Examples with OAuthClientProfile org.apereo.cas.support.oauth.profile.OAuthClientProfile used on opensource projects

Example 1 with OAuthClientProfile

use of org.apereo.cas.support.oauth.profile.OAuthClientProfile in project cas by apereo.

the class OAuthClientAuthenticator method validate.

@Override
public void validate(final UsernamePasswordCredentials credentials, final WebContext context) throws CredentialsException {
    final String id = credentials.getUsername();
    final String secret = credentials.getPassword();
    final OAuthRegisteredService registeredService = OAuthUtils.getRegisteredOAuthService(this.servicesManager, id);
    if (!this.validator.checkServiceValid(registeredService)) {
        throw new CredentialsException("Service invalid for client identifier: " + id);
    }
    if (!this.validator.checkClientSecret(registeredService, secret)) {
        throw new CredentialsException("Bad secret for client identifier: " + id);
    }
    final OAuthClientProfile profile = new OAuthClientProfile();
    profile.setId(id);
    credentials.setUserProfile(profile);
}

Example 2 with OAuthClientProfile

use of org.apereo.cas.support.oauth.profile.OAuthClientProfile in project cas by apereo.

the class OAuth20AccessTokenEndpointController method verifyAccessTokenRequest.

/**
     * Verify the access token request.
     *
     * @param request  the HTTP request
     * @param response the HTTP response
     * @return true, if successful
     */
private boolean verifyAccessTokenRequest(final HttpServletRequest request, final HttpServletResponse response) {
    // must have the right grant type
    final String grantType = request.getParameter(OAuthConstants.GRANT_TYPE);
    if (!checkGrantTypes(grantType, OAuth20GrantTypes.AUTHORIZATION_CODE, OAuth20GrantTypes.PASSWORD, OAuth20GrantTypes.REFRESH_TOKEN)) {
        return false;
    }
    // must be authenticated (client or user)
    final J2EContext context = WebUtils.getPac4jJ2EContext(request, response);
    final ProfileManager manager = WebUtils.getPac4jProfileManager(request, response);
    final Optional<UserProfile> profile = manager.get(true);
    if (profile == null || !profile.isPresent()) {
        return false;
    }
    final UserProfile uProfile = profile.get();
    // authorization code grant type
    if (isGrantType(grantType, OAuth20GrantTypes.AUTHORIZATION_CODE)) {
        final String clientId = uProfile.getId();
        final String redirectUri = request.getParameter(OAuthConstants.REDIRECT_URI);
        final OAuthRegisteredService registeredService = OAuthUtils.getRegisteredOAuthService(getServicesManager(), clientId);
        return uProfile instanceof OAuthClientProfile && getValidator().checkParameterExist(request, OAuthConstants.REDIRECT_URI) && getValidator().checkParameterExist(request, OAuthConstants.CODE) && getValidator().checkCallbackValid(registeredService, redirectUri);
    } else if (isGrantType(grantType, OAuth20GrantTypes.REFRESH_TOKEN)) {
        // refresh token grant type
        return uProfile instanceof OAuthClientProfile && getValidator().checkParameterExist(request, OAuthConstants.REFRESH_TOKEN);
    } else {
        final String clientId = request.getParameter(OAuthConstants.CLIENT_ID);
        final OAuthRegisteredService registeredService = OAuthUtils.getRegisteredOAuthService(getServicesManager(), clientId);
        // resource owner password grant type
        return uProfile instanceof OAuthUserProfile && getValidator().checkParameterExist(request, OAuthConstants.CLIENT_ID) && getValidator().checkServiceValid(registeredService);
    }
}