Examples with OauthData - org.gluu.oxtrust.security.OauthData

Example 1 with OauthData

use of org.gluu.oxtrust.security.OauthData in project oxTrust by GluuFederation.

the class Authenticator method oAuthlLogout.

public void oAuthlLogout() throws Exception {
    OauthData oauthData = identity.getOauthData();
    if (StringHelper.isEmpty(oauthData.getUserUid())) {
        return;
    }
    ClientRequest clientRequest = new ClientRequest(openIdService.getOpenIdConfiguration().getEndSessionEndpoint());
    clientRequest.queryParameter(OxTrustConstants.OXAUTH_SESSION_STATE, oauthData.getSessionState());
    clientRequest.queryParameter(OxTrustConstants.OXAUTH_ID_TOKEN_HINT, oauthData.getIdToken());
    clientRequest.queryParameter(OxTrustConstants.OXAUTH_POST_LOGOUT_REDIRECT_URI, appConfiguration.getLogoutRedirectUrl());
    // Clean up OAuth token
    oauthData.setUserUid(null);
    oauthData.setIdToken(null);
    oauthData.setSessionState(null);
    oauthData = null;
    FacesContext.getCurrentInstance().getExternalContext().redirect(clientRequest.getUri());
}

Also used : OauthData(org.gluu.oxtrust.security.OauthData) ClientRequest(org.jboss.resteasy.client.ClientRequest)

Example 2 with OauthData

use of org.gluu.oxtrust.security.OauthData in project oxTrust by GluuFederation.

the class Authenticator method requestAccessToken.

private String requestAccessToken(String oxAuthHost, String authorizationCode, String sessionState, String idToken, String scopes, String clientID, String clientPassword) {
    OpenIdConfigurationResponse openIdConfiguration = openIdService.getOpenIdConfiguration();
    // 1. Request access token using the authorization code.
    TokenClient tokenClient1 = new TokenClient(openIdConfiguration.getTokenEndpoint());
    log.info("Sending request to token endpoint");
    String redirectURL = appConfiguration.getLoginRedirectUrl();
    log.info("redirectURI : " + redirectURL);
    TokenResponse tokenResponse = tokenClient1.execAuthorizationCode(authorizationCode, redirectURL, clientID, clientPassword);
    log.debug(" tokenResponse : " + tokenResponse);
    if (tokenResponse == null) {
        log.error("Get empty token response. User rcan't log into application");
        return OxTrustConstants.RESULT_NO_PERMISSIONS;
    }
    log.debug(" tokenResponse.getErrorType() : " + tokenResponse.getErrorType());
    String accessToken = tokenResponse.getAccessToken();
    log.debug(" accessToken : " + accessToken);
    log.info("Session validation successful. User is logged in");
    UserInfoClient userInfoClient = new UserInfoClient(openIdConfiguration.getUserInfoEndpoint());
    UserInfoResponse userInfoResponse = userInfoClient.execUserInfo(accessToken);
    OauthData oauthData = identity.getOauthData();
    oauthData.setHost(oxAuthHost);
    // Determine uid
    List<String> uidValues = userInfoResponse.getClaims().get(JwtClaimName.USER_NAME);
    if ((uidValues == null) || (uidValues.size() == 0)) {
        log.error("User info response doesn't contains uid claim");
        return OxTrustConstants.RESULT_NO_PERMISSIONS;
    }
    // Store request authentication method
    if (identity.getSessionMap().containsKey(OxTrustConstants.OXAUTH_ACR_VALUES)) {
        String requestAcrValues = (String) identity.getSessionMap().get(OxTrustConstants.OXAUTH_ACR_VALUES);
        Jwt jwt;
        try {
            jwt = Jwt.parse(idToken);
        } catch (InvalidJwtException ex) {
            log.error("Failed to parse id_token");
            return OxTrustConstants.RESULT_NO_PERMISSIONS;
        }
        String issuer = openIdConfiguration.getIssuer();
        String responseIssuer = (String) jwt.getClaims().getClaim(JwtClaimName.ISSUER);
        if (issuer == null || responseIssuer == null || !issuer.equals(responseIssuer)) {
            log.error("User info response :  Issuer.");
            return OxTrustConstants.RESULT_NO_PERMISSIONS;
        }
        List<String> acrValues = jwt.getClaims().getClaimAsStringList(JwtClaimName.AUTHENTICATION_CONTEXT_CLASS_REFERENCE);
        if ((acrValues == null) || (acrValues.size() == 0) || !acrValues.contains(requestAcrValues)) {
            log.error("User info response doesn't contains acr claim");
            return OxTrustConstants.RESULT_NO_PERMISSIONS;
        }
        if (!acrValues.contains(requestAcrValues)) {
            log.error("User info response contains acr='{}' claim but expected acr='{}'", acrValues, requestAcrValues);
            return OxTrustConstants.RESULT_NO_PERMISSIONS;
        }
        String nonceResponse = (String) jwt.getClaims().getClaim(JwtClaimName.NONCE);
        String nonceSession = (String) identity.getSessionMap().get(OxTrustConstants.OXAUTH_NONCE);
        if (!StringHelper.equals(nonceSession, nonceResponse)) {
            log.error("User info response :  nonce is not matching.");
            return OxTrustConstants.RESULT_NO_PERMISSIONS;
        }
    }
    oauthData.setUserUid(uidValues.get(0));
    oauthData.setAccessToken(accessToken);
    oauthData.setAccessTokenExpirationInSeconds(tokenResponse.getExpiresIn());
    oauthData.setScopes(scopes);
    oauthData.setIdToken(idToken);
    oauthData.setSessionState(sessionState);
    log.info("user uid:" + oauthData.getUserUid());
    return OxTrustConstants.RESULT_SUCCESS;
}

Also used : InvalidJwtException(org.xdi.oxauth.model.exception.InvalidJwtException) OauthData(org.gluu.oxtrust.security.OauthData) Jwt(org.xdi.oxauth.model.jwt.Jwt)

Example 3 with OauthData

use of org.gluu.oxtrust.security.OauthData in project oxTrust by GluuFederation.

the class AuthenticationSessionService method sessionDestroyed.

@PreDestroy
public void sessionDestroyed() {
    OauthData oauthData = identity.getOauthData();
    if ((oauthData == null) || StringHelper.isEmpty(oauthData.getSessionState())) {
        return;
    }
    String userUid = oauthData.getUserUid();
    log.debug("Calling oxAuth logout method at the end of HTTP session. User: '{}'", userUid);
    try {
        String endSessionState = UUID.randomUUID().toString();
        EndSessionRequest endSessionRequest = new EndSessionRequest(oauthData.getIdToken(), appConfiguration.getLogoutRedirectUrl(), endSessionState);
        endSessionRequest.setSessionState(oauthData.getSessionState());
        EndSessionClient endSessionClient = new EndSessionClient(openIdService.getOpenIdConfiguration().getEndSessionEndpoint());
        endSessionClient.setRequest(endSessionRequest);
        EndSessionResponse endSessionResponse = endSessionClient.exec();
        if ((endSessionResponse == null) || (endSessionResponse.getStatus() != 302)) {
            log.error("Invalid response code at oxAuth logout. User: '{}'", userUid);
        }
    } catch (Exception ex) {
        log.error("Exception happened at oxAuth logout. User: '{}'", ex, userUid);
    }
}

Also used : OauthData(org.gluu.oxtrust.security.OauthData) EndSessionClient(org.xdi.oxauth.client.EndSessionClient) EndSessionRequest(org.xdi.oxauth.client.EndSessionRequest) EndSessionResponse(org.xdi.oxauth.client.EndSessionResponse) PreDestroy(javax.annotation.PreDestroy)

Aggregations

OauthData (org.gluu.oxtrust.security.OauthData)3 PreDestroy (javax.annotation.PreDestroy)1 ClientRequest (org.jboss.resteasy.client.ClientRequest)1 EndSessionClient (org.xdi.oxauth.client.EndSessionClient)1 EndSessionRequest (org.xdi.oxauth.client.EndSessionRequest)1 EndSessionResponse (org.xdi.oxauth.client.EndSessionResponse)1 InvalidJwtException (org.xdi.oxauth.model.exception.InvalidJwtException)1 Jwt (org.xdi.oxauth.model.jwt.Jwt)1