Search in sources :

Example 1 with IdToken

use of org.apache.cxf.rs.security.oidc.common.IdToken in project cxf by apache.

the class OidcClientCodeRequestFilter method createTokenContext.

@Override
protected ClientTokenContext createTokenContext(ContainerRequestContext rc, ClientAccessToken at, MultivaluedMap<String, String> requestParams, MultivaluedMap<String, String> state) {
    if (rc.getSecurityContext() instanceof OidcSecurityContext) {
        return ((OidcSecurityContext) rc.getSecurityContext()).getOidcContext();
    }
    OidcClientTokenContextImpl ctx = new OidcClientTokenContextImpl();
    if (at != null) {
        if (idTokenReader == null) {
            throw new OAuthServiceException(OAuthConstants.SERVER_ERROR);
        }
        IdToken idToken = idTokenReader.getIdToken(at, requestParams.getFirst(OAuthConstants.AUTHORIZATION_CODE_VALUE), getConsumer());
        // Validate the properties set up at the redirection time.
        validateIdToken(idToken, state);
        ctx.setIdToken(idToken);
        if (userInfoClient != null) {
            ctx.setUserInfo(userInfoClient.getUserInfo(at, ctx.getIdToken(), getConsumer()));
        }
        OidcSecurityContext oidcSecCtx = new OidcSecurityContext(ctx);
        oidcSecCtx.setRoleClaim(roleClaim);
        rc.setSecurityContext(oidcSecCtx);
    }
    return ctx;
}
Also used : IdToken(org.apache.cxf.rs.security.oidc.common.IdToken) OAuthServiceException(org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)

Example 2 with IdToken

use of org.apache.cxf.rs.security.oidc.common.IdToken in project cxf by apache.

the class OidcIdTokenRequestFilter method filter.

@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
    MultivaluedMap<String, String> form = toFormData(requestContext);
    String idTokenParamValue = form.getFirst(tokenFormParameter);
    if (idTokenParamValue == null) {
        requestContext.abortWith(Response.status(401).build());
        return;
    }
    IdToken idToken = idTokenReader.getIdToken(idTokenParamValue, consumer);
    JAXRSUtils.getCurrentMessage().setContent(IdToken.class, idToken);
    OidcSecurityContext oidcSecCtx = new OidcSecurityContext(idToken);
    oidcSecCtx.setRoleClaim(roleClaim);
    requestContext.setSecurityContext(oidcSecCtx);
}
Also used : IdToken(org.apache.cxf.rs.security.oidc.common.IdToken)

Example 3 with IdToken

use of org.apache.cxf.rs.security.oidc.common.IdToken in project cxf by apache.

the class OidcImplicitService method getProcessedIdToken.

private String getProcessedIdToken(OAuthRedirectionState state, UserSubject subject, List<String> scopes) {
    if (subject.getProperties().containsKey(OidcUtils.ID_TOKEN)) {
        return subject.getProperties().get(OidcUtils.ID_TOKEN);
    } else if (idTokenProvider != null) {
        IdToken idToken = idTokenProvider.getIdToken(state.getClientId(), subject, scopes);
        return processIdToken(state, idToken);
    } else if (subject instanceof OidcUserSubject) {
        OidcUserSubject sub = (OidcUserSubject) subject;
        IdToken idToken = new IdToken(sub.getIdToken());
        idToken.setAudience(state.getClientId());
        idToken.setAuthorizedParty(state.getClientId());
        return processIdToken(state, idToken);
    } else {
        return null;
    }
}
Also used : IdToken(org.apache.cxf.rs.security.oidc.common.IdToken)

Example 4 with IdToken

use of org.apache.cxf.rs.security.oidc.common.IdToken in project cxf by apache.

the class OidcInvoker method validateRefreshedToken.

@Override
protected void validateRefreshedToken(ClientTokenContext tokenContext, ClientAccessToken refreshedToken) {
    if (refreshedToken.getParameters().containsKey(OidcUtils.ID_TOKEN)) {
        IdToken newIdToken = idTokenReader.getIdToken(refreshedToken, getConsumer());
        OidcClientTokenContextImpl oidcContext = (OidcClientTokenContextImpl) tokenContext;
        IdToken currentIdToken = oidcContext.getIdToken();
        if (!newIdToken.getIssuer().equals(currentIdToken.getIssuer())) {
            throw new OAuthServiceException("Invalid id token issuer");
        }
        if (!newIdToken.getSubject().equals(currentIdToken.getSubject())) {
            throw new OAuthServiceException("Invalid id token subject");
        }
        if (!newIdToken.getAudiences().containsAll(currentIdToken.getAudiences())) {
            throw new OAuthServiceException("Invalid id token audience(s)");
        }
        Long newAuthTime = newIdToken.getAuthenticationTime();
        if (newAuthTime != null && !newAuthTime.equals(currentIdToken.getAuthenticationTime())) {
            throw new OAuthServiceException("Invalid id token auth_time");
        }
        String newAzp = newIdToken.getAuthorizedParty();
        String origAzp = currentIdToken.getAuthorizedParty();
        if (newAzp != null && origAzp == null || newAzp == null && origAzp != null || newAzp != null && origAzp != null && !newAzp.equals(origAzp)) {
            throw new OAuthServiceException("Invalid id token authorized party");
        }
        Long newIssuedTime = newIdToken.getIssuedAt();
        Long origIssuedTime = currentIdToken.getIssuedAt();
        if (newIssuedTime < origIssuedTime) {
            throw new OAuthServiceException("Invalid id token issued time");
        }
        oidcContext.setIdToken(newIdToken);
    }
}
Also used : IdToken(org.apache.cxf.rs.security.oidc.common.IdToken) OAuthServiceException(org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)

Example 5 with IdToken

use of org.apache.cxf.rs.security.oidc.common.IdToken in project testcases by coheigea.

the class IdTokenProviderImpl method getIdToken.

@Override
public IdToken getIdToken(String clientId, UserSubject authenticatedUser, List<String> scopes) {
    IdToken token = new IdToken();
    Calendar cal = Calendar.getInstance();
    cal.add(Calendar.SECOND, 60);
    token.setExpiryTime(cal.getTimeInMillis() / 1000L);
    token.setIssuedAt(new Date().getTime() / 1000L);
    token.setAudience(clientId);
    token.setSubject(authenticatedUser.getLogin());
    token.setIssuer("OIDC IdP");
    return token;
}
Also used : IdToken(org.apache.cxf.rs.security.oidc.common.IdToken) Calendar(java.util.Calendar) Date(java.util.Date)

Aggregations

IdToken (org.apache.cxf.rs.security.oidc.common.IdToken)12 ClientTokenContext (org.apache.cxf.rs.security.oauth2.client.ClientTokenContext)2 OAuthServiceException (org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)2 Calendar (java.util.Calendar)1 Date (java.util.Date)1 WebClient (org.apache.cxf.jaxrs.client.WebClient)1 MessageContextImpl (org.apache.cxf.jaxrs.ext.MessageContextImpl)1 JwsJwtCompactConsumer (org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer)1 JwtException (org.apache.cxf.rs.security.jose.jwt.JwtException)1 JwtToken (org.apache.cxf.rs.security.jose.jwt.JwtToken)1 Consumer (org.apache.cxf.rs.security.oauth2.client.Consumer)1 AccessTokenRegistration (org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration)1 Client (org.apache.cxf.rs.security.oauth2.common.Client)1 ClientAccessToken (org.apache.cxf.rs.security.oauth2.common.ClientAccessToken)1 ServerAccessToken (org.apache.cxf.rs.security.oauth2.common.ServerAccessToken)1 UserInfo (org.apache.cxf.rs.security.oidc.common.UserInfo)1 Test (org.junit.Test)1