Examples with ClientRegistration org.apache.cxf.rs.security.oauth2.services.ClientRegistration used on opensource projects

Example 1 with ClientRegistration

use of org.apache.cxf.rs.security.oauth2.services.ClientRegistration in project cxf by apache.

the class DynamicRegistrationService method createNewClient.

protected Client createNewClient(ClientRegistration request) {
    // Client ID
    String clientId = generateClientId();
    // Client Name
    String clientName = request.getClientName();
    if (StringUtils.isEmpty(clientName)) {
        clientName = clientId;
    }
    List<String> grantTypes = request.getGrantTypes();
    if (grantTypes == null) {
        grantTypes = Collections.singletonList(OAuthConstants.AUTHORIZATION_CODE_GRANT);
    }
    String tokenEndpointAuthMethod = request.getTokenEndpointAuthMethod();
    // TODO: default is expected to be set to OAuthConstants.TOKEN_ENDPOINT_AUTH_BASIC
    boolean passwordRequired = isPasswordRequired(grantTypes, tokenEndpointAuthMethod);
    // Application Type
    // https://tools.ietf.org/html/rfc7591 has no this property but
    // but http://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata does
    String appType = request.getApplicationType();
    if (appType == null) {
        appType = DEFAULT_APPLICATION_TYPE;
    }
    boolean isConfidential = DEFAULT_APPLICATION_TYPE.equals(appType) && (passwordRequired || OAuthConstants.TOKEN_ENDPOINT_AUTH_TLS.equals(tokenEndpointAuthMethod));
    // Client Secret
    String clientSecret = passwordRequired ? generateClientSecret(request) : null;
    Client newClient = new Client(clientId, clientSecret, isConfidential, clientName);
    newClient.setAllowedGrantTypes(grantTypes);
    newClient.setTokenEndpointAuthMethod(tokenEndpointAuthMethod);
    if (OAuthConstants.TOKEN_ENDPOINT_AUTH_TLS.equals(tokenEndpointAuthMethod)) {
        String subjectDn = (String) request.getProperty(OAuthConstants.TLS_CLIENT_AUTH_SUBJECT_DN);
        if (subjectDn != null) {
            newClient.getProperties().put(OAuthConstants.TLS_CLIENT_AUTH_SUBJECT_DN, subjectDn);
        }
        String issuerDn = (String) request.getProperty(OAuthConstants.TLS_CLIENT_AUTH_ISSUER_DN);
        if (issuerDn != null) {
            newClient.getProperties().put(OAuthConstants.TLS_CLIENT_AUTH_ISSUER_DN, issuerDn);
        }
    }
    // Client Registration Time
    newClient.setRegisteredAt(System.currentTimeMillis() / 1000);
    // Client Redirect URIs
    List<String> redirectUris = request.getRedirectUris();
    if (redirectUris != null) {
        for (String uri : redirectUris) {
            validateRequestUri(uri, appType, grantTypes);
        }
        newClient.setRedirectUris(redirectUris);
    }
    // Client Resource Audience URIs
    List<String> resourceUris = request.getResourceUris();
    if (resourceUris != null) {
        newClient.setRegisteredAudiences(resourceUris);
    }
    // Client Scopes
    String scope = request.getScope();
    if (!StringUtils.isEmpty(scope)) {
        newClient.setRegisteredScopes(OAuthUtils.parseScope(scope));
    }
    // Client Application URI
    String clientUri = request.getClientUri();
    if (clientUri != null) {
        newClient.setApplicationWebUri(clientUri);
    }
    // Client Logo URI
    String clientLogoUri = request.getLogoUri();
    if (clientLogoUri != null) {
        newClient.setApplicationLogoUri(clientLogoUri);
    }
    // TODO: check other properties
    // Add more typed properties like tosUri, policyUri, etc to Client
    // or set them as Client extra properties
    SecurityContext sc = mc.getSecurityContext();
    if (sc != null && sc.getUserPrincipal() != null && sc.getUserPrincipal().getName() != null) {
        UserSubject subject = new UserSubject(sc.getUserPrincipal().getName());
        newClient.setResourceOwnerSubject(subject);
    }
    newClient.setRegisteredDynamically(true);
    return newClient;
}

Example 2 with ClientRegistration

use of org.apache.cxf.rs.security.oauth2.services.ClientRegistration in project cxf by apache.

the class DynamicRegistrationService method register.

@POST
@Consumes("application/json")
@Produces("application/json")
public Response register(ClientRegistration request) {
    checkInitialAuthentication();
    Client client = createNewClient(request);
    createRegAccessToken(client);
    clientProvider.setClient(client);
    return Response.status(201).entity(fromClientToRegistrationResponse(client)).build();
}

Example 3 with ClientRegistration

use of org.apache.cxf.rs.security.oauth2.services.ClientRegistration in project cxf by apache.

the class OidcDynamicRegistrationService method createNewClient.

@Override
protected Client createNewClient(ClientRegistration request) {
    Client client = super.createNewClient(request);
    List<String> postLogoutUris = request.getListStringProperty(POST_LOGOUT_LOGOUT_URIS);
    if (postLogoutUris != null) {
        StringBuilder sb = new StringBuilder();
        for (String uri : postLogoutUris) {
            if (sb.length() > 0) {
                sb.append(" ");
            }
            sb.append(uri);
        }
        client.getProperties().put(POST_LOGOUT_LOGOUT_URIS, sb.toString());
    }
    String backChannelLogoutUri = request.getStringProperty(BACK_CHANNEL_LOGOUT_URI);
    if (backChannelLogoutUri != null) {
        client.getProperties().put(BACK_CHANNEL_LOGOUT_URI, backChannelLogoutUri);
    }
    return client;
}

Example 4 with ClientRegistration

use of org.apache.cxf.rs.security.oauth2.services.ClientRegistration in project cxf by apache.

the class JAXRSOAuth2TlsTest method newClientRegistration.

private ClientRegistration newClientRegistration() {
    ClientRegistration reg = new ClientRegistration();
    reg.setApplicationType("web");
    reg.setScope("openid");
    reg.setClientName("dynamic_client");
    reg.setGrantTypes(Collections.singletonList("custom_grant"));
    reg.setRedirectUris(Collections.singletonList("https://a/b/c"));
    reg.setTokenEndpointAuthMethod(OAuthConstants.TOKEN_ENDPOINT_AUTH_TLS);
    reg.setProperty(OAuthConstants.TLS_CLIENT_AUTH_SUBJECT_DN, "CN=whateverhost.com,OU=Morpit,O=ApacheTest,L=Syracuse,C=US");
    return reg;
}

Example 5 with ClientRegistration

use of org.apache.cxf.rs.security.oauth2.services.ClientRegistration in project cxf by apache.

the class JAXRSOAuth2TlsTest method testRegisterClientTwoWayTLSClientIdBoundDynReg.

@Test
public void testRegisterClientTwoWayTLSClientIdBoundDynReg() throws Exception {
    String dynRegAddress = "https://localhost:" + PORT + "/oauth2Jwt/register";
    WebClient wcDynReg = createDynRegWebClient(dynRegAddress);
    wcDynReg.accept("application/json").type("application/json");
    ClientRegistration reg = newClientRegistration();
    wcDynReg.authorization(new ClientAccessToken("Bearer", "123456789"));
    ClientRegistrationResponse resp = wcDynReg.post(reg, ClientRegistrationResponse.class);
    doTestTwoWayTLSClientIdBoundJwt(resp.getClientId());
    // delete the client
    String regAccessToken = resp.getRegistrationAccessToken();
    assertNotNull(regAccessToken);
    wcDynReg.path(resp.getClientId());
    wcDynReg.authorization(new ClientAccessToken("Bearer", regAccessToken));
    assertEquals(200, wcDynReg.delete().getStatus());
    assertNotNull(regAccessToken);
}