Search in sources :

Example 21 with OAuth2ProviderSettings

use of org.forgerock.oauth2.core.OAuth2ProviderSettings in project OpenAM by OpenRock.

the class TokenResource method getExpiryDate.

private String getExpiryDate(JsonValue token, Context context) throws CoreTokenException, InternalServerErrorException, NotFoundException {
    OAuth2ProviderSettings oAuth2ProviderSettings;
    final String realm = getAttributeValue(token, "realm");
    try {
        oAuth2ProviderSettings = oAuth2ProviderSettingsFactory.get(realm);
    } catch (org.forgerock.oauth2.core.exceptions.NotFoundException e) {
        throw new NotFoundException(e.getMessage());
    }
    try {
        if (token.isDefined("refreshToken")) {
            if (oAuth2ProviderSettings.issueRefreshTokensOnRefreshingToken()) {
                return getIndefinitelyString(context);
            } else {
                //Use refresh token expiry
                JsonValue refreshToken = tokenStore.read(getAttributeValue(token, "refreshToken"));
                long expiryTimeInMilliseconds = Long.parseLong(getAttributeValue(refreshToken, EXPIRE_TIME_KEY));
                if (expiryTimeInMilliseconds == -1) {
                    return getIndefinitelyString(context);
                }
                return getDateFormat(context).format(new Date(expiryTimeInMilliseconds));
            }
        } else {
            //Use access token expiry
            long expiryTimeInMilliseconds = Long.parseLong(getAttributeValue(token, EXPIRE_TIME_KEY));
            return getDateFormat(context).format(new Date(expiryTimeInMilliseconds));
        }
    } catch (ServerException | SMSException | SSOException e) {
        throw new InternalServerErrorException(e);
    }
}
Also used : ServerException(org.forgerock.oauth2.core.exceptions.ServerException) SMSException(com.sun.identity.sm.SMSException) JsonValue(org.forgerock.json.JsonValue) NotFoundException(org.forgerock.json.resource.NotFoundException) SSOException(com.iplanet.sso.SSOException) Date(java.util.Date) InternalServerErrorException(org.forgerock.json.resource.InternalServerErrorException) OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings)

Example 22 with OAuth2ProviderSettings

use of org.forgerock.oauth2.core.OAuth2ProviderSettings in project OpenAM by OpenRock.

the class OpenAMResourceOwnerSessionValidatorTest method mockAcrValuesMap.

private void mockAcrValuesMap(Map<String, AuthenticationMethod> mapping) throws Exception {
    final OAuth2ProviderSettings mockSettings = mock(OAuth2ProviderSettings.class);
    given(mockProviderSettingsFactory.get(mockOAuth2Request)).willReturn(mockSettings);
    given(mockSettings.getAcrMapping()).willReturn(mapping);
}
Also used : OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings)

Example 23 with OAuth2ProviderSettings

use of org.forgerock.oauth2.core.OAuth2ProviderSettings in project OpenAM by OpenRock.

the class OpenAMTokenStoreTest method shouldCreateDeviceCode.

@Test
public void shouldCreateDeviceCode() throws Exception {
    // Given
    OAuth2ProviderSettings providerSettings = mock(OAuth2ProviderSettings.class);
    given(providerSettingsFactory.get(any(OAuth2Request.class))).willReturn(providerSettings);
    given(providerSettings.getDeviceCodeLifetime()).willReturn(10);
    given(tokenStore.query(any(QueryFilter.class))).willReturn(json(array()));
    final RestletOAuth2Request oauth2Request = oAuth2RequestFactory.create(this.request);
    given(request.getAttributes()).willReturn(new ConcurrentHashMap<>(singletonMap("realm", (Object) "MY_REALM")));
    given(realmNormaliser.normalise("MY_REALM")).willReturn("MY_REALM");
    ResourceOwner resourceOwner = mock(ResourceOwner.class);
    given(resourceOwner.getId()).willReturn("RESOURCE_OWNER_ID");
    // When
    DeviceCode code = openAMtokenStore.createDeviceCode(asSet("one", "two"), resourceOwner, "CLIENT ID", "NONCE", "RESPONSE TYPE", "STATE", "ACR VALUES", "PROMPT", "UI LOCALES", "LOGIN HINT", 55, "CLAIMS", oauth2Request, "CODE CHALLENGE", "CODE METHOD");
    // Then
    assertThat(code.getScope()).containsOnly("one", "two");
    assertThat(code.getClientId()).isEqualTo("CLIENT ID");
    assertThat(code.getNonce()).isEqualTo("NONCE");
    assertThat(code.getResponseType()).isEqualTo("RESPONSE TYPE");
    assertThat(code.getState()).isEqualTo("STATE");
    assertThat(code.getAcrValues()).isEqualTo("ACR VALUES");
    assertThat(code.getPrompt()).isEqualTo("PROMPT");
    assertThat(code.getUiLocales()).isEqualTo("UI LOCALES");
    assertThat(code.getLoginHint()).isEqualTo("LOGIN HINT");
    assertThat(code.getClaims()).isEqualTo("CLAIMS");
    assertThat(code.getCodeChallenge()).isEqualTo("CODE CHALLENGE");
    assertThat(code.getCodeChallengeMethod()).isEqualTo("CODE METHOD");
    assertThat(code.getMaxAge()).isEqualTo(55);
    assertThat(code.getTokenName()).isEqualTo("device_code");
    assertThat(code.getExpiryTime()).isCloseTo(System.currentTimeMillis() + 10000, offset(1000L));
    assertThat(code.getTokenId()).matches("[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}");
    assertThat(code.getUserCode()).matches("[" + OpenAMTokenStore.ALPHABET + "]{8}");
    assertThat(code.getRealm()).isEqualTo("MY_REALM");
}
Also used : RestletOAuth2Request(org.forgerock.oauth2.restlet.RestletOAuth2Request) OAuth2Request(org.forgerock.oauth2.core.OAuth2Request) QueryFilter(org.forgerock.util.query.QueryFilter) ResourceOwner(org.forgerock.oauth2.core.ResourceOwner) DeviceCode(org.forgerock.oauth2.core.DeviceCode) OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings) RestletOAuth2Request(org.forgerock.oauth2.restlet.RestletOAuth2Request) Test(org.testng.annotations.Test)

Example 24 with OAuth2ProviderSettings

use of org.forgerock.oauth2.core.OAuth2ProviderSettings in project OpenAM by OpenRock.

the class UmaUrisFactory method get.

/**
     * <p>Gets the instance of the UmaUris.</p>
     *
     * <p>Cache each provider settings on the realm it was created for.</p>
     *
     * @param request The request instance from which the base URL can be deduced.
     * @param realmInfo The realm.
     * @return The OAuth2ProviderSettings instance.
     */
public UmaUris get(HttpServletRequest request, RealmInfo realmInfo) throws NotFoundException, ServerException {
    String absoluteRealm = realmInfo.getAbsoluteRealm();
    String baseUrl;
    try {
        baseUrl = baseURLProviderFactory.get(absoluteRealm).getRealmURL(request, "/uma", absoluteRealm);
    } catch (InvalidBaseUrlException e) {
        throw new ServerException("Configuration error");
    }
    UmaUris uris = urisMap.get(baseUrl);
    if (uris == null) {
        OAuth2Uris oAuth2Uris = oAuth2UriFactory.get(request, realmInfo);
        uris = getUmaUris(absoluteRealm, oAuth2Uris, baseUrl);
    }
    return uris;
}
Also used : ServerException(org.forgerock.oauth2.core.exceptions.ServerException) OAuth2Uris(org.forgerock.oauth2.core.OAuth2Uris) InvalidBaseUrlException(org.forgerock.openam.services.baseurl.InvalidBaseUrlException)

Example 25 with OAuth2ProviderSettings

use of org.forgerock.oauth2.core.OAuth2ProviderSettings in project OpenAM by OpenRock.

the class AuthorizationServiceImpl method authorize.

/**
     * {@inheritDoc}
     */
public AuthorizationToken authorize(OAuth2Request request) throws ResourceOwnerAuthenticationRequired, ResourceOwnerConsentRequired, InvalidClientException, UnsupportedResponseTypeException, RedirectUriMismatchException, InvalidRequestException, AccessDeniedException, ServerException, LoginRequiredException, BadRequestException, InteractionRequiredException, ResourceOwnerConsentRequiredException, InvalidScopeException, NotFoundException {
    final OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(request);
    for (final AuthorizeRequestValidator requestValidator : requestValidators) {
        requestValidator.validateRequest(request);
    }
    final String clientId = request.getParameter(CLIENT_ID);
    final ClientRegistration clientRegistration = clientRegistrationStore.get(clientId, request);
    final Set<String> scope = Utils.splitScope(request.<String>getParameter(SCOPE));
    //plugin point
    final Set<String> validatedScope = providerSettings.validateAuthorizationScope(clientRegistration, scope, request);
    // is resource owner authenticated?
    final ResourceOwner resourceOwner = resourceOwnerSessionValidator.validate(request);
    final boolean consentSaved = providerSettings.isConsentSaved(resourceOwner, clientRegistration.getClientId(), validatedScope);
    //plugin point
    final boolean haveConsent = consentVerifier.verify(consentSaved, request, clientRegistration);
    if (!haveConsent) {
        String localeParameter = request.getParameter(LOCALE);
        String uiLocaleParameter = request.getParameter(UI_LOCALES);
        Locale locale = getLocale(uiLocaleParameter, localeParameter);
        if (locale == null) {
            locale = request.getLocale();
        }
        UserInfoClaims userInfo = null;
        try {
            userInfo = providerSettings.getUserInfo(request.getToken(AccessToken.class), request);
        } catch (UnauthorizedClientException e) {
            logger.debug("Couldn't get user info - continuing to display consent page without claims.", e);
        }
        String clientName = clientRegistration.getDisplayName(locale);
        if (clientName == null) {
            clientName = clientRegistration.getClientId();
            logger.warn("Client does not have a display name or client name set. using client ID {} for display", clientName);
        }
        final String displayDescription = clientRegistration.getDisplayDescription(locale);
        final String clientDescription = displayDescription == null ? "" : displayDescription;
        final Map<String, String> scopeDescriptions = getScopeDescriptions(validatedScope, clientRegistration.getScopeDescriptions(locale));
        final Map<String, String> claimDescriptions = getClaimDescriptions(userInfo.getValues(), clientRegistration.getClaimDescriptions(locale));
        throw new ResourceOwnerConsentRequired(clientName, clientDescription, scopeDescriptions, claimDescriptions, userInfo, resourceOwner.getName(providerSettings));
    }
    return tokenIssuer.issueTokens(request, clientRegistration, resourceOwner, scope, providerSettings);
}
Also used : Locale(java.util.Locale) UnauthorizedClientException(org.forgerock.oauth2.core.exceptions.UnauthorizedClientException) ResourceOwnerConsentRequired(org.forgerock.oauth2.core.exceptions.ResourceOwnerConsentRequired)

Aggregations

OAuth2ProviderSettings (org.forgerock.oauth2.core.OAuth2ProviderSettings)39 ServerException (org.forgerock.oauth2.core.exceptions.ServerException)18 OAuth2Request (org.forgerock.oauth2.core.OAuth2Request)15 JsonValue (org.forgerock.json.JsonValue)9 AccessToken (org.forgerock.oauth2.core.AccessToken)9 HashSet (java.util.HashSet)8 OAuth2Uris (org.forgerock.oauth2.core.OAuth2Uris)8 HashMap (java.util.HashMap)7 ResourceSetStore (org.forgerock.oauth2.resources.ResourceSetStore)7 Request (org.restlet.Request)7 NotFoundException (org.forgerock.oauth2.core.exceptions.NotFoundException)6 ResourceSetDescription (org.forgerock.oauth2.resources.ResourceSetDescription)6 JSONObject (org.json.JSONObject)6 Test (org.testng.annotations.Test)6 UnauthorizedClientException (org.forgerock.oauth2.core.exceptions.UnauthorizedClientException)5 CoreTokenException (org.forgerock.openam.cts.exceptions.CoreTokenException)5 OpenIdConnectClientRegistration (org.forgerock.openidconnect.OpenIdConnectClientRegistration)5 BeforeTest (org.testng.annotations.BeforeTest)5 HttpServletRequest (javax.servlet.http.HttpServletRequest)4 OAuth2ProviderSettingsFactory (org.forgerock.oauth2.core.OAuth2ProviderSettingsFactory)4