Examples with OidcUserInfo org.springframework.security.oauth2.core.oidc.OidcUserInfo used on opensource projects

Example 1 with OidcUserInfo

use of org.springframework.security.oauth2.core.oidc.OidcUserInfo in project spring-security by spring-projects.

the class OidcReactiveOAuth2UserService method loadUser.

@Override
public Mono<OidcUser> loadUser(OidcUserRequest userRequest) throws OAuth2AuthenticationException {
    Assert.notNull(userRequest, "userRequest cannot be null");
    // @formatter:off
    return getUserInfo(userRequest).map((userInfo) -> new OidcUserAuthority(userRequest.getIdToken(), userInfo)).defaultIfEmpty(new OidcUserAuthority(userRequest.getIdToken(), null)).map((authority) -> {
        OidcUserInfo userInfo = authority.getUserInfo();
        Set<GrantedAuthority> authorities = new HashSet<>();
        authorities.add(authority);
        OAuth2AccessToken token = userRequest.getAccessToken();
        for (String scope : token.getScopes()) {
            authorities.add(new SimpleGrantedAuthority("SCOPE_" + scope));
        }
        String userNameAttributeName = userRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUserNameAttributeName();
        if (StringUtils.hasText(userNameAttributeName)) {
            return new DefaultOidcUser(authorities, userRequest.getIdToken(), userInfo, userNameAttributeName);
        }
        return new DefaultOidcUser(authorities, userRequest.getIdToken(), userInfo);
    });
// @formatter:on
}

Example 2 with OidcUserInfo

use of org.springframework.security.oauth2.core.oidc.OidcUserInfo in project spring-security by spring-projects.

the class OidcUserService method getUser.

private OidcUser getUser(OidcUserRequest userRequest, OidcUserInfo userInfo, Set<GrantedAuthority> authorities) {
    ProviderDetails providerDetails = userRequest.getClientRegistration().getProviderDetails();
    String userNameAttributeName = providerDetails.getUserInfoEndpoint().getUserNameAttributeName();
    if (StringUtils.hasText(userNameAttributeName)) {
        return new DefaultOidcUser(authorities, userRequest.getIdToken(), userInfo, userNameAttributeName);
    }
    return new DefaultOidcUser(authorities, userRequest.getIdToken(), userInfo);
}

Example 3 with OidcUserInfo

use of org.springframework.security.oauth2.core.oidc.OidcUserInfo in project spring-security by spring-projects.

the class TestOidcUsers method create.

public static DefaultOidcUser create() {
    OidcIdToken idToken = idToken();
    OidcUserInfo userInfo = userInfo();
    return new DefaultOidcUser(authorities(idToken, userInfo), idToken, userInfo);
}

Example 4 with OidcUserInfo

use of org.springframework.security.oauth2.core.oidc.OidcUserInfo in project dhis2-core by dhis2.

the class DhisOidcUserService method loadUser.

@Override
public OidcUser loadUser(OidcUserRequest userRequest) throws OAuth2AuthenticationException {
    ClientRegistration clientRegistration = userRequest.getClientRegistration();
    DhisOidcClientRegistration oidcClientRegistration = clientRegistrationRepository.getDhisOidcClientRegistration(clientRegistration.getRegistrationId());
    String mappingClaimKey = oidcClientRegistration.getMappingClaimKey();
    OidcUser oidcUser = super.loadUser(userRequest);
    OidcUserInfo userInfo = oidcUser.getUserInfo();
    Map<String, Object> attributes = oidcUser.getAttributes();
    Object claimValue = attributes.get(mappingClaimKey);
    if (claimValue == null && userInfo != null) {
        claimValue = userInfo.getClaim(mappingClaimKey);
    }
    if (log.isDebugEnabled()) {
        log.debug(String.format("Trying to look up DHIS2 user with OidcUser mapping mappingClaimKey='%s', claim value='%s'", mappingClaimKey, claimValue));
    }
    if (claimValue != null) {
        User user = userService.getUserByOpenId((String) claimValue);
        if (user != null) {
            return new DhisOidcUser(user, attributes, IdTokenClaimNames.SUB, oidcUser.getIdToken());
        }
    }
    String errorMessage = String.format("Failed to look up DHIS2 user with OidcUser mapping mappingClaimKey='%s', claim value='%s'", mappingClaimKey, claimValue);
    if (log.isDebugEnabled()) {
        log.debug(errorMessage);
    }
    OAuth2Error oauth2Error = new OAuth2Error("could_not_map_oidc_user_to_dhis2_user", errorMessage, null);
    throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
}

Example 5 with OidcUserInfo

use of org.springframework.security.oauth2.core.oidc.OidcUserInfo in project spring-security by spring-projects.

the class OidcUserService method loadUser.

@Override
public OidcUser loadUser(OidcUserRequest userRequest) throws OAuth2AuthenticationException {
    Assert.notNull(userRequest, "userRequest cannot be null");
    OidcUserInfo userInfo = null;
    if (this.shouldRetrieveUserInfo(userRequest)) {
        OAuth2User oauth2User = this.oauth2UserService.loadUser(userRequest);
        Map<String, Object> claims = getClaims(userRequest, oauth2User);
        userInfo = new OidcUserInfo(claims);
        // 1) The sub (subject) Claim MUST always be returned in the UserInfo Response
        if (userInfo.getSubject() == null) {
            OAuth2Error oauth2Error = new OAuth2Error(INVALID_USER_INFO_RESPONSE_ERROR_CODE);
            throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
        }
        // the UserInfo Response values MUST NOT be used.
        if (!userInfo.getSubject().equals(userRequest.getIdToken().getSubject())) {
            OAuth2Error oauth2Error = new OAuth2Error(INVALID_USER_INFO_RESPONSE_ERROR_CODE);
            throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
        }
    }
    Set<GrantedAuthority> authorities = new LinkedHashSet<>();
    authorities.add(new OidcUserAuthority(userRequest.getIdToken(), userInfo));
    OAuth2AccessToken token = userRequest.getAccessToken();
    for (String authority : token.getScopes()) {
        authorities.add(new SimpleGrantedAuthority("SCOPE_" + authority));
    }
    return getUser(userRequest, userInfo, authorities);
}