Examples with DeviceCode org.forgerock.oauth2.core.DeviceCode used on opensource projects

Example 6 with DeviceCode

use of org.forgerock.oauth2.core.DeviceCode in project OpenAM by OpenRock.

the class OpenAMTokenStore method readDeviceCode.

@Override
public DeviceCode readDeviceCode(String clientId, String code, OAuth2Request request) throws ServerException, NotFoundException, InvalidGrantException {
    DeviceCode deviceCode = request.getToken(DeviceCode.class);
    if (deviceCode == null) {
        try {
            JsonValue token = tokenStore.read(code);
            if (token == null) {
                return null;
            }
            deviceCode = new DeviceCode(token);
        } catch (CoreTokenException e) {
            logger.error("Unable to read device code corresponding to id: " + code, e);
            throw new ServerException("Could not read token in CTS: " + e.getMessage());
        }
    }
    if (!clientId.equals(deviceCode.getClientId())) {
        throw new InvalidGrantException();
    }
    validateTokenRealm(deviceCode.getRealm(), request);
    request.setToken(DeviceCode.class, deviceCode);
    return deviceCode;
}

Example 7 with DeviceCode

use of org.forgerock.oauth2.core.DeviceCode in project OpenAM by OpenRock.

the class DeviceCodeResource method issueCode.

@Post
public Representation issueCode(Representation body) throws OAuth2RestletException {
    final Request restletRequest = getRequest();
    OAuth2Request request = requestFactory.create(restletRequest);
    String state = request.getParameter(STATE);
    // Client ID, Response Type and Scope are required, all other parameters are optional
    String clientId = request.getParameter(CLIENT_ID);
    String scope = request.getParameter(SCOPE);
    String responseType = request.getParameter(RESPONSE_TYPE);
    try {
        if (isEmpty(clientId) || isEmpty(scope) || isEmpty(responseType)) {
            throw new OAuth2RestletException(400, "bad_request", "client_id, scope and response_type are required parameters", state);
        } else {
            // check client_id exists
            clientRegistrationStore.get(clientId, request);
        }
        if (scope == null) {
            scope = "";
        }
        final String maxAge = request.getParameter(MAX_AGE);
        DeviceCode code = tokenStore.createDeviceCode(oAuth2Utils.split(scope, " "), null, clientId, request.<String>getParameter(NONCE), request.<String>getParameter(RESPONSE_TYPE), request.<String>getParameter(STATE), request.<String>getParameter(ACR_VALUES), request.<String>getParameter(PROMPT), request.<String>getParameter(UI_LOCALES), request.<String>getParameter(LOGIN_HINT), maxAge == null ? null : Integer.valueOf(maxAge), request.<String>getParameter(CLAIMS), request, request.<String>getParameter(CODE_CHALLENGE), request.<String>getParameter(CODE_CHALLENGE_METHOD));
        Map<String, Object> result = new HashMap<>();
        OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(request);
        result.put(DEVICE_CODE, code.getDeviceCode());
        result.put(USER_CODE, code.getUserCode());
        result.put(EXPIRES_IN, providerSettings.getDeviceCodeLifetime());
        result.put(INTERVAL, providerSettings.getDeviceCodePollInterval());
        String verificationUrl = providerSettings.getVerificationUrl();
        if (StringUtils.isBlank(verificationUrl)) {
            final HttpServletRequest servletRequest = ServletUtils.getRequest(restletRequest);
            final String realm = request.getParameter(OAuth2Constants.Custom.REALM);
            verificationUrl = baseURLProviderFactory.get(realm).getRootURL(servletRequest) + "/oauth2/device/user";
        }
        result.put(VERIFICATION_URL, verificationUrl);
        return jacksonRepresentationFactory.create(result);
    } catch (OAuth2Exception e) {
        throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), state);
    }
}

Example 8 with DeviceCode

use of org.forgerock.oauth2.core.DeviceCode in project OpenAM by OpenRock.

the class DeviceCodeVerificationResource method verify.

/**
     * Handles POST requests to the OAuth2 device/user endpoint.
     */
@Post
public Representation verify(Representation body) throws ServerException, NotFoundException, InvalidGrantException, OAuth2RestletException {
    final Request restletRequest = getRequest();
    OAuth2Request request = requestFactory.create(restletRequest);
    DeviceCode deviceCode;
    try {
        deviceCode = tokenStore.readDeviceCode(request.<String>getParameter(OAuth2Constants.DeviceCode.USER_CODE), request);
    } catch (InvalidGrantException e) {
        return getTemplateRepresentation(FORM, request, "not_found");
    }
    if (deviceCode == null || deviceCode.isIssued()) {
        return getTemplateRepresentation(FORM, request, "not_found");
    }
    addRequestParamsFromDeviceCode(restletRequest, deviceCode);
    try {
        final String decision = request.getParameter("decision");
        if (StringUtils.isNotEmpty(decision)) {
            final boolean consentGiven = "allow".equalsIgnoreCase(decision);
            final boolean saveConsent = "on".equalsIgnoreCase(request.<String>getParameter("save_consent"));
            if (saveConsent) {
                saveConsent(request);
            }
            if (consentGiven) {
                ResourceOwner resourceOwner = resourceOwnerSessionValidator.validate(request);
                deviceCode.setResourceOwnerId(resourceOwner.getId());
                deviceCode.setAuthorized(true);
                tokenStore.updateDeviceCode(deviceCode, request);
            } else {
                tokenStore.deleteDeviceCode(deviceCode.getClientId(), deviceCode.getDeviceCode(), request);
            }
        } else {
            authorizationService.authorize(request);
        }
    } catch (IllegalArgumentException e) {
        if (e.getMessage().contains("client_id")) {
            throw new OAuth2RestletException(400, "invalid_request", e.getMessage(), request.<String>getParameter("state"));
        }
        throw new OAuth2RestletException(400, "invalid_request", e.getMessage(), request.<String>getParameter("redirect_uri"), request.<String>getParameter("state"));
    } catch (ResourceOwnerAuthenticationRequired e) {
        throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), e.getRedirectUri().toString(), null);
    } catch (ResourceOwnerConsentRequired e) {
        return representation.getRepresentation(getContext(), request, "authorize.ftl", getDataModel(e, request));
    } catch (InvalidClientException | RedirectUriMismatchException e) {
        throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), request.<String>getParameter("state"));
    } catch (OAuth2Exception e) {
        throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), request.<String>getParameter("redirect_uri"), request.<String>getParameter("state"), e.getParameterLocation());
    }
    return getTemplateRepresentation(THANKS_PAGE, request, null);
}

Example 9 with DeviceCode

use of org.forgerock.oauth2.core.DeviceCode in project OpenAM by OpenRock.

the class OpenAMTokenStoreTest method shouldUpdateDeviceCode.

@Test
public void shouldUpdateDeviceCode() throws Exception {
    // Given
    DeviceCode code = new DeviceCode(json(object(field("tokenName", asSet("device_code")), field("id", asSet("123")), field("user_code", asSet("456")), field("realm", asSet("/")), field("clientID", asSet("CLIENT_ID")))));
    given(tokenStore.read("123")).willReturn(code);
    final RestletOAuth2Request oauth2Request = oAuth2RequestFactory.create(this.request);
    given(request.getAttributes()).willReturn(new ConcurrentHashMap<>(singletonMap("realm", (Object) "/")));
    given(realmNormaliser.normalise("/")).willReturn("/");
    // When
    openAMtokenStore.updateDeviceCode(code, oauth2Request);
    // Then
    verify(tokenStore).update(code);
}