Search in sources :

Example 6 with OAuth2ErrorRepresentation

use of org.keycloak.representations.idm.OAuth2ErrorRepresentation in project keycloak by keycloak.

the class ClientsManagementService method getClientClusterHost.

protected String getClientClusterHost(MultivaluedMap<String, String> formData) {
    String clientClusterHost = formData.getFirst(AdapterConstants.CLIENT_CLUSTER_HOST);
    if (clientClusterHost == null || clientClusterHost.length() == 0) {
        OAuth2ErrorRepresentation errorRep = new OAuth2ErrorRepresentation(OAuthErrorException.INVALID_REQUEST, "Client cluster host not specified");
        event.error(Errors.INVALID_CODE);
        throw new BadRequestException("Cluster host not specified", javax.ws.rs.core.Response.status(javax.ws.rs.core.Response.Status.BAD_REQUEST).entity(errorRep).type(MediaType.APPLICATION_JSON_TYPE).build());
    }
    return clientClusterHost;
}
Also used : OAuth2ErrorRepresentation(org.keycloak.representations.idm.OAuth2ErrorRepresentation) BadRequestException(org.jboss.resteasy.spi.BadRequestException)

Example 7 with OAuth2ErrorRepresentation

use of org.keycloak.representations.idm.OAuth2ErrorRepresentation in project keycloak by keycloak.

the class CorsErrorResponseException method getResponse.

@Override
public Response getResponse() {
    OAuth2ErrorRepresentation errorRep = new OAuth2ErrorRepresentation(error, errorDescription);
    Response.ResponseBuilder builder = Response.status(status).entity(errorRep).type(MediaType.APPLICATION_JSON_TYPE);
    return cors.builder(builder).build();
}
Also used : Response(javax.ws.rs.core.Response) OAuth2ErrorRepresentation(org.keycloak.representations.idm.OAuth2ErrorRepresentation)

Example 8 with OAuth2ErrorRepresentation

use of org.keycloak.representations.idm.OAuth2ErrorRepresentation in project keycloak by keycloak.

the class DirectAccessGrantsLoginModule method directGrantAuth.

protected Auth directGrantAuth(String username, String password) throws IOException, VerificationException {
    String authServerBaseUrl = deployment.getAuthServerBaseUrl();
    HttpPost post = new HttpPost(deployment.getTokenUrl());
    List<NameValuePair> formparams = new ArrayList<NameValuePair>();
    formparams.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, OAuth2Constants.PASSWORD));
    formparams.add(new BasicNameValuePair("username", username));
    formparams.add(new BasicNameValuePair("password", password));
    if (scope != null) {
        formparams.add(new BasicNameValuePair(OAuth2Constants.SCOPE, scope));
    }
    ClientCredentialsProviderUtils.setClientCredentials(deployment, post, formparams);
    UrlEncodedFormEntity form = new UrlEncodedFormEntity(formparams, "UTF-8");
    post.setEntity(form);
    HttpClient client = deployment.getClient();
    HttpResponse response = client.execute(post);
    int status = response.getStatusLine().getStatusCode();
    HttpEntity entity = response.getEntity();
    if (status != 200) {
        StringBuilder errorBuilder = new StringBuilder("Login failed. Invalid status: " + status);
        if (entity != null) {
            InputStream is = entity.getContent();
            OAuth2ErrorRepresentation errorRep = JsonSerialization.readValue(is, OAuth2ErrorRepresentation.class);
            errorBuilder.append(", OAuth2 error. Error: " + errorRep.getError()).append(", Error description: " + errorRep.getErrorDescription());
        }
        String error = errorBuilder.toString();
        log.warn(error);
        throw new IOException(error);
    }
    if (entity == null) {
        throw new IOException("No Entity");
    }
    InputStream is = entity.getContent();
    AccessTokenResponse tokenResponse = JsonSerialization.readValue(is, AccessTokenResponse.class);
    // refreshToken will be saved to privateCreds of Subject for now
    refreshToken = tokenResponse.getRefreshToken();
    AdapterTokenVerifier.VerifiedTokens tokens = AdapterTokenVerifier.verifyTokens(tokenResponse.getToken(), tokenResponse.getIdToken(), deployment);
    return postTokenVerification(tokenResponse.getToken(), tokens.getAccessToken());
}
Also used : HttpPost(org.apache.http.client.methods.HttpPost) BasicNameValuePair(org.apache.http.message.BasicNameValuePair) NameValuePair(org.apache.http.NameValuePair) AdapterTokenVerifier(org.keycloak.adapters.rotation.AdapterTokenVerifier) HttpEntity(org.apache.http.HttpEntity) InputStream(java.io.InputStream) ArrayList(java.util.ArrayList) HttpResponse(org.apache.http.HttpResponse) OAuth2ErrorRepresentation(org.keycloak.representations.idm.OAuth2ErrorRepresentation) UrlEncodedFormEntity(org.apache.http.client.entity.UrlEncodedFormEntity) IOException(java.io.IOException) BasicNameValuePair(org.apache.http.message.BasicNameValuePair) HttpClient(org.apache.http.client.HttpClient) AccessTokenResponse(org.keycloak.representations.AccessTokenResponse)

Example 9 with OAuth2ErrorRepresentation

use of org.keycloak.representations.idm.OAuth2ErrorRepresentation in project keycloak by keycloak.

the class DirectAccessGrantsLoginModule method logout.

@Override
public boolean logout() throws LoginException {
    if (refreshToken != null) {
        try {
            URI logoutUri = deployment.getLogoutUrl().clone().build();
            HttpPost post = new HttpPost(logoutUri);
            List<NameValuePair> formparams = new ArrayList<>();
            ClientCredentialsProviderUtils.setClientCredentials(deployment, post, formparams);
            formparams.add(new BasicNameValuePair(OAuth2Constants.REFRESH_TOKEN, refreshToken));
            UrlEncodedFormEntity form = new UrlEncodedFormEntity(formparams, "UTF-8");
            post.setEntity(form);
            HttpClient client = deployment.getClient();
            HttpResponse response = client.execute(post);
            int status = response.getStatusLine().getStatusCode();
            HttpEntity entity = response.getEntity();
            if (status != 204) {
                StringBuilder errorBuilder = new StringBuilder("Logout of refreshToken failed. Invalid status: " + status);
                if (entity != null) {
                    InputStream is = entity.getContent();
                    if (status == 400) {
                        OAuth2ErrorRepresentation errorRep = JsonSerialization.readValue(is, OAuth2ErrorRepresentation.class);
                        errorBuilder.append(", OAuth2 error. Error: " + errorRep.getError()).append(", Error description: " + errorRep.getErrorDescription());
                    } else {
                        if (is != null)
                            is.close();
                    }
                }
                // Should do something better than warn if logout failed? Perhaps update of refresh tokens on existing subject might be supported too...
                log.warn(errorBuilder.toString());
            }
        } catch (IOException ioe) {
            log.warn(ioe);
        }
    }
    return super.logout();
}
Also used : HttpPost(org.apache.http.client.methods.HttpPost) BasicNameValuePair(org.apache.http.message.BasicNameValuePair) NameValuePair(org.apache.http.NameValuePair) HttpEntity(org.apache.http.HttpEntity) InputStream(java.io.InputStream) ArrayList(java.util.ArrayList) HttpResponse(org.apache.http.HttpResponse) OAuth2ErrorRepresentation(org.keycloak.representations.idm.OAuth2ErrorRepresentation) UrlEncodedFormEntity(org.apache.http.client.entity.UrlEncodedFormEntity) IOException(java.io.IOException) URI(java.net.URI) BasicNameValuePair(org.apache.http.message.BasicNameValuePair) HttpClient(org.apache.http.client.HttpClient)

Example 10 with OAuth2ErrorRepresentation

use of org.keycloak.representations.idm.OAuth2ErrorRepresentation in project keycloak by keycloak.

the class ClientsManagementService method authorizeClient.

protected ClientModel authorizeClient() {
    ClientModel client = AuthorizeClientUtil.authorizeClient(session, event, null).getClient();
    if (client.isPublicClient()) {
        OAuth2ErrorRepresentation errorRep = new OAuth2ErrorRepresentation(OAuthErrorException.INVALID_CLIENT, "Public clients not allowed");
        event.error(Errors.INVALID_CLIENT);
        throw new BadRequestException("Public clients not allowed", javax.ws.rs.core.Response.status(javax.ws.rs.core.Response.Status.BAD_REQUEST).entity(errorRep).type(MediaType.APPLICATION_JSON_TYPE).build());
    }
    return client;
}
Also used : ClientModel(org.keycloak.models.ClientModel) OAuth2ErrorRepresentation(org.keycloak.representations.idm.OAuth2ErrorRepresentation) BadRequestException(org.jboss.resteasy.spi.BadRequestException)

Aggregations

OAuth2ErrorRepresentation (org.keycloak.representations.idm.OAuth2ErrorRepresentation)17 Test (org.junit.Test)8 AccessTokenResponse (org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse)5 IOException (java.io.IOException)4 HttpPost (org.apache.http.client.methods.HttpPost)4 CloseableHttpClient (org.apache.http.impl.client.CloseableHttpClient)3 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)3 InputStream (java.io.InputStream)2 ArrayList (java.util.ArrayList)2 Objects (java.util.Objects)2 Response (javax.ws.rs.core.Response)2 HttpEntity (org.apache.http.HttpEntity)2 HttpResponse (org.apache.http.HttpResponse)2 NameValuePair (org.apache.http.NameValuePair)2 HttpClient (org.apache.http.client.HttpClient)2 UrlEncodedFormEntity (org.apache.http.client.entity.UrlEncodedFormEntity)2 CloseableHttpResponse (org.apache.http.client.methods.CloseableHttpResponse)2 StringEntity (org.apache.http.entity.StringEntity)2 BasicNameValuePair (org.apache.http.message.BasicNameValuePair)2 BadRequestException (org.jboss.resteasy.spi.BadRequestException)2