Examples with OAuth2Request org.forgerock.oauth2.core.OAuth2Request used on opensource projects

Example 36 with OAuth2Request

use of org.forgerock.oauth2.core.OAuth2Request in project OpenAM by OpenRock.

the class OpenAMTokenStore method updateDeviceCode.

@Override
public void updateDeviceCode(DeviceCode code, OAuth2Request request) throws ServerException, NotFoundException, InvalidGrantException {
    try {
        readDeviceCode(code.getClientId(), code.getDeviceCode(), request);
        tokenStore.update(code);
    } catch (CoreTokenException e) {
        throw new ServerException("Could not update user code state");
    }
}

Example 37 with OAuth2Request

use of org.forgerock.oauth2.core.OAuth2Request in project OpenAM by OpenRock.

the class OpenAMTokenStore method readAuthorizationCode.

/**
     * {@inheritDoc}
     */
public AuthorizationCode readAuthorizationCode(OAuth2Request request, String code) throws InvalidGrantException, ServerException, NotFoundException {
    AuthorizationCode loaded = request.getToken(AuthorizationCode.class);
    if (loaded != null) {
        return loaded;
    }
    logger.message("Reading Authorization code: {}", code);
    final JsonValue token;
    // Read from CTS
    try {
        token = tokenStore.read(code);
    } catch (CoreTokenException e) {
        logger.error("Unable to read authorization code corresponding to id: " + code, e);
        throw new ServerException("Could not read token from CTS: " + e.getMessage());
    }
    if (token == null) {
        logger.error("Unable to read authorization code corresponding to id: " + code);
        throw new InvalidGrantException("The provided access grant is invalid, expired, or revoked.");
    }
    OpenAMAuthorizationCode authorizationCode = new OpenAMAuthorizationCode(token);
    validateTokenRealm(authorizationCode.getRealm(), request);
    request.setToken(AuthorizationCode.class, authorizationCode);
    return authorizationCode;
}

Example 38 with OAuth2Request

use of org.forgerock.oauth2.core.OAuth2Request in project OpenAM by OpenRock.

the class OpenAMTokenStore method readAccessToken.

/**
     * {@inheritDoc}
     */
public AccessToken readAccessToken(OAuth2Request request, String tokenId) throws ServerException, InvalidGrantException, NotFoundException {
    AccessToken loaded = request.getToken(AccessToken.class);
    if (loaded != null) {
        return loaded;
    }
    logger.message("Reading access token");
    JsonValue token;
    // Read from CTS
    try {
        token = tokenStore.read(tokenId);
    } catch (CoreTokenException e) {
        logger.error("Unable to read access token corresponding to id: " + tokenId, e);
        throw new ServerException("Could not read token in CTS: " + e.getMessage());
    }
    if (token == null) {
        logger.error("Unable to read access token corresponding to id: " + tokenId);
        throw new InvalidGrantException("Could not read token in CTS");
    }
    OpenAMAccessToken accessToken = new OpenAMAccessToken(token);
    validateTokenRealm(accessToken.getRealm(), request);
    request.setToken(AccessToken.class, accessToken);
    return accessToken;
}

Example 39 with OAuth2Request

use of org.forgerock.oauth2.core.OAuth2Request in project OpenAM by OpenRock.

the class PermissionRequestEndpointTest method setup.

@BeforeMethod
@SuppressWarnings("unchecked")
public void setup() throws ServerException, InvalidGrantException, NotFoundException {
    resourceSetStore = mock(ResourceSetStore.class);
    OAuth2RequestFactory<?, Request> requestFactory = mock(OAuth2RequestFactory.class);
    umaTokenStore = mock(UmaTokenStore.class);
    OAuth2ProviderSettingsFactory providerSettingFactory = mock(OAuth2ProviderSettingsFactory.class);
    OAuth2ProviderSettings providerSettings = mock(OAuth2ProviderSettings.class);
    given(providerSettingFactory.get(Matchers.<OAuth2Request>anyObject())).willReturn(providerSettings);
    given(providerSettings.getResourceSetStore()).willReturn(resourceSetStore);
    UmaProviderSettingsFactory umaProviderSettingsFactory = mock(UmaProviderSettingsFactory.class);
    UmaProviderSettings umaProviderSettings = mock(UmaProviderSettings.class);
    given(umaProviderSettingsFactory.get(any(Request.class))).willReturn(umaProviderSettings);
    given(umaProviderSettings.getUmaTokenStore()).willReturn(umaTokenStore);
    ExtensionFilterManager extensionFilterManager = mock(ExtensionFilterManager.class);
    permissionRequestFilter = mock(PermissionRequestFilter.class);
    given(extensionFilterManager.getFilters(PermissionRequestFilter.class)).willReturn(Collections.singleton(permissionRequestFilter));
    UmaExceptionHandler exceptionHandler = mock(UmaExceptionHandler.class);
    endpoint = spy(new PermissionRequestEndpoint(providerSettingFactory, requestFactory, umaProviderSettingsFactory, extensionFilterManager, exceptionHandler, jacksonRepresentationFactory));
    response = mock(Response.class);
    endpoint.setResponse(response);
    Request request = mock(Request.class);
    given(endpoint.getRequest()).willReturn(request);
    AccessToken accessToken = mock(AccessToken.class);
    given(accessToken.getClientId()).willReturn("CLIENT_ID");
    given(accessToken.getResourceOwnerId()).willReturn("RESOURCE_OWNER_ID");
    OAuth2Request oAuth2Request = mock(OAuth2Request.class);
    given(requestFactory.create(request)).willReturn(oAuth2Request);
    given(oAuth2Request.getToken(AccessToken.class)).willReturn(accessToken);
}

Example 40 with OAuth2Request

use of org.forgerock.oauth2.core.OAuth2Request in project OpenAM by OpenRock.

the class AuthorizationServiceImpl method authorize.

/**
     * {@inheritDoc}
     */
public AuthorizationToken authorize(OAuth2Request request) throws ResourceOwnerAuthenticationRequired, ResourceOwnerConsentRequired, InvalidClientException, UnsupportedResponseTypeException, RedirectUriMismatchException, InvalidRequestException, AccessDeniedException, ServerException, LoginRequiredException, BadRequestException, InteractionRequiredException, ResourceOwnerConsentRequiredException, InvalidScopeException, NotFoundException {
    final OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(request);
    for (final AuthorizeRequestValidator requestValidator : requestValidators) {
        requestValidator.validateRequest(request);
    }
    final String clientId = request.getParameter(CLIENT_ID);
    final ClientRegistration clientRegistration = clientRegistrationStore.get(clientId, request);
    final Set<String> scope = Utils.splitScope(request.<String>getParameter(SCOPE));
    //plugin point
    final Set<String> validatedScope = providerSettings.validateAuthorizationScope(clientRegistration, scope, request);
    // is resource owner authenticated?
    final ResourceOwner resourceOwner = resourceOwnerSessionValidator.validate(request);
    final boolean consentSaved = providerSettings.isConsentSaved(resourceOwner, clientRegistration.getClientId(), validatedScope);
    //plugin point
    final boolean haveConsent = consentVerifier.verify(consentSaved, request, clientRegistration);
    if (!haveConsent) {
        String localeParameter = request.getParameter(LOCALE);
        String uiLocaleParameter = request.getParameter(UI_LOCALES);
        Locale locale = getLocale(uiLocaleParameter, localeParameter);
        if (locale == null) {
            locale = request.getLocale();
        }
        UserInfoClaims userInfo = null;
        try {
            userInfo = providerSettings.getUserInfo(request.getToken(AccessToken.class), request);
        } catch (UnauthorizedClientException e) {
            logger.debug("Couldn't get user info - continuing to display consent page without claims.", e);
        }
        String clientName = clientRegistration.getDisplayName(locale);
        if (clientName == null) {
            clientName = clientRegistration.getClientId();
            logger.warn("Client does not have a display name or client name set. using client ID {} for display", clientName);
        }
        final String displayDescription = clientRegistration.getDisplayDescription(locale);
        final String clientDescription = displayDescription == null ? "" : displayDescription;
        final Map<String, String> scopeDescriptions = getScopeDescriptions(validatedScope, clientRegistration.getScopeDescriptions(locale));
        final Map<String, String> claimDescriptions = getClaimDescriptions(userInfo.getValues(), clientRegistration.getClaimDescriptions(locale));
        throw new ResourceOwnerConsentRequired(clientName, clientDescription, scopeDescriptions, claimDescriptions, userInfo, resourceOwner.getName(providerSettings));
    }
    return tokenIssuer.issueTokens(request, clientRegistration, resourceOwner, scope, providerSettings);
}