Examples with OAuth2Request org.forgerock.oauth2.core.OAuth2Request used on opensource projects

Example 31 with OAuth2Request

use of org.forgerock.oauth2.core.OAuth2Request in project OpenAM by OpenRock.

the class OpenAMTokenStore method generateCHash.

/**
     * For c_hash, used when code and id_token exist in scope.
     */
private String generateCHash(String algorithm, OAuth2Request request, OAuth2ProviderSettings providerSettings) throws ServerException {
    final AuthorizationCode authorizationCode = request.getToken(AuthorizationCode.class);
    if (authorizationCode == null) {
        logger.message("c_hash generation requires an existing code.");
        return null;
    }
    final String codeValue = authorizationCode.getTokenId();
    return generateHash(algorithm, codeValue, providerSettings);
}

Example 32 with OAuth2Request

use of org.forgerock.oauth2.core.OAuth2Request in project OpenAM by OpenRock.

the class OpenAMResourceOwnerSessionValidator method authenticationRequired.

private ResourceOwnerAuthenticationRequired authenticationRequired(OAuth2Request request) throws AccessDeniedException, URISyntaxException, ServerException, NotFoundException, UnsupportedEncodingException {
    OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(request);
    Template loginUrlTemplate = providerSettings.getCustomLoginUrlTemplate();
    removeLoginPrompt(request.<Request>getRequest());
    String gotoUrl = request.<Request>getRequest().getResourceRef().toString();
    if (request.getParameter(USER_CODE) != null) {
        gotoUrl += (gotoUrl.indexOf('?') > -1 ? "&" : "?") + USER_CODE + "=" + request.getParameter(USER_CODE);
    }
    String acrValues = request.getParameter(ACR_VALUES);
    String realm = request.getParameter(OAuth2Constants.Custom.REALM);
    String moduleName = request.getParameter(MODULE);
    String serviceName = request.getParameter(SERVICE);
    String locale = getRequestLocale(request);
    URI loginUrl;
    if (loginUrlTemplate != null) {
        loginUrl = buildCustomLoginUrl(loginUrlTemplate, gotoUrl, acrValues, realm, moduleName, serviceName, locale);
    } else {
        loginUrl = buildDefaultLoginUrl(request, gotoUrl, acrValues, realm, moduleName, serviceName, locale);
    }
    return new ResourceOwnerAuthenticationRequired(loginUrl);
}

Example 33 with OAuth2Request

use of org.forgerock.oauth2.core.OAuth2Request in project OpenAM by OpenRock.

the class OpenAMResourceOwnerSessionValidator method setCurrentAcr.

/**
     * If the user is already logged in when the OAuth2 request comes in with an acr_values parameter, we
     * look to see if they've already matched one. If they have, we set the acr value on the request.
     */
private void setCurrentAcr(SSOToken token, OAuth2Request request, String acrValuesStr) throws NotFoundException, ServerException, SSOException, AccessDeniedException, UnsupportedEncodingException, URISyntaxException, ResourceOwnerAuthenticationRequired {
    String serviceUsed = token.getProperty(ISAuthConstants.SERVICE);
    Set<String> acrValues = new HashSet<>(Arrays.asList(acrValuesStr.split("\\s+")));
    OAuth2ProviderSettings settings = providerSettingsFactory.get(request);
    Map<String, AuthenticationMethod> acrMap = settings.getAcrMapping();
    boolean matched = false;
    for (String acr : acrValues) {
        if (acrMap.containsKey(acr)) {
            if (serviceUsed.equals(acrMap.get(acr).getName())) {
                final Request req = request.getRequest();
                req.getResourceRef().addQueryParameter(OAuth2Constants.JWTTokenParams.ACR, acr);
                matched = true;
            }
        }
    }
    if (!matched) {
        throw authenticationRequired(request, token);
    }
}

Example 34 with OAuth2Request

use of org.forgerock.oauth2.core.OAuth2Request in project OpenAM by OpenRock.

the class OpenAMResourceOwnerSessionValidator method chooseBestAcrValue.

/**
     * Searches through the supplied 'acr' values to find a matching authentication context configuration service for
     * this OpenID Connect client. If the client is not an OIDC client, or if no match is found, then {@code null} is
     * returned and the default login configuration for the realm will be used. Values will be tried in the order
     * passed, and the first matching value will be chosen.
     *
     * @param request the OAuth2 request that requires authentication.
     * @param acrValues the values of the acr_values parameter, in preference order.
     * @return the matching ACR value, or {@code null} if no match was found.
     */
private ACRValue chooseBestAcrValue(final OAuth2Request request, final String... acrValues) throws ServerException, NotFoundException {
    final OAuth2ProviderSettings settings = providerSettingsFactory.get(request);
    final Map<String, AuthenticationMethod> mapping = settings.getAcrMapping();
    if (mapping != null) {
        for (String acrValue : acrValues) {
            final AuthenticationMethod method = mapping.get(acrValue);
            if (method instanceof OpenAMAuthenticationMethod) {
                if (logger.messageEnabled()) {
                    logger.message("Picked ACR value [" + acrValue + "] -> " + method);
                }
                return new ACRValue(acrValue, (OpenAMAuthenticationMethod) method);
            }
        }
    }
    if (logger.messageEnabled()) {
        logger.message("No ACR value matched - using default login configuration");
    }
    return null;
}

Example 35 with OAuth2Request

use of org.forgerock.oauth2.core.OAuth2Request in project OpenAM by OpenRock.

the class OpenAMTokenStore method readRefreshToken.

/**
     * {@inheritDoc}
     */
public RefreshToken readRefreshToken(OAuth2Request request, String tokenId) throws ServerException, InvalidGrantException, NotFoundException {
    RefreshToken loaded = request.getToken(RefreshToken.class);
    if (loaded != null) {
        return loaded;
    }
    logger.message("Read refresh token");
    JsonValue token;
    try {
        token = tokenStore.read(tokenId);
    } catch (CoreTokenException e) {
        logger.error("Unable to read refresh token corresponding to id: " + tokenId, e);
        throw new ServerException("Could not read token in CTS: " + e.getMessage());
    }
    if (token == null) {
        logger.error("Unable to read refresh token corresponding to id: " + tokenId);
        throw new InvalidGrantException("grant is invalid");
    }
    OpenAMRefreshToken refreshToken = new OpenAMRefreshToken(token);
    validateTokenRealm(refreshToken.getRealm(), request);
    request.setToken(RefreshToken.class, refreshToken);
    return refreshToken;
}