use of org.jose4j.jwt.consumer.JwtContext in project light-4j by networknt.
the class Http2ClientIT method isTokenExpired.
private static boolean isTokenExpired(String authorization) {
boolean expired = false;
String jwt = getJwtFromAuthorization(authorization);
if (jwt != null) {
try {
JwtConsumer consumer = new JwtConsumerBuilder().setSkipAllValidators().setDisableRequireSignature().setSkipSignatureVerification().build();
JwtContext jwtContext = consumer.process(jwt);
JwtClaims jwtClaims = jwtContext.getJwtClaims();
try {
if ((NumericDate.now().getValue() - 60) >= jwtClaims.getExpirationTime().getValue()) {
expired = true;
}
} catch (MalformedClaimException e) {
logger.error("MalformedClaimException:", e);
}
} catch (InvalidJwtException e) {
e.printStackTrace();
}
}
return expired;
}
use of org.jose4j.jwt.consumer.JwtContext in project digilib by robcast.
the class OpenIdAuthnOps method getUserRoles.
/* (non-Javadoc)
* @see digilib.auth.AuthnOps#getUserRoles(digilib.conf.DigilibRequest)
*/
@Override
public List<String> getUserRoles(DigilibRequest request) throws AuthOpException {
/*
* try token parameter first
*/
String id_token = request.getAsString("id_token");
if (id_token == null || id_token.isEmpty()) {
/*
* try token cookie next
*/
HttpServletRequest srvReq = ((DigilibServletRequest) request).getServletRequest();
Cookie[] cookies = srvReq.getCookies();
if (cookies != null) {
for (Cookie c : cookies) {
if (c.getName().equals(tokenCookieName)) {
id_token = c.getValue();
break;
}
}
}
if (id_token == null || id_token.isEmpty()) {
logger.error("Missing id token!");
return null;
}
}
// the first JwtConsumer is just used to parse the JWT into a JwtContext object.
try {
JwtContext jwtContext = firstPassJwtConsumer.process(id_token);
// extract issuer
String issuer = jwtContext.getJwtClaims().getIssuer();
// get validating consumer for this issuer
JwtConsumer secondPassJwtConsumer = idpJwtConsumers.get(issuer);
if (secondPassJwtConsumer == null) {
logger.error("Unknown id token issuer: " + issuer);
return null;
}
// validate token
secondPassJwtConsumer.processContext(jwtContext);
JwtClaims claims = jwtContext.getJwtClaims();
String sub = claims.getSubject();
// get roles
List<String> provided = idpRoles.get(issuer);
logger.debug("Roles provided by id_token (sub='" + sub + "'): " + provided);
return provided;
} catch (InvalidJwtException | MalformedClaimException e) {
logger.error("Error validating id token: " + e.getMessage());
return null;
}
}
use of org.jose4j.jwt.consumer.JwtContext in project smallrye-jwt by smallrye.
the class DefaultJWTCallerPrincipalFactory method parse.
@Override
public JWTCallerPrincipal parse(final String token, final JWTAuthContextInfo authContextInfo) throws ParseException {
JwtContext jwtContext = parser.parse(token, authContextInfo);
String type = jwtContext.getJoseObjects().get(0).getHeader("typ");
return new DefaultJWTCallerPrincipal(type, jwtContext.getJwtClaims());
}
use of org.jose4j.jwt.consumer.JwtContext in project smallrye-jwt by smallrye.
the class DefaultJWTTokenParser method verifyRequiredClaims.
private void verifyRequiredClaims(JWTAuthContextInfo authContextInfo, JwtContext jwtContext) throws InvalidJwtException {
final Set<String> requiredClaims = authContextInfo.getRequiredClaims();
if (requiredClaims != null) {
if (!jwtContext.getJwtClaims().getClaimsMap().keySet().containsAll(requiredClaims)) {
if (PrincipalLogging.log.isDebugEnabled()) {
final String missingClaims = requiredClaims.stream().filter(claim -> !jwtContext.getJwtClaims().getClaimsMap().containsKey(claim)).collect(Collectors.joining(","));
PrincipalLogging.log.missingClaims(missingClaims);
}
throw PrincipalMessages.msg.missingClaims(s -> new InvalidJwtException(s, emptyList(), jwtContext));
}
}
}
use of org.jose4j.jwt.consumer.JwtContext in project smallrye-jwt by smallrye.
the class DefaultJWTTokenParserTest method testParseMultipleExpectedAudienceValues.
@Test
public void testParseMultipleExpectedAudienceValues() throws Exception {
config.setExpectedAudience(new HashSet<>(Arrays.asList("MISSING", TCK_TOKEN1_AUD)));
JwtContext context = parser.parse(TokenUtils.signClaims("/Token1.json"), config);
assertNotNull(context);
assertEquals(TCK_TOKEN1_AUD, context.getJwtClaims().getAudience().get(0));
}
Aggregations