Example 6 with OAuth2Exception
use of org.forgerock.oauth2.core.exceptions.OAuth2Exception in project OpenAM by OpenRock.
the class DeviceCodeResource method issueCode.
@Post
public Representation issueCode(Representation body) throws OAuth2RestletException {
final Request restletRequest = getRequest();
OAuth2Request request = requestFactory.create(restletRequest);
String state = request.getParameter(STATE);
// Client ID, Response Type and Scope are required, all other parameters are optional
String clientId = request.getParameter(CLIENT_ID);
String scope = request.getParameter(SCOPE);
String responseType = request.getParameter(RESPONSE_TYPE);
try {
if (isEmpty(clientId) || isEmpty(scope) || isEmpty(responseType)) {
throw new OAuth2RestletException(400, "bad_request", "client_id, scope and response_type are required parameters", state);
} else {
// check client_id exists
clientRegistrationStore.get(clientId, request);
}
if (scope == null) {
scope = "";
}
final String maxAge = request.getParameter(MAX_AGE);
DeviceCode code = tokenStore.createDeviceCode(oAuth2Utils.split(scope, " "), null, clientId, request.<String>getParameter(NONCE), request.<String>getParameter(RESPONSE_TYPE), request.<String>getParameter(STATE), request.<String>getParameter(ACR_VALUES), request.<String>getParameter(PROMPT), request.<String>getParameter(UI_LOCALES), request.<String>getParameter(LOGIN_HINT), maxAge == null ? null : Integer.valueOf(maxAge), request.<String>getParameter(CLAIMS), request, request.<String>getParameter(CODE_CHALLENGE), request.<String>getParameter(CODE_CHALLENGE_METHOD));
Map<String, Object> result = new HashMap<>();
OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(request);
result.put(DEVICE_CODE, code.getDeviceCode());
result.put(USER_CODE, code.getUserCode());
result.put(EXPIRES_IN, providerSettings.getDeviceCodeLifetime());
result.put(INTERVAL, providerSettings.getDeviceCodePollInterval());
String verificationUrl = providerSettings.getVerificationUrl();
if (StringUtils.isBlank(verificationUrl)) {
final HttpServletRequest servletRequest = ServletUtils.getRequest(restletRequest);
final String realm = request.getParameter(OAuth2Constants.Custom.REALM);
verificationUrl = baseURLProviderFactory.get(realm).getRootURL(servletRequest) + "/oauth2/device/user";
}
result.put(VERIFICATION_URL, verificationUrl);
return jacksonRepresentationFactory.create(result);
} catch (OAuth2Exception e) {
throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), state);
}
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
OAuth2Request(org.forgerock.oauth2.core.OAuth2Request)
HashMap(java.util.HashMap)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Request(org.restlet.Request)
OAuth2Request(org.forgerock.oauth2.core.OAuth2Request)
DeviceCode(org.forgerock.oauth2.core.OAuth2Constants.DeviceCode)
DeviceCode(org.forgerock.oauth2.core.DeviceCode)
OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings)
OAuth2Exception(org.forgerock.oauth2.core.exceptions.OAuth2Exception)
Post(org.restlet.resource.Post)
Example 7 with OAuth2Exception
use of org.forgerock.oauth2.core.exceptions.OAuth2Exception in project OpenAM by OpenRock.
the class DeviceCodeVerificationResource method verify.
/**
* Handles POST requests to the OAuth2 device/user endpoint.
*/
@Post
public Representation verify(Representation body) throws ServerException, NotFoundException, InvalidGrantException, OAuth2RestletException {
final Request restletRequest = getRequest();
OAuth2Request request = requestFactory.create(restletRequest);
DeviceCode deviceCode;
try {
deviceCode = tokenStore.readDeviceCode(request.<String>getParameter(OAuth2Constants.DeviceCode.USER_CODE), request);
} catch (InvalidGrantException e) {
return getTemplateRepresentation(FORM, request, "not_found");
}
if (deviceCode == null || deviceCode.isIssued()) {
return getTemplateRepresentation(FORM, request, "not_found");
}
addRequestParamsFromDeviceCode(restletRequest, deviceCode);
try {
final String decision = request.getParameter("decision");
if (StringUtils.isNotEmpty(decision)) {
final boolean consentGiven = "allow".equalsIgnoreCase(decision);
final boolean saveConsent = "on".equalsIgnoreCase(request.<String>getParameter("save_consent"));
if (saveConsent) {
saveConsent(request);
}
if (consentGiven) {
ResourceOwner resourceOwner = resourceOwnerSessionValidator.validate(request);
deviceCode.setResourceOwnerId(resourceOwner.getId());
deviceCode.setAuthorized(true);
tokenStore.updateDeviceCode(deviceCode, request);
} else {
tokenStore.deleteDeviceCode(deviceCode.getClientId(), deviceCode.getDeviceCode(), request);
}
} else {
authorizationService.authorize(request);
}
} catch (IllegalArgumentException e) {
if (e.getMessage().contains("client_id")) {
throw new OAuth2RestletException(400, "invalid_request", e.getMessage(), request.<String>getParameter("state"));
}
throw new OAuth2RestletException(400, "invalid_request", e.getMessage(), request.<String>getParameter("redirect_uri"), request.<String>getParameter("state"));
} catch (ResourceOwnerAuthenticationRequired e) {
throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), e.getRedirectUri().toString(), null);
} catch (ResourceOwnerConsentRequired e) {
return representation.getRepresentation(getContext(), request, "authorize.ftl", getDataModel(e, request));
} catch (InvalidClientException | RedirectUriMismatchException e) {
throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), request.<String>getParameter("state"));
} catch (OAuth2Exception e) {
throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), request.<String>getParameter("redirect_uri"), request.<String>getParameter("state"), e.getParameterLocation());
}
return getTemplateRepresentation(THANKS_PAGE, request, null);
}
Also used :
ResourceOwnerAuthenticationRequired(org.forgerock.oauth2.core.exceptions.ResourceOwnerAuthenticationRequired)
RedirectUriMismatchException(org.forgerock.oauth2.core.exceptions.RedirectUriMismatchException)
ResourceOwner(org.forgerock.oauth2.core.ResourceOwner)
ResourceOwnerConsentRequired(org.forgerock.oauth2.core.exceptions.ResourceOwnerConsentRequired)
OAuth2Request(org.forgerock.oauth2.core.OAuth2Request)
Request(org.restlet.Request)
InvalidGrantException(org.forgerock.oauth2.core.exceptions.InvalidGrantException)
OAuth2Request(org.forgerock.oauth2.core.OAuth2Request)
InvalidClientException(org.forgerock.oauth2.core.exceptions.InvalidClientException)
DeviceCode(org.forgerock.oauth2.core.DeviceCode)
OAuth2Exception(org.forgerock.oauth2.core.exceptions.OAuth2Exception)
Post(org.restlet.resource.Post)
Example 8 with OAuth2Exception
use of org.forgerock.oauth2.core.exceptions.OAuth2Exception in project OpenAM by OpenRock.
the class DeviceCodeGrantTypeHandlerTest method shouldCatchInvalidClients.
@Test
public void shouldCatchInvalidClients() throws Exception {
// Given
InvalidClientException expectedResult = mock(InvalidClientException.class);
when(expectedResult.getError()).thenReturn("invalid_client");
Set<String> scope = new HashSet<>();
mockRequestRealmClientIdClientSecretAndCode("REALM", "CLIENT_ID", "CLIENT_SECRET", "CODE", scope);
given(clientRegistrationStore.get(anyString(), any(OAuth2Request.class))).willThrow(expectedResult);
// When
try {
grantTypeHandler.handle(request);
// Then - exception
fail("Should have exception");
} catch (OAuth2Exception e) {
assertThat(e.getError().equals("invalid_client"));
}
}
Also used :
InvalidClientException(org.forgerock.oauth2.core.exceptions.InvalidClientException)
OAuth2Exception(org.forgerock.oauth2.core.exceptions.OAuth2Exception)
HashSet(java.util.HashSet)
Test(org.testng.annotations.Test)
Example 9 with OAuth2Exception
use of org.forgerock.oauth2.core.exceptions.OAuth2Exception in project OpenAM by OpenRock.
the class AuthorizeResource method authorize.
/**
* Handles GET requests to the OAuth2 authorize endpoint.
* <br/>
* This method will be called when a client has requested a resource owner grants it authorization to access a
* resource.
*
* @return The body to be sent in the response to the user agent.
* @throws OAuth2RestletException If a OAuth2 error occurs whilst processing the authorization request.
*/
@Get
public Representation authorize() throws OAuth2RestletException {
final OAuth2Request request = requestFactory.create(getRequest());
for (AuthorizeRequestHook hook : hooks) {
hook.beforeAuthorizeHandling(request, getRequest(), getResponse());
}
try {
final AuthorizationToken authorizationToken = authorizationService.authorize(request);
final String redirectUri = getQueryValue("redirect_uri");
Representation response = representation.toRepresentation(getContext(), getRequest(), getResponse(), authorizationToken, redirectUri);
for (AuthorizeRequestHook hook : hooks) {
hook.afterAuthorizeSuccess(request, getRequest(), getResponse());
}
return response;
} catch (IllegalArgumentException e) {
if (e.getMessage().contains("client_id")) {
throw new OAuth2RestletException(400, "invalid_request", e.getMessage(), request.<String>getParameter("state"));
}
throw new OAuth2RestletException(400, "invalid_request", e.getMessage(), request.<String>getParameter("redirect_uri"), request.<String>getParameter("state"));
} catch (ResourceOwnerAuthenticationRequired e) {
throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), e.getRedirectUri().toString(), null);
} catch (ResourceOwnerConsentRequired e) {
return representation.getRepresentation(getContext(), request, "authorize.ftl", getDataModel(e, request));
} catch (InvalidClientException e) {
throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), request.<String>getParameter("state"));
} catch (RedirectUriMismatchException e) {
throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), request.<String>getParameter("state"));
} catch (OAuth2Exception e) {
throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), request.<String>getParameter("redirect_uri"), request.<String>getParameter("state"), e.getParameterLocation());
}
}
Also used :
ResourceOwnerAuthenticationRequired(org.forgerock.oauth2.core.exceptions.ResourceOwnerAuthenticationRequired)
OAuth2Request(org.forgerock.oauth2.core.OAuth2Request)
AuthorizationToken(org.forgerock.oauth2.core.AuthorizationToken)
RedirectUriMismatchException(org.forgerock.oauth2.core.exceptions.RedirectUriMismatchException)
ResourceOwnerConsentRequired(org.forgerock.oauth2.core.exceptions.ResourceOwnerConsentRequired)
InvalidClientException(org.forgerock.oauth2.core.exceptions.InvalidClientException)
Representation(org.restlet.representation.Representation)
OAuth2Exception(org.forgerock.oauth2.core.exceptions.OAuth2Exception)
Get(org.restlet.resource.Get)
Example 10 with OAuth2Exception
use of org.forgerock.oauth2.core.exceptions.OAuth2Exception in project OpenAM by OpenRock.
the class AuthorizeResource method authorize.
/**
* Handles POST requests to the OAuth2 authorize endpoint.
* <br/>
* This method will be called when a user has given their consent for an authorization request.
*
* @param entity The entity on the request.
* @return The body to be sent in the response to the user agent.
* @throws OAuth2RestletException If a OAuth2 error occurs whilst processing the authorization request.
*/
@Post
public Representation authorize(Representation entity) throws OAuth2RestletException {
final OAuth2Request request = requestFactory.create(getRequest());
for (AuthorizeRequestHook hook : hooks) {
hook.beforeAuthorizeHandling(request, getRequest(), getResponse());
}
final boolean consentGiven = "allow".equalsIgnoreCase(request.<String>getParameter("decision"));
final boolean saveConsent = "on".equalsIgnoreCase(request.<String>getParameter("save_consent"));
try {
final AuthorizationToken authorizationToken = authorizationService.authorize(request, consentGiven, saveConsent);
final String redirectUri = request.getParameter("redirect_uri");
Representation response = representation.toRepresentation(getContext(), getRequest(), getResponse(), authorizationToken, redirectUri);
for (AuthorizeRequestHook hook : hooks) {
hook.afterAuthorizeSuccess(request, getRequest(), getResponse());
}
return response;
} catch (ResourceOwnerAuthenticationRequired e) {
throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), e.getRedirectUri().toString(), null);
} catch (InvalidClientException e) {
throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), request.<String>getParameter("state"));
} catch (RedirectUriMismatchException e) {
throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), request.<String>getParameter("state"));
} catch (OAuth2Exception e) {
throw new OAuth2RestletException(e.getStatusCode(), e.getError(), e.getMessage(), request.<String>getParameter("redirect_uri"), request.<String>getParameter("state"), e.getParameterLocation());
}
}
Also used :
ResourceOwnerAuthenticationRequired(org.forgerock.oauth2.core.exceptions.ResourceOwnerAuthenticationRequired)
OAuth2Request(org.forgerock.oauth2.core.OAuth2Request)
AuthorizationToken(org.forgerock.oauth2.core.AuthorizationToken)
RedirectUriMismatchException(org.forgerock.oauth2.core.exceptions.RedirectUriMismatchException)
InvalidClientException(org.forgerock.oauth2.core.exceptions.InvalidClientException)
Representation(org.restlet.representation.Representation)
OAuth2Exception(org.forgerock.oauth2.core.exceptions.OAuth2Exception)
Post(org.restlet.resource.Post)
Aggregations
OAuth2Exception (org.forgerock.oauth2.core.exceptions.OAuth2Exception)14
OAuth2Request (org.forgerock.oauth2.core.OAuth2Request)10
JsonValue (org.forgerock.json.JsonValue)6
Get (org.restlet.resource.Get)6
OAuth2RestletException (org.forgerock.oauth2.restlet.OAuth2RestletException)5
InvalidClientException (org.forgerock.oauth2.core.exceptions.InvalidClientException)4
Post (org.restlet.resource.Post)4
OAuth2ProviderSettings (org.forgerock.oauth2.core.OAuth2ProviderSettings)3
RedirectUriMismatchException (org.forgerock.oauth2.core.exceptions.RedirectUriMismatchException)3
ResourceOwnerAuthenticationRequired (org.forgerock.oauth2.core.exceptions.ResourceOwnerAuthenticationRequired)3
ServerException (org.forgerock.oauth2.core.exceptions.ServerException)3
HashMap (java.util.HashMap)2
AuthorizationToken (org.forgerock.oauth2.core.AuthorizationToken)2
DeviceCode (org.forgerock.oauth2.core.DeviceCode)2
ResourceOwner (org.forgerock.oauth2.core.ResourceOwner)2
ResourceOwnerConsentRequired (org.forgerock.oauth2.core.exceptions.ResourceOwnerConsentRequired)2
Request (org.restlet.Request)2
JsonRepresentation (org.restlet.ext.json.JsonRepresentation)2
Representation (org.restlet.representation.Representation)2
SignatureException (java.security.SignatureException)1
