use of org.forgerock.oauth2.core.Token in project OpenAM by OpenRock.
the class OpenAMTokenStore method createAuthorizationCode.
/**
* {@inheritDoc}
*/
public AuthorizationCode createAuthorizationCode(Set<String> scope, ResourceOwner resourceOwner, String clientId, String redirectUri, String nonce, OAuth2Request request, String codeChallenge, String codeChallengeMethod) throws ServerException, NotFoundException {
logger.message("DefaultOAuthTokenStoreImpl::Creating Authorization code");
OpenIdConnectClientRegistration clientRegistration = getClientRegistration(clientId, request);
final OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(request);
final String code = UUID.randomUUID().toString();
long expiryTime = 0;
if (clientRegistration == null) {
expiryTime = providerSettings.getAuthorizationCodeLifetime() + System.currentTimeMillis();
} else {
expiryTime = clientRegistration.getAuthorizationCodeLifeTime(providerSettings) + System.currentTimeMillis();
}
final String ssoTokenId = getSsoTokenId(request);
final OpenAMAuthorizationCode authorizationCode = new OpenAMAuthorizationCode(code, resourceOwner.getId(), clientId, redirectUri, scope, getClaimsFromRequest(request), expiryTime, nonce, realmNormaliser.normalise(request.<String>getParameter(REALM)), getAuthModulesFromSSOToken(request), getAuthenticationContextClassReferenceFromRequest(request), ssoTokenId, codeChallenge, codeChallengeMethod);
// Store in CTS
try {
tokenStore.create(authorizationCode);
if (auditLogger.isAuditLogEnabled()) {
String[] obs = { "CREATED_AUTHORIZATION_CODE", authorizationCode.toString() };
auditLogger.logAccessMessage("CREATED_AUTHORIZATION_CODE", obs, null);
}
} catch (CoreTokenException e) {
if (auditLogger.isAuditLogEnabled()) {
String[] obs = { "FAILED_CREATE_AUTHORIZATION_CODE", authorizationCode.toString() };
auditLogger.logErrorMessage("FAILED_CREATE_AUTHORIZATION_CODE", obs, null);
}
logger.error("Unable to create authorization code " + authorizationCode.getTokenInfo(), e);
throw new ServerException("Could not create token in CTS");
}
request.setToken(AuthorizationCode.class, authorizationCode);
return authorizationCode;
}
use of org.forgerock.oauth2.core.Token in project OpenAM by OpenRock.
the class OpenAMTokenStore method generateAtHash.
/**
* For at_hash values, used when token and id_token exist in scope.
*/
private String generateAtHash(String algorithm, OAuth2Request request, OAuth2ProviderSettings providerSettings) throws ServerException {
final AccessToken accessToken = request.getToken(AccessToken.class);
if (accessToken == null) {
logger.message("at_hash generation requires an existing access_token.");
return null;
}
final String accessTokenValue = ((String) accessToken.getTokenInfo().get(OAuth2Constants.Params.ACCESS_TOKEN));
return generateHash(algorithm, accessTokenValue, providerSettings);
}
use of org.forgerock.oauth2.core.Token in project OpenAM by OpenRock.
the class OpenAMResourceOwnerSessionValidator method setCurrentAcr.
/**
* If the user is already logged in when the OAuth2 request comes in with an acr_values parameter, we
* look to see if they've already matched one. If they have, we set the acr value on the request.
*/
private void setCurrentAcr(SSOToken token, OAuth2Request request, String acrValuesStr) throws NotFoundException, ServerException, SSOException, AccessDeniedException, UnsupportedEncodingException, URISyntaxException, ResourceOwnerAuthenticationRequired {
String serviceUsed = token.getProperty(ISAuthConstants.SERVICE);
Set<String> acrValues = new HashSet<>(Arrays.asList(acrValuesStr.split("\\s+")));
OAuth2ProviderSettings settings = providerSettingsFactory.get(request);
Map<String, AuthenticationMethod> acrMap = settings.getAcrMapping();
boolean matched = false;
for (String acr : acrValues) {
if (acrMap.containsKey(acr)) {
if (serviceUsed.equals(acrMap.get(acr).getName())) {
final Request req = request.getRequest();
req.getResourceRef().addQueryParameter(OAuth2Constants.JWTTokenParams.ACR, acr);
matched = true;
}
}
}
if (!matched) {
throw authenticationRequired(request, token);
}
}
use of org.forgerock.oauth2.core.Token in project OpenAM by OpenRock.
the class OpenAMResourceSetStore method delete.
@Override
public void delete(String resourceSetId, String resourceOwnerId) throws NotFoundException, ServerException {
try {
ResourceSetDescription token = read(resourceSetId, resourceOwnerId);
delegate.delete(token.getId());
} catch (org.forgerock.openam.sm.datalayer.store.NotFoundException e) {
throw new NotFoundException("Could not find resource set");
} catch (org.forgerock.openam.sm.datalayer.store.ServerException e) {
throw new ServerException(e);
}
}
use of org.forgerock.oauth2.core.Token in project OpenAM by OpenRock.
the class OpenAMTokenStore method readRefreshToken.
/**
* {@inheritDoc}
*/
public RefreshToken readRefreshToken(OAuth2Request request, String tokenId) throws ServerException, InvalidGrantException, NotFoundException {
RefreshToken loaded = request.getToken(RefreshToken.class);
if (loaded != null) {
return loaded;
}
logger.message("Read refresh token");
JsonValue token;
try {
token = tokenStore.read(tokenId);
} catch (CoreTokenException e) {
logger.error("Unable to read refresh token corresponding to id: " + tokenId, e);
throw new ServerException("Could not read token in CTS: " + e.getMessage());
}
if (token == null) {
logger.error("Unable to read refresh token corresponding to id: " + tokenId);
throw new InvalidGrantException("grant is invalid");
}
OpenAMRefreshToken refreshToken = new OpenAMRefreshToken(token);
validateTokenRealm(refreshToken.getRealm(), request);
request.setToken(RefreshToken.class, refreshToken);
return refreshToken;
}
Aggregations