use of org.gluu.oxauth.model.common.GrantType in project oxAuth by GluuFederation.
the class OpenIdConfiguration method processRequest.
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code> methods.
*
* @param servletRequest servlet request
* @param httpResponse servlet response
* @throws IOException I/O exception
*/
@SuppressWarnings("deprecation")
protected void processRequest(HttpServletRequest servletRequest, HttpServletResponse httpResponse) throws IOException {
if (!(externalAuthenticationService.isLoaded() && externalDynamicScopeService.isLoaded())) {
httpResponse.sendError(HttpServletResponse.SC_SERVICE_UNAVAILABLE);
log.error("oxAuth still starting up!");
return;
}
httpResponse.setContentType("application/json");
try (PrintWriter out = httpResponse.getWriter()) {
final JSONObject cachedResponse = localResponseCache.getDiscoveryResponse();
if (cachedResponse != null) {
log.trace("Cached discovery response returned.");
out.println(ServerUtil.toPrettyJson(cachedResponse).replace("\\/", "/"));
return;
}
JSONObject jsonObj = new JSONObject();
jsonObj.put(ISSUER, appConfiguration.getIssuer());
jsonObj.put(AUTHORIZATION_ENDPOINT, appConfiguration.getAuthorizationEndpoint());
jsonObj.put(TOKEN_ENDPOINT, appConfiguration.getTokenEndpoint());
// remove this line
jsonObj.put(TOKEN_REVOCATION_ENDPOINT, appConfiguration.getTokenRevocationEndpoint());
// in 5.x
jsonObj.put(REVOCATION_ENDPOINT, appConfiguration.getTokenRevocationEndpoint());
jsonObj.put(SESSION_REVOCATION_ENDPOINT, endpointUrl("/revoke_session"));
jsonObj.put(USER_INFO_ENDPOINT, appConfiguration.getUserInfoEndpoint());
jsonObj.put(CLIENT_INFO_ENDPOINT, appConfiguration.getClientInfoEndpoint());
jsonObj.put(CHECK_SESSION_IFRAME, appConfiguration.getCheckSessionIFrame());
jsonObj.put(END_SESSION_ENDPOINT, appConfiguration.getEndSessionEndpoint());
jsonObj.put(JWKS_URI, appConfiguration.getJwksUri());
jsonObj.put(REGISTRATION_ENDPOINT, appConfiguration.getRegistrationEndpoint());
jsonObj.put(ID_GENERATION_ENDPOINT, appConfiguration.getIdGenerationEndpoint());
jsonObj.put(INTROSPECTION_ENDPOINT, appConfiguration.getIntrospectionEndpoint());
jsonObj.put(DEVICE_AUTHZ_ENDPOINT, appConfiguration.getDeviceAuthzEndpoint());
JSONArray responseTypesSupported = new JSONArray();
for (Set<ResponseType> responseTypes : appConfiguration.getResponseTypesSupported()) {
responseTypesSupported.put(implode(responseTypes, " "));
}
if (responseTypesSupported.length() > 0) {
jsonObj.put(RESPONSE_TYPES_SUPPORTED, responseTypesSupported);
}
JSONArray responseModesSupported = new JSONArray();
if (appConfiguration.getResponseModesSupported() != null) {
for (ResponseMode responseMode : appConfiguration.getResponseModesSupported()) {
responseModesSupported.put(responseMode);
}
}
if (responseModesSupported.length() > 0) {
jsonObj.put(RESPONSE_MODES_SUPPORTED, responseModesSupported);
}
JSONArray grantTypesSupported = new JSONArray();
for (GrantType grantType : appConfiguration.getGrantTypesSupported()) {
grantTypesSupported.put(grantType);
}
if (grantTypesSupported.length() > 0) {
jsonObj.put(GRANT_TYPES_SUPPORTED, grantTypesSupported);
}
JSONArray acrValuesSupported = new JSONArray();
for (String acr : externalAuthenticationService.getAcrValuesList()) {
acrValuesSupported.put(acr);
}
jsonObj.put(ACR_VALUES_SUPPORTED, acrValuesSupported);
jsonObj.put(AUTH_LEVEL_MAPPING, createAuthLevelMapping());
JSONArray subjectTypesSupported = new JSONArray();
for (String subjectType : appConfiguration.getSubjectTypesSupported()) {
subjectTypesSupported.put(subjectType);
}
if (subjectTypesSupported.length() > 0) {
jsonObj.put(SUBJECT_TYPES_SUPPORTED, subjectTypesSupported);
}
JSONArray userInfoSigningAlgValuesSupported = new JSONArray();
for (String userInfoSigningAlg : appConfiguration.getUserInfoSigningAlgValuesSupported()) {
userInfoSigningAlgValuesSupported.put(userInfoSigningAlg);
}
if (userInfoSigningAlgValuesSupported.length() > 0) {
jsonObj.put(USER_INFO_SIGNING_ALG_VALUES_SUPPORTED, userInfoSigningAlgValuesSupported);
}
JSONArray userInfoEncryptionAlgValuesSupported = new JSONArray();
for (String userInfoEncryptionAlg : appConfiguration.getUserInfoEncryptionAlgValuesSupported()) {
userInfoEncryptionAlgValuesSupported.put(userInfoEncryptionAlg);
}
if (userInfoEncryptionAlgValuesSupported.length() > 0) {
jsonObj.put(USER_INFO_ENCRYPTION_ALG_VALUES_SUPPORTED, userInfoEncryptionAlgValuesSupported);
}
JSONArray userInfoEncryptionEncValuesSupported = new JSONArray();
for (String userInfoEncryptionEnc : appConfiguration.getUserInfoEncryptionEncValuesSupported()) {
userInfoEncryptionEncValuesSupported.put(userInfoEncryptionEnc);
}
if (userInfoEncryptionAlgValuesSupported.length() > 0) {
jsonObj.put(USER_INFO_ENCRYPTION_ENC_VALUES_SUPPORTED, userInfoEncryptionAlgValuesSupported);
}
JSONArray idTokenSigningAlgValuesSupported = new JSONArray();
for (String idTokenSigningAlg : appConfiguration.getIdTokenSigningAlgValuesSupported()) {
idTokenSigningAlgValuesSupported.put(idTokenSigningAlg);
}
if (idTokenSigningAlgValuesSupported.length() > 0) {
jsonObj.put(ID_TOKEN_SIGNING_ALG_VALUES_SUPPORTED, idTokenSigningAlgValuesSupported);
}
JSONArray idTokenEncryptionAlgValuesSupported = new JSONArray();
for (String idTokenEncryptionAlg : appConfiguration.getIdTokenEncryptionAlgValuesSupported()) {
idTokenEncryptionAlgValuesSupported.put(idTokenEncryptionAlg);
}
if (idTokenEncryptionAlgValuesSupported.length() > 0) {
jsonObj.put(ID_TOKEN_ENCRYPTION_ALG_VALUES_SUPPORTED, idTokenEncryptionAlgValuesSupported);
}
JSONArray idTokenEncryptionEncValuesSupported = new JSONArray();
for (String idTokenEncryptionEnc : appConfiguration.getIdTokenEncryptionEncValuesSupported()) {
idTokenEncryptionEncValuesSupported.put(idTokenEncryptionEnc);
}
if (idTokenEncryptionEncValuesSupported.length() > 0) {
jsonObj.put(ID_TOKEN_ENCRYPTION_ENC_VALUES_SUPPORTED, idTokenEncryptionEncValuesSupported);
}
JSONArray requestObjectSigningAlgValuesSupported = new JSONArray();
for (String requestObjectSigningAlg : appConfiguration.getRequestObjectSigningAlgValuesSupported()) {
requestObjectSigningAlgValuesSupported.put(requestObjectSigningAlg);
}
if (requestObjectSigningAlgValuesSupported.length() > 0) {
jsonObj.put(REQUEST_OBJECT_SIGNING_ALG_VALUES_SUPPORTED, requestObjectSigningAlgValuesSupported);
}
JSONArray requestObjectEncryptionAlgValuesSupported = new JSONArray();
for (String requestObjectEncryptionAlg : appConfiguration.getRequestObjectEncryptionAlgValuesSupported()) {
requestObjectEncryptionAlgValuesSupported.put(requestObjectEncryptionAlg);
}
if (requestObjectEncryptionAlgValuesSupported.length() > 0) {
jsonObj.put(REQUEST_OBJECT_ENCRYPTION_ALG_VALUES_SUPPORTED, requestObjectEncryptionAlgValuesSupported);
}
JSONArray requestObjectEncryptionEncValuesSupported = new JSONArray();
for (String requestObjectEncryptionEnc : appConfiguration.getRequestObjectEncryptionEncValuesSupported()) {
requestObjectEncryptionEncValuesSupported.put(requestObjectEncryptionEnc);
}
if (requestObjectEncryptionEncValuesSupported.length() > 0) {
jsonObj.put(REQUEST_OBJECT_ENCRYPTION_ENC_VALUES_SUPPORTED, requestObjectEncryptionEncValuesSupported);
}
JSONArray tokenEndpointAuthMethodsSupported = new JSONArray();
for (String tokenEndpointAuthMethod : appConfiguration.getTokenEndpointAuthMethodsSupported()) {
tokenEndpointAuthMethodsSupported.put(tokenEndpointAuthMethod);
}
if (tokenEndpointAuthMethodsSupported.length() > 0) {
jsonObj.put(TOKEN_ENDPOINT_AUTH_METHODS_SUPPORTED, tokenEndpointAuthMethodsSupported);
}
JSONArray tokenEndpointAuthSigningAlgValuesSupported = new JSONArray();
for (String tokenEndpointAuthSigningAlg : appConfiguration.getTokenEndpointAuthSigningAlgValuesSupported()) {
tokenEndpointAuthSigningAlgValuesSupported.put(tokenEndpointAuthSigningAlg);
}
if (tokenEndpointAuthSigningAlgValuesSupported.length() > 0) {
jsonObj.put(TOKEN_ENDPOINT_AUTH_SIGNING_ALG_VALUES_SUPPORTED, tokenEndpointAuthSigningAlgValuesSupported);
}
JSONArray displayValuesSupported = new JSONArray();
for (String display : appConfiguration.getDisplayValuesSupported()) {
displayValuesSupported.put(display);
}
if (displayValuesSupported.length() > 0) {
jsonObj.put(DISPLAY_VALUES_SUPPORTED, displayValuesSupported);
}
JSONArray claimTypesSupported = new JSONArray();
for (String claimType : appConfiguration.getClaimTypesSupported()) {
claimTypesSupported.put(claimType);
}
if (claimTypesSupported.length() > 0) {
jsonObj.put(CLAIM_TYPES_SUPPORTED, claimTypesSupported);
}
jsonObj.put(SERVICE_DOCUMENTATION, appConfiguration.getServiceDocumentation());
JSONArray idTokenTokenBindingCnfValuesSupported = new JSONArray();
for (String value : appConfiguration.getIdTokenTokenBindingCnfValuesSupported()) {
idTokenTokenBindingCnfValuesSupported.put(value);
}
jsonObj.put(ID_TOKEN_TOKEN_BINDING_CNF_VALUES_SUPPORTED, idTokenTokenBindingCnfValuesSupported);
JSONArray claimsLocalesSupported = new JSONArray();
for (String claimLocale : appConfiguration.getClaimsLocalesSupported()) {
claimsLocalesSupported.put(claimLocale);
}
if (claimsLocalesSupported.length() > 0) {
jsonObj.put(CLAIMS_LOCALES_SUPPORTED, claimsLocalesSupported);
}
JSONArray uiLocalesSupported = new JSONArray();
for (String uiLocale : appConfiguration.getUiLocalesSupported()) {
uiLocalesSupported.put(uiLocale);
}
if (uiLocalesSupported.length() > 0) {
jsonObj.put(UI_LOCALES_SUPPORTED, uiLocalesSupported);
}
JSONArray scopesSupported = new JSONArray();
JSONArray claimsSupported = new JSONArray();
JSONArray scopeToClaimsMapping = createScopeToClaimsMapping(scopesSupported, claimsSupported);
if (scopesSupported.length() > 0) {
jsonObj.put(SCOPES_SUPPORTED, scopesSupported);
}
if (claimsSupported.length() > 0) {
jsonObj.put(CLAIMS_SUPPORTED, claimsSupported);
}
jsonObj.put(SCOPE_TO_CLAIMS_MAPPING, scopeToClaimsMapping);
jsonObj.put(CLAIMS_PARAMETER_SUPPORTED, appConfiguration.getClaimsParameterSupported());
jsonObj.put(REQUEST_PARAMETER_SUPPORTED, appConfiguration.getRequestParameterSupported());
jsonObj.put(REQUEST_URI_PARAMETER_SUPPORTED, appConfiguration.getRequestUriParameterSupported());
jsonObj.put(REQUIRE_REQUEST_URI_REGISTRATION, appConfiguration.getRequireRequestUriRegistration());
jsonObj.put(OP_POLICY_URI, appConfiguration.getOpPolicyUri());
jsonObj.put(OP_TOS_URI, appConfiguration.getOpTosUri());
jsonObj.put(TLS_CLIENT_CERTIFICATE_BOUND_ACCESS_TOKENS, Boolean.TRUE);
jsonObj.put(BACKCHANNEL_LOGOUT_SUPPORTED, Boolean.TRUE);
jsonObj.put(BACKCHANNEL_LOGOUT_SESSION_SUPPORTED, Boolean.TRUE);
jsonObj.put(FRONTCHANNEL_LOGOUT_SUPPORTED, Boolean.TRUE);
jsonObj.put(FRONTCHANNEL_LOGOUT_SESSION_SUPPORTED, Boolean.TRUE);
jsonObj.put(FRONT_CHANNEL_LOGOUT_SESSION_SUPPORTED, appConfiguration.getFrontChannelLogoutSessionSupported());
// CIBA Configuration
cibaConfigurationService.processConfiguration(jsonObj);
localResponseCache.putDiscoveryResponse(jsonObj);
out.println(ServerUtil.toPrettyJson(jsonObj).replace("\\/", "/"));
} catch (Exception e) {
log.error(e.getMessage(), e);
}
}
use of org.gluu.oxauth.model.common.GrantType in project oxAuth by GluuFederation.
the class TokenRestWebServiceEmbeddedTest method dynamicClientRegistration.
@Parameters({ "registerPath", "redirectUris" })
@Test
public void dynamicClientRegistration(final String registerPath, final String redirectUris) throws Exception {
Builder request = ResteasyClientBuilder.newClient().target(url.toString() + registerPath).request();
String registerRequestContent = null;
try {
List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE, ResponseType.TOKEN, ResponseType.ID_TOKEN);
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.addCustomAttribute("oxAuthTrustedClient", "true");
List<GrantType> grantTypes = Arrays.asList(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS, GrantType.CLIENT_CREDENTIALS);
registerRequest.setGrantTypes(grantTypes);
registerRequestContent = ServerUtil.toPrettyJson(registerRequest.getJSONParameters());
} catch (JSONException e) {
e.printStackTrace();
fail(e.getMessage());
}
Response response = request.post(Entity.json(registerRequestContent));
String entity = response.readEntity(String.class);
showResponse("dynamicClientRegistration", response, entity);
assertEquals(response.getStatus(), 200, "Unexpected response code. " + entity);
assertNotNull(entity, "Unexpected result: " + entity);
try {
final RegisterResponse registerResponse = RegisterResponse.valueOf(entity);
ClientTestUtil.assert_(registerResponse);
clientId = registerResponse.getClientId();
clientSecret = registerResponse.getClientSecret();
} catch (Exception e) {
e.printStackTrace();
fail(e.getMessage() + "\nResponse was: " + entity);
}
}
use of org.gluu.oxauth.model.common.GrantType in project oxAuth by GluuFederation.
the class TokenRestWebServiceWithHSAlgEmbeddedTest method requestAccessTokenWithClientSecretJwtHS256Step1.
@Parameters({ "registerPath", "redirectUris", "clientJwksUri" })
@Test
public void requestAccessTokenWithClientSecretJwtHS256Step1(final String registerPath, final String redirectUris, final String jwksUri) throws Exception {
Builder request = ResteasyClientBuilder.newClient().target(url.toString() + registerPath).request();
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setJwksUri(jwksUri);
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.CLIENT_SECRET_JWT);
registerRequest.addCustomAttribute("oxAuthTrustedClient", "true");
List<GrantType> grantTypes = Arrays.asList(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS);
registerRequest.setGrantTypes(grantTypes);
String registerRequestContent = ServerUtil.toPrettyJson(registerRequest.getJSONParameters());
Response response = request.post(Entity.json(registerRequestContent));
String entity = response.readEntity(String.class);
showResponse("requestAccessTokenWithClientSecretJwtHS256Step1", response, entity);
assertEquals(response.getStatus(), 200, "Unexpected response code. " + entity);
assertNotNull(entity, "Unexpected result: " + entity);
try {
JSONObject jsonObj = new JSONObject(entity);
assertTrue(jsonObj.has(RegisterResponseParam.CLIENT_ID.toString()));
assertTrue(jsonObj.has(CLIENT_SECRET.toString()));
assertTrue(jsonObj.has(REGISTRATION_ACCESS_TOKEN.toString()));
assertTrue(jsonObj.has(REGISTRATION_CLIENT_URI.toString()));
assertTrue(jsonObj.has(CLIENT_ID_ISSUED_AT.toString()));
assertTrue(jsonObj.has(CLIENT_SECRET_EXPIRES_AT.toString()));
clientId1 = jsonObj.getString(RegisterResponseParam.CLIENT_ID.toString());
clientSecret1 = jsonObj.getString(CLIENT_SECRET.toString());
} catch (JSONException e) {
e.printStackTrace();
fail(e.getMessage() + "\nResponse was: " + entity);
}
}
use of org.gluu.oxauth.model.common.GrantType in project oxAuth by GluuFederation.
the class TokenRestWebServiceWithHSAlgEmbeddedTest method requestAccessTokenWithClientSecretJwtHS512Step1.
@Parameters({ "registerPath", "redirectUris", "clientJwksUri" })
@Test
public void requestAccessTokenWithClientSecretJwtHS512Step1(final String registerPath, final String redirectUris, final String jwksUri) throws Exception {
Builder request = ResteasyClientBuilder.newClient().target(url.toString() + registerPath).request();
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setJwksUri(jwksUri);
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.CLIENT_SECRET_JWT);
registerRequest.addCustomAttribute("oxAuthTrustedClient", "true");
List<GrantType> grantTypes = Arrays.asList(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS);
registerRequest.setGrantTypes(grantTypes);
String registerRequestContent = ServerUtil.toPrettyJson(registerRequest.getJSONParameters());
Response response = request.post(Entity.json(registerRequestContent));
String entity = response.readEntity(String.class);
showResponse("requestAccessTokenWithClientSecretJwtHS512Step1", response, entity);
assertEquals(response.getStatus(), 200, "Unexpected response code. " + entity);
assertNotNull(entity, "Unexpected result: " + entity);
try {
JSONObject jsonObj = new JSONObject(entity);
assertTrue(jsonObj.has(RegisterResponseParam.CLIENT_ID.toString()));
assertTrue(jsonObj.has(CLIENT_SECRET.toString()));
assertTrue(jsonObj.has(REGISTRATION_ACCESS_TOKEN.toString()));
assertTrue(jsonObj.has(REGISTRATION_CLIENT_URI.toString()));
assertTrue(jsonObj.has(CLIENT_ID_ISSUED_AT.toString()));
assertTrue(jsonObj.has(CLIENT_SECRET_EXPIRES_AT.toString()));
clientId3 = jsonObj.getString(RegisterResponseParam.CLIENT_ID.toString());
clientSecret3 = jsonObj.getString(CLIENT_SECRET.toString());
} catch (JSONException e) {
e.printStackTrace();
fail(e.getMessage() + "\nResponse was: " + entity);
}
}
use of org.gluu.oxauth.model.common.GrantType in project oxAuth by GluuFederation.
the class TokenRestWebServiceWithHSAlgEmbeddedTest method requestAccessTokenWithClientSecretJwtHS384Step1.
@Parameters({ "registerPath", "redirectUris", "clientJwksUri" })
@Test
public void requestAccessTokenWithClientSecretJwtHS384Step1(final String registerPath, final String redirectUris, final String jwksUri) throws Exception {
Builder request = ResteasyClientBuilder.newClient().target(url.toString() + registerPath).request();
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setJwksUri(jwksUri);
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.CLIENT_SECRET_JWT);
registerRequest.addCustomAttribute("oxAuthTrustedClient", "true");
List<GrantType> grantTypes = Arrays.asList(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS);
registerRequest.setGrantTypes(grantTypes);
String registerRequestContent = ServerUtil.toPrettyJson(registerRequest.getJSONParameters());
Response response = request.post(Entity.json(registerRequestContent));
String entity = response.readEntity(String.class);
showResponse("requestAccessTokenWithClientSecretJwtHS384Step1", response, entity);
assertEquals(response.getStatus(), 200, "Unexpected response code. " + entity);
assertNotNull(entity, "Unexpected result: " + entity);
try {
JSONObject jsonObj = new JSONObject(entity);
assertTrue(jsonObj.has(RegisterResponseParam.CLIENT_ID.toString()));
assertTrue(jsonObj.has(CLIENT_SECRET.toString()));
assertTrue(jsonObj.has(REGISTRATION_ACCESS_TOKEN.toString()));
assertTrue(jsonObj.has(REGISTRATION_CLIENT_URI.toString()));
assertTrue(jsonObj.has(CLIENT_ID_ISSUED_AT.toString()));
assertTrue(jsonObj.has(CLIENT_SECRET_EXPIRES_AT.toString()));
clientId2 = jsonObj.getString(RegisterResponseParam.CLIENT_ID.toString());
clientSecret2 = jsonObj.getString(CLIENT_SECRET.toString());
} catch (JSONException e) {
e.printStackTrace();
fail(e.getMessage() + "\nResponse was: " + entity);
}
}
Aggregations