Search in sources :

Example 16 with AccessToken

use of org.forgerock.oauth2.core.AccessToken in project OpenAM by OpenRock.

the class OpenAMTokenStore method generateAtHash.

/**
     * For at_hash values, used when token and id_token exist in scope.
     */
private String generateAtHash(String algorithm, OAuth2Request request, OAuth2ProviderSettings providerSettings) throws ServerException {
    final AccessToken accessToken = request.getToken(AccessToken.class);
    if (accessToken == null) {
        logger.message("at_hash generation requires an existing access_token.");
        return null;
    }
    final String accessTokenValue = ((String) accessToken.getTokenInfo().get(OAuth2Constants.Params.ACCESS_TOKEN));
    return generateHash(algorithm, accessTokenValue, providerSettings);
}
Also used : AccessToken(org.forgerock.oauth2.core.AccessToken)

Example 17 with AccessToken

use of org.forgerock.oauth2.core.AccessToken in project OpenAM by OpenRock.

the class OpenAMTokenStore method readAccessToken.

/**
     * {@inheritDoc}
     */
public AccessToken readAccessToken(OAuth2Request request, String tokenId) throws ServerException, InvalidGrantException, NotFoundException {
    AccessToken loaded = request.getToken(AccessToken.class);
    if (loaded != null) {
        return loaded;
    }
    logger.message("Reading access token");
    JsonValue token;
    // Read from CTS
    try {
        token = tokenStore.read(tokenId);
    } catch (CoreTokenException e) {
        logger.error("Unable to read access token corresponding to id: " + tokenId, e);
        throw new ServerException("Could not read token in CTS: " + e.getMessage());
    }
    if (token == null) {
        logger.error("Unable to read access token corresponding to id: " + tokenId);
        throw new InvalidGrantException("Could not read token in CTS");
    }
    OpenAMAccessToken accessToken = new OpenAMAccessToken(token);
    validateTokenRealm(accessToken.getRealm(), request);
    request.setToken(AccessToken.class, accessToken);
    return accessToken;
}
Also used : ServerException(org.forgerock.oauth2.core.exceptions.ServerException) AccessToken(org.forgerock.oauth2.core.AccessToken) JsonValue(org.forgerock.json.JsonValue) CoreTokenException(org.forgerock.openam.cts.exceptions.CoreTokenException) InvalidGrantException(org.forgerock.oauth2.core.exceptions.InvalidGrantException)

Example 18 with AccessToken

use of org.forgerock.oauth2.core.AccessToken in project OpenAM by OpenRock.

the class PermissionRequestEndpointTest method setup.

@BeforeMethod
@SuppressWarnings("unchecked")
public void setup() throws ServerException, InvalidGrantException, NotFoundException {
    resourceSetStore = mock(ResourceSetStore.class);
    OAuth2RequestFactory<?, Request> requestFactory = mock(OAuth2RequestFactory.class);
    umaTokenStore = mock(UmaTokenStore.class);
    OAuth2ProviderSettingsFactory providerSettingFactory = mock(OAuth2ProviderSettingsFactory.class);
    OAuth2ProviderSettings providerSettings = mock(OAuth2ProviderSettings.class);
    given(providerSettingFactory.get(Matchers.<OAuth2Request>anyObject())).willReturn(providerSettings);
    given(providerSettings.getResourceSetStore()).willReturn(resourceSetStore);
    UmaProviderSettingsFactory umaProviderSettingsFactory = mock(UmaProviderSettingsFactory.class);
    UmaProviderSettings umaProviderSettings = mock(UmaProviderSettings.class);
    given(umaProviderSettingsFactory.get(any(Request.class))).willReturn(umaProviderSettings);
    given(umaProviderSettings.getUmaTokenStore()).willReturn(umaTokenStore);
    ExtensionFilterManager extensionFilterManager = mock(ExtensionFilterManager.class);
    permissionRequestFilter = mock(PermissionRequestFilter.class);
    given(extensionFilterManager.getFilters(PermissionRequestFilter.class)).willReturn(Collections.singleton(permissionRequestFilter));
    UmaExceptionHandler exceptionHandler = mock(UmaExceptionHandler.class);
    endpoint = spy(new PermissionRequestEndpoint(providerSettingFactory, requestFactory, umaProviderSettingsFactory, extensionFilterManager, exceptionHandler, jacksonRepresentationFactory));
    response = mock(Response.class);
    endpoint.setResponse(response);
    Request request = mock(Request.class);
    given(endpoint.getRequest()).willReturn(request);
    AccessToken accessToken = mock(AccessToken.class);
    given(accessToken.getClientId()).willReturn("CLIENT_ID");
    given(accessToken.getResourceOwnerId()).willReturn("RESOURCE_OWNER_ID");
    OAuth2Request oAuth2Request = mock(OAuth2Request.class);
    given(requestFactory.create(request)).willReturn(oAuth2Request);
    given(oAuth2Request.getToken(AccessToken.class)).willReturn(accessToken);
}
Also used : PermissionRequestFilter(org.forgerock.openam.uma.extensions.PermissionRequestFilter) Request(org.restlet.Request) OAuth2Request(org.forgerock.oauth2.core.OAuth2Request) Response(org.restlet.Response) OAuth2Request(org.forgerock.oauth2.core.OAuth2Request) OAuth2ProviderSettingsFactory(org.forgerock.oauth2.core.OAuth2ProviderSettingsFactory) ResourceSetStore(org.forgerock.oauth2.resources.ResourceSetStore) AccessToken(org.forgerock.oauth2.core.AccessToken) OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings) ExtensionFilterManager(org.forgerock.openam.oauth2.extensions.ExtensionFilterManager) BeforeMethod(org.testng.annotations.BeforeMethod)

Example 19 with AccessToken

use of org.forgerock.oauth2.core.AccessToken in project OpenAM by OpenRock.

the class TokenInfoServiceImpl method getTokenInfo.

/**
     * {@inheritDoc}
     */
public JsonValue getTokenInfo(OAuth2Request request) throws InvalidTokenException, InvalidRequestException, ExpiredTokenException, ServerException, BadRequestException, InvalidGrantException, NotFoundException {
    final AccessTokenVerifier.TokenState headerToken = headerTokenVerifier.verify(request);
    final AccessTokenVerifier.TokenState queryToken = queryTokenVerifier.verify(request);
    final Map<String, Object> response = new HashMap<String, Object>();
    if (!headerToken.isValid() && !queryToken.isValid()) {
        logger.error("Access Token not valid");
        throw new InvalidRequestException("Access Token not valid");
    } else if (headerToken.isValid() && queryToken.isValid()) {
        logger.error("Access Token provided in both query and header in request");
        throw new InvalidRequestException("Access Token cannot be provided in both query and header");
    } else {
        final AccessToken accessToken = request.getToken(AccessToken.class);
        logger.trace("In Validator resource - got token = " + accessToken);
        final OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(request);
        final Map<String, Object> scopeEvaluation = providerSettings.evaluateScope(accessToken);
        response.putAll(accessToken.getTokenInfo());
        response.putAll(scopeEvaluation);
        return new JsonValue(response);
    }
}
Also used : HashMap(java.util.HashMap) JsonValue(org.forgerock.json.JsonValue) InvalidRequestException(org.forgerock.oauth2.core.exceptions.InvalidRequestException) HashMap(java.util.HashMap) Map(java.util.Map) AccessTokenVerifier(org.forgerock.oauth2.core.AccessTokenVerifier)

Example 20 with AccessToken

use of org.forgerock.oauth2.core.AccessToken in project OpenAM by OpenRock.

the class OAuth2AuditAccessTokenContextProvider method getTrackingIdFromAccessTokenFromRequest.

private String getTrackingIdFromAccessTokenFromRequest(Request request) {
    String trackingId = null;
    AccessToken accessToken = retrieveAccessTokenFromRequest(request);
    if (accessToken != null) {
        trackingId = getTrackingIdFromToken(accessToken);
    }
    return trackingId;
}
Also used : AccessToken(org.forgerock.oauth2.core.AccessToken)

Aggregations

AccessToken (org.forgerock.oauth2.core.AccessToken)37 OAuth2Request (org.forgerock.oauth2.core.OAuth2Request)22 Test (org.testng.annotations.Test)17 ServerException (org.forgerock.oauth2.core.exceptions.ServerException)14 JsonValue (org.forgerock.json.JsonValue)13 Request (org.restlet.Request)12 ChallengeResponse (org.restlet.data.ChallengeResponse)10 OAuth2ProviderSettings (org.forgerock.oauth2.core.OAuth2ProviderSettings)9 NotFoundException (org.forgerock.oauth2.core.exceptions.NotFoundException)7 AccessTokenVerifier (org.forgerock.oauth2.core.AccessTokenVerifier)6 Response (org.restlet.Response)6 Map (java.util.Map)5 InvalidClientException (org.forgerock.oauth2.core.exceptions.InvalidClientException)5 InvalidGrantException (org.forgerock.oauth2.core.exceptions.InvalidGrantException)5 UnauthorizedClientException (org.forgerock.oauth2.core.exceptions.UnauthorizedClientException)5 BeforeMethod (org.testng.annotations.BeforeMethod)5 HashMap (java.util.HashMap)4 ResourceOwner (org.forgerock.oauth2.core.ResourceOwner)4 InvalidTokenException (org.forgerock.oauth2.core.exceptions.InvalidTokenException)4 JSONObject (org.json.JSONObject)4