Example 1 with INVALID_REQUEST
use of org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants.Error.INVALID_REQUEST in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuthAdminServiceImpl method filterIdTokenEncryptionAlgorithm.
/**
* Get the IdToken Encryption Algorithm registered by the user and filter the allowed one.
*
* @param application Application user have registered
* @return idTokenEncryptionAlgorithm
* @throws IdentityOAuthAdminException Identity OAuthAdmin exception.
*/
private String filterIdTokenEncryptionAlgorithm(OAuthConsumerAppDTO application) throws IdentityOAuthAdminException {
List<String> supportedIdTokenEncryptionAlgorithms = OAuthServerConfiguration.getInstance().getSupportedIdTokenEncryptionAlgorithm();
String idTokenEncryptionAlgorithm = application.getIdTokenEncryptionAlgorithm();
if (!supportedIdTokenEncryptionAlgorithms.contains(idTokenEncryptionAlgorithm)) {
String msg = String.format("'%s' IdToken Encryption Method is not allowed.", idTokenEncryptionAlgorithm);
throw handleClientError(INVALID_REQUEST, msg);
}
return idTokenEncryptionAlgorithm;
}
Also used :
OAuth2Util.buildScopeString(org.wso2.carbon.identity.oauth2.util.OAuth2Util.buildScopeString)
Example 2 with INVALID_REQUEST
use of org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants.Error.INVALID_REQUEST in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuthAdminServiceImpl method filterScopeValidators.
/**
* Get the scope validators registered by the user and filter the allowed ones.
*
* @param application Application user have registered.
* @return List of scope validators.
* @throws IdentityOAuthAdminException Identity OAuthAdmin exception.
*/
String[] filterScopeValidators(OAuthConsumerAppDTO application) throws IdentityOAuthAdminException {
List<String> scopeValidators = new ArrayList<String>(Arrays.asList(getAllowedScopeValidators()));
String[] requestedScopeValidators = application.getScopeValidators();
if (requestedScopeValidators == null) {
requestedScopeValidators = new String[0];
}
for (String requestedScopeValidator : requestedScopeValidators) {
if (!scopeValidators.contains(requestedScopeValidator)) {
String msg = String.format("'%s' scope validator is not allowed.", requestedScopeValidator);
throw handleClientError(INVALID_REQUEST, msg);
}
}
return requestedScopeValidators;
}
Also used :
ArrayList(java.util.ArrayList)
OAuth2Util.buildScopeString(org.wso2.carbon.identity.oauth2.util.OAuth2Util.buildScopeString)
Example 3 with INVALID_REQUEST
use of org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants.Error.INVALID_REQUEST in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuthAdminServiceImpl method updateConsumerApplication.
/**
* Update existing consumer application.
*
* @param consumerAppDTO <code>OAuthConsumerAppDTO</code> with updated application information
* @throws IdentityOAuthAdminException Error when updating the underlying identity persistence store.
*/
public void updateConsumerApplication(OAuthConsumerAppDTO consumerAppDTO) throws IdentityOAuthAdminException {
for (OAuthApplicationMgtListener oAuthApplicationMgtListener : OAuthComponentServiceHolder.getInstance().getOAuthApplicationMgtListeners()) {
oAuthApplicationMgtListener.doPreUpdateConsumerApplication(consumerAppDTO);
}
String errorMessage = "Error while updating the app information.";
String oauthConsumerKey = consumerAppDTO.getOauthConsumerKey();
if (StringUtils.isEmpty(oauthConsumerKey) || StringUtils.isEmpty(consumerAppDTO.getOauthConsumerSecret())) {
errorMessage = "ConsumerKey or ConsumerSecret is not provided for updating the OAuth application.";
if (LOG.isDebugEnabled()) {
LOG.debug(errorMessage);
}
throw handleClientError(INVALID_REQUEST, errorMessage);
}
String loggedInUserName = CarbonContext.getThreadLocalCarbonContext().getUsername();
String tenantAwareLoggedInUserName = MultitenantUtils.getTenantAwareUsername(loggedInUserName);
String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
OAuthAppDAO dao = new OAuthAppDAO();
OAuthAppDO oauthappdo;
try {
oauthappdo = getOAuthApp(oauthConsumerKey);
if (oauthappdo == null) {
String msg = "OAuth application cannot be found for consumerKey: " + oauthConsumerKey;
if (LOG.isDebugEnabled()) {
LOG.debug(msg);
}
throw handleClientError(INVALID_OAUTH_CLIENT, msg);
}
if (!StringUtils.equals(consumerAppDTO.getOauthConsumerSecret(), oauthappdo.getOauthConsumerSecret())) {
errorMessage = "Invalid ConsumerSecret is provided for updating the OAuth application with " + "consumerKey: " + oauthConsumerKey;
if (LOG.isDebugEnabled()) {
LOG.debug(errorMessage);
}
throw handleClientError(INVALID_REQUEST, errorMessage);
}
} catch (InvalidOAuthClientException e) {
String msg = "Cannot find a valid OAuth client for consumerKey: " + oauthConsumerKey;
throw handleClientError(INVALID_OAUTH_CLIENT, msg, e);
} catch (IdentityOAuth2Exception e) {
throw handleError("Error while updating the app information.", e);
}
AuthenticatedUser defaultAppOwner = oauthappdo.getAppOwner();
AuthenticatedUser appOwner = getAppOwner(consumerAppDTO, defaultAppOwner);
oauthappdo.setAppOwner(appOwner);
oauthappdo.setOauthConsumerKey(oauthConsumerKey);
oauthappdo.setOauthConsumerSecret(consumerAppDTO.getOauthConsumerSecret());
validateCallbackURI(consumerAppDTO);
oauthappdo.setCallbackUrl(consumerAppDTO.getCallbackUrl());
oauthappdo.setApplicationName(consumerAppDTO.getApplicationName());
oauthappdo.setPkceMandatory(consumerAppDTO.getPkceMandatory());
oauthappdo.setPkceSupportPlain(consumerAppDTO.getPkceSupportPlain());
// Validate access token expiry configurations.
validateTokenExpiryConfigurations(consumerAppDTO);
oauthappdo.setUserAccessTokenExpiryTime(consumerAppDTO.getUserAccessTokenExpiryTime());
oauthappdo.setApplicationAccessTokenExpiryTime(consumerAppDTO.getApplicationAccessTokenExpiryTime());
oauthappdo.setRefreshTokenExpiryTime(consumerAppDTO.getRefreshTokenExpiryTime());
oauthappdo.setIdTokenExpiryTime(consumerAppDTO.getIdTokenExpiryTime());
oauthappdo.setTokenType(consumerAppDTO.getTokenType());
oauthappdo.setBypassClientCredentials(consumerAppDTO.isBypassClientCredentials());
if (OAuthConstants.OAuthVersions.VERSION_2.equals(consumerAppDTO.getOAuthVersion())) {
validateGrantTypes(consumerAppDTO);
oauthappdo.setGrantTypes(consumerAppDTO.getGrantTypes());
validateAudiences(consumerAppDTO);
oauthappdo.setAudiences(consumerAppDTO.getAudiences());
oauthappdo.setScopeValidators(filterScopeValidators(consumerAppDTO));
oauthappdo.setRequestObjectSignatureValidationEnabled(consumerAppDTO.isRequestObjectSignatureValidationEnabled());
// Validate IdToken Encryption configurations.
oauthappdo.setIdTokenEncryptionEnabled(consumerAppDTO.isIdTokenEncryptionEnabled());
if (consumerAppDTO.isIdTokenEncryptionEnabled()) {
oauthappdo.setIdTokenEncryptionAlgorithm(filterIdTokenEncryptionAlgorithm(consumerAppDTO));
oauthappdo.setIdTokenEncryptionMethod(filterIdTokenEncryptionMethod((consumerAppDTO)));
}
oauthappdo.setBackChannelLogoutUrl(consumerAppDTO.getBackChannelLogoutUrl());
oauthappdo.setFrontchannelLogoutUrl(consumerAppDTO.getFrontchannelLogoutUrl());
oauthappdo.setRenewRefreshTokenEnabled(consumerAppDTO.getRenewRefreshTokenEnabled());
validateBindingType(consumerAppDTO.getTokenBindingType());
oauthappdo.setTokenBindingType(consumerAppDTO.getTokenBindingType());
oauthappdo.setTokenRevocationWithIDPSessionTerminationEnabled(consumerAppDTO.isTokenRevocationWithIDPSessionTerminationEnabled());
oauthappdo.setTokenBindingValidationEnabled(consumerAppDTO.isTokenBindingValidationEnabled());
}
dao.updateConsumerApplication(oauthappdo);
AppInfoCache.getInstance().addToCache(oauthappdo.getOauthConsumerKey(), oauthappdo);
if (LOG.isDebugEnabled()) {
LOG.debug("Oauth Application update success : " + consumerAppDTO.getApplicationName() + " in " + "tenant domain: " + tenantDomain);
}
}
Also used :
OAuthAppDAO(org.wso2.carbon.identity.oauth.dao.OAuthAppDAO)
OAuthAppDO(org.wso2.carbon.identity.oauth.dao.OAuthAppDO)
IdentityOAuth2Exception(org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception)
OAuthApplicationMgtListener(org.wso2.carbon.identity.oauth.listener.OAuthApplicationMgtListener)
OAuth2Util.buildScopeString(org.wso2.carbon.identity.oauth2.util.OAuth2Util.buildScopeString)
AuthenticatedUser(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser)
InvalidOAuthClientException(org.wso2.carbon.identity.oauth.common.exception.InvalidOAuthClientException)
Example 4 with INVALID_REQUEST
use of org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants.Error.INVALID_REQUEST in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuthAdminServiceImpl method filterIdTokenEncryptionMethod.
/**
* Get the IdToken Encryption Method registered by the user and filter the allowed one.
*
* @param application Application user have registered
* @return idTokenEncryptionMethod
* @throws IdentityOAuthAdminException Identity OAuthAdmin exception.
*/
private String filterIdTokenEncryptionMethod(OAuthConsumerAppDTO application) throws IdentityOAuthAdminException {
List<String> supportedIdTokenEncryptionMethods = OAuthServerConfiguration.getInstance().getSupportedIdTokenEncryptionMethods();
String idTokenEncryptionMethod = application.getIdTokenEncryptionMethod();
if (!supportedIdTokenEncryptionMethods.contains(idTokenEncryptionMethod)) {
String msg = String.format("'%s' IdToken Encryption Method is not allowed.", idTokenEncryptionMethod);
throw handleClientError(INVALID_REQUEST, msg);
}
return idTokenEncryptionMethod;
}
Also used :
OAuth2Util.buildScopeString(org.wso2.carbon.identity.oauth2.util.OAuth2Util.buildScopeString)
Example 5 with INVALID_REQUEST
use of org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants.Error.INVALID_REQUEST in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuthAdminServiceImpl method registerAndRetrieveOAuthApplicationData.
/**
* Registers an OAuth consumer application and retrieve application details.
*
* @param application <code>OAuthConsumerAppDTO</code> with application information.
* @return OAuthConsumerAppDTO Created OAuth application details.
* @throws IdentityOAuthAdminException Error when persisting the application information to the persistence store.
*/
public OAuthConsumerAppDTO registerAndRetrieveOAuthApplicationData(OAuthConsumerAppDTO application) throws IdentityOAuthAdminException {
String tenantAwareLoggedInUser = CarbonContext.getThreadLocalCarbonContext().getUsername();
OAuthAppDO app = new OAuthAppDO();
if (tenantAwareLoggedInUser != null) {
String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
OAuthAppDAO dao = new OAuthAppDAO();
if (application != null) {
app.setApplicationName(application.getApplicationName());
validateCallbackURI(application);
app.setCallbackUrl(application.getCallbackUrl());
app.setState(APP_STATE_ACTIVE);
if (StringUtils.isEmpty(application.getOauthConsumerKey())) {
app.setOauthConsumerKey(OAuthUtil.getRandomNumber());
app.setOauthConsumerSecret(OAuthUtil.getRandomNumber());
} else {
app.setOauthConsumerKey(application.getOauthConsumerKey());
if (StringUtils.isEmpty(application.getOauthConsumerSecret())) {
app.setOauthConsumerSecret(OAuthUtil.getRandomNumber());
} else {
app.setOauthConsumerSecret(application.getOauthConsumerSecret());
}
}
AuthenticatedUser defaultAppOwner = buildAuthenticatedUser(tenantAwareLoggedInUser, tenantDomain);
AuthenticatedUser appOwner = getAppOwner(application, defaultAppOwner);
app.setAppOwner(appOwner);
if (application.getOAuthVersion() != null) {
app.setOauthVersion(application.getOAuthVersion());
} else {
// by default, assume OAuth 2.0, if it is not set.
app.setOauthVersion(OAuthConstants.OAuthVersions.VERSION_2);
}
if (OAuthConstants.OAuthVersions.VERSION_2.equals(app.getOauthVersion())) {
validateGrantTypes(application);
app.setGrantTypes(application.getGrantTypes());
app.setScopeValidators(filterScopeValidators(application));
validateAudiences(application);
app.setAudiences(application.getAudiences());
app.setPkceMandatory(application.getPkceMandatory());
app.setPkceSupportPlain(application.getPkceSupportPlain());
// Validate access token expiry configurations.
validateTokenExpiryConfigurations(application);
app.setUserAccessTokenExpiryTime(application.getUserAccessTokenExpiryTime());
app.setApplicationAccessTokenExpiryTime(application.getApplicationAccessTokenExpiryTime());
app.setRefreshTokenExpiryTime(application.getRefreshTokenExpiryTime());
app.setIdTokenExpiryTime(application.getIdTokenExpiryTime());
// Set OIDC Config Properties.
app.setRequestObjectSignatureValidationEnabled(application.isRequestObjectSignatureValidationEnabled());
// Validate IdToken Encryption configurations.
app.setIdTokenEncryptionEnabled(application.isIdTokenEncryptionEnabled());
if (application.isIdTokenEncryptionEnabled()) {
app.setIdTokenEncryptionAlgorithm(filterIdTokenEncryptionAlgorithm(application));
app.setIdTokenEncryptionMethod(filterIdTokenEncryptionMethod((application)));
}
app.setBackChannelLogoutUrl(application.getBackChannelLogoutUrl());
app.setFrontchannelLogoutUrl(application.getFrontchannelLogoutUrl());
if (application.getTokenType() != null) {
app.setTokenType(application.getTokenType());
} else {
app.setTokenType(getDefaultTokenType());
}
app.setBypassClientCredentials(application.isBypassClientCredentials());
app.setRenewRefreshTokenEnabled(application.getRenewRefreshTokenEnabled());
validateBindingType(application.getTokenBindingType());
app.setTokenBindingType(application.getTokenBindingType());
app.setTokenBindingValidationEnabled(application.isTokenBindingValidationEnabled());
app.setTokenRevocationWithIDPSessionTerminationEnabled(application.isTokenRevocationWithIDPSessionTerminationEnabled());
}
dao.addOAuthApplication(app);
AppInfoCache.getInstance().addToCache(app.getOauthConsumerKey(), app);
if (LOG.isDebugEnabled()) {
LOG.debug("Oauth Application registration success : " + application.getApplicationName() + " in " + "tenant domain: " + tenantDomain);
}
} else {
String message = "No application details in the request. Failed to register OAuth App.";
if (LOG.isDebugEnabled()) {
LOG.debug(message);
}
throw handleClientError(INVALID_REQUEST, message);
}
} else {
if (LOG.isDebugEnabled()) {
if (application != null) {
LOG.debug("No authenticated user found. Failed to register OAuth App: " + application.getApplicationName());
} else {
LOG.debug("No authenticated user found. Failed to register OAuth App");
}
}
String message = "No authenticated user found. Failed to register OAuth App.";
throw handleClientError(AUTHENTICATED_USER_NOT_FOUND, message);
}
return OAuthUtil.buildConsumerAppDTO(app);
}
Also used :
OAuthAppDAO(org.wso2.carbon.identity.oauth.dao.OAuthAppDAO)
OAuthAppDO(org.wso2.carbon.identity.oauth.dao.OAuthAppDO)
OAuth2Util.buildScopeString(org.wso2.carbon.identity.oauth2.util.OAuth2Util.buildScopeString)
AuthenticatedUser(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser)
Aggregations
OAuth2Util.buildScopeString (org.wso2.carbon.identity.oauth2.util.OAuth2Util.buildScopeString)6
ArrayList (java.util.ArrayList)2
AuthenticatedUser (org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser)2
OAuthAppDAO (org.wso2.carbon.identity.oauth.dao.OAuthAppDAO)2
OAuthAppDO (org.wso2.carbon.identity.oauth.dao.OAuthAppDO)2
IdentityOAuth2Exception (org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception)2
IdentityApplicationRegistrationFailureException (org.wso2.carbon.identity.application.common.IdentityApplicationRegistrationFailureException)1
ApplicationDAO (org.wso2.carbon.identity.application.mgt.dao.ApplicationDAO)1
PaginatableFilterableApplicationDAO (org.wso2.carbon.identity.application.mgt.dao.PaginatableFilterableApplicationDAO)1
FileBasedApplicationDAO (org.wso2.carbon.identity.application.mgt.dao.impl.FileBasedApplicationDAO)1
CibaCoreException (org.wso2.carbon.identity.oauth.ciba.exceptions.CibaCoreException)1
CibaAuthCodeDO (org.wso2.carbon.identity.oauth.ciba.model.CibaAuthCodeDO)1
InvalidOAuthClientException (org.wso2.carbon.identity.oauth.common.exception.InvalidOAuthClientException)1
OAuthApplicationMgtListener (org.wso2.carbon.identity.oauth.listener.OAuthApplicationMgtListener)1
