Example 1 with UmaPermissionTicket
use of org.apereo.cas.uma.ticket.permission.UmaPermissionTicket in project cas by apereo.
the class UmaIdTokenGeneratorService method buildJwtClaims.
/**
* Build jwt claims jwt claims.
*
* @param accessToken the access token
* @param timeoutInSeconds the timeout in seconds
* @param service the service
* @param profile the profile
* @param responseType the response type
* @return the jwt claims
*/
protected JwtClaims buildJwtClaims(final OAuth20AccessToken accessToken, final long timeoutInSeconds, final UserProfile profile, final OAuthRegisteredService service, final OAuth20ResponseTypes responseType) {
val permissionTicket = (UmaPermissionTicket) profile.getAttribute(UmaPermissionTicket.class.getName());
val claims = new JwtClaims();
claims.setJwtId(UUID.randomUUID().toString());
claims.setIssuer(getConfigurationContext().getCasProperties().getAuthn().getOauth().getUma().getCore().getIssuer());
claims.setAudience(String.valueOf(permissionTicket.getResourceSet().getId()));
val expirationDate = NumericDate.now();
expirationDate.addSeconds(timeoutInSeconds);
claims.setExpirationTime(expirationDate);
claims.setIssuedAtToNow();
claims.setSubject(profile.getId());
permissionTicket.getClaims().forEach((k, v) -> claims.setStringListClaim(k, v.toString()));
claims.setStringListClaim(OAuth20Constants.SCOPE, new ArrayList<>(permissionTicket.getScopes()));
claims.setStringListClaim(OAuth20Constants.CLIENT_ID, service.getClientId());
return claims;
}
Also used :
lombok.val(lombok.val)
UmaPermissionTicket(org.apereo.cas.uma.ticket.permission.UmaPermissionTicket)
JwtClaims(org.jose4j.jwt.JwtClaims)
Example 2 with UmaPermissionTicket
use of org.apereo.cas.uma.ticket.permission.UmaPermissionTicket in project cas by apereo.
the class UmaAuthorizationRequestEndpointController method generateRequestingPartyToken.
/**
* Generate requesting party token response entity.
*
* @param request the request
* @param response the response
* @param profileResult the profile result
* @param umaRequest the uma request
* @param permissionTicket the permission ticket
* @param resourceSet the resource set
* @return the response entity
* @throws Exception the exception
*/
protected ResponseEntity generateRequestingPartyToken(final HttpServletRequest request, final HttpServletResponse response, final UserProfile profileResult, final UmaAuthorizationRequest umaRequest, final UmaPermissionTicket permissionTicket, final ResourceSet resourceSet) throws Exception {
val currentAat = (OAuth20AccessToken) profileResult.getAttribute(OAuth20AccessToken.class.getName());
val registeredService = OAuth20Utils.getRegisteredOAuthServiceByClientId(getUmaConfigurationContext().getServicesManager(), OAuth20Utils.getClientIdFromAuthenticatedProfile(profileResult));
val scopes = new LinkedHashSet<>(permissionTicket.getScopes());
scopes.add(OAuth20Constants.UMA_AUTHORIZATION_SCOPE);
scopes.addAll(resourceSet.getScopes());
val holder = AccessTokenRequestContext.builder().authentication(currentAat.getAuthentication()).ticketGrantingTicket(currentAat.getTicketGrantingTicket()).grantType(OAuth20GrantTypes.UMA_TICKET).responseType(OAuth20ResponseTypes.NONE).registeredService(registeredService).generateRefreshToken(false).scopes(scopes).service(currentAat.getService()).build();
val result = getUmaConfigurationContext().getAccessTokenGenerator().generate(holder);
val accessToken = result.getAccessToken().get();
val encodedAccessToken = OAuth20JwtAccessTokenEncoder.builder().accessToken(accessToken).registeredService(holder.getRegisteredService()).service(holder.getService()).accessTokenJwtBuilder(getUmaConfigurationContext().getAccessTokenJwtBuilder()).casProperties(getUmaConfigurationContext().getCasProperties()).build().encode();
val timeout = Beans.newDuration(getUmaConfigurationContext().getCasProperties().getAuthn().getOauth().getUma().getRequestingPartyToken().getMaxTimeToLiveInSeconds()).getSeconds();
val userProfile = OAuth20Utils.getAuthenticatedUserProfile(new JEEContext(request, response), getUmaConfigurationContext().getSessionStore());
userProfile.addAttribute(UmaPermissionTicket.class.getName(), permissionTicket);
userProfile.addAttribute(ResourceSet.class.getName(), resourceSet);
val idToken = getUmaConfigurationContext().getRequestingPartyTokenGenerator().generate(accessToken, timeout, userProfile, OAuth20ResponseTypes.CODE, OAuth20GrantTypes.UMA_TICKET, registeredService);
accessToken.setIdToken(idToken);
getUmaConfigurationContext().getCentralAuthenticationService().updateTicket(accessToken);
if (StringUtils.isNotBlank(umaRequest.getRpt())) {
getUmaConfigurationContext().getCentralAuthenticationService().deleteTicket(umaRequest.getRpt());
}
val model = CollectionUtils.wrap("rpt", encodedAccessToken, "code", HttpStatus.CREATED);
return new ResponseEntity<>(model, HttpStatus.OK);
}
Also used :
lombok.val(lombok.val)
OAuth20AccessToken(org.apereo.cas.ticket.accesstoken.OAuth20AccessToken)
LinkedHashSet(java.util.LinkedHashSet)
UmaPermissionTicket(org.apereo.cas.uma.ticket.permission.UmaPermissionTicket)
ResponseEntity(org.springframework.http.ResponseEntity)
JEEContext(org.pac4j.core.context.JEEContext)
ResourceSet(org.apereo.cas.uma.ticket.resource.ResourceSet)
Aggregations
lombok.val (lombok.val)2
UmaPermissionTicket (org.apereo.cas.uma.ticket.permission.UmaPermissionTicket)2
LinkedHashSet (java.util.LinkedHashSet)1
OAuth20AccessToken (org.apereo.cas.ticket.accesstoken.OAuth20AccessToken)1
ResourceSet (org.apereo.cas.uma.ticket.resource.ResourceSet)1
JwtClaims (org.jose4j.jwt.JwtClaims)1
JEEContext (org.pac4j.core.context.JEEContext)1
ResponseEntity (org.springframework.http.ResponseEntity)1
