assertNotNull(grants);
    assertEquals(0, grants.size());
}