Example 16 with InvalidRequestException
use of org.forgerock.oauth2.core.exceptions.InvalidRequestException in project OpenAM by OpenRock.
the class OpenAMOAuth2ProviderSettings method validateRequestedClaims.
@Override
public String validateRequestedClaims(String requestedClaims) throws InvalidRequestException, ServerException {
if (!getClaimsParameterSupported()) {
return null;
}
if (StringUtils.isBlank(requestedClaims)) {
return null;
}
final Set<String> claims = new HashSet<String>();
try {
JSONObject json = new JSONObject(requestedClaims);
JSONObject userinfo = json.optJSONObject(OAuth2Constants.UserinfoEndpoint.USERINFO);
JSONObject id_token = json.optJSONObject(OAuth2Constants.JWTTokenParams.ID_TOKEN);
if (userinfo != null) {
Iterator<String> it = userinfo.keys();
while (it.hasNext()) {
claims.add(it.next());
}
}
if (id_token != null) {
Iterator<String> it = id_token.keys();
while (it.hasNext()) {
claims.add(it.next());
}
}
} catch (JSONException e) {
throw new InvalidRequestException("Requested claims must be valid json.");
}
if (!getSupportedClaims().containsAll(claims)) {
throw new InvalidRequestException("Requested claims must be allowed by the client's configuration");
}
return requestedClaims;
}
Also used :
JSONObject(org.json.JSONObject)
JSONException(org.json.JSONException)
InvalidRequestException(org.forgerock.oauth2.core.exceptions.InvalidRequestException)
HashSet(java.util.HashSet)
Example 17 with InvalidRequestException
use of org.forgerock.oauth2.core.exceptions.InvalidRequestException in project OpenAM by OpenRock.
the class OpenIdConnectAuthorizeRequestValidator method validateRequest.
/**
* {@inheritDoc}
*/
public void validateRequest(OAuth2Request request) throws BadRequestException, InvalidRequestException, InvalidClientException, InvalidScopeException, NotFoundException {
validateOpenIdScope(request);
try {
OpenIdPrompt prompt = new OpenIdPrompt(request);
Reject.ifFalse(prompt.isValid(), "Prompt parameter " + prompt.getOriginalValue() + " is invalid or unsupported");
} catch (IllegalArgumentException e) {
throw new BadRequestException(e.getMessage());
}
}
Also used :
BadRequestException(org.forgerock.oauth2.core.exceptions.BadRequestException)
Example 18 with InvalidRequestException
use of org.forgerock.oauth2.core.exceptions.InvalidRequestException in project OpenAM by OpenRock.
the class ClaimsParameterValidatorTest method shouldValidateClaimsParameter.
@Test
public void shouldValidateClaimsParameter() throws NotFoundException, BadRequestException, RedirectUriMismatchException, InvalidScopeException, InvalidRequestException, InvalidClientException, ServerException, UnsupportedResponseTypeException {
//given
OAuth2Request mockRequest = mock(OAuth2Request.class);
OAuth2ProviderSettings mockProviderSettings = mock(OAuth2ProviderSettings.class);
String responseTypes = "code token id_token";
given(mockProviderSettingsFactory.get(mockRequest)).willReturn(mockProviderSettings);
given(mockProviderSettings.getClaimsParameterSupported()).willReturn(true);
given(mockRequest.getParameter(OAuth2Constants.Custom.CLAIMS)).willReturn(validClaimsString);
given(mockRequest.getParameter(OAuth2Constants.Params.RESPONSE_TYPE)).willReturn(responseTypes);
//when
claimsParameterValidator.validateRequest(mockRequest);
//then
}
Also used :
OAuth2Request(org.forgerock.oauth2.core.OAuth2Request)
OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings)
Test(org.testng.annotations.Test)
BeforeTest(org.testng.annotations.BeforeTest)
Example 19 with InvalidRequestException
use of org.forgerock.oauth2.core.exceptions.InvalidRequestException in project OpenAM by OpenRock.
the class OpenIdConnectAuthorizeRequestValidatorTest method validateShouldFailWithInvalidRequestExceptionAndFragmentParameters.
@Test
public void validateShouldFailWithInvalidRequestExceptionAndFragmentParameters() throws Exception {
//Given
OAuth2Request request = mock(OAuth2Request.class);
given(clientRegistration.getAllowedScopes()).willReturn(Collections.singleton("openid"));
given(request.getParameter("client_id")).willReturn("CLIENT_ID");
given(request.getParameter("scope")).willReturn("nothing");
given(request.getParameter("response_type")).willReturn("id_token");
//When
try {
requestValidator.validateRequest(request);
fail();
} catch (InvalidRequestException e) {
//Then
assertEquals(e.getParameterLocation(), OAuth2Constants.UrlLocation.FRAGMENT);
}
}
Also used :
OAuth2Request(org.forgerock.oauth2.core.OAuth2Request)
InvalidRequestException(org.forgerock.oauth2.core.exceptions.InvalidRequestException)
Test(org.testng.annotations.Test)
Aggregations
InvalidRequestException (org.forgerock.oauth2.core.exceptions.InvalidRequestException)10
OAuth2Request (org.forgerock.oauth2.core.OAuth2Request)7
OAuth2ProviderSettings (org.forgerock.oauth2.core.OAuth2ProviderSettings)6
Test (org.testng.annotations.Test)5
ClientRegistration (org.forgerock.oauth2.core.ClientRegistration)4
BeforeTest (org.testng.annotations.BeforeTest)3
JsonValue (org.forgerock.json.JsonValue)2
BadRequestException (org.forgerock.oauth2.core.exceptions.BadRequestException)2
InvalidGrantException (org.forgerock.oauth2.core.exceptions.InvalidGrantException)2
ServerException (org.forgerock.oauth2.core.exceptions.ServerException)2
UnauthorizedClientException (org.forgerock.oauth2.core.exceptions.UnauthorizedClientException)2
Client (org.forgerock.openidconnect.Client)2
OpenIdConnectClientRegistration (org.forgerock.openidconnect.OpenIdConnectClientRegistration)2
JSONException (org.json.JSONException)2
JSONObject (org.json.JSONObject)2
Assertion (com.sun.identity.saml2.assertion.Assertion)1
AssertionFactory (com.sun.identity.saml2.assertion.AssertionFactory)1
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)1
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1
HashMap (java.util.HashMap)1
