Examples with UnsupportedResponseTypeException org.maxkey.authz.oauth2.common.exceptions.UnsupportedResponseTypeException used on opensource projects

Example 1 with UnsupportedResponseTypeException

use of org.maxkey.authz.oauth2.common.exceptions.UnsupportedResponseTypeException in project uaa by cloudfoundry.

the class UaaAuthorizationEndpoint method getImplicitGrantOrHybridResponse.

// We can grant a token and return it with implicit approval.
private ModelAndView getImplicitGrantOrHybridResponse(AuthorizationRequest authorizationRequest, Authentication authentication, String grantType) {
    OAuth2AccessToken accessToken;
    try {
        TokenRequest tokenRequest = getOAuth2RequestFactory().createTokenRequest(authorizationRequest, GRANT_TYPE_IMPLICIT);
        Map<String, String> requestParameters = new HashMap<>(authorizationRequest.getRequestParameters());
        requestParameters.put(GRANT_TYPE, grantType);
        authorizationRequest.setRequestParameters(requestParameters);
        OAuth2Request storedOAuth2Request = getOAuth2RequestFactory().createOAuth2Request(authorizationRequest);
        accessToken = getAccessTokenForImplicitGrantOrHybrid(tokenRequest, storedOAuth2Request, grantType);
        if (accessToken == null) {
            throw new UnsupportedResponseTypeException("Unsupported response type: token or id_token");
        }
        return new ModelAndView(new RedirectView(buildRedirectURI(authorizationRequest, accessToken, authentication), false, true, false));
    } catch (OAuth2Exception e) {
        return new ModelAndView(new RedirectView(getUnsuccessfulRedirect(authorizationRequest, e, true), false, true, false));
    }
}

Example 2 with UnsupportedResponseTypeException

use of org.maxkey.authz.oauth2.common.exceptions.UnsupportedResponseTypeException in project MaxKey by dromara.

the class AuthorizationEndpoint method authorize.

@Operation(summary = "OAuth 2.0 认证接口", description = "传递参数client_id,response_type,redirect_uri等", method = "GET")
@RequestMapping(value = { OAuth2Constants.ENDPOINT.ENDPOINT_AUTHORIZE, OAuth2Constants.ENDPOINT.ENDPOINT_TENCENT_IOA_AUTHORIZE }, method = RequestMethod.GET)
public ModelAndView authorize(Map<String, Object> model, @RequestParam Map<String, String> parameters, SessionStatus sessionStatus) {
    Principal principal = (Principal) WebContext.getAuthentication();
    // Pull out the authorization request first, using the OAuth2RequestFactory. All further logic should
    // query off of the authorization request instead of referring back to the parameters map. The contents of the
    // parameters map will be stored without change in the AuthorizationRequest object once it is created.
    AuthorizationRequest authorizationRequest = getOAuth2RequestFactory().createAuthorizationRequest(parameters);
    Set<String> responseTypes = authorizationRequest.getResponseTypes();
    if (!responseTypes.contains(OAuth2Constants.PARAMETER.TOKEN) && !responseTypes.contains(OAuth2Constants.PARAMETER.CODE)) {
        throw new UnsupportedResponseTypeException("Unsupported response types: " + responseTypes);
    }
    if (authorizationRequest.getClientId() == null) {
        throw new InvalidClientException("A client id must be provided");
    }
    try {
        if (!(principal instanceof Authentication) || !((Authentication) principal).isAuthenticated()) {
            throw new InsufficientAuthenticationException("User must be authenticated with Spring Security before authorization can be completed.");
        }
        ClientDetails client = getClientDetailsService().loadClientByClientId(authorizationRequest.getClientId(), true);
        // The resolved redirect URI is either the redirect_uri from the parameters or the one from
        // clientDetails. Either way we need to store it on the AuthorizationRequest.
        String redirectUriParameter = authorizationRequest.getRequestParameters().get(OAuth2Constants.PARAMETER.REDIRECT_URI);
        String resolvedRedirect = redirectResolver.resolveRedirect(redirectUriParameter, client);
        if (!StringUtils.hasText(resolvedRedirect)) {
            logger.info("Client redirectUri " + resolvedRedirect);
            logger.info("Parameter redirectUri " + redirectUriParameter);
            throw new RedirectMismatchException("A redirectUri must be either supplied or preconfigured in the ClientDetails");
        }
        authorizationRequest.setRedirectUri(resolvedRedirect);
        // We intentionally only validate the parameters requested by the client (ignoring any data that may have
        // been added to the request by the manager).
        oauth2RequestValidator.validateScope(authorizationRequest, client);
        // Some systems may allow for approval decisions to be remembered or approved by default. Check for
        // such logic here, and set the approved flag on the authorization request accordingly.
        authorizationRequest = userApprovalHandler.checkForPreApproval(authorizationRequest, (Authentication) principal);
        // is this call necessary?
        boolean approved = userApprovalHandler.isApproved(authorizationRequest, (Authentication) principal);
        authorizationRequest.setApproved(approved);
        // Validation is all done, so we can check for auto approval...
        if (authorizationRequest.isApproved()) {
            if (responseTypes.contains(OAuth2Constants.PARAMETER.TOKEN)) {
                return getImplicitGrantResponse(authorizationRequest);
            }
            if (responseTypes.contains(OAuth2Constants.PARAMETER.CODE)) {
                return new ModelAndView(getAuthorizationCodeResponse(authorizationRequest, (Authentication) principal));
            }
        }
        Apps app = (Apps) WebContext.getAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP);
        // session中为空或者id不一致重新加载
        if (app == null || !app.getId().equalsIgnoreCase(authorizationRequest.getClientId())) {
            app = appsService.get(authorizationRequest.getClientId());
            WebContext.setAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP, app);
        }
        // Place auth request into the model so that it is stored in the session
        // for approveOrDeny to use. That way we make sure that auth request comes from the session,
        // so any auth request parameters passed to approveOrDeny will be ignored and retrieved from the session.
        model.put("authorizationRequest", authorizationRequest);
        return getUserApprovalPageResponse(model, authorizationRequest, (Authentication) principal);
    } catch (RuntimeException e) {
        sessionStatus.setComplete();
        throw e;
    }
}

Example 3 with UnsupportedResponseTypeException

use of org.maxkey.authz.oauth2.common.exceptions.UnsupportedResponseTypeException in project spring-security-oauth by spring-projects.

the class AuthorizationEndpoint method authorize.

@RequestMapping(value = "/oauth/authorize")
public ModelAndView authorize(Map<String, Object> model, @RequestParam Map<String, String> parameters, SessionStatus sessionStatus, Principal principal) {
    // Pull out the authorization request first, using the OAuth2RequestFactory. All further logic should
    // query off of the authorization request instead of referring back to the parameters map. The contents of the
    // parameters map will be stored without change in the AuthorizationRequest object once it is created.
    AuthorizationRequest authorizationRequest = getOAuth2RequestFactory().createAuthorizationRequest(parameters);
    Set<String> responseTypes = authorizationRequest.getResponseTypes();
    if (!responseTypes.contains("token") && !responseTypes.contains("code")) {
        throw new UnsupportedResponseTypeException("Unsupported response types");
    }
    if (authorizationRequest.getClientId() == null) {
        throw new InvalidClientException("A client id must be provided");
    }
    try {
        if (!(principal instanceof Authentication) || !((Authentication) principal).isAuthenticated()) {
            throw new InsufficientAuthenticationException("User must be authenticated with Spring Security before authorization can be completed.");
        }
        ClientDetails client = getClientDetailsService().loadClientByClientId(authorizationRequest.getClientId());
        // The resolved redirect URI is either the redirect_uri from the parameters or the one from
        // clientDetails. Either way we need to store it on the AuthorizationRequest.
        String redirectUriParameter = authorizationRequest.getRequestParameters().get(OAuth2Utils.REDIRECT_URI);
        String resolvedRedirect = redirectResolver.resolveRedirect(redirectUriParameter, client);
        if (!StringUtils.hasText(resolvedRedirect)) {
            throw new RedirectMismatchException("A redirectUri must be either supplied or preconfigured in the ClientDetails");
        }
        authorizationRequest.setRedirectUri(resolvedRedirect);
        // We intentionally only validate the parameters requested by the client (ignoring any data that may have
        // been added to the request by the manager).
        oauth2RequestValidator.validateScope(authorizationRequest, client);
        // Some systems may allow for approval decisions to be remembered or approved by default. Check for
        // such logic here, and set the approved flag on the authorization request accordingly.
        authorizationRequest = userApprovalHandler.checkForPreApproval(authorizationRequest, (Authentication) principal);
        // TODO: is this call necessary?
        boolean approved = userApprovalHandler.isApproved(authorizationRequest, (Authentication) principal);
        authorizationRequest.setApproved(approved);
        // Validation is all done, so we can check for auto approval...
        if (authorizationRequest.isApproved()) {
            if (responseTypes.contains("token")) {
                return getImplicitGrantResponse(authorizationRequest);
            }
            if (responseTypes.contains("code")) {
                return new ModelAndView(getAuthorizationCodeResponse(authorizationRequest, (Authentication) principal));
            }
        }
        // Store authorizationRequest AND an immutable Map of authorizationRequest in session
        // which will be used to validate against in approveOrDeny()
        model.put(AUTHORIZATION_REQUEST_ATTR_NAME, authorizationRequest);
        model.put(ORIGINAL_AUTHORIZATION_REQUEST_ATTR_NAME, unmodifiableMap(authorizationRequest));
        return getUserApprovalPageResponse(model, authorizationRequest, (Authentication) principal);
    } catch (RuntimeException e) {
        sessionStatus.setComplete();
        throw e;
    }
}

Example 4 with UnsupportedResponseTypeException

use of org.maxkey.authz.oauth2.common.exceptions.UnsupportedResponseTypeException in project mt-auth by publicdevop2019.

the class AuthorizeCodeApplicationService method authorize.

/**
 * consume authorize request.
 *
 * @param parameters request params
 * @return authorization response params
 */
public Map<String, String> authorize(Map<String, String> parameters) {
    // make sure authorize client exist
    if (ApplicationServiceRegistry.getClientApplicationService().loadClientByClientId(parameters.get(OAuth2Utils.CLIENT_ID)) == null) {
        log.error("unable to find authorize client {}", parameters.get(OAuth2Utils.CLIENT_ID));
        throw new IllegalArgumentException("unable to find authorize client");
    }
    log.debug("before create authorization request");
    AuthorizationRequest authorizationRequest = defaultOAuth2RequestFactory.createAuthorizationRequest(parameters);
    log.debug("after create authorization request");
    Set<String> responseTypes = authorizationRequest.getResponseTypes();
    if (!responseTypes.contains("token") && !responseTypes.contains("code")) {
        throw new UnsupportedResponseTypeException("Unsupported response types: " + responseTypes);
    }
    if (authorizationRequest.getClientId() == null) {
        throw new InvalidClientException("A client id must be provided");
    }
    ClientDetails client = ApplicationServiceRegistry.getClientApplicationService().loadClientByClientId(authorizationRequest.getClientId());
    String redirectUriParameter = authorizationRequest.getRequestParameters().get(OAuth2Utils.REDIRECT_URI);
    String resolvedRedirect = redirectResolver.resolveRedirect(redirectUriParameter, client);
    if (!StringUtils.hasText(redirectUriParameter)) {
        throw new RedirectMismatchException("A redirectUri must be either supplied or preconfigured in the ClientDetails");
    }
    authorizationRequest.setRedirectUri(resolvedRedirect);
    authorizationRequest.setApproved(true);
    authorizationRequest.setScope(Collections.singleton(parameters.get("project_id")));
    HashMap<String, String> stringStringHashMap = new HashMap<>();
    Authentication authentication = DomainRegistry.getCurrentUserService().getAuthentication();
    stringStringHashMap.put("authorize_code", generateCode(authorizationRequest, authentication));
    return stringStringHashMap;
}

Example 5 with UnsupportedResponseTypeException

use of org.maxkey.authz.oauth2.common.exceptions.UnsupportedResponseTypeException in project spring-security-oauth by spring-projects.

the class AuthorizationEndpoint method getImplicitGrantResponse.

// We can grant a token and return it with implicit approval.
private ModelAndView getImplicitGrantResponse(AuthorizationRequest authorizationRequest) {
    try {
        TokenRequest tokenRequest = getOAuth2RequestFactory().createTokenRequest(authorizationRequest, "implicit");
        OAuth2Request storedOAuth2Request = getOAuth2RequestFactory().createOAuth2Request(authorizationRequest);
        OAuth2AccessToken accessToken = getAccessTokenForImplicitGrant(tokenRequest, storedOAuth2Request);
        if (accessToken == null) {
            throw new UnsupportedResponseTypeException("Unsupported response type: token");
        }
        setCacheControlHeaders();
        RedirectView redirectView = new RedirectView(appendAccessToken(authorizationRequest, accessToken), false, true, false);
        redirectView.setStatusCode(HttpStatus.SEE_OTHER);
        return new ModelAndView(redirectView);
    } catch (OAuth2Exception e) {
        RedirectView redirectView = new RedirectView(getUnsuccessfulRedirect(authorizationRequest, e, true), false, true, false);
        redirectView.setStatusCode(HttpStatus.SEE_OTHER);
        return new ModelAndView(redirectView);
    }
}