Example 1 with AuthorizationToken
use of org.forgerock.oauth2.core.AuthorizationToken in project OpenAM by OpenRock.
the class AuthorizationServiceImpl method authorize.
/**
* {@inheritDoc}
*/
public AuthorizationToken authorize(OAuth2Request request) throws ResourceOwnerAuthenticationRequired, ResourceOwnerConsentRequired, InvalidClientException, UnsupportedResponseTypeException, RedirectUriMismatchException, InvalidRequestException, AccessDeniedException, ServerException, LoginRequiredException, BadRequestException, InteractionRequiredException, ResourceOwnerConsentRequiredException, InvalidScopeException, NotFoundException {
final OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(request);
for (final AuthorizeRequestValidator requestValidator : requestValidators) {
requestValidator.validateRequest(request);
}
final String clientId = request.getParameter(CLIENT_ID);
final ClientRegistration clientRegistration = clientRegistrationStore.get(clientId, request);
final Set<String> scope = Utils.splitScope(request.<String>getParameter(SCOPE));
//plugin point
final Set<String> validatedScope = providerSettings.validateAuthorizationScope(clientRegistration, scope, request);
// is resource owner authenticated?
final ResourceOwner resourceOwner = resourceOwnerSessionValidator.validate(request);
final boolean consentSaved = providerSettings.isConsentSaved(resourceOwner, clientRegistration.getClientId(), validatedScope);
//plugin point
final boolean haveConsent = consentVerifier.verify(consentSaved, request, clientRegistration);
if (!haveConsent) {
String localeParameter = request.getParameter(LOCALE);
String uiLocaleParameter = request.getParameter(UI_LOCALES);
Locale locale = getLocale(uiLocaleParameter, localeParameter);
if (locale == null) {
locale = request.getLocale();
}
UserInfoClaims userInfo = null;
try {
userInfo = providerSettings.getUserInfo(request.getToken(AccessToken.class), request);
} catch (UnauthorizedClientException e) {
logger.debug("Couldn't get user info - continuing to display consent page without claims.", e);
}
String clientName = clientRegistration.getDisplayName(locale);
if (clientName == null) {
clientName = clientRegistration.getClientId();
logger.warn("Client does not have a display name or client name set. using client ID {} for display", clientName);
}
final String displayDescription = clientRegistration.getDisplayDescription(locale);
final String clientDescription = displayDescription == null ? "" : displayDescription;
final Map<String, String> scopeDescriptions = getScopeDescriptions(validatedScope, clientRegistration.getScopeDescriptions(locale));
final Map<String, String> claimDescriptions = getClaimDescriptions(userInfo.getValues(), clientRegistration.getClaimDescriptions(locale));
throw new ResourceOwnerConsentRequired(clientName, clientDescription, scopeDescriptions, claimDescriptions, userInfo, resourceOwner.getName(providerSettings));
}
return tokenIssuer.issueTokens(request, clientRegistration, resourceOwner, scope, providerSettings);
}
Also used :
Locale(java.util.Locale)
UnauthorizedClientException(org.forgerock.oauth2.core.exceptions.UnauthorizedClientException)
ResourceOwnerConsentRequired(org.forgerock.oauth2.core.exceptions.ResourceOwnerConsentRequired)
Example 2 with AuthorizationToken
use of org.forgerock.oauth2.core.AuthorizationToken in project OpenAM by OpenRock.
the class AuthorizeResource method authorize.
/**
* Handles GET requests to the OAuth2 authorize endpoint.
* <br/>
* This method will be called when a client has requested a resource owner grants it authorization to access a
* resource.
*
* @return The body to be sent in the response to the user agent.
* @throws OAuth2RestletException If a OAuth2 error occurs whilst processing the authorization request.
*/
@Get
public Representation authorize() throws OAuth2RestletException {
final OAuth2Request request = requestFactory.create(getRequest());
for (AuthorizeRequestHook hook : hooks) {
hook.beforeAuthorizeHandling(request, getRequest(), getResponse());
}
try {
final AuthorizationToken authorizationToken = authorizationService.authorize(request);
final String redirectUri = getQueryValue("redirect_uri");
Representation response = representation.toRepresentation(getContext(), getRequest(), getResponse(), authorizationToken, redirectUri);
for (AuthorizeRequestHook hook : hooks) {
hook.afterAuthorizeSuccess(request, getRequest(), getResponse());
}
return response;
} catch (IllegalArgumentException e) {
if (e.getMessage().contains("client_id")) {
throw new OAuth2RestletException(400, "invalid_request", e.getMessage(), request.<String>getParameter("state"));
}
throw new OAuth2RestletException(400, "invalid_request", e.getMessage(), request.<String>getParameter("redirect_uri"), request.<String>getParameter("state"));
} catch (ResourceOwnerAuthenticationRequired e) {
throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), e.getRedirectUri().toString(), null);
} catch (ResourceOwnerConsentRequired e) {
return representation.getRepresentation(getContext(), request, "authorize.ftl", getDataModel(e, request));
} catch (InvalidClientException e) {
throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), request.<String>getParameter("state"));
} catch (RedirectUriMismatchException e) {
throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), request.<String>getParameter("state"));
} catch (OAuth2Exception e) {
throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), request.<String>getParameter("redirect_uri"), request.<String>getParameter("state"), e.getParameterLocation());
}
}
Also used :
ResourceOwnerAuthenticationRequired(org.forgerock.oauth2.core.exceptions.ResourceOwnerAuthenticationRequired)
OAuth2Request(org.forgerock.oauth2.core.OAuth2Request)
AuthorizationToken(org.forgerock.oauth2.core.AuthorizationToken)
RedirectUriMismatchException(org.forgerock.oauth2.core.exceptions.RedirectUriMismatchException)
ResourceOwnerConsentRequired(org.forgerock.oauth2.core.exceptions.ResourceOwnerConsentRequired)
InvalidClientException(org.forgerock.oauth2.core.exceptions.InvalidClientException)
Representation(org.restlet.representation.Representation)
OAuth2Exception(org.forgerock.oauth2.core.exceptions.OAuth2Exception)
Get(org.restlet.resource.Get)
Example 3 with AuthorizationToken
use of org.forgerock.oauth2.core.AuthorizationToken in project OpenAM by OpenRock.
the class AuthorizeResource method authorize.
/**
* Handles POST requests to the OAuth2 authorize endpoint.
* <br/>
* This method will be called when a user has given their consent for an authorization request.
*
* @param entity The entity on the request.
* @return The body to be sent in the response to the user agent.
* @throws OAuth2RestletException If a OAuth2 error occurs whilst processing the authorization request.
*/
@Post
public Representation authorize(Representation entity) throws OAuth2RestletException {
final OAuth2Request request = requestFactory.create(getRequest());
for (AuthorizeRequestHook hook : hooks) {
hook.beforeAuthorizeHandling(request, getRequest(), getResponse());
}
final boolean consentGiven = "allow".equalsIgnoreCase(request.<String>getParameter("decision"));
final boolean saveConsent = "on".equalsIgnoreCase(request.<String>getParameter("save_consent"));
try {
final AuthorizationToken authorizationToken = authorizationService.authorize(request, consentGiven, saveConsent);
final String redirectUri = request.getParameter("redirect_uri");
Representation response = representation.toRepresentation(getContext(), getRequest(), getResponse(), authorizationToken, redirectUri);
for (AuthorizeRequestHook hook : hooks) {
hook.afterAuthorizeSuccess(request, getRequest(), getResponse());
}
return response;
} catch (ResourceOwnerAuthenticationRequired e) {
throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), e.getRedirectUri().toString(), null);
} catch (InvalidClientException e) {
throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), request.<String>getParameter("state"));
} catch (RedirectUriMismatchException e) {
throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), request.<String>getParameter("state"));
} catch (OAuth2Exception e) {
throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), request.<String>getParameter("redirect_uri"), request.<String>getParameter("state"), e.getParameterLocation());
}
}
Also used :
ResourceOwnerAuthenticationRequired(org.forgerock.oauth2.core.exceptions.ResourceOwnerAuthenticationRequired)
OAuth2Request(org.forgerock.oauth2.core.OAuth2Request)
AuthorizationToken(org.forgerock.oauth2.core.AuthorizationToken)
RedirectUriMismatchException(org.forgerock.oauth2.core.exceptions.RedirectUriMismatchException)
InvalidClientException(org.forgerock.oauth2.core.exceptions.InvalidClientException)
Representation(org.restlet.representation.Representation)
OAuth2Exception(org.forgerock.oauth2.core.exceptions.OAuth2Exception)
Post(org.restlet.resource.Post)
Aggregations
AuthorizationToken (org.forgerock.oauth2.core.AuthorizationToken)2
OAuth2Request (org.forgerock.oauth2.core.OAuth2Request)2
InvalidClientException (org.forgerock.oauth2.core.exceptions.InvalidClientException)2
OAuth2Exception (org.forgerock.oauth2.core.exceptions.OAuth2Exception)2
RedirectUriMismatchException (org.forgerock.oauth2.core.exceptions.RedirectUriMismatchException)2
ResourceOwnerAuthenticationRequired (org.forgerock.oauth2.core.exceptions.ResourceOwnerAuthenticationRequired)2
ResourceOwnerConsentRequired (org.forgerock.oauth2.core.exceptions.ResourceOwnerConsentRequired)2
Representation (org.restlet.representation.Representation)2
Locale (java.util.Locale)1
UnauthorizedClientException (org.forgerock.oauth2.core.exceptions.UnauthorizedClientException)1
Get (org.restlet.resource.Get)1
Post (org.restlet.resource.Post)1
