Search in sources :

Example 1 with AccessToken

use of org.gluu.oxauth.model.common.AccessToken in project oxAuth by GluuFederation.

the class IntrospectionWebService method introspect.

private Response introspect(String p_authorization, String p_token, String tokenTypeHint, String responseAsJwt, HttpServletRequest httpRequest, HttpServletResponse httpResponse) {
    try {
        log.trace("Introspect token, authorization: {}, token to introspect: {}, tokenTypeHint: {}", p_authorization, p_token, tokenTypeHint);
        AuthorizationGrant authorizationGrant = validateAuthorization(p_authorization, p_token);
        if (StringUtils.isBlank(p_token)) {
            log.trace("Bad request: Token is blank.");
            return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(errorResponseFactory.errorAsJson(AuthorizeErrorResponseType.INVALID_REQUEST, "")).build();
        }
        final IntrospectionResponse response = new IntrospectionResponse(false);
        final AuthorizationGrant grantOfIntrospectionToken = authorizationGrantList.getAuthorizationGrantByAccessToken(p_token);
        AbstractToken tokenToIntrospect = null;
        if (grantOfIntrospectionToken != null) {
            tokenToIntrospect = grantOfIntrospectionToken.getAccessToken(p_token);
            response.setActive(tokenToIntrospect.isValid());
            response.setExpiresAt(ServerUtil.dateToSeconds(tokenToIntrospect.getExpirationDate()));
            response.setIssuedAt(ServerUtil.dateToSeconds(tokenToIntrospect.getCreationDate()));
            response.setAcrValues(grantOfIntrospectionToken.getAcrValues());
            // #433
            response.setScope(grantOfIntrospectionToken.getScopes() != null ? grantOfIntrospectionToken.getScopes() : Lists.newArrayList());
            response.setClientId(grantOfIntrospectionToken.getClientId());
            response.setSub(grantOfIntrospectionToken.getSub());
            response.setUsername(grantOfIntrospectionToken.getUserId());
            response.setIssuer(appConfiguration.getIssuer());
            response.setAudience(grantOfIntrospectionToken.getClientId());
            if (tokenToIntrospect instanceof AccessToken) {
                AccessToken accessToken = (AccessToken) tokenToIntrospect;
                response.setTokenType(accessToken.getTokenType() != null ? accessToken.getTokenType().getName() : TokenType.BEARER.getName());
            }
        } else {
            log.debug("Failed to find grant for access_token: " + p_token + ". Return 200 with active=false.");
        }
        JSONObject responseAsJsonObject = createResponseAsJsonObject(response, tokenToIntrospect);
        ExternalIntrospectionContext context = new ExternalIntrospectionContext(authorizationGrant, httpRequest, httpResponse, appConfiguration, attributeService);
        context.setGrantOfIntrospectionToken(grantOfIntrospectionToken);
        if (externalIntrospectionService.executeExternalModifyResponse(responseAsJsonObject, context)) {
            log.trace("Successfully run extenal introspection scripts.");
        } else {
            responseAsJsonObject = createResponseAsJsonObject(response, tokenToIntrospect);
            log.trace("Canceled changes made by external introspection script since method returned `false`.");
        }
        // Make scopes conform as required by spec, see #1499
        if (response.getScope() != null && !appConfiguration.getIntrospectionResponseScopesBackwardCompatibility()) {
            String scopes = StringUtils.join(response.getScope().toArray(), " ");
            responseAsJsonObject.put("scope", scopes);
        }
        if (Boolean.TRUE.toString().equalsIgnoreCase(responseAsJwt)) {
            return Response.status(Response.Status.OK).entity(createResponseAsJwt(responseAsJsonObject, grantOfIntrospectionToken)).build();
        }
        return Response.status(Response.Status.OK).entity(responseAsJsonObject.toString()).type(MediaType.APPLICATION_JSON_TYPE).build();
    } catch (WebApplicationException e) {
        log.error(e.getMessage(), e);
        throw e;
    } catch (Exception e) {
        log.error(e.getMessage(), e);
        return Response.status(Response.Status.INTERNAL_SERVER_ERROR).type(MediaType.APPLICATION_JSON_TYPE).build();
    }
}
Also used : AbstractToken(org.gluu.oxauth.model.common.AbstractToken) JSONObject(org.json.JSONObject) WebApplicationException(javax.ws.rs.WebApplicationException) IntrospectionResponse(org.gluu.oxauth.model.common.IntrospectionResponse) AccessToken(org.gluu.oxauth.model.common.AccessToken) ExternalIntrospectionContext(org.gluu.oxauth.service.external.context.ExternalIntrospectionContext) AuthorizationGrant(org.gluu.oxauth.model.common.AuthorizationGrant) JSONException(org.json.JSONException) IOException(java.io.IOException) WebApplicationException(javax.ws.rs.WebApplicationException) UnsupportedEncodingException(java.io.UnsupportedEncodingException)

Example 2 with AccessToken

use of org.gluu.oxauth.model.common.AccessToken in project oxAuth by GluuFederation.

the class PersistentJwt method toString.

@Override
public String toString() {
    JSONObject jsonObject = new JSONObject();
    try {
        if (StringUtils.isNotBlank(userId)) {
            jsonObject.put("user_id", userId);
        }
        if (StringUtils.isNotBlank(clientId)) {
            jsonObject.put("client_id", clientId);
        }
        if (authorizationGrantType != null) {
            jsonObject.put("authorization_grant_type", authorizationGrantType);
        }
        if (authenticationTime != null) {
            jsonObject.put("authentication_time", authenticationTime.getTime());
        }
        if (scopes != null) {
            JSONArray scopesJsonArray = new JSONArray();
            for (String scope : scopes) {
                scopesJsonArray.put(scope);
            }
            jsonObject.put("scopes", scopesJsonArray);
        }
        if (accessTokens != null) {
            JSONArray accessTokensJsonArray = new JSONArray();
            for (AccessToken accessToken : accessTokens) {
                JSONObject accessTokenJsonObject = new JSONObject();
                if (accessToken.getCode() != null && !accessToken.getCode().isEmpty()) {
                    accessTokenJsonObject.put("code", accessToken.getCode());
                }
                if (accessToken.getCreationDate() != null) {
                    accessTokenJsonObject.put("creation_date", accessToken.getCreationDate().getTime());
                }
                if (accessToken.getExpirationDate() != null) {
                    accessTokenJsonObject.put("expiration_date", accessToken.getExpirationDate().getTime());
                }
                accessTokensJsonArray.put(accessTokenJsonObject);
            }
            jsonObject.put("access_tokens", accessTokensJsonArray);
        }
        if (refreshTokens != null) {
            JSONArray refreshTokensJsonArray = new JSONArray();
            for (RefreshToken refreshToken : refreshTokens) {
                JSONObject refreshTokenJsonObject = new JSONObject();
                if (refreshToken.getCode() != null && !refreshToken.getCode().isEmpty()) {
                    refreshTokenJsonObject.put("code", refreshToken.getCode());
                }
                if (refreshToken.getCreationDate() != null) {
                    refreshTokenJsonObject.put("creation_date", refreshToken.getCreationDate().getTime());
                }
                if (refreshToken.getExpirationDate() != null) {
                    refreshTokenJsonObject.put("expiration_date", refreshToken.getExpirationDate().getTime());
                }
            }
            jsonObject.put("refresh_tokens", refreshTokensJsonArray);
        }
        if (longLivedAccessToken != null) {
            JSONObject longLivedAccessTokenJsonObject = new JSONObject();
            if (longLivedAccessToken.getCode() != null && !longLivedAccessToken.getCode().isEmpty()) {
                longLivedAccessTokenJsonObject.put("code", longLivedAccessToken.getCode());
            }
            if (longLivedAccessToken.getCreationDate() != null) {
                longLivedAccessTokenJsonObject.put("creation_date", longLivedAccessToken.getCreationDate().getTime());
            }
            if (longLivedAccessToken.getExpirationDate() != null) {
                longLivedAccessTokenJsonObject.put("expiration_date", longLivedAccessToken.getExpirationDate().getTime());
            }
            jsonObject.put("long_lived_access_token", longLivedAccessTokenJsonObject);
        }
        if (idToken != null) {
            JSONObject idTokenJsonObject = new JSONObject();
            if (idToken.getCode() != null && !idToken.getCode().isEmpty()) {
                idTokenJsonObject.put("code", idToken.getCode());
            }
            if (idToken.getCreationDate() != null) {
                idTokenJsonObject.put("creation_date", idToken.getCreationDate().getTime());
            }
            if (idToken.getExpirationDate() != null) {
                idTokenJsonObject.put("expiration_date", idToken.getExpirationDate().getTime());
            }
            jsonObject.put("id_token", idTokenJsonObject);
        }
    } catch (JSONException e) {
        log.error(e.getMessage(), e);
    }
    return jsonObject.toString();
}
Also used : RefreshToken(org.gluu.oxauth.model.common.RefreshToken) JSONObject(org.json.JSONObject) AccessToken(org.gluu.oxauth.model.common.AccessToken) JSONArray(org.json.JSONArray) JSONException(org.json.JSONException)

Example 3 with AccessToken

use of org.gluu.oxauth.model.common.AccessToken in project oxAuth by GluuFederation.

the class PersistentJwt method load.

private boolean load(String jwt) throws JSONException {
    boolean result = false;
    JSONObject jsonObject = new JSONObject(jwt);
    if (jsonObject.has("user_id")) {
        userId = jsonObject.getString("user_id");
    }
    if (jsonObject.has("client_id")) {
        clientId = jsonObject.getString("client_id");
    }
    if (jsonObject.has("authorization_grant_type")) {
        authorizationGrantType = AuthorizationGrantType.fromString(jsonObject.getString("authorization_grant_type"));
    }
    if (jsonObject.has("authentication_time")) {
        authenticationTime = new Date(jsonObject.getLong("authentication_time"));
    }
    if (jsonObject.has("scopes")) {
        JSONArray jsonArray = jsonObject.getJSONArray("scopes");
        scopes = Util.asList(jsonArray);
    }
    if (jsonObject.has("access_tokens")) {
        JSONArray accessTokensJsonArray = jsonObject.getJSONArray("access_tokens");
        accessTokens = new ArrayList<AccessToken>();
        for (int i = 0; i < accessTokensJsonArray.length(); i++) {
            JSONObject accessTokenJsonObject = accessTokensJsonArray.getJSONObject(i);
            if (accessTokenJsonObject.has("code") && accessTokenJsonObject.has("creation_date") && accessTokenJsonObject.has("expiration_date")) {
                String tokenCode = accessTokenJsonObject.getString("code");
                Date creationDate = new Date(accessTokenJsonObject.getLong("creation_date"));
                Date expirationDate = new Date(accessTokenJsonObject.getLong("expiration_date"));
                AccessToken accessToken = new AccessToken(tokenCode, creationDate, expirationDate);
                accessTokens.add(accessToken);
            }
        }
    }
    if (jsonObject.has("refresh_tokens")) {
        JSONArray refreshTokensJsonArray = jsonObject.getJSONArray("refresh_tokens");
        refreshTokens = new ArrayList<RefreshToken>();
        for (int i = 0; i < refreshTokensJsonArray.length(); i++) {
            JSONObject refreshTokenJsonObject = refreshTokensJsonArray.getJSONObject(i);
            if (refreshTokenJsonObject.has("code") && refreshTokenJsonObject.has("creation_date") && refreshTokenJsonObject.has("expiration_date")) {
                String tokenCode = refreshTokenJsonObject.getString("code");
                Date creationDate = new Date(refreshTokenJsonObject.getLong("creation_date"));
                Date expirationDate = new Date(refreshTokenJsonObject.getLong("expiration_date"));
                RefreshToken refreshToken = new RefreshToken(tokenCode, creationDate, expirationDate);
                refreshTokens.add(refreshToken);
            }
        }
    }
    if (jsonObject.has("long_lived_access_token")) {
        JSONObject longLivedAccessTokenJsonObject = jsonObject.getJSONObject("long_lived_access_token");
        if (longLivedAccessTokenJsonObject.has("code") && longLivedAccessTokenJsonObject.has("creation_date") && longLivedAccessTokenJsonObject.has("expiration_date")) {
            String tokenCode = longLivedAccessTokenJsonObject.getString("code");
            Date creationDate = new Date(longLivedAccessTokenJsonObject.getLong("creation_date"));
            Date expirationDate = new Date(longLivedAccessTokenJsonObject.getLong("expiration_date"));
            longLivedAccessToken = new AccessToken(tokenCode, creationDate, expirationDate);
        }
    }
    if (jsonObject.has("id_token")) {
        JSONObject idTokenJsonObject = jsonObject.getJSONObject("id_token");
        if (idTokenJsonObject.has("code") && idTokenJsonObject.has("creation_date") && idTokenJsonObject.has("expiration_date")) {
            String tokenCode = idTokenJsonObject.getString("code");
            Date creationDate = new Date(idTokenJsonObject.getLong("creation_date"));
            Date expirationDate = new Date(idTokenJsonObject.getLong("expiration_date"));
            idToken = new IdToken(tokenCode, creationDate, expirationDate);
        }
    }
    return result;
}
Also used : IdToken(org.gluu.oxauth.model.common.IdToken) RefreshToken(org.gluu.oxauth.model.common.RefreshToken) JSONObject(org.json.JSONObject) AccessToken(org.gluu.oxauth.model.common.AccessToken) JSONArray(org.json.JSONArray) Date(java.util.Date)

Aggregations

AccessToken (org.gluu.oxauth.model.common.AccessToken)3 JSONObject (org.json.JSONObject)3 RefreshToken (org.gluu.oxauth.model.common.RefreshToken)2 JSONArray (org.json.JSONArray)2 JSONException (org.json.JSONException)2 IOException (java.io.IOException)1 UnsupportedEncodingException (java.io.UnsupportedEncodingException)1 Date (java.util.Date)1 WebApplicationException (javax.ws.rs.WebApplicationException)1 AbstractToken (org.gluu.oxauth.model.common.AbstractToken)1 AuthorizationGrant (org.gluu.oxauth.model.common.AuthorizationGrant)1 IdToken (org.gluu.oxauth.model.common.IdToken)1 IntrospectionResponse (org.gluu.oxauth.model.common.IntrospectionResponse)1 ExternalIntrospectionContext (org.gluu.oxauth.service.external.context.ExternalIntrospectionContext)1