Examples with OAuth2Uris org.forgerock.oauth2.core.OAuth2Uris used on opensource projects

Example 1 with OAuth2Uris

use of org.forgerock.oauth2.core.OAuth2Uris in project OpenAM by OpenRock.

the class UmaUrisFactory method get.

/**
     * <p>Gets the instance of the UmaUris.</p>
     *
     * <p>Cache each provider settings on the realm it was created for.</p>
     *
     * @param request The request instance from which the base URL can be deduced.
     * @param realmInfo The realm.
     * @return The OAuth2ProviderSettings instance.
     */
public UmaUris get(HttpServletRequest request, RealmInfo realmInfo) throws NotFoundException, ServerException {
    String absoluteRealm = realmInfo.getAbsoluteRealm();
    String baseUrl;
    try {
        baseUrl = baseURLProviderFactory.get(absoluteRealm).getRealmURL(request, "/uma", absoluteRealm);
    } catch (InvalidBaseUrlException e) {
        throw new ServerException("Configuration error");
    }
    UmaUris uris = urisMap.get(baseUrl);
    if (uris == null) {
        OAuth2Uris oAuth2Uris = oAuth2UriFactory.get(request, realmInfo);
        uris = getUmaUris(absoluteRealm, oAuth2Uris, baseUrl);
    }
    return uris;
}

Example 2 with OAuth2Uris

use of org.forgerock.oauth2.core.OAuth2Uris in project OpenAM by OpenRock.

the class OpenIDConnectProviderConfiguration method getConfiguration.

/**
     * Gets the OpenId configuration for the OpenId Connect provider.
     *
     * @param request The OAuth2 request.
     * @return A JsonValue representation of the OpenId configuration.
     * @throws UnsupportedResponseTypeException If the requested response type is not supported by either the client
     *          or the OAuth2 provider.
     * @throws ServerException If any internal server error occurs.
     */
public JsonValue getConfiguration(OAuth2Request request) throws OAuth2Exception {
    final OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(request);
    final OAuth2Uris uris = urisFactory.get(request);
    if (!providerSettings.exists() || providerSettings.getSupportedScopes() == null || !providerSettings.getSupportedScopes().contains("openid")) {
        throw new NotFoundException("Invalid URL");
    }
    final Map<String, Object> configuration = new HashMap<>();
    configuration.put("version", providerSettings.getOpenIDConnectVersion());
    configuration.put("issuer", uris.getIssuer());
    configuration.put("authorization_endpoint", uris.getAuthorizationEndpoint());
    configuration.put("token_endpoint", uris.getTokenEndpoint());
    configuration.put("userinfo_endpoint", uris.getUserInfoEndpoint());
    configuration.put("check_session_iframe", uris.getCheckSessionEndpoint());
    configuration.put("end_session_endpoint", uris.getEndSessionEndpoint());
    configuration.put("jwks_uri", uris.getJWKSUri());
    configuration.put("registration_endpoint", uris.getClientRegistrationEndpoint());
    configuration.put("claims_supported", providerSettings.getSupportedClaims());
    configuration.put("scopes_supported", providerSettings.getSupportedScopes());
    configuration.put("response_types_supported", getResponseTypes(providerSettings.getAllowedResponseTypes().keySet()));
    configuration.put("subject_types_supported", providerSettings.getSupportedSubjectTypes());
    configuration.put("id_token_signing_alg_values_supported", providerSettings.getSupportedIDTokenSigningAlgorithms());
    configuration.put("acr_values_supported", providerSettings.getAcrMapping().keySet());
    configuration.put("claims_parameter_supported", providerSettings.getClaimsParameterSupported());
    configuration.put("token_endpoint_auth_methods_supported", providerSettings.getEndpointAuthMethodsSupported());
    return new JsonValue(configuration);
}

Example 3 with OAuth2Uris

use of org.forgerock.oauth2.core.OAuth2Uris in project OpenAM by OpenRock.

the class OpenAMOAuth2UrisFactory method get.

/**
     * Gets a OAuth2Uris instance.
     *
     * @param context TODO
     * @param realmInfo The realm information.
     * @return A UmaProviderSettings instance.
     */
@Override
public OAuth2Uris get(Context context, RealmInfo realmInfo) throws NotFoundException, ServerException {
    String absoluteRealm = realmInfo.getAbsoluteRealm();
    BaseURLProvider baseURLProvider = baseURLProviderFactory.get(absoluteRealm);
    String baseUrl;
    try {
        baseUrl = baseURLProvider.getRealmURL(context.asContext(HttpContext.class), "/oauth2", absoluteRealm);
    } catch (InvalidBaseUrlException e) {
        throw new ServerException("Configuration error");
    }
    return get(absoluteRealm, baseUrl);
}

Example 4 with OAuth2Uris

use of org.forgerock.oauth2.core.OAuth2Uris in project OpenAM by OpenRock.

the class AuthorizationRequestEndpoint method requestAuthorization.

@Post
public Representation requestAuthorization(JsonRepresentation entity) throws BadRequestException, UmaException, EntitlementException, ServerException, NotFoundException {
    UmaProviderSettings umaProviderSettings = umaProviderSettingsFactory.get(this.getRequest());
    final OAuth2Request oauth2Request = requestFactory.create(getRequest());
    OAuth2ProviderSettings oauth2ProviderSettings = oauth2ProviderSettingsFactory.get(oauth2Request);
    OAuth2Uris oAuth2Uris = oAuth2UrisFactory.get(oauth2Request);
    final UmaTokenStore umaTokenStore = umaProviderSettings.getUmaTokenStore();
    String realm = oauth2Request.getParameter("realm");
    JsonValue requestBody = json(toMap(entity));
    PermissionTicket permissionTicket = getPermissionTicket(umaTokenStore, requestBody);
    validatePermissionTicketHolder(umaTokenStore, permissionTicket);
    final String resourceSetId = permissionTicket.getResourceSetId();
    final Request request = getRequest();
    final String resourceOwnerId = getResourceOwnerId(oauth2ProviderSettings, resourceSetId);
    AMIdentity resourceOwner = createIdentity(resourceOwnerId, realm);
    String requestingPartyId = null;
    try {
        requestingPartyId = getRequestingPartyId(umaProviderSettings, oAuth2Uris, requestBody);
    } finally {
        auditLogger.log(resourceSetId, resourceOwner, UmaAuditType.REQUEST, request, requestingPartyId == null ? getAuthorisationApiToken().getResourceOwnerId() : requestingPartyId);
    }
    if (isEntitled(umaProviderSettings, oauth2ProviderSettings, permissionTicket, requestingPartyId)) {
        getResponse().setStatus(new Status(200));
        auditLogger.log(resourceSetId, resourceOwner, UmaAuditType.GRANTED, request, requestingPartyId);
        return createJsonRpt(umaTokenStore, permissionTicket);
    } else {
        try {
            if (verifyPendingRequestDoesNotAlreadyExist(resourceSetId, resourceOwnerId, permissionTicket.getRealm(), requestingPartyId, permissionTicket.getScopes())) {
                auditLogger.log(resourceSetId, resourceOwner, UmaAuditType.DENIED, request, requestingPartyId);
                throw new UmaException(403, UmaConstants.NOT_AUTHORISED_ERROR_CODE, "The client is not authorised to access the requested resource set");
            } else {
                pendingRequestsService.createPendingRequest(ServletUtils.getRequest(getRequest()), resourceSetId, auditLogger.getResourceName(resourceSetId, request), resourceOwnerId, requestingPartyId, permissionTicket.getRealm(), permissionTicket.getScopes());
                auditLogger.log(resourceSetId, resourceOwner, UmaAuditType.REQUEST_SUBMITTED, request, requestingPartyId);
            }
        } catch (org.forgerock.openam.sm.datalayer.store.ServerException e) {
            logger.error("Failed to create pending request", e);
            throw new UmaException(403, UmaConstants.NOT_AUTHORISED_ERROR_CODE, "Failed to create pending request");
        }
        throw newRequestSubmittedException();
    }
}

Example 5 with OAuth2Uris

use of org.forgerock.oauth2.core.OAuth2Uris in project OpenAM by OpenRock.

the class IdTokenClaimGatherer method getRequestingPartyId.

@Override
public String getRequestingPartyId(OAuth2Request oAuth2Request, AccessToken authorizationApiToken, JsonValue claimToken) {
    try {
        SignedJwt idToken = jwtReconstruction.reconstructJwt(claimToken.asString(), SignedJwt.class);
        OAuth2ProviderSettings oAuth2ProviderSettings = oauth2ProviderSettingsFactory.get(oAuth2Request);
        OAuth2Uris oAuth2Uris = oAuth2UrisFactory.get(oAuth2Request);
        byte[] clientSecret = clientRegistrationStore.get(authorizationApiToken.getClientId(), oAuth2Request).getClientSecret().getBytes(Utils.CHARSET);
        KeyPair keyPair = oAuth2ProviderSettings.getServerKeyPair();
        if (!idToken.getClaimsSet().getIssuer().equals(oAuth2Uris.getIssuer())) {
            logger.warn("Issuer of id token, {0}, does not match issuer of authorization server, {1}.", idToken.getClaimsSet().getIssuer(), oAuth2Uris.getIssuer());
            return null;
        }
        if (!verify(clientSecret, keyPair, idToken)) {
            logger.warn("Signature of id token is invalid.");
            return null;
        }
        return idToken.getClaimsSet().getSubject();
    } catch (InvalidClientException e) {
        logger.error("Failed to find client", e);
        return null;
    } catch (NotFoundException | ServerException e) {
        logger.error("Failed to find OAuth2 settings", e);
        return null;
    }
}