Search in sources :

Example 16 with AccessToken

use of org.glassfish.jersey.client.oauth1.AccessToken in project vertx-auth by vert-x3.

the class ClientImpl method getToken.

/**
 * Returns the Access Token object.
 *
 * @param params - scope: A String that represents the application privileges.
 * @param handler - The handler returning the results.
 */
@Override
public void getToken(JsonObject params, Handler<AsyncResult<AccessToken>> handler) {
    getToken("client_credentials", params, res -> {
        if (res.failed()) {
            handler.handle(Future.failedFuture(res.cause()));
            return;
        }
        AccessToken token;
        try {
            token = new OAuth2TokenImpl(provider, res.result());
        } catch (RuntimeException e) {
            handler.handle(Future.failedFuture(e));
            return;
        }
        handler.handle(Future.succeededFuture(token));
    });
}
Also used : AccessToken(io.vertx.ext.auth.oauth2.AccessToken) OAuth2TokenImpl(io.vertx.ext.auth.oauth2.impl.OAuth2TokenImpl)

Example 17 with AccessToken

use of org.glassfish.jersey.client.oauth1.AccessToken in project vertx-auth by vert-x3.

the class OAuth2AccessTokenTest method shouldRevokeAToken.

@Test
public void shouldRevokeAToken() {
    config = oauthConfig;
    oauth2.authenticate(tokenConfig, res -> {
        if (res.failed()) {
            fail(res.cause().getMessage());
        } else {
            AccessToken token = (AccessToken) res.result();
            // refresh the token
            config = revokeConfig;
            token.revoke("refresh_token", v -> {
                if (v.failed()) {
                    fail(v.cause().getMessage());
                } else {
                    testComplete();
                }
            });
        }
    });
    await();
}
Also used : AccessToken(io.vertx.ext.auth.oauth2.AccessToken) Test(org.junit.Test)

Example 18 with AccessToken

use of org.glassfish.jersey.client.oauth1.AccessToken in project vertx-auth by vert-x3.

the class OAuth2AccessTokenTest method whenRefreshingTokenShouldGetNewAccessToken.

@Test
public void whenRefreshingTokenShouldGetNewAccessToken() {
    config = oauthConfig;
    oauth2.authenticate(tokenConfig, res -> {
        if (res.failed()) {
            fail(res.cause().getMessage());
        } else {
            AccessToken token = (AccessToken) res.result();
            final long origTTl = token.principal().getLong("expires_at");
            // refresh the token
            config = refreshConfig;
            token.refresh(v -> {
                if (v.failed()) {
                    fail(v.cause().getMessage());
                } else {
                    assertTrue(origTTl < token.principal().getLong("expires_at"));
                    testComplete();
                }
            });
        }
    });
    await();
}
Also used : AccessToken(io.vertx.ext.auth.oauth2.AccessToken) Test(org.junit.Test)

Example 19 with AccessToken

use of org.glassfish.jersey.client.oauth1.AccessToken in project workbench by all-of-us.

the class DelegatedUserCredentials method refreshAccessToken.

@Override
public AccessToken refreshAccessToken() throws IOException {
    // The first step is to call the IamCredentials API to generate a signed JWT with the
    // appropriate claims. This call is authorized with application default credentials (ADCs). The
    // ADC service account may be different from `serviceAccountEmail` if the ADC account has the
    // roles/iam.serviceAccountTokenCreator role on the `serviceAccountEmail` account.
    SignJwtRequest jwtRequest = SignJwtRequest.newBuilder().setName(String.format(SERVICE_ACCOUNT_NAME_FORMAT, serviceAccountEmail)).setPayload(JSON_FACTORY.toString(createJwtPayload())).build();
    String jwt = credentialsClient.signJwt(jwtRequest).getSignedJwt();
    // With the signed JWT in hand, we call Google's OAuth2 token server to exchange the JWT for
    // an access token.
    TokenRequest tokenRequest = new TokenRequest(httpTransport, JSON_FACTORY, new GenericUrl(GoogleOAuthConstants.TOKEN_SERVER_URL), JWT_BEARER_GRANT_TYPE);
    tokenRequest.put("assertion", jwt);
    TokenResponse tokenResponse = tokenRequest.execute();
    return new AccessToken(tokenResponse.getAccessToken(), Date.from(Instant.now(clock).plusSeconds(tokenResponse.getExpiresInSeconds())));
}
Also used : TokenResponse(com.google.api.client.auth.oauth2.TokenResponse) AccessToken(com.google.auth.oauth2.AccessToken) TokenRequest(com.google.api.client.auth.oauth2.TokenRequest) SignJwtRequest(com.google.cloud.iam.credentials.v1.SignJwtRequest) GenericUrl(com.google.api.client.http.GenericUrl)

Example 20 with AccessToken

use of org.glassfish.jersey.client.oauth1.AccessToken in project spring-cloud-config by spring-cloud.

the class GoogleSecretManagerV1AccessStrategy method checkRemotePermissions.

@Override
public Boolean checkRemotePermissions() {
    CloudResourceManager service = null;
    try {
        AccessToken accessToken = new AccessToken(getAccessToken(), null);
        GoogleCredentials credential = new GoogleCredentials(accessToken);
        HttpRequestInitializer requestInitializer = new HttpCredentialsAdapter(credential);
        service = new CloudResourceManager.Builder(GoogleNetHttpTransport.newTrustedTransport(), JacksonFactory.getDefaultInstance(), requestInitializer).setApplicationName(APPLICATION_NAME).build();
        List<String> permissionsList = Arrays.asList(ACCESS_SECRET_PERMISSION);
        TestIamPermissionsRequest requestBody = new TestIamPermissionsRequest().setPermissions(permissionsList);
        TestIamPermissionsResponse testIamPermissionsResponse = service.projects().testIamPermissions(getProjectId(), requestBody).execute();
        if (testIamPermissionsResponse.getPermissions() != null && testIamPermissionsResponse.size() >= 1) {
            return Boolean.TRUE;
        } else {
            logger.warn("Access token has no permissions to access secrets in project");
            return Boolean.FALSE;
        }
    } catch (Exception e) {
        logger.info("Unable to check token permissions", e);
        return Boolean.FALSE;
    }
}
Also used : HttpCredentialsAdapter(com.google.auth.http.HttpCredentialsAdapter) CloudResourceManager(com.google.api.services.cloudresourcemanager.CloudResourceManager) TestIamPermissionsRequest(com.google.api.services.cloudresourcemanager.model.TestIamPermissionsRequest) TestIamPermissionsResponse(com.google.api.services.cloudresourcemanager.model.TestIamPermissionsResponse) AccessToken(com.google.auth.oauth2.AccessToken) GoogleCredentials(com.google.auth.oauth2.GoogleCredentials) HttpRequestInitializer(com.google.api.client.http.HttpRequestInitializer) IOException(java.io.IOException)

Aggregations

AccessToken (com.google.auth.oauth2.AccessToken)71 Test (org.junit.Test)41 GoogleCredentials (com.google.auth.oauth2.GoogleCredentials)29 Date (java.util.Date)22 IOException (java.io.IOException)19 AccessToken (io.vertx.ext.auth.oauth2.AccessToken)16 Client (javax.ws.rs.client.Client)10 AccessToken (org.glassfish.jersey.client.oauth1.AccessToken)10 ConsumerCredentials (org.glassfish.jersey.client.oauth1.ConsumerCredentials)10 JsonObject (io.vertx.core.json.JsonObject)9 URI (java.net.URI)9 Feature (javax.ws.rs.core.Feature)8 JerseyTest (org.glassfish.jersey.test.JerseyTest)8 MockHttpTransport (com.google.api.client.testing.http.MockHttpTransport)6 InputStreamReader (java.io.InputStreamReader)6 Instant (java.time.Instant)6 WebTarget (javax.ws.rs.client.WebTarget)6 LoggingFeature (org.glassfish.jersey.logging.LoggingFeature)6 OAuth2Credentials (com.google.auth.oauth2.OAuth2Credentials)5 OAuth2TokenImpl (io.vertx.ext.auth.oauth2.impl.OAuth2TokenImpl)5