Example 16 with OAuth2ProviderSettings
use of org.forgerock.oauth2.core.OAuth2ProviderSettings in project OpenAM by OpenRock.
the class OpenAMResourceOwnerSessionValidator method authenticationRequired.
private ResourceOwnerAuthenticationRequired authenticationRequired(OAuth2Request request) throws AccessDeniedException, URISyntaxException, ServerException, NotFoundException, UnsupportedEncodingException {
OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(request);
Template loginUrlTemplate = providerSettings.getCustomLoginUrlTemplate();
removeLoginPrompt(request.<Request>getRequest());
String gotoUrl = request.<Request>getRequest().getResourceRef().toString();
if (request.getParameter(USER_CODE) != null) {
gotoUrl += (gotoUrl.indexOf('?') > -1 ? "&" : "?") + USER_CODE + "=" + request.getParameter(USER_CODE);
}
String acrValues = request.getParameter(ACR_VALUES);
String realm = request.getParameter(OAuth2Constants.Custom.REALM);
String moduleName = request.getParameter(MODULE);
String serviceName = request.getParameter(SERVICE);
String locale = getRequestLocale(request);
URI loginUrl;
if (loginUrlTemplate != null) {
loginUrl = buildCustomLoginUrl(loginUrlTemplate, gotoUrl, acrValues, realm, moduleName, serviceName, locale);
} else {
loginUrl = buildDefaultLoginUrl(request, gotoUrl, acrValues, realm, moduleName, serviceName, locale);
}
return new ResourceOwnerAuthenticationRequired(loginUrl);
}
Also used :
ResourceOwnerAuthenticationRequired(org.forgerock.oauth2.core.exceptions.ResourceOwnerAuthenticationRequired)
OAuth2Request(org.forgerock.oauth2.core.OAuth2Request)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Request(org.restlet.Request)
OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings)
URI(java.net.URI)
Template(freemarker.template.Template)
Example 17 with OAuth2ProviderSettings
use of org.forgerock.oauth2.core.OAuth2ProviderSettings in project OpenAM by OpenRock.
the class OpenAMResourceOwnerSessionValidator method setCurrentAcr.
/**
* If the user is already logged in when the OAuth2 request comes in with an acr_values parameter, we
* look to see if they've already matched one. If they have, we set the acr value on the request.
*/
private void setCurrentAcr(SSOToken token, OAuth2Request request, String acrValuesStr) throws NotFoundException, ServerException, SSOException, AccessDeniedException, UnsupportedEncodingException, URISyntaxException, ResourceOwnerAuthenticationRequired {
String serviceUsed = token.getProperty(ISAuthConstants.SERVICE);
Set<String> acrValues = new HashSet<>(Arrays.asList(acrValuesStr.split("\\s+")));
OAuth2ProviderSettings settings = providerSettingsFactory.get(request);
Map<String, AuthenticationMethod> acrMap = settings.getAcrMapping();
boolean matched = false;
for (String acr : acrValues) {
if (acrMap.containsKey(acr)) {
if (serviceUsed.equals(acrMap.get(acr).getName())) {
final Request req = request.getRequest();
req.getResourceRef().addQueryParameter(OAuth2Constants.JWTTokenParams.ACR, acr);
matched = true;
}
}
}
if (!matched) {
throw authenticationRequired(request, token);
}
}
Also used :
OAuth2Request(org.forgerock.oauth2.core.OAuth2Request)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Request(org.restlet.Request)
OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings)
AuthenticationMethod(org.forgerock.oauth2.core.AuthenticationMethod)
HashSet(java.util.HashSet)
Example 18 with OAuth2ProviderSettings
use of org.forgerock.oauth2.core.OAuth2ProviderSettings in project OpenAM by OpenRock.
the class OpenAMResourceOwnerSessionValidator method chooseBestAcrValue.
/**
* Searches through the supplied 'acr' values to find a matching authentication context configuration service for
* this OpenID Connect client. If the client is not an OIDC client, or if no match is found, then {@code null} is
* returned and the default login configuration for the realm will be used. Values will be tried in the order
* passed, and the first matching value will be chosen.
*
* @param request the OAuth2 request that requires authentication.
* @param acrValues the values of the acr_values parameter, in preference order.
* @return the matching ACR value, or {@code null} if no match was found.
*/
private ACRValue chooseBestAcrValue(final OAuth2Request request, final String... acrValues) throws ServerException, NotFoundException {
final OAuth2ProviderSettings settings = providerSettingsFactory.get(request);
final Map<String, AuthenticationMethod> mapping = settings.getAcrMapping();
if (mapping != null) {
for (String acrValue : acrValues) {
final AuthenticationMethod method = mapping.get(acrValue);
if (method instanceof OpenAMAuthenticationMethod) {
if (logger.messageEnabled()) {
logger.message("Picked ACR value [" + acrValue + "] -> " + method);
}
return new ACRValue(acrValue, (OpenAMAuthenticationMethod) method);
}
}
}
if (logger.messageEnabled()) {
logger.message("No ACR value matched - using default login configuration");
}
return null;
}
Also used :
OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings)
AuthenticationMethod(org.forgerock.oauth2.core.AuthenticationMethod)
Example 19 with OAuth2ProviderSettings
use of org.forgerock.oauth2.core.OAuth2ProviderSettings in project OpenAM by OpenRock.
the class PermissionRequestEndpointTest method setup.
@BeforeMethod
@SuppressWarnings("unchecked")
public void setup() throws ServerException, InvalidGrantException, NotFoundException {
resourceSetStore = mock(ResourceSetStore.class);
OAuth2RequestFactory<?, Request> requestFactory = mock(OAuth2RequestFactory.class);
umaTokenStore = mock(UmaTokenStore.class);
OAuth2ProviderSettingsFactory providerSettingFactory = mock(OAuth2ProviderSettingsFactory.class);
OAuth2ProviderSettings providerSettings = mock(OAuth2ProviderSettings.class);
given(providerSettingFactory.get(Matchers.<OAuth2Request>anyObject())).willReturn(providerSettings);
given(providerSettings.getResourceSetStore()).willReturn(resourceSetStore);
UmaProviderSettingsFactory umaProviderSettingsFactory = mock(UmaProviderSettingsFactory.class);
UmaProviderSettings umaProviderSettings = mock(UmaProviderSettings.class);
given(umaProviderSettingsFactory.get(any(Request.class))).willReturn(umaProviderSettings);
given(umaProviderSettings.getUmaTokenStore()).willReturn(umaTokenStore);
ExtensionFilterManager extensionFilterManager = mock(ExtensionFilterManager.class);
permissionRequestFilter = mock(PermissionRequestFilter.class);
given(extensionFilterManager.getFilters(PermissionRequestFilter.class)).willReturn(Collections.singleton(permissionRequestFilter));
UmaExceptionHandler exceptionHandler = mock(UmaExceptionHandler.class);
endpoint = spy(new PermissionRequestEndpoint(providerSettingFactory, requestFactory, umaProviderSettingsFactory, extensionFilterManager, exceptionHandler, jacksonRepresentationFactory));
response = mock(Response.class);
endpoint.setResponse(response);
Request request = mock(Request.class);
given(endpoint.getRequest()).willReturn(request);
AccessToken accessToken = mock(AccessToken.class);
given(accessToken.getClientId()).willReturn("CLIENT_ID");
given(accessToken.getResourceOwnerId()).willReturn("RESOURCE_OWNER_ID");
OAuth2Request oAuth2Request = mock(OAuth2Request.class);
given(requestFactory.create(request)).willReturn(oAuth2Request);
given(oAuth2Request.getToken(AccessToken.class)).willReturn(accessToken);
}
Also used :
PermissionRequestFilter(org.forgerock.openam.uma.extensions.PermissionRequestFilter)
Request(org.restlet.Request)
OAuth2Request(org.forgerock.oauth2.core.OAuth2Request)
Response(org.restlet.Response)
OAuth2Request(org.forgerock.oauth2.core.OAuth2Request)
OAuth2ProviderSettingsFactory(org.forgerock.oauth2.core.OAuth2ProviderSettingsFactory)
ResourceSetStore(org.forgerock.oauth2.resources.ResourceSetStore)
AccessToken(org.forgerock.oauth2.core.AccessToken)
OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings)
ExtensionFilterManager(org.forgerock.openam.oauth2.extensions.ExtensionFilterManager)
BeforeMethod(org.testng.annotations.BeforeMethod)
Example 20 with OAuth2ProviderSettings
use of org.forgerock.oauth2.core.OAuth2ProviderSettings in project OpenAM by OpenRock.
the class OpenAMOpenIdConnectClientRegistrationService method createRegistration.
/**
* {@inheritDoc}
*/
public JsonValue createRegistration(String accessToken, String deploymentUrl, OAuth2Request request) throws InvalidRedirectUri, InvalidClientMetadata, ServerException, UnsupportedResponseTypeException, AccessDeniedException, NotFoundException, InvalidPostLogoutRedirectUri {
final OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(request);
if (!providerSettings.isOpenDynamicClientRegistrationAllowed()) {
if (!tokenVerifier.verify(request).isValid()) {
throw new AccessDeniedException("Access Token not valid");
}
}
final JsonValue input = request.getBody();
//check input to ensure it is valid
Set<String> inputKeys = input.keys();
for (String key : inputKeys) {
OAuth2Constants.ShortClientAttributeNames keyName = fromString(key);
if (keyName == null) {
logger.warn("Unknown input given. Key: " + key);
}
}
//create client given input
ClientBuilder clientBuilder = new ClientBuilder();
try {
boolean jwks = false;
if (input.get(JWKS.getType()).asString() != null) {
jwks = true;
try {
JsonValueBuilder.toJsonValue(input.get(JWKS.getType()).asString());
} catch (JsonException e) {
throw new InvalidClientMetadata("jwks must be valid JSON.");
}
clientBuilder.setJwks(input.get(JWKS.getType()).asString());
clientBuilder.setPublicKeySelector(Client.PublicKeySelector.JWKS.getType());
}
if (input.get(JWKS_URI.getType()).asString() != null) {
if (jwks) {
//allowed to set either jwks or jwks_uri but not both
throw new InvalidClientMetadata("Must define either jwks or jwks_uri, not both.");
}
jwks = true;
try {
new URL(input.get(JWKS_URI.getType()).asString());
} catch (MalformedURLException e) {
throw new InvalidClientMetadata("jwks_uri must be a valid URL.");
}
clientBuilder.setJwksUri(input.get(JWKS_URI.getType()).asString());
clientBuilder.setPublicKeySelector(Client.PublicKeySelector.JWKS_URI.getType());
}
//not spec-defined, this is OpenAM proprietary
if (input.get(X509.getType()).asString() != null) {
clientBuilder.setX509(input.get(X509.getType()).asString());
}
//drop to this if neither other are set
if (!jwks) {
clientBuilder.setPublicKeySelector(Client.PublicKeySelector.X509.getType());
}
if (input.get(TOKEN_ENDPOINT_AUTH_METHOD.getType()).asString() != null) {
if (Client.TokenEndpointAuthMethod.fromString(input.get(TOKEN_ENDPOINT_AUTH_METHOD.getType()).asString()) == null) {
logger.error("Invalid token_endpoint_auth_method requested.");
throw new InvalidClientMetadata("Invalid token_endpoint_auth_method requested.");
}
clientBuilder.setTokenEndpointAuthMethod(input.get(TOKEN_ENDPOINT_AUTH_METHOD.getType()).asString());
} else {
clientBuilder.setTokenEndpointAuthMethod(Client.TokenEndpointAuthMethod.CLIENT_SECRET_BASIC.getType());
}
if (input.get(CLIENT_ID.getType()).asString() != null) {
clientBuilder.setClientID(input.get(CLIENT_ID.getType()).asString());
} else {
clientBuilder.setClientID(UUID.randomUUID().toString());
}
if (input.get(CLIENT_SECRET.getType()).asString() != null) {
clientBuilder.setClientSecret(input.get(CLIENT_SECRET.getType()).asString());
} else {
clientBuilder.setClientSecret(UUID.randomUUID().toString());
}
if (input.get(CLIENT_TYPE.getType()).asString() != null) {
if (Client.ClientType.fromString(input.get(CLIENT_TYPE.getType()).asString()) != null) {
clientBuilder.setClientType(input.get(CLIENT_TYPE.getType()).asString());
} else {
logger.error("Invalid client_type requested.");
throw new InvalidClientMetadata("Invalid client_type requested");
}
} else {
clientBuilder.setClientType(Client.ClientType.CONFIDENTIAL.getType());
}
if (input.get(DEFAULT_MAX_AGE.getType()).asLong() != null) {
clientBuilder.setDefaultMaxAge(input.get(DEFAULT_MAX_AGE.getType()).asLong());
clientBuilder.setDefaultMaxAgeEnabled(true);
} else {
clientBuilder.setDefaultMaxAge(Client.MIN_DEFAULT_MAX_AGE);
clientBuilder.setDefaultMaxAgeEnabled(false);
}
List<String> redirectUris = new ArrayList<String>();
if (input.get(REDIRECT_URIS.getType()).asList() != null) {
redirectUris = input.get(REDIRECT_URIS.getType()).asList(String.class);
boolean isValidUris = true;
for (String redirectUri : redirectUris) {
try {
urlValidator.validate(redirectUri);
} catch (ValidationException e) {
isValidUris = false;
logger.error("The redirectUri: " + redirectUri + " is invalid.");
}
}
if (!isValidUris) {
throw new InvalidRedirectUri();
}
clientBuilder.setRedirectionURIs(redirectUris);
}
if (input.get(SECTOR_IDENTIFIER_URI.getType()).asString() != null) {
try {
URL sectorIdentifier = new URL(input.get(SECTOR_IDENTIFIER_URI.getType()).asString());
List<String> response = mapper.readValue(sectorIdentifier, List.class);
if (!response.containsAll(redirectUris)) {
logger.error("Request_uris not included in sector_identifier_uri.");
throw new InvalidClientMetadata();
}
} catch (Exception e) {
logger.error("Invalid sector_identifier_uri requested.");
throw new InvalidClientMetadata("Invalid sector_identifier_uri requested.");
}
clientBuilder.setSectorIdentifierUri(input.get(SECTOR_IDENTIFIER_URI.getType()).asString());
}
List<String> scopes = input.get(SCOPES.getType()).asList(String.class);
if (scopes != null && !scopes.isEmpty()) {
if (!containsAllCaseInsensitive(providerSettings.getSupportedScopes(), scopes)) {
logger.error("Invalid scopes requested.");
throw new InvalidClientMetadata("Invalid scopes requested");
}
} else {
//if nothing requested, fall back to provider defaults
scopes = new ArrayList<String>();
scopes.addAll(providerSettings.getDefaultScopes());
}
//regardless, we add openid
if (!scopes.contains(OPENID)) {
scopes = new ArrayList<String>(scopes);
scopes.add(OPENID);
}
clientBuilder.setAllowedGrantScopes(scopes);
List<String> defaultScopes = input.get(DEFAULT_SCOPES.getType()).asList(String.class);
if (defaultScopes != null) {
if (containsAllCaseInsensitive(providerSettings.getSupportedScopes(), defaultScopes)) {
clientBuilder.setDefaultGrantScopes(defaultScopes);
} else {
throw new InvalidClientMetadata("Invalid default scopes requested.");
}
}
List<String> clientNames = new ArrayList<String>();
Set<String> keys = input.keys();
for (String key : keys) {
if (key.equals(CLIENT_NAME.getType())) {
clientNames.add(input.get(key).asString());
} else if (key.startsWith(CLIENT_NAME.getType())) {
try {
Locale locale = new Locale(key.substring(CLIENT_NAME.getType().length() + 1));
clientNames.add(locale.toString() + "|" + input.get(key).asString());
} catch (Exception e) {
logger.error("Invalid locale for client_name.");
throw new InvalidClientMetadata("Invalid locale for client_name.");
}
}
}
if (clientNames != null) {
clientBuilder.setClientName(clientNames);
}
if (input.get(CLIENT_DESCRIPTION.getType()).asList() != null) {
clientBuilder.setDisplayDescription(input.get(CLIENT_DESCRIPTION.getType()).asList(String.class));
}
if (input.get(SUBJECT_TYPE.getType()).asString() != null) {
if (providerSettings.getSupportedSubjectTypes().contains(input.get(SUBJECT_TYPE.getType()).asString())) {
clientBuilder.setSubjectType(input.get(SUBJECT_TYPE.getType()).asString());
} else {
logger.error("Invalid subject_type requested.");
throw new InvalidClientMetadata("Invalid subject_type requested");
}
} else {
clientBuilder.setSubjectType(Client.SubjectType.PUBLIC.getType());
}
if (input.get(ID_TOKEN_SIGNED_RESPONSE_ALG.getType()).asString() != null) {
if (containsCaseInsensitive(providerSettings.getSupportedIDTokenSigningAlgorithms(), input.get(ID_TOKEN_SIGNED_RESPONSE_ALG.getType()).asString())) {
clientBuilder.setIdTokenSignedResponseAlgorithm(input.get(ID_TOKEN_SIGNED_RESPONSE_ALG.getType()).asString());
} else {
logger.error("Unsupported id_token_response_signed_alg requested.");
throw new InvalidClientMetadata("Unsupported id_token_response_signed_alg requested.");
}
} else {
clientBuilder.setIdTokenSignedResponseAlgorithm(ID_TOKEN_SIGNED_RESPONSE_ALG_DEFAULT);
}
if (input.get(POST_LOGOUT_REDIRECT_URIS.getType()).asList() != null) {
List<String> logoutRedirectUris = input.get(POST_LOGOUT_REDIRECT_URIS.getType()).asList(String.class);
boolean isValidUris = true;
for (String logoutRedirectUri : logoutRedirectUris) {
try {
urlValidator.validate(logoutRedirectUri);
} catch (ValidationException e) {
isValidUris = false;
logger.error("The post_logout_redirect_uris: {} is invalid.", logoutRedirectUri);
}
}
if (!isValidUris) {
throw new InvalidPostLogoutRedirectUri();
}
clientBuilder.setPostLogoutRedirectionURIs(logoutRedirectUris);
}
if (input.get(REGISTRATION_ACCESS_TOKEN.getType()).asString() != null) {
clientBuilder.setAccessToken(input.get(REGISTRATION_ACCESS_TOKEN.getType()).asString());
} else {
clientBuilder.setAccessToken(accessToken);
}
if (input.get(CLIENT_SESSION_URI.getType()).asString() != null) {
clientBuilder.setClientSessionURI(input.get(CLIENT_SESSION_URI.getType()).asString());
}
if (input.get(APPLICATION_TYPE.getType()).asString() != null) {
if (Client.ApplicationType.fromString(input.get(APPLICATION_TYPE.getType()).asString()) != null) {
clientBuilder.setApplicationType(Client.ApplicationType.WEB.getType());
} else {
logger.error("Invalid application_type requested.");
throw new InvalidClientMetadata("Invalid application_type requested.");
}
} else {
clientBuilder.setApplicationType(DEFAULT_APPLICATION_TYPE);
}
if (input.get(DISPLAY_NAME.getType()).asList() != null) {
clientBuilder.setDisplayName(input.get(DISPLAY_NAME.getType()).asList(String.class));
}
if (input.get(RESPONSE_TYPES.getType()).asList() != null) {
final List<String> clientResponseTypeList = input.get(RESPONSE_TYPES.getType()).asList(String.class);
final List<String> typeList = new ArrayList<String>();
for (String responseType : clientResponseTypeList) {
typeList.addAll(Arrays.asList(responseType.split(" ")));
}
if (containsAllCaseInsensitive(providerSettings.getAllowedResponseTypes().keySet(), typeList)) {
clientBuilder.setResponseTypes(clientResponseTypeList);
} else {
logger.error("Invalid response_types requested.");
throw new InvalidClientMetadata("Invalid response_types requested.");
}
} else {
List<String> defaultResponseTypes = new ArrayList<String>();
defaultResponseTypes.add("code");
clientBuilder.setResponseTypes(defaultResponseTypes);
}
if (input.get(AUTHORIZATION_CODE_LIFE_TIME.getType()).asLong() != null) {
clientBuilder.setAuthorizationCodeLifeTime(input.get(AUTHORIZATION_CODE_LIFE_TIME.getType()).asLong());
} else {
clientBuilder.setAuthorizationCodeLifeTime(0L);
}
if (input.get(ACCESS_TOKEN_LIFE_TIME.getType()).asLong() != null) {
clientBuilder.setAccessTokenLifeTime(input.get(ACCESS_TOKEN_LIFE_TIME.getType()).asLong());
} else {
clientBuilder.setAccessTokenLifeTime(0L);
}
if (input.get(REFRESH_TOKEN_LIFE_TIME.getType()).asLong() != null) {
clientBuilder.setRefreshTokenLifeTime(input.get(REFRESH_TOKEN_LIFE_TIME.getType()).asLong());
} else {
clientBuilder.setRefreshTokenLifeTime(0L);
}
if (input.get(JWT_TOKEN_LIFE_TIME.getType()).asLong() != null) {
clientBuilder.setJwtTokenLifeTime(input.get(JWT_TOKEN_LIFE_TIME.getType()).asLong());
} else {
clientBuilder.setJwtTokenLifeTime(0L);
}
if (input.get(CONTACTS.getType()).asList() != null) {
clientBuilder.setContacts(input.get(CONTACTS.getType()).asList(String.class));
}
} catch (JsonValueException e) {
logger.error("Unable to build client.", e);
throw new InvalidClientMetadata();
}
Client client = clientBuilder.createClient();
// See OPENAM-3604 and http://openid.net/specs/openid-connect-registration-1_0.html#ClientRegistration
if (providerSettings.isRegistrationAccessTokenGenerationEnabled() && !client.hasAccessToken()) {
client.setAccessToken(createRegistrationAccessToken(client, request));
}
clientDAO.create(client, request);
// have some visibility on who is registering clients.
if (logger.isInfoEnabled()) {
logger.info("Registered OpenID Connect client: " + client.getClientID() + ", name=" + client.getClientName() + ", type=" + client.getClientType());
}
Map<String, Object> response = client.asMap();
response = convertClientReadResponseFormat(response);
response.put(REGISTRATION_CLIENT_URI, deploymentUrl + "/oauth2/connect/register?client_id=" + client.getClientID());
response.put(EXPIRES_AT, 0);
return new JsonValue(response);
}
Also used :
JsonException(org.forgerock.json.JsonException)
Locale(java.util.Locale)
AccessDeniedException(org.forgerock.oauth2.core.exceptions.AccessDeniedException)
MalformedURLException(java.net.MalformedURLException)
ValidationException(com.sun.identity.shared.validation.ValidationException)
ArrayList(java.util.ArrayList)
URL(java.net.URL)
OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings)
Client(org.forgerock.openidconnect.Client)
InvalidRedirectUri(org.forgerock.openidconnect.exceptions.InvalidRedirectUri)
JsonValueException(org.forgerock.json.JsonValueException)
ClientBuilder(org.forgerock.openidconnect.ClientBuilder)
ShortClientAttributeNames(org.forgerock.oauth2.core.OAuth2Constants.ShortClientAttributeNames)
JsonValue(org.forgerock.json.JsonValue)
ValidationException(com.sun.identity.shared.validation.ValidationException)
MalformedURLException(java.net.MalformedURLException)
InvalidTokenException(org.forgerock.oauth2.core.exceptions.InvalidTokenException)
JsonException(org.forgerock.json.JsonException)
ServerException(org.forgerock.oauth2.core.exceptions.ServerException)
NotFoundException(org.forgerock.oauth2.core.exceptions.NotFoundException)
JsonValueException(org.forgerock.json.JsonValueException)
InvalidRequestException(org.forgerock.oauth2.core.exceptions.InvalidRequestException)
UnauthorizedClientException(org.forgerock.oauth2.core.exceptions.UnauthorizedClientException)
UnsupportedResponseTypeException(org.forgerock.oauth2.core.exceptions.UnsupportedResponseTypeException)
AccessDeniedException(org.forgerock.oauth2.core.exceptions.AccessDeniedException)
InvalidPostLogoutRedirectUri(org.forgerock.openidconnect.exceptions.InvalidPostLogoutRedirectUri)
OAuth2Constants(org.forgerock.oauth2.core.OAuth2Constants)
InvalidClientMetadata(org.forgerock.openidconnect.exceptions.InvalidClientMetadata)
Aggregations
OAuth2ProviderSettings (org.forgerock.oauth2.core.OAuth2ProviderSettings)39
ServerException (org.forgerock.oauth2.core.exceptions.ServerException)18
OAuth2Request (org.forgerock.oauth2.core.OAuth2Request)15
JsonValue (org.forgerock.json.JsonValue)9
AccessToken (org.forgerock.oauth2.core.AccessToken)9
HashSet (java.util.HashSet)8
OAuth2Uris (org.forgerock.oauth2.core.OAuth2Uris)8
HashMap (java.util.HashMap)7
ResourceSetStore (org.forgerock.oauth2.resources.ResourceSetStore)7
Request (org.restlet.Request)7
NotFoundException (org.forgerock.oauth2.core.exceptions.NotFoundException)6
ResourceSetDescription (org.forgerock.oauth2.resources.ResourceSetDescription)6
JSONObject (org.json.JSONObject)6
Test (org.testng.annotations.Test)6
UnauthorizedClientException (org.forgerock.oauth2.core.exceptions.UnauthorizedClientException)5
CoreTokenException (org.forgerock.openam.cts.exceptions.CoreTokenException)5
OpenIdConnectClientRegistration (org.forgerock.openidconnect.OpenIdConnectClientRegistration)5
BeforeTest (org.testng.annotations.BeforeTest)5
HttpServletRequest (javax.servlet.http.HttpServletRequest)4
OAuth2ProviderSettingsFactory (org.forgerock.oauth2.core.OAuth2ProviderSettingsFactory)4
