Example 1 with AuthorizationGrantCacheEntry
use of org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCacheEntry in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuth2AuthzEndpoint method addToBCLogoutSessionToOAuthMessage.
/**
* Store Authorization Code and SessionID for back-channel logout in the cache.
*
* @param oAuthMessage
* @param sessionId
*/
private void addToBCLogoutSessionToOAuthMessage(OAuthMessage oAuthMessage, String sessionId) {
AuthorizationGrantCacheEntry entry = oAuthMessage.getAuthorizationGrantCacheEntry();
if (entry == null) {
log.debug("Authorization code is not found in the redirect URL");
return;
}
entry.setOidcSessionId(sessionId);
}
Also used :
AuthorizationGrantCacheEntry(org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCacheEntry)
Example 2 with AuthorizationGrantCacheEntry
use of org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCacheEntry in project identity-inbound-auth-oauth by wso2-extensions.
the class AbstractTokenBinder method getTokenBindingValue.
@Override
public Optional<String> getTokenBindingValue(OAuth2AccessTokenReqDTO oAuth2AccessTokenReqDTO) {
if (AUTHORIZATION_CODE.equals(oAuth2AccessTokenReqDTO.getGrantType()) && StringUtils.isNotBlank(oAuth2AccessTokenReqDTO.getAuthorizationCode())) {
AuthorizationGrantCacheKey cacheKey = new AuthorizationGrantCacheKey(oAuth2AccessTokenReqDTO.getAuthorizationCode());
AuthorizationGrantCacheEntry authorizationGrantCacheEntry = AuthorizationGrantCache.getInstance().getValueFromCacheByCode(cacheKey);
if (authorizationGrantCacheEntry != null && StringUtils.isNotBlank(authorizationGrantCacheEntry.getTokenBindingValue())) {
return Optional.of(authorizationGrantCacheEntry.getTokenBindingValue());
}
}
return Optional.empty();
}
Also used :
AuthorizationGrantCacheEntry(org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCacheEntry)
AuthorizationGrantCacheKey(org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCacheKey)
Example 3 with AuthorizationGrantCacheEntry
use of org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCacheEntry in project identity-inbound-auth-oauth by wso2-extensions.
the class DefaultOIDCClaimsCallbackHandlerTest method testHandleClaimsForOAuthTokenReqMessageContextWithAuthorizationCode.
@Test
public void testHandleClaimsForOAuthTokenReqMessageContextWithAuthorizationCode() throws Exception {
JWTClaimsSet.Builder jwtClaimsSetBuilder = new JWTClaimsSet.Builder();
Map<ClaimMapping, String> userAttributes = new HashMap<>();
userAttributes.put(SAML2BearerGrantHandlerTest.buildClaimMapping(COUNTRY), TestConstants.CLAIM_VALUE1);
userAttributes.put(SAML2BearerGrantHandlerTest.buildClaimMapping(EMAIL), TestConstants.CLAIM_VALUE2);
OAuthTokenReqMessageContext requestMsgCtx = getTokenReqMessageContextForFederatedUser(userAttributes);
requestMsgCtx.addProperty("AuthorizationCode", "dummyAuthorizationCode");
AuthorizationGrantCacheEntry authorizationGrantCacheEntry = mock(AuthorizationGrantCacheEntry.class);
mockAuthorizationGrantCache(authorizationGrantCacheEntry);
UserRealm userRealm = getUserRealmWithUserClaims(USER_CLAIMS_MAP);
mockUserRealm(requestMsgCtx.getAuthorizedUser().toString(), userRealm);
JWTClaimsSet jwtClaimsSet = getJwtClaimSet(jwtClaimsSetBuilder, requestMsgCtx);
assertNotNull(jwtClaimsSet, "JWT Custom claim handling failed.");
assertFalse(jwtClaimsSet.getClaims().isEmpty(), "JWT custom claim handling failed");
Assert.assertEquals(jwtClaimsSet.getClaims().size(), 3, "Expected custom claims are not set.");
Assert.assertEquals(jwtClaimsSet.getClaim(EMAIL), TestConstants.CLAIM_VALUE2, "OIDC claim " + EMAIL + " is not added with the JWT token");
}
Also used :
ClaimMapping(org.wso2.carbon.identity.application.common.model.ClaimMapping)
AuthorizationGrantCacheEntry(org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCacheEntry)
UserRealm(org.wso2.carbon.user.core.UserRealm)
HashMap(java.util.HashMap)
JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet)
AttributeBuilder(org.opensaml.saml.saml2.core.impl.AttributeBuilder)
OAuthTokenReqMessageContext(org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext)
Matchers.anyString(org.mockito.Matchers.anyString)
SAML2BearerGrantHandlerTest(org.wso2.carbon.identity.oauth2.token.handlers.grant.saml.SAML2BearerGrantHandlerTest)
Test(org.testng.annotations.Test)
PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)
Example 4 with AuthorizationGrantCacheEntry
use of org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCacheEntry in project identity-inbound-auth-oauth by wso2-extensions.
the class DefaultOIDCClaimsCallbackHandlerTest method testHandleCustomClaimsWithoutClaimsInRefreshFlow.
@Test(description = "This method tests the handle custom claims when there is no user attributes in cache as well" + " as in authenticates user object")
public void testHandleCustomClaimsWithoutClaimsInRefreshFlow() throws Exception {
JWTClaimsSet.Builder jwtClaimsSetBuilder = new JWTClaimsSet.Builder();
OAuthTokenReqMessageContext requestMsgCtx = getTokenReqMessageContextForFederatedUser(null);
// Add the relevant oidc claims to scop resource.
Properties oidcProperties = new Properties();
String[] oidcScopeClaims = new String[] { USERNAME, EMAIL };
oidcProperties.setProperty(OIDC_SCOPE, StringUtils.join(oidcScopeClaims, ","));
Map<ClaimMapping, String> userAttributes = new HashMap<>();
userAttributes.put(SAML2BearerGrantHandlerTest.buildClaimMapping(USERNAME), TestConstants.CLAIM_VALUE1);
userAttributes.put(SAML2BearerGrantHandlerTest.buildClaimMapping(EMAIL), TestConstants.CLAIM_VALUE2);
userAttributes.put(SAML2BearerGrantHandlerTest.buildClaimMapping(PHONE_NUMBER_VERIFIED), TestConstants.CLAIM_VALUE2);
AuthorizationGrantCacheEntry authorizationGrantCacheEntry = new AuthorizationGrantCacheEntry(userAttributes);
authorizationGrantCacheEntry.setSubjectClaim(requestMsgCtx.getAuthorizedUser().getUserName());
mockAuthorizationGrantCache(authorizationGrantCacheEntry);
RefreshTokenValidationDataDO refreshTokenValidationDataDO = Mockito.mock(RefreshTokenValidationDataDO.class);
Mockito.doReturn(SAMPLE_ACCESS_TOKEN).when(refreshTokenValidationDataDO).getAccessToken();
requestMsgCtx.addProperty(PREV_ACCESS_TOKEN, refreshTokenValidationDataDO);
UserRealm userRealm = getUserRealmWithUserClaims(USER_CLAIMS_MAP);
mockUserRealm(requestMsgCtx.getAuthorizedUser().toString(), userRealm);
JWTClaimsSet jwtClaimsSet = getJwtClaimSet(jwtClaimsSetBuilder, requestMsgCtx);
Assert.assertFalse(jwtClaimsSet.getClaims().isEmpty(), "JWT custom claim list is empty. Custom claim handling failed in refresh flow");
Assert.assertEquals(jwtClaimsSet.getClaim(USERNAME), TestConstants.CLAIM_VALUE1, "Incomplete list of custom claims returned.");
jwtClaimsSetBuilder = new JWTClaimsSet.Builder();
jwtClaimsSet = defaultOIDCClaimsCallbackHandler.handleCustomClaims(jwtClaimsSetBuilder, requestMsgCtx);
Assert.assertFalse(jwtClaimsSet.getClaims().isEmpty(), "JWT custom claim list is empty. Custom claim handling failed in refresh flow");
}
Also used :
HashMap(java.util.HashMap)
AttributeBuilder(org.opensaml.saml.saml2.core.impl.AttributeBuilder)
OAuthTokenReqMessageContext(org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext)
Matchers.anyString(org.mockito.Matchers.anyString)
Properties(java.util.Properties)
ClaimMapping(org.wso2.carbon.identity.application.common.model.ClaimMapping)
AuthorizationGrantCacheEntry(org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCacheEntry)
RefreshTokenValidationDataDO(org.wso2.carbon.identity.oauth2.model.RefreshTokenValidationDataDO)
UserRealm(org.wso2.carbon.user.core.UserRealm)
JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet)
SAML2BearerGrantHandlerTest(org.wso2.carbon.identity.oauth2.token.handlers.grant.saml.SAML2BearerGrantHandlerTest)
Test(org.testng.annotations.Test)
PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)
Example 5 with AuthorizationGrantCacheEntry
use of org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCacheEntry in project identity-inbound-auth-oauth by wso2-extensions.
the class AccessTokenIssuer method addUserAttributesAgainstAccessToken.
/**
* Copies the cache entry against the authorization code and adds an entry against the access token. This is done to
* reuse the calculated user claims for subsequent usages such as user info calls.
*
* @param tokenReqDTO
* @param tokenRespDTO
*/
private void addUserAttributesAgainstAccessToken(OAuth2AccessTokenReqDTO tokenReqDTO, OAuth2AccessTokenRespDTO tokenRespDTO) {
AuthorizationGrantCacheKey oldCacheKey = new AuthorizationGrantCacheKey(getAuthorizationCode(tokenReqDTO));
// checking getUserAttributesId value of cacheKey before retrieve entry from cache as it causes to NPE
if (oldCacheKey.getUserAttributesId() != null) {
AuthorizationGrantCacheEntry authorizationGrantCacheEntry = AuthorizationGrantCache.getInstance().getValueFromCacheByCode(oldCacheKey);
AuthorizationGrantCacheKey newCacheKey = new AuthorizationGrantCacheKey(tokenRespDTO.getAccessToken());
if (authorizationGrantCacheEntry != null) {
authorizationGrantCacheEntry.setTokenId(tokenRespDTO.getTokenId());
if (log.isDebugEnabled()) {
if (IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.ACCESS_TOKEN)) {
log.debug("Adding AuthorizationGrantCache entry for the access token(hashed):" + DigestUtils.sha256Hex(newCacheKey.getUserAttributesId()));
} else {
log.debug("Adding AuthorizationGrantCache entry for the access token");
}
}
authorizationGrantCacheEntry.setValidityPeriod(TimeUnit.MILLISECONDS.toNanos(tokenRespDTO.getExpiresInMillis()));
AuthorizationGrantCache.getInstance().addToCacheByToken(newCacheKey, authorizationGrantCacheEntry);
}
}
}
Also used :
AuthorizationGrantCacheEntry(org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCacheEntry)
AuthorizationGrantCacheKey(org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCacheKey)
Aggregations
AuthorizationGrantCacheEntry (org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCacheEntry)24
AuthorizationGrantCacheKey (org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCacheKey)18
HashMap (java.util.HashMap)7
ClaimMapping (org.wso2.carbon.identity.application.common.model.ClaimMapping)6
JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)3
Matchers.anyString (org.mockito.Matchers.anyString)3
Claim (org.wso2.carbon.identity.application.common.model.Claim)3
ArrayList (java.util.ArrayList)2
AttributeBuilder (org.opensaml.saml.saml2.core.impl.AttributeBuilder)2
PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)2
Test (org.testng.annotations.Test)2
OAuth2AuthorizeReqDTO (org.wso2.carbon.identity.oauth2.dto.OAuth2AuthorizeReqDTO)2
AccessTokenDO (org.wso2.carbon.identity.oauth2.model.AccessTokenDO)2
RefreshTokenValidationDataDO (org.wso2.carbon.identity.oauth2.model.RefreshTokenValidationDataDO)2
OAuthTokenReqMessageContext (org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext)2
SAML2BearerGrantHandlerTest (org.wso2.carbon.identity.oauth2.token.handlers.grant.saml.SAML2BearerGrantHandlerTest)2
RequestedClaim (org.wso2.carbon.identity.openidconnect.model.RequestedClaim)2
UserRealm (org.wso2.carbon.user.core.UserRealm)2
PlainJWT (com.nimbusds.jwt.PlainJWT)1
Key (java.security.Key)1
