Examples with OAuth2Request org.forgerock.oauth2.core.OAuth2Request used on opensource projects

Example 61 with OAuth2Request

use of org.forgerock.oauth2.core.OAuth2Request in project OpenAM by OpenRock.

the class OpenIdConnectAuthorizeRequestValidatorTest method validateShouldPassForRequestWithOpenidScopeOnOidcClient.

@Test
public void validateShouldPassForRequestWithOpenidScopeOnOidcClient() throws Exception {
    //Given
    OAuth2Request request = mock(OAuth2Request.class);
    given(clientRegistration.getAllowedScopes()).willReturn(Collections.singleton("openid"));
    given(request.getParameter("client_id")).willReturn("CLIENT_ID");
    given(request.getParameter("scope")).willReturn("openid");
    given(request.getParameter("prompt")).willReturn("consent");
    given(request.getParameter("nonce")).willReturn("12345");
    //When
    requestValidator.validateRequest(request);
}

Example 62 with OAuth2Request

use of org.forgerock.oauth2.core.OAuth2Request in project OpenAM by OpenRock.

the class ConnectClientRegistration method createClient.

/**
     * Handles POST requests to the OpenId Connect client registration endpoint for creating OpenId Connect client
     * registrations.
     *
     * @param entity The representation of the client registration details.
     * @return The representation of the client registration details as created in the store.
     * @throws OAuth2RestletException If an error occurs whilst processing the client registration.
     */
@Post
public Representation createClient(Representation entity) throws OAuth2RestletException {
    final OAuth2Request request = requestFactory.create(getRequest());
    final ChallengeResponse authHeader = getRequest().getChallengeResponse();
    final String accessToken = authHeader != null ? authHeader.getRawValue() : null;
    try {
        final String deploymentUrl = getRequest().getHostRef().toString() + "/" + getRequest().getResourceRef().getSegments().get(0);
        final JsonValue registration = clientRegistrationService.createRegistration(accessToken, deploymentUrl, request);
        setStatus(Status.SUCCESS_CREATED);
        return jacksonRepresentationFactory.create(registration.asMap());
    } catch (OAuth2Exception e) {
        throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), null);
    }
}

Example 63 with OAuth2Request

use of org.forgerock.oauth2.core.OAuth2Request in project OpenAM by OpenRock.

the class AuthorizationRequestEndpoint method requestAuthorization.

@Post
public Representation requestAuthorization(JsonRepresentation entity) throws BadRequestException, UmaException, EntitlementException, ServerException, NotFoundException {
    UmaProviderSettings umaProviderSettings = umaProviderSettingsFactory.get(this.getRequest());
    final OAuth2Request oauth2Request = requestFactory.create(getRequest());
    OAuth2ProviderSettings oauth2ProviderSettings = oauth2ProviderSettingsFactory.get(oauth2Request);
    OAuth2Uris oAuth2Uris = oAuth2UrisFactory.get(oauth2Request);
    final UmaTokenStore umaTokenStore = umaProviderSettings.getUmaTokenStore();
    String realm = oauth2Request.getParameter("realm");
    JsonValue requestBody = json(toMap(entity));
    PermissionTicket permissionTicket = getPermissionTicket(umaTokenStore, requestBody);
    validatePermissionTicketHolder(umaTokenStore, permissionTicket);
    final String resourceSetId = permissionTicket.getResourceSetId();
    final Request request = getRequest();
    final String resourceOwnerId = getResourceOwnerId(oauth2ProviderSettings, resourceSetId);
    AMIdentity resourceOwner = createIdentity(resourceOwnerId, realm);
    String requestingPartyId = null;
    try {
        requestingPartyId = getRequestingPartyId(umaProviderSettings, oAuth2Uris, requestBody);
    } finally {
        auditLogger.log(resourceSetId, resourceOwner, UmaAuditType.REQUEST, request, requestingPartyId == null ? getAuthorisationApiToken().getResourceOwnerId() : requestingPartyId);
    }
    if (isEntitled(umaProviderSettings, oauth2ProviderSettings, permissionTicket, requestingPartyId)) {
        getResponse().setStatus(new Status(200));
        auditLogger.log(resourceSetId, resourceOwner, UmaAuditType.GRANTED, request, requestingPartyId);
        return createJsonRpt(umaTokenStore, permissionTicket);
    } else {
        try {
            if (verifyPendingRequestDoesNotAlreadyExist(resourceSetId, resourceOwnerId, permissionTicket.getRealm(), requestingPartyId, permissionTicket.getScopes())) {
                auditLogger.log(resourceSetId, resourceOwner, UmaAuditType.DENIED, request, requestingPartyId);
                throw new UmaException(403, UmaConstants.NOT_AUTHORISED_ERROR_CODE, "The client is not authorised to access the requested resource set");
            } else {
                pendingRequestsService.createPendingRequest(ServletUtils.getRequest(getRequest()), resourceSetId, auditLogger.getResourceName(resourceSetId, request), resourceOwnerId, requestingPartyId, permissionTicket.getRealm(), permissionTicket.getScopes());
                auditLogger.log(resourceSetId, resourceOwner, UmaAuditType.REQUEST_SUBMITTED, request, requestingPartyId);
            }
        } catch (org.forgerock.openam.sm.datalayer.store.ServerException e) {
            logger.error("Failed to create pending request", e);
            throw new UmaException(403, UmaConstants.NOT_AUTHORISED_ERROR_CODE, "Failed to create pending request");
        }
        throw newRequestSubmittedException();
    }
}

Example 64 with OAuth2Request

use of org.forgerock.oauth2.core.OAuth2Request in project OpenAM by OpenRock.

the class PermissionRequestEndpoint method registerPermissionRequest.

/**
     * Registers the permission that the client requires for it to be able to access a protected resource.
     *
     * @param entity The permission request JSON body.
     * @return A JSON object containing the permission ticket.
     * @throws UmaException If the JSON request body is invalid or the requested resource set does not exist.
     */
@Post
public Representation registerPermissionRequest(JsonRepresentation entity) throws UmaException, NotFoundException, ServerException {
    JsonValue permissionRequest = json(toMap(entity));
    String resourceSetId = getResourceSetId(permissionRequest);
    OAuth2Request oAuth2Request = requestFactory.create(getRequest());
    String clientId = getClientId(oAuth2Request);
    OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(oAuth2Request);
    String resourceOwnerId = getResourceOwnerId(oAuth2Request);
    ResourceSetDescription resourceSetDescription = getResourceSet(resourceSetId, resourceOwnerId, providerSettings);
    Set<String> scopes = validateScopes(permissionRequest, resourceSetDescription);
    for (PermissionRequestFilter filter : extensionFilterManager.getFilters(PermissionRequestFilter.class)) {
        filter.onPermissionRequest(resourceSetDescription, scopes, clientId);
    }
    String ticket = umaProviderSettingsFactory.get(getRequest()).getUmaTokenStore().createPermissionTicket(resourceSetId, scopes, clientId).getId();
    return setResponse(201, Collections.<String, Object>singletonMap("ticket", ticket));
}

Example 65 with OAuth2Request

use of org.forgerock.oauth2.core.OAuth2Request in project OpenAM by OpenRock.

the class IdTokenClaimGatherer method getRequestingPartyId.

@Override
public String getRequestingPartyId(OAuth2Request oAuth2Request, AccessToken authorizationApiToken, JsonValue claimToken) {
    try {
        SignedJwt idToken = jwtReconstruction.reconstructJwt(claimToken.asString(), SignedJwt.class);
        OAuth2ProviderSettings oAuth2ProviderSettings = oauth2ProviderSettingsFactory.get(oAuth2Request);
        OAuth2Uris oAuth2Uris = oAuth2UrisFactory.get(oAuth2Request);
        byte[] clientSecret = clientRegistrationStore.get(authorizationApiToken.getClientId(), oAuth2Request).getClientSecret().getBytes(Utils.CHARSET);
        KeyPair keyPair = oAuth2ProviderSettings.getServerKeyPair();
        if (!idToken.getClaimsSet().getIssuer().equals(oAuth2Uris.getIssuer())) {
            logger.warn("Issuer of id token, {0}, does not match issuer of authorization server, {1}.", idToken.getClaimsSet().getIssuer(), oAuth2Uris.getIssuer());
            return null;
        }
        if (!verify(clientSecret, keyPair, idToken)) {
            logger.warn("Signature of id token is invalid.");
            return null;
        }
        return idToken.getClaimsSet().getSubject();
    } catch (InvalidClientException e) {
        logger.error("Failed to find client", e);
        return null;
    } catch (NotFoundException | ServerException e) {
        logger.error("Failed to find OAuth2 settings", e);
        return null;
    }
}