Examples with ServerException org.forgerock.oauth2.core.exceptions.ServerException used on opensource projects

Example 6 with ServerException

use of org.forgerock.oauth2.core.exceptions.ServerException in project OpenAM by OpenRock.

the class CodeVerifierValidator method validateRequest.

@Override
public void validateRequest(OAuth2Request request) throws InvalidClientException, InvalidRequestException, RedirectUriMismatchException, UnsupportedResponseTypeException, ServerException, BadRequestException, InvalidScopeException, NotFoundException {
    final OAuth2ProviderSettings settings = providerSettingsFactory.get(request);
    if (!settings.isCodeVerifierRequired() || !isAuthCodeRequest(request)) {
        return;
    } else {
        Reject.ifTrue(isEmpty(request.<String>getParameter(OAuth2Constants.Custom.CODE_CHALLENGE)), "Missing parameter, '" + OAuth2Constants.Custom.CODE_CHALLENGE + "'");
        String codeChallengeMethod = request.getParameter(OAuth2Constants.Custom.CODE_CHALLENGE_METHOD);
        if (codeChallengeMethod != null) {
            Reject.ifFalse(codeChallengeMethod.equals(OAuth2Constants.Custom.CODE_CHALLENGE_METHOD_S_256) || codeChallengeMethod.equals(OAuth2Constants.Custom.CODE_CHALLENGE_METHOD_PLAIN), "Invalid value for " + OAuth2Constants.Custom.CODE_CHALLENGE_METHOD);
        }
        return;
    }
}

Example 7 with ServerException

use of org.forgerock.oauth2.core.exceptions.ServerException in project OpenAM by OpenRock.

the class OpenIDConnectEndSession method endSession.

/**
     * Ends an OpenId Connect session.
     *
     * @param idToken The OpenId Token.
     * @throws BadRequestException If the request is malformed.
     * @throws ServerException If any internal server error occurs.
     */
public void endSession(String idToken) throws BadRequestException, ServerException {
    if (idToken == null || idToken.isEmpty()) {
        logger.warn("No id_token_hint parameter supplied to the endSession endpoint");
        throw new BadRequestException("The endSession endpoint requires an id_token_hint parameter");
    }
    JwtReconstruction jwtReconstruction = new JwtReconstruction();
    SignedJwt jwt = jwtReconstruction.reconstructJwt(idToken, SignedJwt.class);
    JwtClaimsSet claims = jwt.getClaimsSet();
    String opsId = (String) claims.getClaim(OAuth2Constants.JWTTokenParams.OPS);
    if (opsId == null) {
        opsId = (String) claims.getClaim(OAuth2Constants.JWTTokenParams.LEGACY_OPS);
    }
    openIDConnectProvider.destroySession(opsId);
}

Example 8 with ServerException

use of org.forgerock.oauth2.core.exceptions.ServerException in project OpenAM by OpenRock.

the class OpenIDConnectProviderConfiguration method getConfiguration.

/**
     * Gets the OpenId configuration for the OpenId Connect provider.
     *
     * @param request The OAuth2 request.
     * @return A JsonValue representation of the OpenId configuration.
     * @throws UnsupportedResponseTypeException If the requested response type is not supported by either the client
     *          or the OAuth2 provider.
     * @throws ServerException If any internal server error occurs.
     */
public JsonValue getConfiguration(OAuth2Request request) throws OAuth2Exception {
    final OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(request);
    final OAuth2Uris uris = urisFactory.get(request);
    if (!providerSettings.exists() || providerSettings.getSupportedScopes() == null || !providerSettings.getSupportedScopes().contains("openid")) {
        throw new NotFoundException("Invalid URL");
    }
    final Map<String, Object> configuration = new HashMap<>();
    configuration.put("version", providerSettings.getOpenIDConnectVersion());
    configuration.put("issuer", uris.getIssuer());
    configuration.put("authorization_endpoint", uris.getAuthorizationEndpoint());
    configuration.put("token_endpoint", uris.getTokenEndpoint());
    configuration.put("userinfo_endpoint", uris.getUserInfoEndpoint());
    configuration.put("check_session_iframe", uris.getCheckSessionEndpoint());
    configuration.put("end_session_endpoint", uris.getEndSessionEndpoint());
    configuration.put("jwks_uri", uris.getJWKSUri());
    configuration.put("registration_endpoint", uris.getClientRegistrationEndpoint());
    configuration.put("claims_supported", providerSettings.getSupportedClaims());
    configuration.put("scopes_supported", providerSettings.getSupportedScopes());
    configuration.put("response_types_supported", getResponseTypes(providerSettings.getAllowedResponseTypes().keySet()));
    configuration.put("subject_types_supported", providerSettings.getSupportedSubjectTypes());
    configuration.put("id_token_signing_alg_values_supported", providerSettings.getSupportedIDTokenSigningAlgorithms());
    configuration.put("acr_values_supported", providerSettings.getAcrMapping().keySet());
    configuration.put("claims_parameter_supported", providerSettings.getClaimsParameterSupported());
    configuration.put("token_endpoint_auth_methods_supported", providerSettings.getEndpointAuthMethodsSupported());
    return new JsonValue(configuration);
}

Example 9 with ServerException

use of org.forgerock.oauth2.core.exceptions.ServerException in project OpenAM by OpenRock.

the class ClaimsParameterValidator method validateRequest.

@Override
public void validateRequest(OAuth2Request request) throws InvalidClientException, InvalidRequestException, RedirectUriMismatchException, UnsupportedResponseTypeException, ServerException, BadRequestException, InvalidScopeException, NotFoundException {
    final OAuth2ProviderSettings settings = providerSettingsFactory.get(request);
    final String claims = request.getParameter(OAuth2Constants.Custom.CLAIMS);
    //if we aren't supporting this no need to validate
    if (!settings.getClaimsParameterSupported()) {
        return;
    }
    //if we support, but it's not requested, no need to validate
    if (claims == null) {
        return;
    }
    final JSONObject claimsJson;
    //convert claims into JSON object
    try {
        claimsJson = new JSONObject(claims);
    } catch (JSONException e) {
        throw new BadRequestException("Invalid JSON in supplied claims parameter.");
    }
    JSONObject userinfoClaims = null;
    try {
        userinfoClaims = claimsJson.getJSONObject(OAuth2Constants.UserinfoEndpoint.USERINFO);
    } catch (Exception e) {
    //fall through
    }
    //results in an Access Token being issued to the Client for use at the UserInfo Endpoint.
    if (userinfoClaims != null) {
        String responseType = request.getParameter(OAuth2Constants.Params.RESPONSE_TYPE);
        if (responseType != null && responseType.trim().equals(OAuth2Constants.JWTTokenParams.ID_TOKEN)) {
            throw new BadRequestException("Must request an access token when providing " + "userinfo in claims parameter.");
        }
    }
}

Example 10 with ServerException

use of org.forgerock.oauth2.core.exceptions.ServerException in project OpenAM by OpenRock.

the class ExceptionHandler method toOAuth2RestletException.

private OAuth2RestletException toOAuth2RestletException(Throwable throwable) {
    if (throwable instanceof OAuth2RestletException) {
        return (OAuth2RestletException) throwable;
    } else if (throwable.getCause() instanceof OAuth2RestletException) {
        return (OAuth2RestletException) throwable.getCause();
    } else if (throwable.getCause() instanceof OAuth2Exception) {
        final OAuth2Exception exception = (OAuth2Exception) throwable.getCause();
        return new OAuth2RestletException(exception.getStatusCode(), exception.getError(), exception.getMessage(), null);
    } else {
        final ServerException serverException = new ServerException(throwable);
        final OAuth2RestletException oauthException = new OAuth2RestletException(serverException.getStatusCode(), serverException.getError(), serverException.getMessage(), null);
        return oauthException;
    }
}