Example 6 with AuthorizationCode
use of org.forgerock.oauth2.core.AuthorizationCode in project OpenAM by OpenRock.
the class OpenAMTokenStore method createAccessToken.
/**
* {@inheritDoc}
*/
public AccessToken createAccessToken(String grantType, String accessTokenType, String authorizationCode, String resourceOwnerId, String clientId, String redirectUri, Set<String> scope, RefreshToken refreshToken, String nonce, String claims, OAuth2Request request) throws ServerException, NotFoundException {
OpenIdConnectClientRegistration clientRegistration = getClientRegistration(clientId, request);
final OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(request);
final String id = UUID.randomUUID().toString();
final String auditId = UUID.randomUUID().toString();
String realm = realmNormaliser.normalise(request.<String>getParameter(REALM));
long expiryTime = 0;
if (clientRegistration == null) {
expiryTime = providerSettings.getAccessTokenLifetime() + System.currentTimeMillis();
} else {
expiryTime = clientRegistration.getAccessTokenLifeTime(providerSettings) + System.currentTimeMillis();
}
final AccessToken accessToken;
if (refreshToken == null) {
accessToken = new OpenAMAccessToken(id, authorizationCode, resourceOwnerId, clientId, redirectUri, scope, expiryTime, null, OAuth2Constants.Token.OAUTH_ACCESS_TOKEN, grantType, nonce, realm, claims, auditId);
} else {
accessToken = new OpenAMAccessToken(id, authorizationCode, resourceOwnerId, clientId, redirectUri, scope, expiryTime, refreshToken.getTokenId(), OAuth2Constants.Token.OAUTH_ACCESS_TOKEN, grantType, nonce, realm, claims, auditId);
}
try {
tokenStore.create(accessToken);
if (auditLogger.isAuditLogEnabled()) {
String[] obs = { "CREATED_TOKEN", accessToken.toString() };
auditLogger.logAccessMessage("CREATED_TOKEN", obs, null);
}
} catch (CoreTokenException e) {
logger.error("Could not create token in CTS: " + e.getMessage());
if (auditLogger.isAuditLogEnabled()) {
String[] obs = { "FAILED_CREATE_TOKEN", accessToken.toString() };
auditLogger.logErrorMessage("FAILED_CREATE_TOKEN", obs, null);
}
throw new ServerException("Could not create token in CTS: " + e.getMessage());
}
request.setToken(AccessToken.class, accessToken);
return accessToken;
}
Also used :
OpenIdConnectClientRegistration(org.forgerock.openidconnect.OpenIdConnectClientRegistration)
ServerException(org.forgerock.oauth2.core.exceptions.ServerException)
AccessToken(org.forgerock.oauth2.core.AccessToken)
CoreTokenException(org.forgerock.openam.cts.exceptions.CoreTokenException)
OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings)
Example 7 with AuthorizationCode
use of org.forgerock.oauth2.core.AuthorizationCode in project OpenAM by OpenRock.
the class AuthorizationCodeGrantTypeHandler method checkCodeVerifier.
private void checkCodeVerifier(AuthorizationCode authorizationCode, String codeVerifier) throws InvalidGrantException, InvalidRequestException {
final String codeChallenge = authorizationCode.getCodeChallenge();
final String codeChallengeMethod = authorizationCode.getCodeChallengeMethod();
if (OAuth2Constants.Custom.CODE_CHALLENGE_METHOD_PLAIN.equals(codeChallengeMethod)) {
checkCodeChallenge(codeChallenge, codeVerifier);
} else if (OAuth2Constants.Custom.CODE_CHALLENGE_METHOD_S_256.equals(codeChallengeMethod)) {
String encodedCodeVerifier = null;
try {
encodedCodeVerifier = Base64url.encode(MessageDigest.getInstance("SHA-256").digest(codeVerifier.getBytes(StandardCharsets.US_ASCII)));
checkCodeChallenge(codeChallenge, encodedCodeVerifier);
} catch (NoSuchAlgorithmException e) {
logger.error("Error encoding code verifier.");
throw new InvalidGrantException();
}
} else {
throw new InvalidRequestException("Invalid code challenge method specified.");
}
}
Also used :
InvalidRequestException(org.forgerock.oauth2.core.exceptions.InvalidRequestException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidGrantException(org.forgerock.oauth2.core.exceptions.InvalidGrantException)
Aggregations
ServerException (org.forgerock.oauth2.core.exceptions.ServerException)5
CoreTokenException (org.forgerock.openam.cts.exceptions.CoreTokenException)4
AuthorizationCode (org.forgerock.oauth2.core.AuthorizationCode)3
OAuth2ProviderSettings (org.forgerock.oauth2.core.OAuth2ProviderSettings)3
OpenIdConnectClientRegistration (org.forgerock.openidconnect.OpenIdConnectClientRegistration)3
InvalidGrantException (org.forgerock.oauth2.core.exceptions.InvalidGrantException)2
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1
Map (java.util.Map)1
Set (java.util.Set)1
JsonValue (org.forgerock.json.JsonValue)1
AccessToken (org.forgerock.oauth2.core.AccessToken)1
OAuth2Request (org.forgerock.oauth2.core.OAuth2Request)1
RefreshToken (org.forgerock.oauth2.core.RefreshToken)1
ResourceOwner (org.forgerock.oauth2.core.ResourceOwner)1
Token (org.forgerock.oauth2.core.Token)1
InvalidRequestException (org.forgerock.oauth2.core.exceptions.InvalidRequestException)1
CoreToken (org.forgerock.openam.oauth2.legacy.CoreToken)1
LegacyAuthorizationTokenAdapter (org.forgerock.openam.oauth2.legacy.LegacyAuthorizationTokenAdapter)1
