use of org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationRequest in project identity-inbound-auth-oauth by wso2-extensions.
the class EndpointUtil method buildAuthenticationRequestCacheEntry.
private static AuthenticationRequestCacheEntry buildAuthenticationRequestCacheEntry(String clientId, boolean forceAuthenticate, boolean checkAuthentication, Map<String, String[]> reqParams) throws IdentityOAuth2Exception, URLBuilderException {
AuthenticationRequest authenticationRequest = new AuthenticationRequest();
int tenantId = OAuth2Util.getClientTenatId();
// Build the authentication request context.
String commonAuthCallerPath = ServiceURLBuilder.create().addPath(OAUTH2_AUTHORIZE).build().getRelativeInternalURL();
authenticationRequest.setCommonAuthCallerPath(commonAuthCallerPath);
authenticationRequest.setForceAuth(forceAuthenticate);
authenticationRequest.setPassiveAuth(checkAuthentication);
authenticationRequest.setRelyingParty(clientId);
authenticationRequest.setTenantDomain(OAuth2Util.getTenantDomain(tenantId));
authenticationRequest.setRequestQueryParams(reqParams);
// Build an AuthenticationRequestCacheEntry which wraps AuthenticationRequestContext
return new AuthenticationRequestCacheEntry(authenticationRequest);
}
use of org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationRequest in project identity-inbound-auth-oauth by wso2-extensions.
the class CibaAuthResponseHandler method createAuthResponse.
/**
* Creates CIBA AuthenticationResponse.
*
* @param cibaAuthCodeResponse CIBA Authentication Request Data Transfer Object.
* @return Response for AuthenticationRequest.
*/
public Response createAuthResponse(@Context HttpServletResponse response, CibaAuthCodeResponse cibaAuthCodeResponse) {
// Set the ExpiryTime.
long expiresIn = cibaAuthCodeResponse.getExpiresIn();
if (log.isDebugEnabled()) {
log.debug("Setting ExpiryTime for the response to the request made by client with clientID : " + cibaAuthCodeResponse.getClientId() + ".");
}
// Create authentication response.
response.setContentType(MediaType.APPLICATION_JSON);
// Creating authentication response for the request.
JSONObject cibaAuthResponse = new JSONObject();
cibaAuthResponse.put(CibaConstants.AUTH_REQ_ID, cibaAuthCodeResponse.getAuthReqId());
cibaAuthResponse.put(CibaConstants.EXPIRES_IN, expiresIn);
cibaAuthResponse.put(CibaConstants.INTERVAL, CibaConstants.INTERVAL_DEFAULT_VALUE_IN_SEC);
if (log.isDebugEnabled()) {
log.debug("Creating CIBA Authentication response to the request made by client with clientID : " + cibaAuthCodeResponse.getClientId() + ".");
}
Response.ResponseBuilder respBuilder = Response.status(HttpServletResponse.SC_OK);
if (log.isDebugEnabled()) {
log.debug("Returning CIBA Authentication Response for the request made by client with clientID : " + cibaAuthCodeResponse.getClientId() + ".");
}
return respBuilder.entity(cibaAuthResponse.toString()).build();
}
use of org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationRequest in project identity-inbound-auth-oauth by wso2-extensions.
the class CibaAuthResponseHandler method handleServerError.
/**
* Handles server exception.
*
* @param cibaAuthFailureException Authentication Failure Exception.
* @return Response for AuthenticationRequest.
*/
private Response handleServerError(CibaAuthFailureException cibaAuthFailureException) {
// Creating error response for the request.
JSONObject cibaErrorResponse = new JSONObject();
cibaErrorResponse.put(ERROR, cibaAuthFailureException.getErrorCode());
cibaErrorResponse.put(ERROR_DESCRIPRION, cibaAuthFailureException.getMessage());
if (cibaAuthFailureException.getCause() != null) {
log.error(cibaAuthFailureException);
}
Response.ResponseBuilder respBuilder = Response.status(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
return respBuilder.entity(cibaErrorResponse.toString()).build();
}
use of org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationRequest in project identity-inbound-auth-oauth by wso2-extensions.
the class CibaAuthRequestValidator method prepareAuthCodeRequest.
/**
* Extracts validated parameters from request and prepare a DTO.
*
* @param request CIBA Authentication Request as a String.
* @throws CibaAuthFailureException CIBA Authentication Failed Exception.
*/
public CibaAuthCodeRequest prepareAuthCodeRequest(String request) throws CibaAuthFailureException {
CibaAuthCodeRequest cibaAuthCodeRequest = new CibaAuthCodeRequest();
try {
SignedJWT signedJWT = SignedJWT.parse(request);
JWTClaimsSet claimsSet = signedJWT.getJWTClaimsSet();
// Set the clientID since properly validated.
cibaAuthCodeRequest.setIssuer(claimsSet.getIssuer());
List<String> aud = claimsSet.getAudience();
// Adding issuer of the request to AuthenticationRequest after validation.
cibaAuthCodeRequest.setAudience(aud.toArray(new String[aud.size()]));
// Adding user_hint to the CIBA authentication request after successful validation.
if (claimsSet.getClaim(Constants.LOGIN_HINT) != null) {
// Since we have multiple parameters for user hints we need this check.
cibaAuthCodeRequest.setUserHint(String.valueOf(claimsSet.getClaim(Constants.LOGIN_HINT)));
} else {
if (claimsSet.getClaim(Constants.ID_TOKEN_HINT) != null) {
cibaAuthCodeRequest.setUserHint(getUserfromIDToken(String.valueOf(claimsSet.getClaim(Constants.ID_TOKEN_HINT))));
}
}
// Set the validated value to JWT.
cibaAuthCodeRequest.setJwtId(claimsSet.getJWTID());
// Setting the validated expiredTime of the AuthenticationRequest.
cibaAuthCodeRequest.setExpiredTime(claimsSet.getExpirationTime().getTime());
// Setting the validated IssuedTime.
cibaAuthCodeRequest.setIssuedTime(claimsSet.getIssueTime().getTime());
// Setting the validated NBF after validation of the AuthenticationRequest.
cibaAuthCodeRequest.setNotBeforeTime(claimsSet.getNotBeforeTime().getTime());
// Setting the scope of the AuthenticationRequest.
cibaAuthCodeRequest.setScopes(OAuth2Util.buildScopeArray(claimsSet.getStringClaim(Constants.SCOPE)));
// Setting scope to CIBA AuthenticationRequest after validation.
cibaAuthCodeRequest.setAcrValues(buildACRArray(claimsSet.getStringClaim(Constants.ACR_VALUES)));
// Setting binding_message to AuthenticationRequest after successful validation.
cibaAuthCodeRequest.setBindingMessage(claimsSet.getStringClaim(CibaConstants.BINDING_MESSAGE));
// Setting transaction_context to AuthenticationRequest after successful validation.
JSONObject transactionContext = claimsSet.getJSONObjectClaim(CibaConstants.TRANSACTION_CONTEXT);
if (transactionContext != null) {
cibaAuthCodeRequest.setTransactionContext(transactionContext.toJSONString());
}
// Setting requested_expiry to AuthenticationRequest after successful validation.
if (claimsSet.getClaim(CibaConstants.REQUESTED_EXPIRY) != null) {
if (claimsSet.getClaim(CibaConstants.REQUESTED_EXPIRY) instanceof String) {
cibaAuthCodeRequest.setRequestedExpiry(Long.parseLong(claimsSet.getStringClaim(CibaConstants.REQUESTED_EXPIRY)));
} else {
cibaAuthCodeRequest.setRequestedExpiry(claimsSet.getLongClaim(CibaConstants.REQUESTED_EXPIRY));
}
} else {
cibaAuthCodeRequest.setRequestedExpiry(0);
}
} catch (ParseException e) {
throw new CibaAuthFailureException(OAuth2ErrorCodes.SERVER_ERROR, "Error when processing request parameters.", e);
}
return cibaAuthCodeRequest;
}
use of org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationRequest in project identity-inbound-auth-oauth by wso2-extensions.
the class CibaAuthServiceImpl method buildAuthCodeResponse.
/**
* Builds and returns CibaAuthCodeResponse.
*
* @param cibaAuthCodeDO DO with information regarding authenticationRequest.
* @param cibaAuthCodeRequest Auth Code request object.
* @throws CibaCoreException Exception thrown from CibaCore Component.
* @throws CibaClientException Client exception thrown from CibaCore Component.
*/
private CibaAuthCodeResponse buildAuthCodeResponse(CibaAuthCodeRequest cibaAuthCodeRequest, CibaAuthCodeDO cibaAuthCodeDO) throws CibaCoreException, CibaClientException {
String clientID = cibaAuthCodeRequest.getIssuer();
try {
CibaAuthCodeResponse cibaAuthCodeResponse = new CibaAuthCodeResponse();
String user = cibaAuthCodeRequest.getUserHint();
OAuthAppDO appDO = OAuth2Util.getAppInformationByClientId(clientID);
String callbackUri = appDO.getCallbackUrl();
cibaAuthCodeResponse.setAuthReqId(cibaAuthCodeDO.getAuthReqId());
cibaAuthCodeResponse.setCallBackUrl(callbackUri);
cibaAuthCodeResponse.setUserHint(user);
cibaAuthCodeResponse.setClientId(clientID);
cibaAuthCodeResponse.setScopes(cibaAuthCodeRequest.getScopes());
cibaAuthCodeResponse.setExpiresIn(cibaAuthCodeDO.getExpiresIn());
if (StringUtils.isNotBlank(cibaAuthCodeRequest.getBindingMessage())) {
cibaAuthCodeResponse.setBindingMessage(cibaAuthCodeRequest.getBindingMessage());
}
if (StringUtils.isNotBlank(cibaAuthCodeRequest.getTransactionContext())) {
cibaAuthCodeResponse.setTransactionDetails(cibaAuthCodeRequest.getTransactionContext());
}
if (log.isDebugEnabled()) {
log.debug("Successful in creating AuthCodeResponse for the client: " + clientID);
}
return cibaAuthCodeResponse;
} catch (IdentityOAuth2Exception e) {
throw new CibaCoreException("Error in creating AuthCodeResponse for the client: " + clientID, e);
} catch (InvalidOAuthClientException e) {
throw new CibaClientException("Error in creating AuthCodeResponse for the client: " + clientID, e);
}
}
Aggregations