Examples with AuthorizationCode org.forgerock.oauth2.core.AuthorizationCode used on opensource projects

Search in sources :

Example 1 with AuthorizationCode

use of org.forgerock.oauth2.core.AuthorizationCode in project OpenAM by OpenRock.

the class OpenAMTokenStore method createAuthorizationCode.

/**
     * {@inheritDoc}
     */
public AuthorizationCode createAuthorizationCode(Set<String> scope, ResourceOwner resourceOwner, String clientId, String redirectUri, String nonce, OAuth2Request request, String codeChallenge, String codeChallengeMethod) throws ServerException, NotFoundException {
    logger.message("DefaultOAuthTokenStoreImpl::Creating Authorization code");
    OpenIdConnectClientRegistration clientRegistration = getClientRegistration(clientId, request);
    final OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(request);
    final String code = UUID.randomUUID().toString();
    long expiryTime = 0;
    if (clientRegistration == null) {
        expiryTime = providerSettings.getAuthorizationCodeLifetime() + System.currentTimeMillis();
    } else {
        expiryTime = clientRegistration.getAuthorizationCodeLifeTime(providerSettings) + System.currentTimeMillis();
    }
    final String ssoTokenId = getSsoTokenId(request);
    final OpenAMAuthorizationCode authorizationCode = new OpenAMAuthorizationCode(code, resourceOwner.getId(), clientId, redirectUri, scope, getClaimsFromRequest(request), expiryTime, nonce, realmNormaliser.normalise(request.<String>getParameter(REALM)), getAuthModulesFromSSOToken(request), getAuthenticationContextClassReferenceFromRequest(request), ssoTokenId, codeChallenge, codeChallengeMethod);
    // Store in CTS
    try {
        tokenStore.create(authorizationCode);
        if (auditLogger.isAuditLogEnabled()) {
            String[] obs = { "CREATED_AUTHORIZATION_CODE", authorizationCode.toString() };
            auditLogger.logAccessMessage("CREATED_AUTHORIZATION_CODE", obs, null);
        }
    } catch (CoreTokenException e) {
        if (auditLogger.isAuditLogEnabled()) {
            String[] obs = { "FAILED_CREATE_AUTHORIZATION_CODE", authorizationCode.toString() };
            auditLogger.logErrorMessage("FAILED_CREATE_AUTHORIZATION_CODE", obs, null);
        }
        logger.error("Unable to create authorization code " + authorizationCode.getTokenInfo(), e);
        throw new ServerException("Could not create token in CTS");
    }
    request.setToken(AuthorizationCode.class, authorizationCode);
    return authorizationCode;
}
Also used : OpenIdConnectClientRegistration(org.forgerock.openidconnect.OpenIdConnectClientRegistration) ServerException(org.forgerock.oauth2.core.exceptions.ServerException) CoreTokenException(org.forgerock.openam.cts.exceptions.CoreTokenException) OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings)

Example 2 with AuthorizationCode

use of org.forgerock.oauth2.core.AuthorizationCode in project OpenAM by OpenRock.

the class OpenAMTokenStore method generateCHash.

/**
     * For c_hash, used when code and id_token exist in scope.
     */
private String generateCHash(String algorithm, OAuth2Request request, OAuth2ProviderSettings providerSettings) throws ServerException {
    final AuthorizationCode authorizationCode = request.getToken(AuthorizationCode.class);
    if (authorizationCode == null) {
        logger.message("c_hash generation requires an existing code.");
        return null;
    }
    final String codeValue = authorizationCode.getTokenId();
    return generateHash(algorithm, codeValue, providerSettings);
}
Also used : AuthorizationCode(org.forgerock.oauth2.core.AuthorizationCode)

Example 3 with AuthorizationCode

use of org.forgerock.oauth2.core.AuthorizationCode in project OpenAM by OpenRock.

the class OpenAMTokenStore method readAuthorizationCode.

/**
     * {@inheritDoc}
     */
public AuthorizationCode readAuthorizationCode(OAuth2Request request, String code) throws InvalidGrantException, ServerException, NotFoundException {
    AuthorizationCode loaded = request.getToken(AuthorizationCode.class);
    if (loaded != null) {
        return loaded;
    }
    logger.message("Reading Authorization code: {}", code);
    final JsonValue token;
    // Read from CTS
    try {
        token = tokenStore.read(code);
    } catch (CoreTokenException e) {
        logger.error("Unable to read authorization code corresponding to id: " + code, e);
        throw new ServerException("Could not read token from CTS: " + e.getMessage());
    }
    if (token == null) {
        logger.error("Unable to read authorization code corresponding to id: " + code);
        throw new InvalidGrantException("The provided access grant is invalid, expired, or revoked.");
    }
    OpenAMAuthorizationCode authorizationCode = new OpenAMAuthorizationCode(token);
    validateTokenRealm(authorizationCode.getRealm(), request);
    request.setToken(AuthorizationCode.class, authorizationCode);
    return authorizationCode;
}
Also used : AuthorizationCode(org.forgerock.oauth2.core.AuthorizationCode) ServerException(org.forgerock.oauth2.core.exceptions.ServerException) JsonValue(org.forgerock.json.JsonValue) CoreTokenException(org.forgerock.openam.cts.exceptions.CoreTokenException) InvalidGrantException(org.forgerock.oauth2.core.exceptions.InvalidGrantException)

Example 4 with AuthorizationCode

use of org.forgerock.oauth2.core.AuthorizationCode in project OpenAM by OpenRock.

the class CodeResponseType method createToken.

public CoreToken createToken(Token accessToken, Map<String, Object> data) throws NotFoundException {
    final Set<String> scope = (Set<String>) data.get(OAuth2Constants.CoreTokenParams.SCOPE);
    final OAuth2Request request = requestFactory.create(Request.getCurrent());
    final ResourceOwner resourceOwner = ownerAuthenticator.authenticate(request, true);
    final String clientId = (String) data.get(OAuth2Constants.CoreTokenParams.CLIENT_ID);
    final String redirectUri = (String) data.get(OAuth2Constants.CoreTokenParams.REDIRECT_URI);
    final String nonce = (String) data.get(OAuth2Constants.Custom.NONCE);
    final String codeChallenge = (String) data.get(OAuth2Constants.Custom.CODE_CHALLENGE);
    final String codeChallengeMethod = (String) data.get(OAuth2Constants.Custom.CODE_CHALLENGE_METHOD);
    try {
        final Map.Entry<String, Token> tokenEntry = handler.handle(null, scope, resourceOwner, clientId, redirectUri, nonce, request, codeChallenge, codeChallengeMethod);
        return new LegacyAuthorizationTokenAdapter((AuthorizationCode) tokenEntry.getValue());
    } catch (ServerException e) {
        throw OAuthProblemException.OAuthError.SERVER_ERROR.handle(Request.getCurrent(), e.getMessage());
    }
}
Also used : OAuth2Request(org.forgerock.oauth2.core.OAuth2Request) Set(java.util.Set) ServerException(org.forgerock.oauth2.core.exceptions.ServerException) LegacyAuthorizationTokenAdapter(org.forgerock.openam.oauth2.legacy.LegacyAuthorizationTokenAdapter) ResourceOwner(org.forgerock.oauth2.core.ResourceOwner) Token(org.forgerock.oauth2.core.Token) CoreToken(org.forgerock.openam.oauth2.legacy.CoreToken) Map(java.util.Map)

Example 5 with AuthorizationCode

use of org.forgerock.oauth2.core.AuthorizationCode in project OpenAM by OpenRock.

the class OpenAMTokenStore method createRefreshToken.

@Override
public RefreshToken createRefreshToken(String grantType, String clientId, String resourceOwnerId, String redirectUri, Set<String> scope, OAuth2Request request, String validatedClaims) throws ServerException, NotFoundException {
    final String realm = realmNormaliser.normalise(request.<String>getParameter(REALM));
    logger.message("Create refresh token");
    OpenIdConnectClientRegistration clientRegistration = getClientRegistration(clientId, request);
    final OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(request);
    final String id = UUID.randomUUID().toString();
    final String auditId = UUID.randomUUID().toString();
    final long lifeTime;
    if (clientRegistration == null) {
        lifeTime = providerSettings.getRefreshTokenLifetime();
    } else {
        lifeTime = clientRegistration.getRefreshTokenLifeTime(providerSettings);
    }
    long expiryTime = lifeTime < 0 ? -1 : lifeTime + System.currentTimeMillis();
    AuthorizationCode token = request.getToken(AuthorizationCode.class);
    String authModules = null;
    String acr = null;
    if (token != null) {
        authModules = token.getAuthModules();
        acr = token.getAuthenticationContextClassReference();
    }
    RefreshToken currentRefreshToken = request.getToken(RefreshToken.class);
    if (currentRefreshToken != null) {
        authModules = currentRefreshToken.getAuthModules();
        acr = currentRefreshToken.getAuthenticationContextClassReference();
    }
    OpenAMRefreshToken refreshToken = new OpenAMRefreshToken(id, resourceOwnerId, clientId, redirectUri, scope, expiryTime, OAuth2Constants.Bearer.BEARER, OAuth2Constants.Token.OAUTH_REFRESH_TOKEN, grantType, realm, authModules, acr, auditId);
    if (!StringUtils.isBlank(validatedClaims)) {
        refreshToken.setClaims(validatedClaims);
    }
    try {
        tokenStore.create(refreshToken);
        if (auditLogger.isAuditLogEnabled()) {
            String[] obs = { "CREATED_REFRESH_TOKEN", refreshToken.toString() };
            auditLogger.logAccessMessage("CREATED_REFRESH_TOKEN", obs, null);
        }
    } catch (CoreTokenException e) {
        if (auditLogger.isAuditLogEnabled()) {
            String[] obs = { "FAILED_CREATE_REFRESH_TOKEN", refreshToken.toString() };
            auditLogger.logErrorMessage("FAILED_CREATE_REFRESH_TOKEN", obs, null);
        }
        logger.error("Unable to create refresh token: " + refreshToken.getTokenInfo(), e);
        throw new ServerException("Could not create token in CTS: " + e.getMessage());
    }
    request.setToken(RefreshToken.class, refreshToken);
    return refreshToken;
}
Also used : AuthorizationCode(org.forgerock.oauth2.core.AuthorizationCode) OpenIdConnectClientRegistration(org.forgerock.openidconnect.OpenIdConnectClientRegistration) RefreshToken(org.forgerock.oauth2.core.RefreshToken) ServerException(org.forgerock.oauth2.core.exceptions.ServerException) CoreTokenException(org.forgerock.openam.cts.exceptions.CoreTokenException) OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings)

Aggregations

ServerException (org.forgerock.oauth2.core.exceptions.ServerException)5 CoreTokenException (org.forgerock.openam.cts.exceptions.CoreTokenException)4 AuthorizationCode (org.forgerock.oauth2.core.AuthorizationCode)3 OAuth2ProviderSettings (org.forgerock.oauth2.core.OAuth2ProviderSettings)3 OpenIdConnectClientRegistration (org.forgerock.openidconnect.OpenIdConnectClientRegistration)3 InvalidGrantException (org.forgerock.oauth2.core.exceptions.InvalidGrantException)2 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 Map (java.util.Map)1 Set (java.util.Set)1 JsonValue (org.forgerock.json.JsonValue)1 AccessToken (org.forgerock.oauth2.core.AccessToken)1 OAuth2Request (org.forgerock.oauth2.core.OAuth2Request)1 RefreshToken (org.forgerock.oauth2.core.RefreshToken)1 ResourceOwner (org.forgerock.oauth2.core.ResourceOwner)1 Token (org.forgerock.oauth2.core.Token)1 InvalidRequestException (org.forgerock.oauth2.core.exceptions.InvalidRequestException)1 CoreToken (org.forgerock.openam.oauth2.legacy.CoreToken)1 LegacyAuthorizationTokenAdapter (org.forgerock.openam.oauth2.legacy.LegacyAuthorizationTokenAdapter)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial