Example 16 with InvalidGrantException
use of org.forgerock.oauth2.core.exceptions.InvalidGrantException in project OpenAM by OpenRock.
the class AuthorizationCodeGrantTypeHandler method checkCodeVerifier.
private void checkCodeVerifier(AuthorizationCode authorizationCode, String codeVerifier) throws InvalidGrantException, InvalidRequestException {
final String codeChallenge = authorizationCode.getCodeChallenge();
final String codeChallengeMethod = authorizationCode.getCodeChallengeMethod();
if (OAuth2Constants.Custom.CODE_CHALLENGE_METHOD_PLAIN.equals(codeChallengeMethod)) {
checkCodeChallenge(codeChallenge, codeVerifier);
} else if (OAuth2Constants.Custom.CODE_CHALLENGE_METHOD_S_256.equals(codeChallengeMethod)) {
String encodedCodeVerifier = null;
try {
encodedCodeVerifier = Base64url.encode(MessageDigest.getInstance("SHA-256").digest(codeVerifier.getBytes(StandardCharsets.US_ASCII)));
checkCodeChallenge(codeChallenge, encodedCodeVerifier);
} catch (NoSuchAlgorithmException e) {
logger.error("Error encoding code verifier.");
throw new InvalidGrantException();
}
} else {
throw new InvalidRequestException("Invalid code challenge method specified.");
}
}
Also used :
InvalidRequestException(org.forgerock.oauth2.core.exceptions.InvalidRequestException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidGrantException(org.forgerock.oauth2.core.exceptions.InvalidGrantException)
Example 17 with InvalidGrantException
use of org.forgerock.oauth2.core.exceptions.InvalidGrantException in project OpenAM by OpenRock.
the class AccessTokenProtectionFilter method beforeHandle.
@Override
protected int beforeHandle(Request request, Response response) {
ChallengeResponse challengeResponse = request.getChallengeResponse();
Status failure = null;
if (challengeResponse == null) {
failure = new Status(401, new InvalidTokenException());
} else {
String tokenId = challengeResponse.getRawValue();
try {
OAuth2Request oAuth2Request = requestFactory.create(request);
AccessToken accessToken = tokenStore.readAccessToken(oAuth2Request, tokenId);
if (accessToken == null || accessToken.isExpired()) {
failure = new Status(401, new InvalidTokenException());
} else if (requiredScope != null && !accessToken.getScope().contains(requiredScope)) {
failure = new Status(403, new InsufficientScopeException(requiredScope));
} else {
oAuth2Request.setToken(AccessToken.class, accessToken);
}
} catch (ServerException e) {
failure = new Status(500, e);
} catch (NotFoundException e) {
debug.message("Error loading token with id: " + tokenId, e);
failure = new Status(404, e);
} catch (InvalidGrantException e) {
debug.message("Error loading token with id: " + tokenId, e);
failure = new Status(401, new InvalidTokenException());
}
}
if (failure != null) {
response.setStatus(failure);
return STOP;
}
return super.beforeHandle(request, response);
}
Also used :
Status(org.restlet.data.Status)
InvalidTokenException(org.forgerock.oauth2.core.exceptions.InvalidTokenException)
InsufficientScopeException(org.forgerock.oauth2.core.exceptions.InsufficientScopeException)
OAuth2Request(org.forgerock.oauth2.core.OAuth2Request)
ServerException(org.forgerock.oauth2.core.exceptions.ServerException)
AccessToken(org.forgerock.oauth2.core.AccessToken)
NotFoundException(org.forgerock.oauth2.core.exceptions.NotFoundException)
InvalidGrantException(org.forgerock.oauth2.core.exceptions.InvalidGrantException)
ChallengeResponse(org.restlet.data.ChallengeResponse)
Example 18 with InvalidGrantException
use of org.forgerock.oauth2.core.exceptions.InvalidGrantException in project OpenAM by OpenRock.
the class OpenAMTokenStoreTest method shouldReadAccessTokenWhenNull.
@Test(expectedExceptions = InvalidGrantException.class)
public void shouldReadAccessTokenWhenNull() throws Exception {
//Given
given(tokenStore.read("TOKEN_ID")).willReturn(null);
OAuth2Request request = oAuth2RequestFactory.create(this.request);
//When
openAMtokenStore.readAccessToken(request, "TOKEN_ID");
//Then
//Expected InvalidGrantException
}
Also used :
RestletOAuth2Request(org.forgerock.oauth2.restlet.RestletOAuth2Request)
OAuth2Request(org.forgerock.oauth2.core.OAuth2Request)
Test(org.testng.annotations.Test)
Example 19 with InvalidGrantException
use of org.forgerock.oauth2.core.exceptions.InvalidGrantException in project OpenAM by OpenRock.
the class OAuth2AuditRefreshTokenContextProvider method retrieveRefreshTokenFromChallengeResponse.
private RefreshToken retrieveRefreshTokenFromChallengeResponse(Request request) {
RefreshToken refreshToken;
ChallengeResponse challengeResponse = request.getChallengeResponse();
if (challengeResponse == null) {
return null;
}
String bearerToken = challengeResponse.getRawValue();
if ("undefined".equals(bearerToken)) {
return null;
}
OAuth2Request oAuth2Request = requestFactory.create(request);
try {
refreshToken = tokenStore.readRefreshToken(oAuth2Request, bearerToken);
} catch (ServerException | InvalidGrantException | NotFoundException e) {
return null;
}
return refreshToken;
}
Also used :
OAuth2Request(org.forgerock.oauth2.core.OAuth2Request)
RefreshToken(org.forgerock.oauth2.core.RefreshToken)
ServerException(org.forgerock.oauth2.core.exceptions.ServerException)
NotFoundException(org.forgerock.oauth2.core.exceptions.NotFoundException)
InvalidGrantException(org.forgerock.oauth2.core.exceptions.InvalidGrantException)
ChallengeResponse(org.restlet.data.ChallengeResponse)
Example 20 with InvalidGrantException
use of org.forgerock.oauth2.core.exceptions.InvalidGrantException in project OpenAM by OpenRock.
the class OAuth2AuditAccessTokenContextProvider method retrieveAccessTokenFromChallengeResponse.
private AccessToken retrieveAccessTokenFromChallengeResponse(Request request) {
AccessToken token;
ChallengeResponse challengeResponse = request.getChallengeResponse();
if (challengeResponse == null) {
return null;
}
String bearerToken = challengeResponse.getRawValue();
if ("undefined".equals(bearerToken)) {
return null;
}
OAuth2Request oAuth2Request = requestFactory.create(request);
try {
token = tokenStore.readAccessToken(oAuth2Request, bearerToken);
} catch (ServerException | InvalidGrantException | NotFoundException e) {
return null;
}
return token;
}
Also used :
OAuth2Request(org.forgerock.oauth2.core.OAuth2Request)
ServerException(org.forgerock.oauth2.core.exceptions.ServerException)
AccessToken(org.forgerock.oauth2.core.AccessToken)
NotFoundException(org.forgerock.oauth2.core.exceptions.NotFoundException)
InvalidGrantException(org.forgerock.oauth2.core.exceptions.InvalidGrantException)
ChallengeResponse(org.restlet.data.ChallengeResponse)
Aggregations
InvalidGrantException (org.forgerock.oauth2.core.exceptions.InvalidGrantException)12
ServerException (org.forgerock.oauth2.core.exceptions.ServerException)11
OAuth2Request (org.forgerock.oauth2.core.OAuth2Request)10
AccessToken (org.forgerock.oauth2.core.AccessToken)8
CoreTokenException (org.forgerock.openam.cts.exceptions.CoreTokenException)7
JsonValue (org.forgerock.json.JsonValue)6
OAuth2ProviderSettings (org.forgerock.oauth2.core.OAuth2ProviderSettings)5
Request (org.restlet.Request)5
ChallengeResponse (org.restlet.data.ChallengeResponse)5
NotFoundException (org.forgerock.oauth2.core.exceptions.NotFoundException)4
DeviceCode (org.forgerock.oauth2.core.DeviceCode)3
OAuth2ProviderSettingsFactory (org.forgerock.oauth2.core.OAuth2ProviderSettingsFactory)3
ResourceSetStore (org.forgerock.oauth2.resources.ResourceSetStore)3
ExtensionFilterManager (org.forgerock.openam.oauth2.extensions.ExtensionFilterManager)3
HashMap (java.util.HashMap)2
RefreshToken (org.forgerock.oauth2.core.RefreshToken)2
InvalidRequestException (org.forgerock.oauth2.core.exceptions.InvalidRequestException)2
RestletOAuth2Request (org.forgerock.oauth2.restlet.RestletOAuth2Request)2
UmaPendingRequest (org.forgerock.openam.sm.datalayer.impl.uma.UmaPendingRequest)2
Response (org.restlet.Response)2
