Example 6 with IdToken
use of org.apache.cxf.rs.security.oidc.common.IdToken in project cxf by apache.
the class OidcIdTokenProvider method createContext.
@Override
public IdTokenContext createContext(Message m) {
OidcClientTokenContext ctx = (OidcClientTokenContext) m.getContent(ClientTokenContext.class);
final IdToken idToken = ctx != null ? ctx.getIdToken() : m.getContent(IdToken.class);
if (idToken != null) {
return new IdTokenContext() {
@Override
public IdToken getIdToken() {
return idToken;
}
};
}
return null;
}
Also used :
IdToken(org.apache.cxf.rs.security.oidc.common.IdToken)
ClientTokenContext(org.apache.cxf.rs.security.oauth2.client.ClientTokenContext)
Example 7 with IdToken
use of org.apache.cxf.rs.security.oidc.common.IdToken in project cxf by apache.
the class OidcRpAuthenticationFilter method checkSecurityContext.
protected boolean checkSecurityContext(ContainerRequestContext rc) {
OidcClientTokenContext tokenContext = (OidcClientTokenContext) stateManager.getClientTokenContext(mc);
if (tokenContext == null) {
return false;
}
IdToken idToken = tokenContext.getIdToken();
try {
// If ID token has expired then the context is no longer valid
JwtUtils.validateJwtExpiry(idToken, 0, idToken.getExpiryTime() != null);
} catch (JwtException ex) {
stateManager.removeClientTokenContext(new MessageContextImpl(JAXRSUtils.getCurrentMessage()));
return false;
}
OidcClientTokenContextImpl newTokenContext = new OidcClientTokenContextImpl();
newTokenContext.setToken(tokenContext.getToken());
newTokenContext.setIdToken(idToken);
newTokenContext.setUserInfo(tokenContext.getUserInfo());
newTokenContext.setState(toRequestState(rc));
JAXRSUtils.getCurrentMessage().setContent(ClientTokenContext.class, newTokenContext);
OidcSecurityContext oidcSecCtx = new OidcSecurityContext(newTokenContext);
oidcSecCtx.setRoleClaim(roleClaim);
rc.setSecurityContext(oidcSecCtx);
return true;
}
Also used :
IdToken(org.apache.cxf.rs.security.oidc.common.IdToken)
JwtException(org.apache.cxf.rs.security.jose.jwt.JwtException)
MessageContextImpl(org.apache.cxf.jaxrs.ext.MessageContextImpl)
Example 8 with IdToken
use of org.apache.cxf.rs.security.oidc.common.IdToken in project cxf by apache.
the class OidcUserInfoProvider method createContext.
@Override
public UserInfoContext createContext(Message m) {
final OidcClientTokenContext ctx = (OidcClientTokenContext) m.getContent(ClientTokenContext.class);
final UserInfo userInfo = ctx != null ? ctx.getUserInfo() : m.getContent(UserInfo.class);
if (userInfo != null) {
final IdToken idToken = ctx != null ? ctx.getIdToken() : m.getContent(IdToken.class);
return new UserInfoContext() {
@Override
public UserInfo getUserInfo() {
return userInfo;
}
@Override
public IdToken getIdToken() {
return idToken;
}
};
}
return null;
}
Also used :
IdToken(org.apache.cxf.rs.security.oidc.common.IdToken)
UserInfo(org.apache.cxf.rs.security.oidc.common.UserInfo)
ClientTokenContext(org.apache.cxf.rs.security.oauth2.client.ClientTokenContext)
Example 9 with IdToken
use of org.apache.cxf.rs.security.oidc.common.IdToken in project cxf by apache.
the class JPAOidcUserSubjectTest method testAccessTokenWithOidcUserSubject.
@Test
public void testAccessTokenWithOidcUserSubject() {
Client c = addClient("101", "bob");
AccessTokenRegistration atr = new AccessTokenRegistration();
atr.setClient(c);
atr.setApprovedScope(Collections.singletonList("a"));
OidcUserSubject oidcSubject = new OidcUserSubject();
oidcSubject.setLogin("bob");
IdToken idToken = new IdToken();
idToken.setAudience(c.getClientId());
oidcSubject.setIdToken(idToken);
atr.setSubject(oidcSubject);
ServerAccessToken at = getProvider().createAccessToken(atr);
ServerAccessToken at2 = getProvider().getAccessToken(at.getTokenKey());
assertEquals(at.getTokenKey(), at2.getTokenKey());
OidcUserSubject oidcSubject2 = (OidcUserSubject) at2.getSubject();
assertEquals(c.getClientId(), oidcSubject2.getIdToken().getAudience());
OidcUserSubject oidcSubject3 = new OidcUserSubject();
oidcSubject3.setLogin("bob");
IdToken idToken2 = new IdToken();
idToken2.setAudience(c.getClientId());
oidcSubject3.setIdToken(idToken2);
atr.setSubject(oidcSubject3);
ServerAccessToken at3 = getProvider().createAccessToken(atr);
ServerAccessToken at4 = getProvider().getAccessToken(at3.getTokenKey());
OidcUserSubject oidcSubject4 = (OidcUserSubject) at4.getSubject();
assertEquals(c.getClientId(), oidcSubject4.getIdToken().getAudience());
}
Also used :
IdToken(org.apache.cxf.rs.security.oidc.common.IdToken)
ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken)
Client(org.apache.cxf.rs.security.oauth2.common.Client)
AccessTokenRegistration(org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration)
Test(org.junit.Test)
Example 10 with IdToken
use of org.apache.cxf.rs.security.oidc.common.IdToken in project cxf by apache.
the class IdTokenProviderImpl method getIdToken.
@Override
public IdToken getIdToken(String clientId, UserSubject authenticatedUser, List<String> scopes) {
IdToken token = new IdToken();
Instant now = Instant.now();
token.setIssuedAt(now.getEpochSecond());
token.setExpiryTime(now.plusSeconds(60L).getEpochSecond());
token.setAudience(clientId);
token.setSubject(authenticatedUser.getLogin());
token.setIssuer("OIDC IdP");
return token;
}Aggregations
IdToken (org.apache.cxf.rs.security.oidc.common.IdToken)10
ClientTokenContext (org.apache.cxf.rs.security.oauth2.client.ClientTokenContext)2
OAuthServiceException (org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)2
Instant (java.time.Instant)1
MessageContextImpl (org.apache.cxf.jaxrs.ext.MessageContextImpl)1
JwtException (org.apache.cxf.rs.security.jose.jwt.JwtException)1
JwtToken (org.apache.cxf.rs.security.jose.jwt.JwtToken)1
AccessTokenRegistration (org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration)1
Client (org.apache.cxf.rs.security.oauth2.common.Client)1
ServerAccessToken (org.apache.cxf.rs.security.oauth2.common.ServerAccessToken)1
UserInfo (org.apache.cxf.rs.security.oidc.common.UserInfo)1
Test (org.junit.Test)1
