Example 16 with Token
use of org.forgerock.oauth2.core.Token in project OpenAM by OpenRock.
the class OpenAMTokenStore method createAuthorizationCode.
/**
* {@inheritDoc}
*/
public AuthorizationCode createAuthorizationCode(Set<String> scope, ResourceOwner resourceOwner, String clientId, String redirectUri, String nonce, OAuth2Request request, String codeChallenge, String codeChallengeMethod) throws ServerException, NotFoundException {
logger.message("DefaultOAuthTokenStoreImpl::Creating Authorization code");
OpenIdConnectClientRegistration clientRegistration = getClientRegistration(clientId, request);
final OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(request);
final String code = UUID.randomUUID().toString();
long expiryTime = 0;
if (clientRegistration == null) {
expiryTime = providerSettings.getAuthorizationCodeLifetime() + System.currentTimeMillis();
} else {
expiryTime = clientRegistration.getAuthorizationCodeLifeTime(providerSettings) + System.currentTimeMillis();
}
final String ssoTokenId = getSsoTokenId(request);
final OpenAMAuthorizationCode authorizationCode = new OpenAMAuthorizationCode(code, resourceOwner.getId(), clientId, redirectUri, scope, getClaimsFromRequest(request), expiryTime, nonce, realmNormaliser.normalise(request.<String>getParameter(REALM)), getAuthModulesFromSSOToken(request), getAuthenticationContextClassReferenceFromRequest(request), ssoTokenId, codeChallenge, codeChallengeMethod);
// Store in CTS
try {
tokenStore.create(authorizationCode);
if (auditLogger.isAuditLogEnabled()) {
String[] obs = { "CREATED_AUTHORIZATION_CODE", authorizationCode.toString() };
auditLogger.logAccessMessage("CREATED_AUTHORIZATION_CODE", obs, null);
}
} catch (CoreTokenException e) {
if (auditLogger.isAuditLogEnabled()) {
String[] obs = { "FAILED_CREATE_AUTHORIZATION_CODE", authorizationCode.toString() };
auditLogger.logErrorMessage("FAILED_CREATE_AUTHORIZATION_CODE", obs, null);
}
logger.error("Unable to create authorization code " + authorizationCode.getTokenInfo(), e);
throw new ServerException("Could not create token in CTS");
}
request.setToken(AuthorizationCode.class, authorizationCode);
return authorizationCode;
}
Also used :
OpenIdConnectClientRegistration(org.forgerock.openidconnect.OpenIdConnectClientRegistration)
ServerException(org.forgerock.oauth2.core.exceptions.ServerException)
CoreTokenException(org.forgerock.openam.cts.exceptions.CoreTokenException)
OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings)
Example 17 with Token
use of org.forgerock.oauth2.core.Token in project OpenAM by OpenRock.
the class OpenAMTokenStore method generateAtHash.
/**
* For at_hash values, used when token and id_token exist in scope.
*/
private String generateAtHash(String algorithm, OAuth2Request request, OAuth2ProviderSettings providerSettings) throws ServerException {
final AccessToken accessToken = request.getToken(AccessToken.class);
if (accessToken == null) {
logger.message("at_hash generation requires an existing access_token.");
return null;
}
final String accessTokenValue = ((String) accessToken.getTokenInfo().get(OAuth2Constants.Params.ACCESS_TOKEN));
return generateHash(algorithm, accessTokenValue, providerSettings);
}
Also used :
AccessToken(org.forgerock.oauth2.core.AccessToken)
Example 18 with Token
use of org.forgerock.oauth2.core.Token in project OpenAM by OpenRock.
the class OpenAMResourceOwnerSessionValidator method setCurrentAcr.
/**
* If the user is already logged in when the OAuth2 request comes in with an acr_values parameter, we
* look to see if they've already matched one. If they have, we set the acr value on the request.
*/
private void setCurrentAcr(SSOToken token, OAuth2Request request, String acrValuesStr) throws NotFoundException, ServerException, SSOException, AccessDeniedException, UnsupportedEncodingException, URISyntaxException, ResourceOwnerAuthenticationRequired {
String serviceUsed = token.getProperty(ISAuthConstants.SERVICE);
Set<String> acrValues = new HashSet<>(Arrays.asList(acrValuesStr.split("\\s+")));
OAuth2ProviderSettings settings = providerSettingsFactory.get(request);
Map<String, AuthenticationMethod> acrMap = settings.getAcrMapping();
boolean matched = false;
for (String acr : acrValues) {
if (acrMap.containsKey(acr)) {
if (serviceUsed.equals(acrMap.get(acr).getName())) {
final Request req = request.getRequest();
req.getResourceRef().addQueryParameter(OAuth2Constants.JWTTokenParams.ACR, acr);
matched = true;
}
}
}
if (!matched) {
throw authenticationRequired(request, token);
}
}
Also used :
OAuth2Request(org.forgerock.oauth2.core.OAuth2Request)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Request(org.restlet.Request)
OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings)
AuthenticationMethod(org.forgerock.oauth2.core.AuthenticationMethod)
HashSet(java.util.HashSet)
Example 19 with Token
use of org.forgerock.oauth2.core.Token in project OpenAM by OpenRock.
the class OpenAMResourceSetStore method delete.
@Override
public void delete(String resourceSetId, String resourceOwnerId) throws NotFoundException, ServerException {
try {
ResourceSetDescription token = read(resourceSetId, resourceOwnerId);
delegate.delete(token.getId());
} catch (org.forgerock.openam.sm.datalayer.store.NotFoundException e) {
throw new NotFoundException("Could not find resource set");
} catch (org.forgerock.openam.sm.datalayer.store.ServerException e) {
throw new ServerException(e);
}
}
Also used :
ServerException(org.forgerock.oauth2.core.exceptions.ServerException)
NotFoundException(org.forgerock.oauth2.core.exceptions.NotFoundException)
ResourceSetDescription(org.forgerock.oauth2.resources.ResourceSetDescription)
Example 20 with Token
use of org.forgerock.oauth2.core.Token in project OpenAM by OpenRock.
the class OpenAMTokenStore method readRefreshToken.
/**
* {@inheritDoc}
*/
public RefreshToken readRefreshToken(OAuth2Request request, String tokenId) throws ServerException, InvalidGrantException, NotFoundException {
RefreshToken loaded = request.getToken(RefreshToken.class);
if (loaded != null) {
return loaded;
}
logger.message("Read refresh token");
JsonValue token;
try {
token = tokenStore.read(tokenId);
} catch (CoreTokenException e) {
logger.error("Unable to read refresh token corresponding to id: " + tokenId, e);
throw new ServerException("Could not read token in CTS: " + e.getMessage());
}
if (token == null) {
logger.error("Unable to read refresh token corresponding to id: " + tokenId);
throw new InvalidGrantException("grant is invalid");
}
OpenAMRefreshToken refreshToken = new OpenAMRefreshToken(token);
validateTokenRealm(refreshToken.getRealm(), request);
request.setToken(RefreshToken.class, refreshToken);
return refreshToken;
}
Also used :
RefreshToken(org.forgerock.oauth2.core.RefreshToken)
ServerException(org.forgerock.oauth2.core.exceptions.ServerException)
JsonValue(org.forgerock.json.JsonValue)
CoreTokenException(org.forgerock.openam.cts.exceptions.CoreTokenException)
InvalidGrantException(org.forgerock.oauth2.core.exceptions.InvalidGrantException)
Aggregations
ServerException (org.forgerock.oauth2.core.exceptions.ServerException)33
JsonValue (org.forgerock.json.JsonValue)22
AccessToken (org.forgerock.oauth2.core.AccessToken)18
OAuth2Request (org.forgerock.oauth2.core.OAuth2Request)18
NotFoundException (org.forgerock.oauth2.core.exceptions.NotFoundException)18
CoreTokenException (org.forgerock.openam.cts.exceptions.CoreTokenException)18
SSOException (com.iplanet.sso.SSOException)16
OAuth2ProviderSettings (org.forgerock.oauth2.core.OAuth2ProviderSettings)16
UnauthorizedClientException (org.forgerock.oauth2.core.exceptions.UnauthorizedClientException)16
SSOToken (com.iplanet.sso.SSOToken)13
AMIdentity (com.sun.identity.idm.AMIdentity)12
IdRepoException (com.sun.identity.idm.IdRepoException)11
Set (java.util.Set)9
InvalidClientException (org.forgerock.oauth2.core.exceptions.InvalidClientException)9
HashMap (java.util.HashMap)8
HashSet (java.util.HashSet)8
InvalidGrantException (org.forgerock.oauth2.core.exceptions.InvalidGrantException)8
Test (org.testng.annotations.Test)8
Map (java.util.Map)6
AccessTokenVerifier (org.forgerock.oauth2.core.AccessTokenVerifier)6
