Example 6 with UserInfoClaims
use of org.forgerock.oauth2.core.UserInfoClaims in project OpenAM by OpenRock.
the class ScopeImpl method getUserInfo.
/**
* {@inheritDoc}
*/
public UserInfoClaims getUserInfo(CoreToken token) {
Set<String> scopes = token.getScope();
Map<String, Object> response = new HashMap<String, Object>();
AMIdentity id = null;
try {
id = identityManager.getResourceOwnerIdentity(token.getUserID(), token.getRealm());
} catch (UnauthorizedClientException e) {
throw OAuthProblemException.OAuthError.UNAUTHORIZED_CLIENT.handle(null, e.getMessage());
}
//add the subject identifier to the response
response.put("sub", token.getUserID());
for (String scope : scopes) {
if (OPENID_SCOPE.equals(scope)) {
continue;
}
//get the attribute associated with the scope
Object attributes = scopeToUserUserProfileAttributes.get(scope);
if (attributes == null) {
logger.error("ScopeImpl.getUserInfo()::Invalid Scope in token scope=" + scope);
} else if (attributes instanceof String) {
Set<String> attr = null;
//if the attribute is a string get the attribute
try {
attr = id.getAttribute((String) attributes);
} catch (IdRepoException e) {
logger.warning("ScopeImpl.getUserInfo(): Unable to retrieve attribute= " + attributes, e);
} catch (SSOException e) {
logger.warning("ScopeImpl.getUserInfo(): Unable to retrieve attribute= " + attributes, e);
}
//add a single object to the response.
if (attr != null && attr.size() == 1) {
response.put(scope, attr.iterator().next());
} else if (attr != null && attr.size() > 1) {
// add a set to the response
response.put(scope, attr);
} else {
//attr is null or attr is empty
logger.warning("ScopeImpl.getUserInfo(): Got an empty result for attribute=" + attributes + " of scope=" + scope);
}
} else if (attributes instanceof Map) {
//for example profile can be address, email, etc...
if (attributes != null && !((Map<String, String>) attributes).isEmpty()) {
for (Map.Entry<String, String> entry : ((Map<String, String>) attributes).entrySet()) {
String attribute;
attribute = entry.getValue();
Set<String> attr = null;
//get the attribute
try {
attr = id.getAttribute(attribute);
} catch (IdRepoException e) {
logger.warning("ScopeImpl.getUserInfo(): Unable to retrieve attribute", e);
} catch (SSOException e) {
logger.warning("ScopeImpl.getUserInfo(): Unable to retrieve attribute", e);
}
//add the attribute value(s) to the response
if (attr != null && attr.size() == 1) {
response.put(entry.getKey(), attr.iterator().next());
} else if (attr != null && attr.size() > 1) {
response.put(entry.getKey(), attr);
} else {
//attr is null or attr is empty
logger.warning("ScopeImpl.getUserInfo(): Got an empty result for scope=" + scope);
}
}
}
}
}
return new UserInfoClaims(response, Collections.<String, List<String>>emptyMap());
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
HashMap(java.util.HashMap)
IdRepoException(com.sun.identity.idm.IdRepoException)
SSOException(com.iplanet.sso.SSOException)
UserInfoClaims(org.forgerock.oauth2.core.UserInfoClaims)
AMIdentity(com.sun.identity.idm.AMIdentity)
UnauthorizedClientException(org.forgerock.oauth2.core.exceptions.UnauthorizedClientException)
HashMap(java.util.HashMap)
Map(java.util.Map)
Example 7 with UserInfoClaims
use of org.forgerock.oauth2.core.UserInfoClaims in project OpenAM by OpenRock.
the class OidcClaimsExtensionTest method testRequestedClaims.
@Test
public void testRequestedClaims() throws Exception {
// Given
Map<String, Set<String>> requestedClaims = new HashMap<String, Set<String>>();
requestedClaims.put("given_name", asSet("fred"));
requestedClaims.put("family_name", asSet("flintstone"));
Bindings variables = testBindings(asSet("profile"), requestedClaims);
when(identity.getAttribute("cn")).thenReturn(asSet("Joe Bloggs"));
// When
UserInfoClaims result = scriptEvaluator.evaluateScript(script, variables);
// Then
assertThat(result.getValues()).containsOnly(entry("given_name", "fred"), entry("family_name", "flintstone"), entry("name", "Joe Bloggs"));
assertThat(result.getCompositeScopes()).containsOnlyKeys("profile");
ArrayList<String> hashProfile = (ArrayList<String>) result.getCompositeScopes().get("profile");
assertThat(hashProfile).contains("zoneinfo", "name", "locale", "family_name", "given_name");
assertThat(hashProfile).hasSize(5);
verify(identity).getAttribute("cn");
verify(identity).getAttribute("preferredlocale");
verify(identity).getAttribute("preferredtimezone");
verifyNoMoreInteractions(identity);
}
Also used :
Set(java.util.Set)
HashMap(java.util.HashMap)
UserInfoClaims(org.forgerock.oauth2.core.UserInfoClaims)
ArrayList(java.util.ArrayList)
Bindings(javax.script.Bindings)
SimpleBindings(javax.script.SimpleBindings)
Test(org.testng.annotations.Test)
Aggregations
HashMap (java.util.HashMap)4
Set (java.util.Set)4
Bindings (javax.script.Bindings)4
SimpleBindings (javax.script.SimpleBindings)4
UserInfoClaims (org.forgerock.oauth2.core.UserInfoClaims)4
Test (org.testng.annotations.Test)3
SSOException (com.iplanet.sso.SSOException)2
AMIdentity (com.sun.identity.idm.AMIdentity)2
ArrayList (java.util.ArrayList)2
HashSet (java.util.HashSet)2
OAuth2ProviderSettings (org.forgerock.oauth2.core.OAuth2ProviderSettings)2
InvalidClientException (org.forgerock.oauth2.core.exceptions.InvalidClientException)2
NotFoundException (org.forgerock.oauth2.core.exceptions.NotFoundException)2
ServerException (org.forgerock.oauth2.core.exceptions.ServerException)2
UnauthorizedClientException (org.forgerock.oauth2.core.exceptions.UnauthorizedClientException)2
JSONObject (org.json.JSONObject)2
AMHashMap (com.iplanet.am.sdk.AMHashMap)1
SSOToken (com.iplanet.sso.SSOToken)1
IdRepoException (com.sun.identity.idm.IdRepoException)1
Locale (java.util.Locale)1
