use of org.wso2.carbon.identity.discovery.OIDCDiscoveryEndPointException in project identity-inbound-auth-oauth by wso2-extensions.
the class OIDCDiscoveryEndpoint method getResponse.
private Response getResponse(HttpServletRequest request, String tenant) {
String response;
OIDCProcessor processor = EndpointUtil.getOIDCService();
try {
OIDProviderResponseBuilder responseBuilder = getOidProviderResponseBuilder();
response = responseBuilder.getOIDProviderConfigString(processor.getResponse(request, tenant));
} catch (OIDCDiscoveryEndPointException e) {
Response.ResponseBuilder errorResponse = Response.status(processor.handleError(e));
return errorResponse.entity(e.getMessage()).build();
} catch (ServerConfigurationException e) {
log.error("Server Configuration error occurred.", e);
Response.ResponseBuilder errorResponse = Response.status(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
return errorResponse.entity("Error in reading configuration.").build();
}
Response.ResponseBuilder responseBuilder = Response.status(HttpServletResponse.SC_OK);
return responseBuilder.entity(response).build();
}
use of org.wso2.carbon.identity.discovery.OIDCDiscoveryEndPointException in project identity-inbound-auth-oauth by wso2-extensions.
the class DefaultOIDCProcessor method getResponse.
public OIDProviderConfigResponse getResponse(HttpServletRequest request, String tenantDomain) throws OIDCDiscoveryEndPointException, ServerConfigurationException {
OIDCProviderRequestBuilder requestBuilder = new DefaultOIDCProviderRequestBuilder();
OIDProviderRequest requestObject = requestBuilder.buildRequest(request, tenantDomain);
ProviderConfigBuilder responseBuilder = new ProviderConfigBuilder();
return responseBuilder.buildOIDProviderConfig(requestObject);
}
use of org.wso2.carbon.identity.discovery.OIDCDiscoveryEndPointException in project identity-inbound-auth-oauth by wso2-extensions.
the class DefaultOIDCProviderRequestBuilder method buildRequest.
@Override
public OIDProviderRequest buildRequest(HttpServletRequest request, String tenant) throws OIDCDiscoveryEndPointException {
OIDProviderRequest requestObject = new OIDProviderRequest();
requestObject.setUri(request.getRequestURI());
if (StringUtils.isNotBlank(tenant)) {
requestObject.setTenantDomain(tenant);
} else {
requestObject.setTenantDomain(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);
}
return requestObject;
}
use of org.wso2.carbon.identity.discovery.OIDCDiscoveryEndPointException in project identity-inbound-auth-oauth by wso2-extensions.
the class ProviderConfigBuilder method buildOIDProviderConfig.
public OIDProviderConfigResponse buildOIDProviderConfig(OIDProviderRequest request) throws OIDCDiscoveryEndPointException, ServerConfigurationException {
OIDProviderConfigResponse providerConfig = new OIDProviderConfigResponse();
String tenantDomain = request.getTenantDomain();
if (isUseEntityIdAsIssuerInOidcDiscovery()) {
try {
providerConfig.setIssuer(OAuth2Util.getIdTokenIssuer(tenantDomain));
} catch (IdentityOAuth2Exception e) {
throw new ServerConfigurationException(String.format("Error while retrieving OIDC Id token issuer " + "value for tenant domain: %s", tenantDomain), e);
}
} else {
providerConfig.setIssuer(OAuth2Util.getIDTokenIssuer());
}
providerConfig.setAuthorizationEndpoint(OAuth2Util.OAuthURL.getOAuth2AuthzEPUrl());
providerConfig.setTokenEndpoint(OAuth2Util.OAuthURL.getOAuth2TokenEPUrl());
providerConfig.setUserinfoEndpoint(OAuth2Util.OAuthURL.getOAuth2UserInfoEPUrl());
providerConfig.setRevocationEndpoint(OAuth2Util.OAuthURL.getOAuth2RevocationEPUrl());
providerConfig.setRevocationEndpointAuthMethodsSupported(OAuth2Util.getSupportedClientAuthenticationMethods().toArray(new String[0]));
providerConfig.setResponseModesSupported(OAuth2Util.getSupportedResponseModes().toArray(new String[0]));
providerConfig.setIntrospectionEndpointAuthMethodsSupported(OAuth2Util.getSupportedClientAuthenticationMethods().toArray(new String[0]));
providerConfig.setCodeChallengeMethodsSupported(OAuth2Util.getSupportedCodeChallengeMethods().toArray(new String[0]));
try {
providerConfig.setIntrospectionEndpoint(OAuth2Util.OAuthURL.getOAuth2IntrospectionEPUrl(tenantDomain));
providerConfig.setRegistrationEndpoint(OAuth2Util.OAuthURL.getOAuth2DCREPUrl(tenantDomain));
providerConfig.setJwksUri(OAuth2Util.OAuthURL.getOAuth2JWKSPageUrl(tenantDomain));
} catch (URISyntaxException e) {
throw new ServerConfigurationException("Error while building tenant specific url", e);
}
List<String> scopes = OAuth2Util.getOIDCScopes(tenantDomain);
providerConfig.setScopesSupported(scopes.toArray(new String[scopes.size()]));
try {
List<ExternalClaim> claims = OIDCDiscoveryDataHolder.getInstance().getClaimManagementService().getExternalClaims(OIDC_CLAIM_DIALECT, tenantDomain);
String[] claimArray = new String[claims.size() + 2];
int i;
for (i = 0; i < claims.size(); i++) {
claimArray[i] = claims.get(i).getClaimURI();
}
claimArray[i++] = "iss";
claimArray[i] = "acr";
providerConfig.setClaimsSupported(claimArray);
} catch (ClaimMetadataException e) {
throw new ServerConfigurationException("Error while retrieving OIDC claim dialect", e);
}
try {
providerConfig.setIdTokenSigningAlgValuesSupported(new String[] { OAuth2Util.mapSignatureAlgorithmForJWSAlgorithm(OAuthServerConfiguration.getInstance().getIdTokenSignatureAlgorithm()).getName() });
} catch (IdentityOAuth2Exception e) {
throw new ServerConfigurationException("Unsupported signature algorithm configured.", e);
}
Set<String> supportedResponseTypeNames = OAuthServerConfiguration.getInstance().getSupportedResponseTypeNames();
providerConfig.setResponseTypesSupported(supportedResponseTypeNames.toArray(new String[supportedResponseTypeNames.size()]));
providerConfig.setSubjectTypesSupported(new String[] { "public" });
providerConfig.setCheckSessionIframe(buildServiceUrl(IdentityConstants.OAuth.CHECK_SESSION, IdentityUtil.getProperty(IdentityConstants.OAuth.OIDC_CHECK_SESSION_EP_URL)));
providerConfig.setEndSessionEndpoint(buildServiceUrl(IdentityConstants.OAuth.LOGOUT, IdentityUtil.getProperty(IdentityConstants.OAuth.OIDC_LOGOUT_EP_URL)));
try {
providerConfig.setUserinfoSigningAlgValuesSupported(new String[] { OAuth2Util.mapSignatureAlgorithmForJWSAlgorithm(OAuthServerConfiguration.getInstance().getUserInfoJWTSignatureAlgorithm()).getName() });
} catch (IdentityOAuth2Exception e) {
throw new ServerConfigurationException("Unsupported signature algorithm configured.", e);
}
providerConfig.setTokenEndpointAuthMethodsSupported(OAuth2Util.getSupportedClientAuthenticationMethods().stream().toArray(String[]::new));
providerConfig.setGrantTypesSupported(OAuth2Util.getSupportedGrantTypes().stream().toArray(String[]::new));
providerConfig.setRequestParameterSupported(Boolean.valueOf(OAuth2Util.isRequestParameterSupported()));
providerConfig.setClaimsParameterSupported(Boolean.valueOf(OAuth2Util.isClaimsParameterSupported()));
providerConfig.setRequestObjectSigningAlgValuesSupported(OAuth2Util.getRequestObjectSigningAlgValuesSupported().stream().toArray(String[]::new));
providerConfig.setBackchannelLogoutSupported(Boolean.TRUE);
providerConfig.setBackchannelLogoutSessionSupported(Boolean.TRUE);
return providerConfig;
}
Aggregations