Search in sources :

Example 6 with IdToken

use of org.apache.cxf.rs.security.oidc.common.IdToken in project cxf by apache.

the class OidcIdTokenProvider method createContext.

@Override
public IdTokenContext createContext(Message m) {
    OidcClientTokenContext ctx = (OidcClientTokenContext) m.getContent(ClientTokenContext.class);
    final IdToken idToken = ctx != null ? ctx.getIdToken() : m.getContent(IdToken.class);
    if (idToken != null) {
        return new IdTokenContext() {

            @Override
            public IdToken getIdToken() {
                return idToken;
            }
        };
    }
    return null;
}
Also used : IdToken(org.apache.cxf.rs.security.oidc.common.IdToken) ClientTokenContext(org.apache.cxf.rs.security.oauth2.client.ClientTokenContext)

Example 7 with IdToken

use of org.apache.cxf.rs.security.oidc.common.IdToken in project cxf by apache.

the class OidcRpAuthenticationFilter method checkSecurityContext.

protected boolean checkSecurityContext(ContainerRequestContext rc) {
    OidcClientTokenContext tokenContext = (OidcClientTokenContext) stateManager.getClientTokenContext(mc);
    if (tokenContext == null) {
        return false;
    }
    IdToken idToken = tokenContext.getIdToken();
    try {
        // If ID token has expired then the context is no longer valid
        JwtUtils.validateJwtExpiry(idToken, 0, idToken.getExpiryTime() != null);
    } catch (JwtException ex) {
        stateManager.removeClientTokenContext(new MessageContextImpl(JAXRSUtils.getCurrentMessage()));
        return false;
    }
    OidcClientTokenContextImpl newTokenContext = new OidcClientTokenContextImpl();
    newTokenContext.setToken(tokenContext.getToken());
    newTokenContext.setIdToken(idToken);
    newTokenContext.setUserInfo(tokenContext.getUserInfo());
    newTokenContext.setState(toRequestState(rc));
    JAXRSUtils.getCurrentMessage().setContent(ClientTokenContext.class, newTokenContext);
    OidcSecurityContext oidcSecCtx = new OidcSecurityContext(newTokenContext);
    oidcSecCtx.setRoleClaim(roleClaim);
    rc.setSecurityContext(oidcSecCtx);
    return true;
}
Also used : IdToken(org.apache.cxf.rs.security.oidc.common.IdToken) JwtException(org.apache.cxf.rs.security.jose.jwt.JwtException) MessageContextImpl(org.apache.cxf.jaxrs.ext.MessageContextImpl)

Example 8 with IdToken

use of org.apache.cxf.rs.security.oidc.common.IdToken in project cxf by apache.

the class OidcUserInfoProvider method createContext.

@Override
public UserInfoContext createContext(Message m) {
    final OidcClientTokenContext ctx = (OidcClientTokenContext) m.getContent(ClientTokenContext.class);
    final UserInfo userInfo = ctx != null ? ctx.getUserInfo() : m.getContent(UserInfo.class);
    if (userInfo != null) {
        final IdToken idToken = ctx != null ? ctx.getIdToken() : m.getContent(IdToken.class);
        return new UserInfoContext() {

            @Override
            public UserInfo getUserInfo() {
                return userInfo;
            }

            @Override
            public IdToken getIdToken() {
                return idToken;
            }
        };
    }
    return null;
}
Also used : IdToken(org.apache.cxf.rs.security.oidc.common.IdToken) UserInfo(org.apache.cxf.rs.security.oidc.common.UserInfo) ClientTokenContext(org.apache.cxf.rs.security.oauth2.client.ClientTokenContext)

Example 9 with IdToken

use of org.apache.cxf.rs.security.oidc.common.IdToken in project cxf by apache.

the class JPAOidcUserSubjectTest method testAccessTokenWithOidcUserSubject.

@Test
public void testAccessTokenWithOidcUserSubject() {
    Client c = addClient("101", "bob");
    AccessTokenRegistration atr = new AccessTokenRegistration();
    atr.setClient(c);
    atr.setApprovedScope(Collections.singletonList("a"));
    OidcUserSubject oidcSubject = new OidcUserSubject();
    oidcSubject.setLogin("bob");
    IdToken idToken = new IdToken();
    idToken.setAudience(c.getClientId());
    oidcSubject.setIdToken(idToken);
    atr.setSubject(oidcSubject);
    ServerAccessToken at = getProvider().createAccessToken(atr);
    ServerAccessToken at2 = getProvider().getAccessToken(at.getTokenKey());
    assertEquals(at.getTokenKey(), at2.getTokenKey());
    OidcUserSubject oidcSubject2 = (OidcUserSubject) at2.getSubject();
    assertEquals(c.getClientId(), oidcSubject2.getIdToken().getAudience());
    OidcUserSubject oidcSubject3 = new OidcUserSubject();
    oidcSubject3.setLogin("bob");
    IdToken idToken2 = new IdToken();
    idToken2.setAudience(c.getClientId());
    oidcSubject3.setIdToken(idToken2);
    atr.setSubject(oidcSubject3);
    ServerAccessToken at3 = getProvider().createAccessToken(atr);
    ServerAccessToken at4 = getProvider().getAccessToken(at3.getTokenKey());
    OidcUserSubject oidcSubject4 = (OidcUserSubject) at4.getSubject();
    assertEquals(c.getClientId(), oidcSubject4.getIdToken().getAudience());
}
Also used : IdToken(org.apache.cxf.rs.security.oidc.common.IdToken) ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken) Client(org.apache.cxf.rs.security.oauth2.common.Client) AccessTokenRegistration(org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration) Test(org.junit.Test)

Example 10 with IdToken

use of org.apache.cxf.rs.security.oidc.common.IdToken in project cxf by apache.

the class IdTokenProviderImpl method getIdToken.

@Override
public IdToken getIdToken(String clientId, UserSubject authenticatedUser, List<String> scopes) {
    IdToken token = new IdToken();
    Instant now = Instant.now();
    token.setIssuedAt(now.getEpochSecond());
    token.setExpiryTime(now.plusSeconds(60L).getEpochSecond());
    token.setAudience(clientId);
    token.setSubject(authenticatedUser.getLogin());
    token.setIssuer("OIDC IdP");
    return token;
}
Also used : IdToken(org.apache.cxf.rs.security.oidc.common.IdToken) Instant(java.time.Instant)

Aggregations

IdToken (org.apache.cxf.rs.security.oidc.common.IdToken)10 ClientTokenContext (org.apache.cxf.rs.security.oauth2.client.ClientTokenContext)2 OAuthServiceException (org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)2 Instant (java.time.Instant)1 MessageContextImpl (org.apache.cxf.jaxrs.ext.MessageContextImpl)1 JwtException (org.apache.cxf.rs.security.jose.jwt.JwtException)1 JwtToken (org.apache.cxf.rs.security.jose.jwt.JwtToken)1 AccessTokenRegistration (org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration)1 Client (org.apache.cxf.rs.security.oauth2.common.Client)1 ServerAccessToken (org.apache.cxf.rs.security.oauth2.common.ServerAccessToken)1 UserInfo (org.apache.cxf.rs.security.oidc.common.UserInfo)1 Test (org.junit.Test)1