use of org.forgerock.oauth2.core.OAuth2Constants.DeviceCode in project OpenAM by OpenRock.
the class OpenAMTokenStore method readDeviceCode.
@Override
public DeviceCode readDeviceCode(String clientId, String code, OAuth2Request request) throws ServerException, NotFoundException, InvalidGrantException {
DeviceCode deviceCode = request.getToken(DeviceCode.class);
if (deviceCode == null) {
try {
JsonValue token = tokenStore.read(code);
if (token == null) {
return null;
}
deviceCode = new DeviceCode(token);
} catch (CoreTokenException e) {
logger.error("Unable to read device code corresponding to id: " + code, e);
throw new ServerException("Could not read token in CTS: " + e.getMessage());
}
}
if (!clientId.equals(deviceCode.getClientId())) {
throw new InvalidGrantException();
}
validateTokenRealm(deviceCode.getRealm(), request);
request.setToken(DeviceCode.class, deviceCode);
return deviceCode;
}
use of org.forgerock.oauth2.core.OAuth2Constants.DeviceCode in project OpenAM by OpenRock.
the class DeviceCodeResource method issueCode.
@Post
public Representation issueCode(Representation body) throws OAuth2RestletException {
final Request restletRequest = getRequest();
OAuth2Request request = requestFactory.create(restletRequest);
String state = request.getParameter(STATE);
// Client ID, Response Type and Scope are required, all other parameters are optional
String clientId = request.getParameter(CLIENT_ID);
String scope = request.getParameter(SCOPE);
String responseType = request.getParameter(RESPONSE_TYPE);
try {
if (isEmpty(clientId) || isEmpty(scope) || isEmpty(responseType)) {
throw new OAuth2RestletException(400, "bad_request", "client_id, scope and response_type are required parameters", state);
} else {
// check client_id exists
clientRegistrationStore.get(clientId, request);
}
if (scope == null) {
scope = "";
}
final String maxAge = request.getParameter(MAX_AGE);
DeviceCode code = tokenStore.createDeviceCode(oAuth2Utils.split(scope, " "), null, clientId, request.<String>getParameter(NONCE), request.<String>getParameter(RESPONSE_TYPE), request.<String>getParameter(STATE), request.<String>getParameter(ACR_VALUES), request.<String>getParameter(PROMPT), request.<String>getParameter(UI_LOCALES), request.<String>getParameter(LOGIN_HINT), maxAge == null ? null : Integer.valueOf(maxAge), request.<String>getParameter(CLAIMS), request, request.<String>getParameter(CODE_CHALLENGE), request.<String>getParameter(CODE_CHALLENGE_METHOD));
Map<String, Object> result = new HashMap<>();
OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(request);
result.put(DEVICE_CODE, code.getDeviceCode());
result.put(USER_CODE, code.getUserCode());
result.put(EXPIRES_IN, providerSettings.getDeviceCodeLifetime());
result.put(INTERVAL, providerSettings.getDeviceCodePollInterval());
String verificationUrl = providerSettings.getVerificationUrl();
if (StringUtils.isBlank(verificationUrl)) {
final HttpServletRequest servletRequest = ServletUtils.getRequest(restletRequest);
final String realm = request.getParameter(OAuth2Constants.Custom.REALM);
verificationUrl = baseURLProviderFactory.get(realm).getRootURL(servletRequest) + "/oauth2/device/user";
}
result.put(VERIFICATION_URL, verificationUrl);
return jacksonRepresentationFactory.create(result);
} catch (OAuth2Exception e) {
throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), state);
}
}
use of org.forgerock.oauth2.core.OAuth2Constants.DeviceCode in project OpenAM by OpenRock.
the class DeviceCodeVerificationResource method verify.
/**
* Handles POST requests to the OAuth2 device/user endpoint.
*/
@Post
public Representation verify(Representation body) throws ServerException, NotFoundException, InvalidGrantException, OAuth2RestletException {
final Request restletRequest = getRequest();
OAuth2Request request = requestFactory.create(restletRequest);
DeviceCode deviceCode;
try {
deviceCode = tokenStore.readDeviceCode(request.<String>getParameter(OAuth2Constants.DeviceCode.USER_CODE), request);
} catch (InvalidGrantException e) {
return getTemplateRepresentation(FORM, request, "not_found");
}
if (deviceCode == null || deviceCode.isIssued()) {
return getTemplateRepresentation(FORM, request, "not_found");
}
addRequestParamsFromDeviceCode(restletRequest, deviceCode);
try {
final String decision = request.getParameter("decision");
if (StringUtils.isNotEmpty(decision)) {
final boolean consentGiven = "allow".equalsIgnoreCase(decision);
final boolean saveConsent = "on".equalsIgnoreCase(request.<String>getParameter("save_consent"));
if (saveConsent) {
saveConsent(request);
}
if (consentGiven) {
ResourceOwner resourceOwner = resourceOwnerSessionValidator.validate(request);
deviceCode.setResourceOwnerId(resourceOwner.getId());
deviceCode.setAuthorized(true);
tokenStore.updateDeviceCode(deviceCode, request);
} else {
tokenStore.deleteDeviceCode(deviceCode.getClientId(), deviceCode.getDeviceCode(), request);
}
} else {
authorizationService.authorize(request);
}
} catch (IllegalArgumentException e) {
if (e.getMessage().contains("client_id")) {
throw new OAuth2RestletException(400, "invalid_request", e.getMessage(), request.<String>getParameter("state"));
}
throw new OAuth2RestletException(400, "invalid_request", e.getMessage(), request.<String>getParameter("redirect_uri"), request.<String>getParameter("state"));
} catch (ResourceOwnerAuthenticationRequired e) {
throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), e.getRedirectUri().toString(), null);
} catch (ResourceOwnerConsentRequired e) {
return representation.getRepresentation(getContext(), request, "authorize.ftl", getDataModel(e, request));
} catch (InvalidClientException | RedirectUriMismatchException e) {
throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), request.<String>getParameter("state"));
} catch (OAuth2Exception e) {
throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), request.<String>getParameter("redirect_uri"), request.<String>getParameter("state"), e.getParameterLocation());
}
return getTemplateRepresentation(THANKS_PAGE, request, null);
}
use of org.forgerock.oauth2.core.OAuth2Constants.DeviceCode in project OpenAM by OpenRock.
the class OpenAMTokenStoreTest method shouldUpdateDeviceCode.
@Test
public void shouldUpdateDeviceCode() throws Exception {
// Given
DeviceCode code = new DeviceCode(json(object(field("tokenName", asSet("device_code")), field("id", asSet("123")), field("user_code", asSet("456")), field("realm", asSet("/")), field("clientID", asSet("CLIENT_ID")))));
given(tokenStore.read("123")).willReturn(code);
final RestletOAuth2Request oauth2Request = oAuth2RequestFactory.create(this.request);
given(request.getAttributes()).willReturn(new ConcurrentHashMap<>(singletonMap("realm", (Object) "/")));
given(realmNormaliser.normalise("/")).willReturn("/");
// When
openAMtokenStore.updateDeviceCode(code, oauth2Request);
// Then
verify(tokenStore).update(code);
}
Aggregations