Example 31 with InvalidClientException
use of org.forgerock.oauth2.core.exceptions.InvalidClientException in project OpenAM by OpenRock.
the class CheckSessionImpl method getClientRegistration.
/**
* Gets the Client's registration based from the audience set in the JWT.
*
* @param jwt The JWT.
* @return The Client's registration.
* @throws InvalidClientException If the client's registration is not found.
*/
private ClientRegistration getClientRegistration(Jwt jwt) throws InvalidClientException, NotFoundException {
List<String> clients = jwt.getClaimsSet().getAudience();
final String realm = (String) jwt.getClaimsSet().getClaim(REALM);
if (clients != null && !clients.isEmpty()) {
String client = clients.iterator().next();
ClientRegistration clientRegistration = clientRegistrationStore.get(client, new OAuth2Request() {
public <T> T getRequest() {
throw new UnsupportedOperationException();
}
public <T> T getParameter(String name) {
if (REALM.equals(name)) {
return (T) realm;
}
throw new UnsupportedOperationException();
}
public JsonValue getBody() {
throw new UnsupportedOperationException();
}
public Locale getLocale() {
throw new UnsupportedOperationException();
}
});
return clientRegistration;
}
return null;
}
Also used :
Locale(java.util.Locale)
OAuth2Request(org.forgerock.oauth2.core.OAuth2Request)
ClientRegistration(org.forgerock.oauth2.core.ClientRegistration)
JsonValue(org.forgerock.json.JsonValue)
Example 32 with InvalidClientException
use of org.forgerock.oauth2.core.exceptions.InvalidClientException in project OpenAM by OpenRock.
the class EndSession method validateRedirect.
private void validateRedirect(OAuth2Request request, String idToken, String redirectUri) throws InvalidClientException, RedirectUriMismatchException, RelativeRedirectUriException, NotFoundException {
SignedJwt jwt = new JwtReconstruction().reconstructJwt(idToken, SignedJwt.class);
JwtClaimsSet claims = jwt.getClaimsSet();
String clientId = (String) claims.getClaim(OAuth2Constants.JWTTokenParams.AZP);
ClientRegistration client = clientRegistrationStore.get(clientId, request);
URI requestedUri = URI.create(redirectUri);
if (!requestedUri.isAbsolute()) {
throw new RelativeRedirectUriException();
}
if (!client.getPostLogoutRedirectUris().contains(requestedUri)) {
throw new RedirectUriMismatchException();
}
}
Also used :
RelativeRedirectUriException(org.forgerock.oauth2.core.exceptions.RelativeRedirectUriException)
JwtClaimsSet(org.forgerock.json.jose.jwt.JwtClaimsSet)
JwtReconstruction(org.forgerock.json.jose.common.JwtReconstruction)
ClientRegistration(org.forgerock.oauth2.core.ClientRegistration)
RedirectUriMismatchException(org.forgerock.oauth2.core.exceptions.RedirectUriMismatchException)
SignedJwt(org.forgerock.json.jose.jws.SignedJwt)
URI(java.net.URI)
Example 33 with InvalidClientException
use of org.forgerock.oauth2.core.exceptions.InvalidClientException in project OpenAM by OpenRock.
the class OpenIDTokenIssuer method issueToken.
/**
* Issues an OpenId Connect token, using the details of the access token.
*
* @param accessToken The access token requested by the OAuth2 request.
* @param request The OAuth2 request.
* @return A {@code Map.Entry} of the token name with the Token instance.
* @throws ServerException If any internal server error occurs.
* @throws InvalidClientException If either the request does not contain the client's id or the client fails to be
* authenticated.
* @throws NotFoundException If the realm does not have an OAuth 2.0 provider service.
*/
public Map.Entry<String, String> issueToken(AccessToken accessToken, OAuth2Request request) throws ServerException, InvalidClientException, NotFoundException {
final Set<String> scope = accessToken.getScope();
if (scope != null && scope.contains(OAuth2Constants.Params.OPENID)) {
final ResourceOwner resourceOwner;
try {
request.setSession(accessToken.getSessionId());
resourceOwner = resourceOwnerSessionValidator.validate(request);
final String nonce = accessToken.getNonce();
final OpenIdConnectToken openIdToken = tokenStore.createOpenIDToken(resourceOwner, accessToken.getClientId(), accessToken.getClientId(), nonce, getOps(accessToken, request), request);
final SignedJwt signedJwt = openIdToken.sign();
return new AbstractMap.SimpleEntry<String, String>(OAuth2Constants.JWTTokenParams.ID_TOKEN, signedJwt.build());
} catch (SignatureException e) {
logger.error("Unable to sign JWT", e);
throw new ServerException("Cant sign JWT");
} catch (OAuth2Exception e) {
logger.error("User must be authenticated to issue ID tokens.", e);
throw new ServerException("User must be authenticated to issue ID tokens.");
}
}
return null;
}
Also used :
ServerException(org.forgerock.oauth2.core.exceptions.ServerException)
ResourceOwner(org.forgerock.oauth2.core.ResourceOwner)
SignedJwt(org.forgerock.json.jose.jws.SignedJwt)
SignatureException(java.security.SignatureException)
OAuth2Exception(org.forgerock.oauth2.core.exceptions.OAuth2Exception)
Example 34 with InvalidClientException
use of org.forgerock.oauth2.core.exceptions.InvalidClientException in project OpenAM by OpenRock.
the class OpenIdConnectAuthorizeRequestValidator method validateRequest.
/**
* {@inheritDoc}
*/
public void validateRequest(OAuth2Request request) throws BadRequestException, InvalidRequestException, InvalidClientException, InvalidScopeException, NotFoundException {
validateOpenIdScope(request);
try {
OpenIdPrompt prompt = new OpenIdPrompt(request);
Reject.ifFalse(prompt.isValid(), "Prompt parameter " + prompt.getOriginalValue() + " is invalid or unsupported");
} catch (IllegalArgumentException e) {
throw new BadRequestException(e.getMessage());
}
}
Also used :
BadRequestException(org.forgerock.oauth2.core.exceptions.BadRequestException)
Example 35 with InvalidClientException
use of org.forgerock.oauth2.core.exceptions.InvalidClientException in project OpenAM by OpenRock.
the class SubjectTypeValidator method validateRequest.
@Override
public void validateRequest(OAuth2Request request) throws InvalidClientException, NotFoundException, ServerException {
final OAuth2ProviderSettings settings = providerSettingsFactory.get(request);
final Set<String> subjectTypesSupported = settings.getSupportedSubjectTypes();
final String subjectType = clientRegistrationStore.get((String) request.getParameter(OAuth2Constants.Params.CLIENT_ID), request).getSubjectType().toLowerCase();
for (String supported : subjectTypesSupported) {
if (supported.toLowerCase().equals(subjectType)) {
return;
}
}
throw failureFactory.getException(request, "Server does not support this client's subject type.");
}
Also used :
OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings)
Aggregations
OAuth2ProviderSettings (org.forgerock.oauth2.core.OAuth2ProviderSettings)14
OAuth2Request (org.forgerock.oauth2.core.OAuth2Request)13
InvalidClientException (org.forgerock.oauth2.core.exceptions.InvalidClientException)12
ClientRegistration (org.forgerock.oauth2.core.ClientRegistration)11
ServerException (org.forgerock.oauth2.core.exceptions.ServerException)8
Test (org.testng.annotations.Test)6
HashSet (java.util.HashSet)5
NotFoundException (org.forgerock.oauth2.core.exceptions.NotFoundException)5
OAuth2Exception (org.forgerock.oauth2.core.exceptions.OAuth2Exception)5
BeforeTest (org.testng.annotations.BeforeTest)5
JsonValue (org.forgerock.json.JsonValue)4
SignedJwt (org.forgerock.json.jose.jws.SignedJwt)4
RedirectUriMismatchException (org.forgerock.oauth2.core.exceptions.RedirectUriMismatchException)4
JSONObject (org.json.JSONObject)4
Request (org.restlet.Request)4
BeforeMethod (org.testng.annotations.BeforeMethod)4
HashMap (java.util.HashMap)3
Map (java.util.Map)3
AccessToken (org.forgerock.oauth2.core.AccessToken)3
ClientRegistrationStore (org.forgerock.oauth2.core.ClientRegistrationStore)3
