use of org.forgerock.oauth2.core.OAuth2ProviderSettings in project OpenAM by OpenRock.
the class TokenResource method getExpiryDate.
private String getExpiryDate(JsonValue token, Context context) throws CoreTokenException, InternalServerErrorException, NotFoundException {
OAuth2ProviderSettings oAuth2ProviderSettings;
final String realm = getAttributeValue(token, "realm");
try {
oAuth2ProviderSettings = oAuth2ProviderSettingsFactory.get(realm);
} catch (org.forgerock.oauth2.core.exceptions.NotFoundException e) {
throw new NotFoundException(e.getMessage());
}
try {
if (token.isDefined("refreshToken")) {
if (oAuth2ProviderSettings.issueRefreshTokensOnRefreshingToken()) {
return getIndefinitelyString(context);
} else {
//Use refresh token expiry
JsonValue refreshToken = tokenStore.read(getAttributeValue(token, "refreshToken"));
long expiryTimeInMilliseconds = Long.parseLong(getAttributeValue(refreshToken, EXPIRE_TIME_KEY));
if (expiryTimeInMilliseconds == -1) {
return getIndefinitelyString(context);
}
return getDateFormat(context).format(new Date(expiryTimeInMilliseconds));
}
} else {
//Use access token expiry
long expiryTimeInMilliseconds = Long.parseLong(getAttributeValue(token, EXPIRE_TIME_KEY));
return getDateFormat(context).format(new Date(expiryTimeInMilliseconds));
}
} catch (ServerException | SMSException | SSOException e) {
throw new InternalServerErrorException(e);
}
}
use of org.forgerock.oauth2.core.OAuth2ProviderSettings in project OpenAM by OpenRock.
the class OpenAMResourceOwnerSessionValidatorTest method mockAcrValuesMap.
private void mockAcrValuesMap(Map<String, AuthenticationMethod> mapping) throws Exception {
final OAuth2ProviderSettings mockSettings = mock(OAuth2ProviderSettings.class);
given(mockProviderSettingsFactory.get(mockOAuth2Request)).willReturn(mockSettings);
given(mockSettings.getAcrMapping()).willReturn(mapping);
}
use of org.forgerock.oauth2.core.OAuth2ProviderSettings in project OpenAM by OpenRock.
the class OpenAMTokenStoreTest method shouldCreateDeviceCode.
@Test
public void shouldCreateDeviceCode() throws Exception {
// Given
OAuth2ProviderSettings providerSettings = mock(OAuth2ProviderSettings.class);
given(providerSettingsFactory.get(any(OAuth2Request.class))).willReturn(providerSettings);
given(providerSettings.getDeviceCodeLifetime()).willReturn(10);
given(tokenStore.query(any(QueryFilter.class))).willReturn(json(array()));
final RestletOAuth2Request oauth2Request = oAuth2RequestFactory.create(this.request);
given(request.getAttributes()).willReturn(new ConcurrentHashMap<>(singletonMap("realm", (Object) "MY_REALM")));
given(realmNormaliser.normalise("MY_REALM")).willReturn("MY_REALM");
ResourceOwner resourceOwner = mock(ResourceOwner.class);
given(resourceOwner.getId()).willReturn("RESOURCE_OWNER_ID");
// When
DeviceCode code = openAMtokenStore.createDeviceCode(asSet("one", "two"), resourceOwner, "CLIENT ID", "NONCE", "RESPONSE TYPE", "STATE", "ACR VALUES", "PROMPT", "UI LOCALES", "LOGIN HINT", 55, "CLAIMS", oauth2Request, "CODE CHALLENGE", "CODE METHOD");
// Then
assertThat(code.getScope()).containsOnly("one", "two");
assertThat(code.getClientId()).isEqualTo("CLIENT ID");
assertThat(code.getNonce()).isEqualTo("NONCE");
assertThat(code.getResponseType()).isEqualTo("RESPONSE TYPE");
assertThat(code.getState()).isEqualTo("STATE");
assertThat(code.getAcrValues()).isEqualTo("ACR VALUES");
assertThat(code.getPrompt()).isEqualTo("PROMPT");
assertThat(code.getUiLocales()).isEqualTo("UI LOCALES");
assertThat(code.getLoginHint()).isEqualTo("LOGIN HINT");
assertThat(code.getClaims()).isEqualTo("CLAIMS");
assertThat(code.getCodeChallenge()).isEqualTo("CODE CHALLENGE");
assertThat(code.getCodeChallengeMethod()).isEqualTo("CODE METHOD");
assertThat(code.getMaxAge()).isEqualTo(55);
assertThat(code.getTokenName()).isEqualTo("device_code");
assertThat(code.getExpiryTime()).isCloseTo(System.currentTimeMillis() + 10000, offset(1000L));
assertThat(code.getTokenId()).matches("[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}");
assertThat(code.getUserCode()).matches("[" + OpenAMTokenStore.ALPHABET + "]{8}");
assertThat(code.getRealm()).isEqualTo("MY_REALM");
}
use of org.forgerock.oauth2.core.OAuth2ProviderSettings in project OpenAM by OpenRock.
the class UmaUrisFactory method get.
/**
* <p>Gets the instance of the UmaUris.</p>
*
* <p>Cache each provider settings on the realm it was created for.</p>
*
* @param request The request instance from which the base URL can be deduced.
* @param realmInfo The realm.
* @return The OAuth2ProviderSettings instance.
*/
public UmaUris get(HttpServletRequest request, RealmInfo realmInfo) throws NotFoundException, ServerException {
String absoluteRealm = realmInfo.getAbsoluteRealm();
String baseUrl;
try {
baseUrl = baseURLProviderFactory.get(absoluteRealm).getRealmURL(request, "/uma", absoluteRealm);
} catch (InvalidBaseUrlException e) {
throw new ServerException("Configuration error");
}
UmaUris uris = urisMap.get(baseUrl);
if (uris == null) {
OAuth2Uris oAuth2Uris = oAuth2UriFactory.get(request, realmInfo);
uris = getUmaUris(absoluteRealm, oAuth2Uris, baseUrl);
}
return uris;
}
use of org.forgerock.oauth2.core.OAuth2ProviderSettings in project OpenAM by OpenRock.
the class AuthorizationServiceImpl method authorize.
/**
* {@inheritDoc}
*/
public AuthorizationToken authorize(OAuth2Request request) throws ResourceOwnerAuthenticationRequired, ResourceOwnerConsentRequired, InvalidClientException, UnsupportedResponseTypeException, RedirectUriMismatchException, InvalidRequestException, AccessDeniedException, ServerException, LoginRequiredException, BadRequestException, InteractionRequiredException, ResourceOwnerConsentRequiredException, InvalidScopeException, NotFoundException {
final OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(request);
for (final AuthorizeRequestValidator requestValidator : requestValidators) {
requestValidator.validateRequest(request);
}
final String clientId = request.getParameter(CLIENT_ID);
final ClientRegistration clientRegistration = clientRegistrationStore.get(clientId, request);
final Set<String> scope = Utils.splitScope(request.<String>getParameter(SCOPE));
//plugin point
final Set<String> validatedScope = providerSettings.validateAuthorizationScope(clientRegistration, scope, request);
// is resource owner authenticated?
final ResourceOwner resourceOwner = resourceOwnerSessionValidator.validate(request);
final boolean consentSaved = providerSettings.isConsentSaved(resourceOwner, clientRegistration.getClientId(), validatedScope);
//plugin point
final boolean haveConsent = consentVerifier.verify(consentSaved, request, clientRegistration);
if (!haveConsent) {
String localeParameter = request.getParameter(LOCALE);
String uiLocaleParameter = request.getParameter(UI_LOCALES);
Locale locale = getLocale(uiLocaleParameter, localeParameter);
if (locale == null) {
locale = request.getLocale();
}
UserInfoClaims userInfo = null;
try {
userInfo = providerSettings.getUserInfo(request.getToken(AccessToken.class), request);
} catch (UnauthorizedClientException e) {
logger.debug("Couldn't get user info - continuing to display consent page without claims.", e);
}
String clientName = clientRegistration.getDisplayName(locale);
if (clientName == null) {
clientName = clientRegistration.getClientId();
logger.warn("Client does not have a display name or client name set. using client ID {} for display", clientName);
}
final String displayDescription = clientRegistration.getDisplayDescription(locale);
final String clientDescription = displayDescription == null ? "" : displayDescription;
final Map<String, String> scopeDescriptions = getScopeDescriptions(validatedScope, clientRegistration.getScopeDescriptions(locale));
final Map<String, String> claimDescriptions = getClaimDescriptions(userInfo.getValues(), clientRegistration.getClaimDescriptions(locale));
throw new ResourceOwnerConsentRequired(clientName, clientDescription, scopeDescriptions, claimDescriptions, userInfo, resourceOwner.getName(providerSettings));
}
return tokenIssuer.issueTokens(request, clientRegistration, resourceOwner, scope, providerSettings);
}
Aggregations