Example 11 with SignatureAlgorithm
use of org.gluu.oxauth.model.crypto.signature.SignatureAlgorithm in project oxAuth by GluuFederation.
the class AuthorizationGrant method createAccessTokenAsJwt.
private String createAccessTokenAsJwt(AccessToken accessToken, ExecutionContext context) throws Exception {
final User user = getUser();
final Client client = getClient();
SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.fromString(appConfiguration.getDefaultSignatureAlgorithm());
if (client.getAccessTokenSigningAlg() != null && SignatureAlgorithm.fromString(client.getAccessTokenSigningAlg()) != null) {
signatureAlgorithm = SignatureAlgorithm.fromString(client.getAccessTokenSigningAlg());
}
final JwtSigner jwtSigner = new JwtSigner(appConfiguration, webKeysConfiguration, signatureAlgorithm, client.getClientId(), clientService.decryptSecret(client.getClientSecret()));
final Jwt jwt = jwtSigner.newJwt();
jwt.getClaims().setClaim("scope", Lists.newArrayList(getScopes()));
jwt.getClaims().setClaim("client_id", getClientId());
jwt.getClaims().setClaim("username", user != null ? user.getAttribute("displayName") : null);
jwt.getClaims().setClaim("token_type", accessToken.getTokenType().getName());
// guarantee uniqueness : without it we can get race condition
jwt.getClaims().setClaim("code", accessToken.getCode());
jwt.getClaims().setExpirationTime(accessToken.getExpirationDate());
jwt.getClaims().setIssuedAt(accessToken.getCreationDate());
jwt.getClaims().setSubjectIdentifier(getSub());
jwt.getClaims().setClaim("x5t#S256", accessToken.getX5ts256());
Audience.setAudience(jwt.getClaims(), getClient());
if (client.getAttributes().getRunIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims()) {
runIntrospectionScriptAndInjectValuesIntoJwt(jwt, context);
}
final String accessTokenCode = jwtSigner.sign().toString();
if (log.isTraceEnabled())
log.trace("Created access token JWT: {}", accessTokenCode + ", claims: " + jwt.getClaims().toJsonString());
return accessTokenCode;
}
Also used :
JwtSigner(org.gluu.oxauth.model.token.JwtSigner)
Jwt(org.gluu.oxauth.model.jwt.Jwt)
SignatureAlgorithm(org.gluu.oxauth.model.crypto.signature.SignatureAlgorithm)
Client(org.gluu.oxauth.model.registration.Client)
Aggregations
SignatureAlgorithm (org.gluu.oxauth.model.crypto.signature.SignatureAlgorithm)11
Jwt (org.gluu.oxauth.model.jwt.Jwt)5
JSONObject (org.json.JSONObject)5
InvalidJwtException (org.gluu.oxauth.model.exception.InvalidJwtException)4
Client (org.gluu.oxauth.model.registration.Client)4
JwtSigner (org.gluu.oxauth.model.token.JwtSigner)3
JSONException (org.json.JSONException)3
PrivateKey (java.security.PrivateKey)2
X509Certificate (java.security.cert.X509Certificate)2
ArrayList (java.util.ArrayList)2
Date (java.util.Date)2
WebApplicationException (javax.ws.rs.WebApplicationException)2
Response (javax.ws.rs.core.Response)2
OAuth2AuditLog (org.gluu.oxauth.model.audit.OAuth2AuditLog)2
BlockEncryptionAlgorithm (org.gluu.oxauth.model.crypto.encryption.BlockEncryptionAlgorithm)2
KeyEncryptionAlgorithm (org.gluu.oxauth.model.crypto.encryption.KeyEncryptionAlgorithm)2
InvalidJweException (org.gluu.oxauth.model.exception.InvalidJweException)2
ClientService (org.gluu.oxauth.service.ClientService)2
RSAKey (com.nimbusds.jose.jwk.RSAKey)1
FileOutputStream (java.io.FileOutputStream)1
