Examples with RedirectUriMismatchException org.forgerock.oauth2.core.exceptions.RedirectUriMismatchException used on opensource projects

Example 1 with RedirectUriMismatchException

use of org.forgerock.oauth2.core.exceptions.RedirectUriMismatchException in project OpenAM by OpenRock.

the class ClaimsParameterValidatorTest method shouldErrorValidatingJson.

@Test(expectedExceptions = BadRequestException.class)
public void shouldErrorValidatingJson() throws NotFoundException, BadRequestException, RedirectUriMismatchException, InvalidScopeException, InvalidRequestException, InvalidClientException, ServerException, UnsupportedResponseTypeException {
    //given
    OAuth2Request mockRequest = mock(OAuth2Request.class);
    OAuth2ProviderSettings mockProviderSettings = mock(OAuth2ProviderSettings.class);
    String responseTypes = "id_token";
    given(mockProviderSettingsFactory.get(mockRequest)).willReturn(mockProviderSettings);
    given(mockProviderSettings.getClaimsParameterSupported()).willReturn(true);
    given(mockRequest.getParameter(OAuth2Constants.Custom.CLAIMS)).willReturn(invalidClaimsString);
    given(mockRequest.getParameter(OAuth2Constants.Params.RESPONSE_TYPE)).willReturn(responseTypes);
    //when
    claimsParameterValidator.validateRequest(mockRequest);
//then
}

Example 2 with RedirectUriMismatchException

use of org.forgerock.oauth2.core.exceptions.RedirectUriMismatchException in project OpenAM by OpenRock.

the class ClaimsParameterValidatorTest method shouldErrorValidatingResponseType.

@Test(expectedExceptions = BadRequestException.class)
public void shouldErrorValidatingResponseType() throws NotFoundException, BadRequestException, RedirectUriMismatchException, InvalidScopeException, InvalidRequestException, InvalidClientException, ServerException, UnsupportedResponseTypeException {
    //given
    OAuth2Request mockRequest = mock(OAuth2Request.class);
    OAuth2ProviderSettings mockProviderSettings = mock(OAuth2ProviderSettings.class);
    String responseTypes = "id_token";
    given(mockProviderSettingsFactory.get(mockRequest)).willReturn(mockProviderSettings);
    given(mockProviderSettings.getClaimsParameterSupported()).willReturn(true);
    given(mockRequest.getParameter(OAuth2Constants.Custom.CLAIMS)).willReturn(validClaimsString);
    given(mockRequest.getParameter(OAuth2Constants.Params.RESPONSE_TYPE)).willReturn(responseTypes);
    //when
    claimsParameterValidator.validateRequest(mockRequest);
//then
}

Example 3 with RedirectUriMismatchException

use of org.forgerock.oauth2.core.exceptions.RedirectUriMismatchException in project OpenAM by OpenRock.

the class CodeVerifierValidator method validateRequest.

@Override
public void validateRequest(OAuth2Request request) throws InvalidClientException, InvalidRequestException, RedirectUriMismatchException, UnsupportedResponseTypeException, ServerException, BadRequestException, InvalidScopeException, NotFoundException {
    final OAuth2ProviderSettings settings = providerSettingsFactory.get(request);
    if (!settings.isCodeVerifierRequired() || !isAuthCodeRequest(request)) {
        return;
    } else {
        Reject.ifTrue(isEmpty(request.<String>getParameter(OAuth2Constants.Custom.CODE_CHALLENGE)), "Missing parameter, '" + OAuth2Constants.Custom.CODE_CHALLENGE + "'");
        String codeChallengeMethod = request.getParameter(OAuth2Constants.Custom.CODE_CHALLENGE_METHOD);
        if (codeChallengeMethod != null) {
            Reject.ifFalse(codeChallengeMethod.equals(OAuth2Constants.Custom.CODE_CHALLENGE_METHOD_S_256) || codeChallengeMethod.equals(OAuth2Constants.Custom.CODE_CHALLENGE_METHOD_PLAIN), "Invalid value for " + OAuth2Constants.Custom.CODE_CHALLENGE_METHOD);
        }
        return;
    }
}

Example 4 with RedirectUriMismatchException

use of org.forgerock.oauth2.core.exceptions.RedirectUriMismatchException in project OpenAM by OpenRock.

the class ClaimsParameterValidator method validateRequest.

@Override
public void validateRequest(OAuth2Request request) throws InvalidClientException, InvalidRequestException, RedirectUriMismatchException, UnsupportedResponseTypeException, ServerException, BadRequestException, InvalidScopeException, NotFoundException {
    final OAuth2ProviderSettings settings = providerSettingsFactory.get(request);
    final String claims = request.getParameter(OAuth2Constants.Custom.CLAIMS);
    //if we aren't supporting this no need to validate
    if (!settings.getClaimsParameterSupported()) {
        return;
    }
    //if we support, but it's not requested, no need to validate
    if (claims == null) {
        return;
    }
    final JSONObject claimsJson;
    //convert claims into JSON object
    try {
        claimsJson = new JSONObject(claims);
    } catch (JSONException e) {
        throw new BadRequestException("Invalid JSON in supplied claims parameter.");
    }
    JSONObject userinfoClaims = null;
    try {
        userinfoClaims = claimsJson.getJSONObject(OAuth2Constants.UserinfoEndpoint.USERINFO);
    } catch (Exception e) {
    //fall through
    }
    //results in an Access Token being issued to the Client for use at the UserInfo Endpoint.
    if (userinfoClaims != null) {
        String responseType = request.getParameter(OAuth2Constants.Params.RESPONSE_TYPE);
        if (responseType != null && responseType.trim().equals(OAuth2Constants.JWTTokenParams.ID_TOKEN)) {
            throw new BadRequestException("Must request an access token when providing " + "userinfo in claims parameter.");
        }
    }
}

Example 5 with RedirectUriMismatchException

use of org.forgerock.oauth2.core.exceptions.RedirectUriMismatchException in project OpenAM by OpenRock.

the class AuthorizationServiceImpl method authorize.

/**
     * {@inheritDoc}
     */
public AuthorizationToken authorize(OAuth2Request request) throws ResourceOwnerAuthenticationRequired, ResourceOwnerConsentRequired, InvalidClientException, UnsupportedResponseTypeException, RedirectUriMismatchException, InvalidRequestException, AccessDeniedException, ServerException, LoginRequiredException, BadRequestException, InteractionRequiredException, ResourceOwnerConsentRequiredException, InvalidScopeException, NotFoundException {
    final OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(request);
    for (final AuthorizeRequestValidator requestValidator : requestValidators) {
        requestValidator.validateRequest(request);
    }
    final String clientId = request.getParameter(CLIENT_ID);
    final ClientRegistration clientRegistration = clientRegistrationStore.get(clientId, request);
    final Set<String> scope = Utils.splitScope(request.<String>getParameter(SCOPE));
    //plugin point
    final Set<String> validatedScope = providerSettings.validateAuthorizationScope(clientRegistration, scope, request);
    // is resource owner authenticated?
    final ResourceOwner resourceOwner = resourceOwnerSessionValidator.validate(request);
    final boolean consentSaved = providerSettings.isConsentSaved(resourceOwner, clientRegistration.getClientId(), validatedScope);
    //plugin point
    final boolean haveConsent = consentVerifier.verify(consentSaved, request, clientRegistration);
    if (!haveConsent) {
        String localeParameter = request.getParameter(LOCALE);
        String uiLocaleParameter = request.getParameter(UI_LOCALES);
        Locale locale = getLocale(uiLocaleParameter, localeParameter);
        if (locale == null) {
            locale = request.getLocale();
        }
        UserInfoClaims userInfo = null;
        try {
            userInfo = providerSettings.getUserInfo(request.getToken(AccessToken.class), request);
        } catch (UnauthorizedClientException e) {
            logger.debug("Couldn't get user info - continuing to display consent page without claims.", e);
        }
        String clientName = clientRegistration.getDisplayName(locale);
        if (clientName == null) {
            clientName = clientRegistration.getClientId();
            logger.warn("Client does not have a display name or client name set. using client ID {} for display", clientName);
        }
        final String displayDescription = clientRegistration.getDisplayDescription(locale);
        final String clientDescription = displayDescription == null ? "" : displayDescription;
        final Map<String, String> scopeDescriptions = getScopeDescriptions(validatedScope, clientRegistration.getScopeDescriptions(locale));
        final Map<String, String> claimDescriptions = getClaimDescriptions(userInfo.getValues(), clientRegistration.getClaimDescriptions(locale));
        throw new ResourceOwnerConsentRequired(clientName, clientDescription, scopeDescriptions, claimDescriptions, userInfo, resourceOwner.getName(providerSettings));
    }
    return tokenIssuer.issueTokens(request, clientRegistration, resourceOwner, scope, providerSettings);
}