use of org.forgerock.oauth2.core.exceptions.NotFoundException in project OpenAM by OpenRock.
the class OpenAMTokenStore method appendRequestedIdTokenClaims.
//See spec section 5.5. - add claims to id_token based on 'claims' parameter in the access token
private void appendRequestedIdTokenClaims(OAuth2Request request, OAuth2ProviderSettings providerSettings, OpenAMOpenIdConnectToken oidcToken) throws ServerException, NotFoundException, InvalidClientException {
AccessToken accessToken = request.getToken(AccessToken.class);
String claims;
if (accessToken != null) {
claims = (String) accessToken.toMap().get(OAuth2Constants.Custom.CLAIMS);
} else {
claims = request.getParameter(OAuth2Constants.Custom.CLAIMS);
}
if (claims != null) {
try {
JSONObject claimsObject = new JSONObject(claims);
JSONObject idTokenClaimsRequest = claimsObject.getJSONObject(OAuth2Constants.JWTTokenParams.ID_TOKEN);
Map<String, Object> userInfo = providerSettings.getUserInfo(accessToken, request).getValues();
Iterator<String> it = idTokenClaimsRequest.keys();
while (it.hasNext()) {
String keyName = it.next();
if (userInfo.containsKey(keyName)) {
oidcToken.put(keyName, userInfo.get(keyName));
}
}
} catch (UnauthorizedClientException e) {
throw failureFactory.getException(request, e.getMessage());
} catch (JSONException e) {
//if claims object not found, fall through
}
}
}
use of org.forgerock.oauth2.core.exceptions.NotFoundException in project OpenAM by OpenRock.
the class OpenAMTokenStore method readDeviceCode.
@Override
public DeviceCode readDeviceCode(String clientId, String code, OAuth2Request request) throws ServerException, NotFoundException, InvalidGrantException {
DeviceCode deviceCode = request.getToken(DeviceCode.class);
if (deviceCode == null) {
try {
JsonValue token = tokenStore.read(code);
if (token == null) {
return null;
}
deviceCode = new DeviceCode(token);
} catch (CoreTokenException e) {
logger.error("Unable to read device code corresponding to id: " + code, e);
throw new ServerException("Could not read token in CTS: " + e.getMessage());
}
}
if (!clientId.equals(deviceCode.getClientId())) {
throw new InvalidGrantException();
}
validateTokenRealm(deviceCode.getRealm(), request);
request.setToken(DeviceCode.class, deviceCode);
return deviceCode;
}
use of org.forgerock.oauth2.core.exceptions.NotFoundException in project OpenAM by OpenRock.
the class DeviceCodeVerificationResource method verify.
/**
* Handles POST requests to the OAuth2 device/user endpoint.
*/
@Post
public Representation verify(Representation body) throws ServerException, NotFoundException, InvalidGrantException, OAuth2RestletException {
final Request restletRequest = getRequest();
OAuth2Request request = requestFactory.create(restletRequest);
DeviceCode deviceCode;
try {
deviceCode = tokenStore.readDeviceCode(request.<String>getParameter(OAuth2Constants.DeviceCode.USER_CODE), request);
} catch (InvalidGrantException e) {
return getTemplateRepresentation(FORM, request, "not_found");
}
if (deviceCode == null || deviceCode.isIssued()) {
return getTemplateRepresentation(FORM, request, "not_found");
}
addRequestParamsFromDeviceCode(restletRequest, deviceCode);
try {
final String decision = request.getParameter("decision");
if (StringUtils.isNotEmpty(decision)) {
final boolean consentGiven = "allow".equalsIgnoreCase(decision);
final boolean saveConsent = "on".equalsIgnoreCase(request.<String>getParameter("save_consent"));
if (saveConsent) {
saveConsent(request);
}
if (consentGiven) {
ResourceOwner resourceOwner = resourceOwnerSessionValidator.validate(request);
deviceCode.setResourceOwnerId(resourceOwner.getId());
deviceCode.setAuthorized(true);
tokenStore.updateDeviceCode(deviceCode, request);
} else {
tokenStore.deleteDeviceCode(deviceCode.getClientId(), deviceCode.getDeviceCode(), request);
}
} else {
authorizationService.authorize(request);
}
} catch (IllegalArgumentException e) {
if (e.getMessage().contains("client_id")) {
throw new OAuth2RestletException(400, "invalid_request", e.getMessage(), request.<String>getParameter("state"));
}
throw new OAuth2RestletException(400, "invalid_request", e.getMessage(), request.<String>getParameter("redirect_uri"), request.<String>getParameter("state"));
} catch (ResourceOwnerAuthenticationRequired e) {
throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), e.getRedirectUri().toString(), null);
} catch (ResourceOwnerConsentRequired e) {
return representation.getRepresentation(getContext(), request, "authorize.ftl", getDataModel(e, request));
} catch (InvalidClientException | RedirectUriMismatchException e) {
throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), request.<String>getParameter("state"));
} catch (OAuth2Exception e) {
throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), request.<String>getParameter("redirect_uri"), request.<String>getParameter("state"), e.getParameterLocation());
}
return getTemplateRepresentation(THANKS_PAGE, request, null);
}
use of org.forgerock.oauth2.core.exceptions.NotFoundException in project OpenAM by OpenRock.
the class DeviceCodeVerificationResource method saveConsent.
private void saveConsent(OAuth2Request request) throws NotFoundException, ServerException, InvalidScopeException, AccessDeniedException, ResourceOwnerAuthenticationRequired, InteractionRequiredException, BadRequestException, LoginRequiredException, InvalidClientException {
OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(request);
ResourceOwner resourceOwner = resourceOwnerSessionValidator.validate(request);
ClientRegistration clientRegistration = clientRegistrationStore.get(request.<String>getParameter(CLIENT_ID), request);
Set<String> scope = Utils.splitScope(request.<String>getParameter(SCOPE));
Set<String> validatedScope = providerSettings.validateAuthorizationScope(clientRegistration, scope, request);
providerSettings.saveConsent(resourceOwner, clientRegistration.getClientId(), validatedScope);
}
use of org.forgerock.oauth2.core.exceptions.NotFoundException in project OpenAM by OpenRock.
the class AccessTokenProtectionFilter method beforeHandle.
@Override
protected int beforeHandle(Request request, Response response) {
ChallengeResponse challengeResponse = request.getChallengeResponse();
Status failure = null;
if (challengeResponse == null) {
failure = new Status(401, new InvalidTokenException());
} else {
String tokenId = challengeResponse.getRawValue();
try {
OAuth2Request oAuth2Request = requestFactory.create(request);
AccessToken accessToken = tokenStore.readAccessToken(oAuth2Request, tokenId);
if (accessToken == null || accessToken.isExpired()) {
failure = new Status(401, new InvalidTokenException());
} else if (requiredScope != null && !accessToken.getScope().contains(requiredScope)) {
failure = new Status(403, new InsufficientScopeException(requiredScope));
} else {
oAuth2Request.setToken(AccessToken.class, accessToken);
}
} catch (ServerException e) {
failure = new Status(500, e);
} catch (NotFoundException e) {
debug.message("Error loading token with id: " + tokenId, e);
failure = new Status(404, e);
} catch (InvalidGrantException e) {
debug.message("Error loading token with id: " + tokenId, e);
failure = new Status(401, new InvalidTokenException());
}
}
if (failure != null) {
response.setStatus(failure);
return STOP;
}
return super.beforeHandle(request, response);
}
Aggregations