Examples with UserIdNotFoundException org.wso2.carbon.identity.application.authentication.framework.exception.UserIdNotFoundException used on opensource projects

Example 26 with UserIdNotFoundException

use of org.wso2.carbon.identity.application.authentication.framework.exception.UserIdNotFoundException in project identity-inbound-auth-oauth by wso2-extensions.

the class AccessTokenIssuer method getSubjectClaim.

private String getSubjectClaim(ServiceProvider serviceProvider, AuthenticatedUser authenticatedUser) throws IdentityOAuth2Exception {
    String userTenantDomain = authenticatedUser.getTenantDomain();
    String subject;
    String userStoreDomain = authenticatedUser.getUserStoreDomain();
    String subjectClaimUri = getSubjectClaimUriInLocalDialect(serviceProvider);
    if (StringUtils.isNotBlank(subjectClaimUri)) {
        try {
            subject = getSubjectClaimFromUserStore(subjectClaimUri, authenticatedUser);
            if (StringUtils.isBlank(subject)) {
                // Set username as the subject claim since we have no other option
                subject = getDefaultSubject(serviceProvider, authenticatedUser);
                log.warn("Cannot find subject claim: " + subjectClaimUri + " for user:" + authenticatedUser.getLoggableUserId() + ". Defaulting to username: " + subject + " as the subject identifier.");
            }
            // Get the subject claim in the correct format (ie. tenantDomain or userStoreDomain appended)
            subject = getFormattedSubjectClaim(serviceProvider, subject, userStoreDomain, userTenantDomain);
        } catch (IdentityException e) {
            String error = "Error occurred while getting user claim for user: " + authenticatedUser.getLoggableUserId() + ", claim" + ": " + subjectClaimUri;
            throw new IdentityOAuth2Exception(error, e);
        } catch (org.wso2.carbon.user.core.UserStoreException e) {
            String error = "Error occurred while getting subject claim: " + subjectClaimUri + " for user: " + authenticatedUser.getLoggableUserId();
            throw new IdentityOAuth2Exception(error, e);
        }
    } else {
        try {
            subject = getDefaultSubject(serviceProvider, authenticatedUser);
            subject = getFormattedSubjectClaim(serviceProvider, subject, userStoreDomain, userTenantDomain);
        } catch (UserIdNotFoundException e) {
            throw new IdentityOAuth2Exception("User id not found for user: " + authenticatedUser.getLoggableUserId(), e);
        }
        if (log.isDebugEnabled()) {
            log.debug("No subject claim defined for service provider: " + serviceProvider.getApplicationName() + ". Using username as the subject claim.");
        }
    }
    return subject;
}

Example 27 with UserIdNotFoundException

use of org.wso2.carbon.identity.application.authentication.framework.exception.UserIdNotFoundException in project identity-inbound-auth-oauth by wso2-extensions.

the class RefreshGrantHandler method removeIfCached.

private void removeIfCached(OAuth2AccessTokenReqDTO tokenReq, RefreshTokenValidationDataDO validationBean) throws IdentityOAuth2Exception {
    if (cacheEnabled) {
        String userId;
        try {
            userId = validationBean.getAuthorizedUser().getUserId();
        } catch (UserIdNotFoundException e) {
            throw new IdentityOAuth2Exception("User id not found for user:" + validationBean.getAuthorizedUser().getLoggableUserId(), e);
        }
        clearCache(tokenReq.getClientId(), userId, validationBean.getScope(), validationBean.getAccessToken(), validationBean.getAuthorizedUser().getFederatedIdPName(), validationBean.getTokenBindingReference(), validationBean.getAuthorizedUser().getTenantDomain());
    }
}

Example 28 with UserIdNotFoundException

use of org.wso2.carbon.identity.application.authentication.framework.exception.UserIdNotFoundException in project identity-inbound-auth-oauth by wso2-extensions.

the class AbstractAuthorizationGrantHandler method updateCacheIfEnabled.

private void updateCacheIfEnabled(AccessTokenDO newTokenBean, String scope, OauthTokenIssuer oauthTokenIssuer) throws IdentityOAuth2Exception {
    if (isHashDisabled && cacheEnabled) {
        AccessTokenDO tokenToCache = AccessTokenDO.clone(newTokenBean);
        // method is set as the token.
        if (oauthTokenIssuer.usePersistedAccessTokenAlias()) {
            try {
                String persistedTokenIdentifier = oauthTokenIssuer.getAccessTokenHash(newTokenBean.getAccessToken());
                tokenToCache.setAccessToken(persistedTokenIdentifier);
            } catch (OAuthSystemException e) {
                if (log.isDebugEnabled()) {
                    if (IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.ACCESS_TOKEN)) {
                        log.debug("Token issuer: " + oauthTokenIssuer.getClass() + " was tried and" + " failed to parse the received token: " + tokenToCache.getAccessToken(), e);
                    } else {
                        log.debug("Token issuer: " + oauthTokenIssuer.getClass() + " was tried and" + " failed to parse the received token.", e);
                    }
                }
            }
        }
        String userId;
        try {
            userId = tokenToCache.getAuthzUser().getUserId();
        } catch (UserIdNotFoundException e) {
            throw new IdentityOAuth2Exception("User id is not available for user: " + tokenToCache.getAuthzUser().getLoggableUserId(), e);
        }
        String authenticatedIDP = OAuth2Util.getAuthenticatedIDP(tokenToCache.getAuthzUser());
        OAuthCacheKey cacheKey = getOAuthCacheKey(scope, tokenToCache.getConsumerKey(), userId, authenticatedIDP, getTokenBindingReference(tokenToCache));
        oauthCache.addToCache(cacheKey, tokenToCache);
        if (log.isDebugEnabled()) {
            log.debug("Access token was added to OAuthCache with cache key : " + cacheKey.getCacheKeyString());
        }
        // Adding AccessTokenDO to improve validation performance
        OAuth2Util.addTokenDOtoCache(newTokenBean);
    }
}

Example 29 with UserIdNotFoundException

use of org.wso2.carbon.identity.application.authentication.framework.exception.UserIdNotFoundException in project identity-inbound-auth-oauth by wso2-extensions.

the class AuthorizationCodeGrantHandler method revokeExistingAccessTokens.

private void revokeExistingAccessTokens(String tokenId, AuthzCodeDO authzCodeDO) throws IdentityOAuth2Exception {
    String userId = null;
    try {
        userId = authzCodeDO.getAuthorizedUser().getUserId();
    } catch (UserIdNotFoundException e) {
        throw new IdentityOAuth2Exception("User id not found for user: " + authzCodeDO.getAuthorizedUser().getLoggableUserId(), e);
    }
    OAuthTokenPersistenceFactory.getInstance().getAccessTokenDAO().revokeAccessToken(tokenId, userId);
    if (log.isDebugEnabled()) {
        if (IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.AUTHORIZATION_CODE)) {
            log.debug("Validated authorization code(hashed): " + DigestUtils.sha256Hex(authzCodeDO.getAuthorizationCode()) + " for client: " + authzCodeDO.getConsumerKey() + " is not active. " + "So revoking the access tokens issued for the authorization code.");
        } else {
            log.debug("Validated authorization code for client: " + authzCodeDO.getConsumerKey() + " is not " + "active. So revoking the access tokens issued for the authorization code.");
        }
    }
}

Example 30 with UserIdNotFoundException

use of org.wso2.carbon.identity.application.authentication.framework.exception.UserIdNotFoundException in project identity-inbound-auth-oauth by wso2-extensions.

the class TokenBindingExpiryEventHandler method revokeTokensOfBindingRef.

/**
 * Revoke all the access tokens issued for the given user with the given token binding reference if the token
 * revocation token after logout is enabled for the application.
 *
 * @param user                  authenticated user
 * @param tokenBindingReference token binding reference
 * @throws IdentityOAuth2Exception     if an exception occurs while revoking tokens
 * @throws InvalidOAuthClientException if an exception occurs while revoking tokens
 */
private void revokeTokensOfBindingRef(AuthenticatedUser user, String tokenBindingReference) throws IdentityOAuth2Exception, InvalidOAuthClientException {
    if (StringUtils.isBlank(tokenBindingReference) || user == null) {
        return;
    }
    String userId;
    try {
        userId = user.getUserId();
    } catch (UserIdNotFoundException e) {
        log.error("User id cannot be found for user: " + user.getLoggableUserId() + ". Hence skip revoking " + "relevant tokens");
        throw new IdentityOAuth2Exception("Unable to revoke tokens for the token binding reference: " + tokenBindingReference);
    }
    Set<AccessTokenDO> boundTokens = OAuthTokenPersistenceFactory.getInstance().getAccessTokenDAO().getAccessTokensByBindingRef(tokenBindingReference);
    if (log.isDebugEnabled() && CollectionUtils.isEmpty(boundTokens)) {
        log.debug("No bound tokens found for the the provided binding reference: " + tokenBindingReference);
    }
    for (AccessTokenDO accessTokenDO : boundTokens) {
        String consumerKey = accessTokenDO.getConsumerKey();
        if (OAuth2Util.getAppInformationByClientId(consumerKey).isTokenRevocationWithIDPSessionTerminationEnabled() && accessTokenDO.getAuthzUser() != null) {
            AuthenticatedUser authenticatedUser = new AuthenticatedUser(accessTokenDO.getAuthzUser());
            try {
                if (StringUtils.equalsIgnoreCase(userId, authenticatedUser.getUserId())) {
                    revokeTokens(consumerKey, accessTokenDO, tokenBindingReference);
                }
            } catch (UserIdNotFoundException e) {
                log.error("User id cannot be found for user: " + authenticatedUser.getLoggableUserId());
                throw new IdentityOAuth2Exception("Unable to revoke tokens of the app: " + consumerKey + " for the token binding reference: " + tokenBindingReference);
            }
        }
    }
}