Example 1 with OidcPushedAuthorizationRequestFactory
use of org.apereo.cas.oidc.ticket.OidcPushedAuthorizationRequestFactory in project cas by apereo.
the class OidcConsentApprovalViewResolverTests method verifyPushedAuthz.
@Test
public void verifyPushedAuthz() throws Exception {
val registeredService = getOidcRegisteredService();
val profile = new CommonProfile();
profile.setId("casTest");
val holder = AccessTokenRequestContext.builder().clientId(registeredService.getClientId()).service(RegisteredServiceTestUtils.getService()).authentication(RegisteredServiceTestUtils.getAuthentication()).registeredService(registeredService).grantType(OAuth20GrantTypes.AUTHORIZATION_CODE).responseType(OAuth20ResponseTypes.CODE).userProfile(profile).scopes(CollectionUtils.wrapSet("email", "profile")).build();
val factory = (OidcPushedAuthorizationRequestFactory) defaultTicketFactory.get(OidcPushedAuthorizationRequest.class);
val ticket = factory.create(holder);
ticketRegistry.addTicket(ticket);
val request = new MockHttpServletRequest();
request.setRequestURI("https://cas.org/something/" + OidcConstants.AUTHORIZE_URL);
request.addParameter(OidcConstants.REQUEST_URI, ticket.getId());
val response = new MockHttpServletResponse();
val context = new JEEContext(request, response);
val service = getOidcRegisteredService(UUID.randomUUID().toString());
val mv = consentApprovalViewResolver.resolve(context, service);
assertTrue(mv.hasView());
assertEquals(3, ((Collection) mv.getModel().get("scopes")).size());
}
Also used :
lombok.val(lombok.val)
OidcPushedAuthorizationRequest(org.apereo.cas.oidc.ticket.OidcPushedAuthorizationRequest)
CommonProfile(org.pac4j.core.profile.CommonProfile)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
JEEContext(org.pac4j.core.context.JEEContext)
OidcPushedAuthorizationRequestFactory(org.apereo.cas.oidc.ticket.OidcPushedAuthorizationRequestFactory)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Test(org.junit.jupiter.api.Test)
Example 2 with OidcPushedAuthorizationRequestFactory
use of org.apereo.cas.oidc.ticket.OidcPushedAuthorizationRequestFactory in project cas by apereo.
the class OidcConsentApprovalViewResolver method prepareApprovalViewModel.
@Override
protected void prepareApprovalViewModel(final Map<String, Object> model, final WebContext webContext, final OAuthRegisteredService svc) throws Exception {
super.prepareApprovalViewModel(model, webContext, svc);
if (svc instanceof OidcRegisteredService) {
val oidcRegisteredService = (OidcRegisteredService) svc;
model.put("dynamic", oidcRegisteredService.isDynamicallyRegistered());
model.put("dynamicTime", oidcRegisteredService.getDynamicRegistrationDateTime());
val supportedScopes = new HashSet<>(casProperties.getAuthn().getOidc().getDiscovery().getScopes());
supportedScopes.retainAll(oidcRegisteredService.getScopes());
val requestedScopes = OAuth20Utils.getRequestedScopes(webContext);
val userInfoClaims = OAuth20Utils.parseUserInfoRequestClaims(webContext);
webContext.getRequestParameter(OidcConstants.REQUEST_URI).ifPresent(Unchecked.consumer(uri -> {
val authzRequest = centralAuthenticationService.getTicket(uri, OidcPushedAuthorizationRequest.class);
val uriFactory = (OidcPushedAuthorizationRequestFactory) centralAuthenticationService.getTicketFactory().get(OidcPushedAuthorizationRequest.class);
val holder = uriFactory.toAccessTokenRequest(authzRequest);
userInfoClaims.addAll(holder.getClaims().keySet());
requestedScopes.addAll(holder.getScopes());
}));
supportedScopes.retainAll(requestedScopes);
supportedScopes.add(OidcConstants.StandardScopes.OPENID.getScope());
model.put("scopes", supportedScopes);
model.put("userInfoClaims", userInfoClaims);
}
}
Also used :
lombok.val(lombok.val)
CasConfigurationProperties(org.apereo.cas.configuration.CasConfigurationProperties)
OAuth20ConsentApprovalViewResolver(org.apereo.cas.support.oauth.web.views.OAuth20ConsentApprovalViewResolver)
Unchecked(org.jooq.lambda.Unchecked)
OAuth20Utils(org.apereo.cas.support.oauth.util.OAuth20Utils)
OidcConstants(org.apereo.cas.oidc.OidcConstants)
lombok.val(lombok.val)
CentralAuthenticationService(org.apereo.cas.CentralAuthenticationService)
OAuthRegisteredService(org.apereo.cas.support.oauth.services.OAuthRegisteredService)
SessionStore(org.pac4j.core.context.session.SessionStore)
HashSet(java.util.HashSet)
OidcPushedAuthorizationRequest(org.apereo.cas.oidc.ticket.OidcPushedAuthorizationRequest)
WebContext(org.pac4j.core.context.WebContext)
OidcRequestSupport(org.apereo.cas.oidc.util.OidcRequestSupport)
Slf4j(lombok.extern.slf4j.Slf4j)
OidcRegisteredService(org.apereo.cas.services.OidcRegisteredService)
Map(java.util.Map)
OidcPushedAuthorizationRequestFactory(org.apereo.cas.oidc.ticket.OidcPushedAuthorizationRequestFactory)
OidcPushedAuthorizationRequest(org.apereo.cas.oidc.ticket.OidcPushedAuthorizationRequest)
OidcRegisteredService(org.apereo.cas.services.OidcRegisteredService)
HashSet(java.util.HashSet)
Example 3 with OidcPushedAuthorizationRequestFactory
use of org.apereo.cas.oidc.ticket.OidcPushedAuthorizationRequestFactory in project cas by apereo.
the class OidcPushedAuthorizationRequestUriResponseBuilder method build.
@Override
public ModelAndView build(final AccessTokenRequestContext holder) throws Exception {
val factory = (OidcPushedAuthorizationRequestFactory) configurationContext.getTicketFactory().get(OidcPushedAuthorizationRequest.class);
val uri = factory.create(holder);
LOGGER.debug("Generated pushed authorization URI code: [{}]", uri);
configurationContext.getTicketRegistry().addTicket(uri);
val parameters = new HashMap<String, String>();
parameters.put(OidcConstants.EXPIRES_IN, String.valueOf(uri.getExpirationPolicy().getTimeToLive()));
parameters.put(OidcConstants.REQUEST_URI, uri.getId());
LOGGER.debug("Pushed authorization request verification successful for client [{}] with redirect uri [{}]", holder.getClientId(), holder.getRedirectUri());
return authorizationModelAndViewBuilder.build(holder.getRegisteredService(), holder.getResponseMode(), holder.getRedirectUri(), parameters);
}
Also used :
lombok.val(lombok.val)
OidcPushedAuthorizationRequest(org.apereo.cas.oidc.ticket.OidcPushedAuthorizationRequest)
HashMap(java.util.HashMap)
OidcPushedAuthorizationRequestFactory(org.apereo.cas.oidc.ticket.OidcPushedAuthorizationRequestFactory)
Example 4 with OidcPushedAuthorizationRequestFactory
use of org.apereo.cas.oidc.ticket.OidcPushedAuthorizationRequestFactory in project cas by apereo.
the class OidcPushedAuthorizationRequestUriResponseBuilder method toAuthorizationRequest.
@Override
public Optional<OAuth20AuthorizationRequest.OAuth20AuthorizationRequestBuilder> toAuthorizationRequest(final WebContext context, final Authentication authentication, final Service service, final OAuthRegisteredService registeredService) {
val requestUri = context.getRequestParameter(OidcConstants.REQUEST_URI);
if (context.getRequestURL().endsWith(OidcConstants.AUTHORIZE_URL) && requestUri.isEmpty()) {
return Optional.empty();
}
val builder = super.toAuthorizationRequest(context, authentication, service, registeredService).get();
return requestUri.map(Unchecked.function(uri -> {
val cas = configurationContext.getCentralAuthenticationService();
val factory = (OidcPushedAuthorizationRequestFactory) cas.getTicketFactory().get(OidcPushedAuthorizationRequest.class);
val request = cas.getTicket(uri, OidcPushedAuthorizationRequest.class);
val tokenRequest = factory.toAccessTokenRequest(request);
request.update();
FunctionUtils.doIf(request.isExpired(), Unchecked.consumer(r -> cas.deleteTicket(request)), Unchecked.consumer(r -> cas.updateTicket(request))).accept(request);
val tgt = configurationContext.fetchTicketGrantingTicketFrom((JEEContext) context);
tokenRequest.setTicketGrantingTicket(tgt);
return Optional.of(builder.accessTokenRequest(tokenRequest).responseType(tokenRequest.getResponseType().getType()).clientId(tokenRequest.getClientId()).grantType(tokenRequest.getGrantType().getType()));
})).orElseGet(() -> Optional.of(builder.singleSignOnSessionRequired(!context.getRequestURL().endsWith(OidcConstants.PUSHED_AUTHORIZE_URL))));
}
Also used :
lombok.val(lombok.val)
OidcPushedAuthorizationRequest(org.apereo.cas.oidc.ticket.OidcPushedAuthorizationRequest)
OidcPushedAuthorizationRequestFactory(org.apereo.cas.oidc.ticket.OidcPushedAuthorizationRequestFactory)
Aggregations
lombok.val (lombok.val)4
OidcPushedAuthorizationRequest (org.apereo.cas.oidc.ticket.OidcPushedAuthorizationRequest)4
OidcPushedAuthorizationRequestFactory (org.apereo.cas.oidc.ticket.OidcPushedAuthorizationRequestFactory)4
HashMap (java.util.HashMap)1
HashSet (java.util.HashSet)1
Map (java.util.Map)1
Slf4j (lombok.extern.slf4j.Slf4j)1
CentralAuthenticationService (org.apereo.cas.CentralAuthenticationService)1
CasConfigurationProperties (org.apereo.cas.configuration.CasConfigurationProperties)1
OidcConstants (org.apereo.cas.oidc.OidcConstants)1
OidcRequestSupport (org.apereo.cas.oidc.util.OidcRequestSupport)1
OidcRegisteredService (org.apereo.cas.services.OidcRegisteredService)1
OAuthRegisteredService (org.apereo.cas.support.oauth.services.OAuthRegisteredService)1
OAuth20Utils (org.apereo.cas.support.oauth.util.OAuth20Utils)1
OAuth20ConsentApprovalViewResolver (org.apereo.cas.support.oauth.web.views.OAuth20ConsentApprovalViewResolver)1
Unchecked (org.jooq.lambda.Unchecked)1
Test (org.junit.jupiter.api.Test)1
JEEContext (org.pac4j.core.context.JEEContext)1
WebContext (org.pac4j.core.context.WebContext)1
SessionStore (org.pac4j.core.context.session.SessionStore)1
