Search in sources :

Example 1 with CibaAuthCodeRequest

use of org.wso2.carbon.identity.oauth.ciba.model.CibaAuthCodeRequest in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuth2CibaEndpoint method ciba.

@POST
@Path("/")
@Consumes("application/x-www-form-urlencoded")
@Produces("application/json")
public Response ciba(@Context HttpServletRequest request, @Context HttpServletResponse response, MultivaluedMap paramMap) {
    OAuthClientAuthnContext oAuthClientAuthnContext = getClientAuthnContext(request);
    if (!oAuthClientAuthnContext.isAuthenticated()) {
        return getErrorResponse(new CibaAuthFailureException(OAuth2ErrorCodes.UNAUTHORIZED_CLIENT, "Client authentication required"));
    }
    request = new OAuthRequestWrapper(request, (Map<String, List<String>>) paramMap);
    if (log.isDebugEnabled()) {
        log.debug("Authentication request has hit Client Initiated Back-channel Authentication EndPoint.");
    }
    try {
        // Check whether request has the 'request' parameter.
        checkForRequestParam(request);
        // Capturing authentication request.
        String authRequest = request.getParameter(CibaConstants.REQUEST);
        // Validate authentication request.
        validateAuthenticationRequest(authRequest, oAuthClientAuthnContext.getClientId());
        // Prepare RequestDTO with validated parameters.
        cibaAuthCodeRequest = getCibaAuthCodeRequest(authRequest);
        // Obtain Response from service layer of CIBA.
        cibaAuthCodeResponse = getCibaAuthCodeResponse(cibaAuthCodeRequest);
        // Create an internal authorize call to the authorize endpoint.
        generateAuthorizeCall(request, response, cibaAuthCodeResponse);
        // Create and return Ciba Authentication Response.
        return getAuthResponse(response, cibaAuthCodeResponse);
    } catch (CibaAuthFailureException e) {
        // Returning error response.
        return getErrorResponse(e);
    }
}
Also used : OAuthRequestWrapper(org.wso2.carbon.identity.oauth.endpoint.OAuthRequestWrapper) CibaAuthFailureException(org.wso2.carbon.identity.oauth.endpoint.exception.CibaAuthFailureException) OAuthClientAuthnContext(org.wso2.carbon.identity.oauth2.bean.OAuthClientAuthnContext) Map(java.util.Map) MultivaluedMap(javax.ws.rs.core.MultivaluedMap) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces)

Example 2 with CibaAuthCodeRequest

use of org.wso2.carbon.identity.oauth.ciba.model.CibaAuthCodeRequest in project identity-inbound-auth-oauth by wso2-extensions.

the class CibaAuthServiceImpl method generateCibaAuthCodeDO.

/**
 * Builds and returns Ciba AuthCode DO.
 *
 * @param cibaAuthCodeRequest CIBA Request Data Transfer Object.
 * @return CibaAuthCodeDO.
 */
private CibaAuthCodeDO generateCibaAuthCodeDO(CibaAuthCodeRequest cibaAuthCodeRequest) {
    CibaAuthCodeDO cibaAuthCodeDO = new CibaAuthCodeDO();
    long issuedTimeInMillis = Calendar.getInstance(TimeZone.getTimeZone(CibaConstants.UTC)).getTimeInMillis();
    Timestamp issuedTime = new Timestamp(issuedTimeInMillis);
    long expiryTime = getExpiresIn(cibaAuthCodeRequest);
    String[] scopes = cibaAuthCodeRequest.getScopes();
    cibaAuthCodeDO.setCibaAuthCodeKey(this.generateAuthCodeKey());
    cibaAuthCodeDO.setAuthReqId(this.generateAuthRequestId());
    cibaAuthCodeDO.setConsumerKey(cibaAuthCodeRequest.getIssuer());
    cibaAuthCodeDO.setIssuedTime(issuedTime);
    // Initially last polled time is set to issued time.
    cibaAuthCodeDO.setLastPolledTime(issuedTime);
    cibaAuthCodeDO.setAuthReqStatus(AuthReqStatus.REQUESTED);
    cibaAuthCodeDO.setInterval(CibaConstants.INTERVAL_DEFAULT_VALUE_IN_SEC);
    cibaAuthCodeDO.setExpiresIn(expiryTime);
    cibaAuthCodeDO.setScopes(scopes);
    return cibaAuthCodeDO;
}
Also used : CibaAuthCodeDO(org.wso2.carbon.identity.oauth.ciba.model.CibaAuthCodeDO) Timestamp(java.sql.Timestamp)

Example 3 with CibaAuthCodeRequest

use of org.wso2.carbon.identity.oauth.ciba.model.CibaAuthCodeRequest in project identity-inbound-auth-oauth by wso2-extensions.

the class CibaAuthRequestValidator method prepareAuthCodeRequest.

/**
 * Extracts validated parameters from request and prepare a DTO.
 *
 * @param request CIBA Authentication Request as a String.
 * @throws CibaAuthFailureException CIBA Authentication Failed Exception.
 */
public CibaAuthCodeRequest prepareAuthCodeRequest(String request) throws CibaAuthFailureException {
    CibaAuthCodeRequest cibaAuthCodeRequest = new CibaAuthCodeRequest();
    try {
        SignedJWT signedJWT = SignedJWT.parse(request);
        JWTClaimsSet claimsSet = signedJWT.getJWTClaimsSet();
        // Set the clientID since properly validated.
        cibaAuthCodeRequest.setIssuer(claimsSet.getIssuer());
        List<String> aud = claimsSet.getAudience();
        // Adding issuer of the request to AuthenticationRequest after validation.
        cibaAuthCodeRequest.setAudience(aud.toArray(new String[aud.size()]));
        // Adding user_hint to the CIBA authentication request after successful validation.
        if (claimsSet.getClaim(Constants.LOGIN_HINT) != null) {
            // Since we have multiple parameters for user hints we need this check.
            cibaAuthCodeRequest.setUserHint(String.valueOf(claimsSet.getClaim(Constants.LOGIN_HINT)));
        } else {
            if (claimsSet.getClaim(Constants.ID_TOKEN_HINT) != null) {
                cibaAuthCodeRequest.setUserHint(getUserfromIDToken(String.valueOf(claimsSet.getClaim(Constants.ID_TOKEN_HINT))));
            }
        }
        // Set the validated value to JWT.
        cibaAuthCodeRequest.setJwtId(claimsSet.getJWTID());
        // Setting the validated expiredTime of the AuthenticationRequest.
        cibaAuthCodeRequest.setExpiredTime(claimsSet.getExpirationTime().getTime());
        // Setting the validated IssuedTime.
        cibaAuthCodeRequest.setIssuedTime(claimsSet.getIssueTime().getTime());
        // Setting the validated NBF after validation of the AuthenticationRequest.
        cibaAuthCodeRequest.setNotBeforeTime(claimsSet.getNotBeforeTime().getTime());
        // Setting the scope of the AuthenticationRequest.
        cibaAuthCodeRequest.setScopes(OAuth2Util.buildScopeArray(claimsSet.getStringClaim(Constants.SCOPE)));
        // Setting scope to CIBA AuthenticationRequest after validation.
        cibaAuthCodeRequest.setAcrValues(buildACRArray(claimsSet.getStringClaim(Constants.ACR_VALUES)));
        // Setting binding_message to AuthenticationRequest after successful validation.
        cibaAuthCodeRequest.setBindingMessage(claimsSet.getStringClaim(CibaConstants.BINDING_MESSAGE));
        // Setting transaction_context to AuthenticationRequest after successful validation.
        JSONObject transactionContext = claimsSet.getJSONObjectClaim(CibaConstants.TRANSACTION_CONTEXT);
        if (transactionContext != null) {
            cibaAuthCodeRequest.setTransactionContext(transactionContext.toJSONString());
        }
        // Setting requested_expiry to AuthenticationRequest after successful validation.
        if (claimsSet.getClaim(CibaConstants.REQUESTED_EXPIRY) != null) {
            if (claimsSet.getClaim(CibaConstants.REQUESTED_EXPIRY) instanceof String) {
                cibaAuthCodeRequest.setRequestedExpiry(Long.parseLong(claimsSet.getStringClaim(CibaConstants.REQUESTED_EXPIRY)));
            } else {
                cibaAuthCodeRequest.setRequestedExpiry(claimsSet.getLongClaim(CibaConstants.REQUESTED_EXPIRY));
            }
        } else {
            cibaAuthCodeRequest.setRequestedExpiry(0);
        }
    } catch (ParseException e) {
        throw new CibaAuthFailureException(OAuth2ErrorCodes.SERVER_ERROR, "Error when processing request parameters.", e);
    }
    return cibaAuthCodeRequest;
}
Also used : CibaAuthFailureException(org.wso2.carbon.identity.oauth.endpoint.exception.CibaAuthFailureException) JSONObject(net.minidev.json.JSONObject) CibaAuthCodeRequest(org.wso2.carbon.identity.oauth.ciba.model.CibaAuthCodeRequest) JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) SignedJWT(com.nimbusds.jwt.SignedJWT) ParseException(java.text.ParseException)

Example 4 with CibaAuthCodeRequest

use of org.wso2.carbon.identity.oauth.ciba.model.CibaAuthCodeRequest in project identity-inbound-auth-oauth by wso2-extensions.

the class CibaAuthServiceImpl method buildAuthCodeResponse.

/**
 * Builds and returns CibaAuthCodeResponse.
 *
 * @param cibaAuthCodeDO      DO with information regarding authenticationRequest.
 * @param cibaAuthCodeRequest Auth Code request object.
 * @throws CibaCoreException   Exception thrown from CibaCore Component.
 * @throws CibaClientException Client exception thrown from CibaCore Component.
 */
private CibaAuthCodeResponse buildAuthCodeResponse(CibaAuthCodeRequest cibaAuthCodeRequest, CibaAuthCodeDO cibaAuthCodeDO) throws CibaCoreException, CibaClientException {
    String clientID = cibaAuthCodeRequest.getIssuer();
    try {
        CibaAuthCodeResponse cibaAuthCodeResponse = new CibaAuthCodeResponse();
        String user = cibaAuthCodeRequest.getUserHint();
        OAuthAppDO appDO = OAuth2Util.getAppInformationByClientId(clientID);
        String callbackUri = appDO.getCallbackUrl();
        cibaAuthCodeResponse.setAuthReqId(cibaAuthCodeDO.getAuthReqId());
        cibaAuthCodeResponse.setCallBackUrl(callbackUri);
        cibaAuthCodeResponse.setUserHint(user);
        cibaAuthCodeResponse.setClientId(clientID);
        cibaAuthCodeResponse.setScopes(cibaAuthCodeRequest.getScopes());
        cibaAuthCodeResponse.setExpiresIn(cibaAuthCodeDO.getExpiresIn());
        if (StringUtils.isNotBlank(cibaAuthCodeRequest.getBindingMessage())) {
            cibaAuthCodeResponse.setBindingMessage(cibaAuthCodeRequest.getBindingMessage());
        }
        if (StringUtils.isNotBlank(cibaAuthCodeRequest.getTransactionContext())) {
            cibaAuthCodeResponse.setTransactionDetails(cibaAuthCodeRequest.getTransactionContext());
        }
        if (log.isDebugEnabled()) {
            log.debug("Successful in creating AuthCodeResponse for the client: " + clientID);
        }
        return cibaAuthCodeResponse;
    } catch (IdentityOAuth2Exception e) {
        throw new CibaCoreException("Error in creating AuthCodeResponse for the client: " + clientID, e);
    } catch (InvalidOAuthClientException e) {
        throw new CibaClientException("Error in creating AuthCodeResponse for the client: " + clientID, e);
    }
}
Also used : OAuthAppDO(org.wso2.carbon.identity.oauth.dao.OAuthAppDO) IdentityOAuth2Exception(org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception) CibaClientException(org.wso2.carbon.identity.oauth.ciba.exceptions.CibaClientException) CibaAuthCodeResponse(org.wso2.carbon.identity.oauth.ciba.model.CibaAuthCodeResponse) CibaCoreException(org.wso2.carbon.identity.oauth.ciba.exceptions.CibaCoreException) InvalidOAuthClientException(org.wso2.carbon.identity.oauth.common.exception.InvalidOAuthClientException)

Example 5 with CibaAuthCodeRequest

use of org.wso2.carbon.identity.oauth.ciba.model.CibaAuthCodeRequest in project identity-inbound-auth-oauth by wso2-extensions.

the class CibaAuthServiceImpl method generateAuthCodeResponse.

@Override
public CibaAuthCodeResponse generateAuthCodeResponse(CibaAuthCodeRequest cibaAuthCodeRequest) throws CibaCoreException, CibaClientException {
    CibaAuthCodeDO cibaAuthCodeDO = generateCibaAuthCodeDO(cibaAuthCodeRequest);
    CibaDAOFactory.getInstance().getCibaAuthMgtDAO().persistCibaAuthCode(cibaAuthCodeDO);
    return buildAuthCodeResponse(cibaAuthCodeRequest, cibaAuthCodeDO);
}
Also used : CibaAuthCodeDO(org.wso2.carbon.identity.oauth.ciba.model.CibaAuthCodeDO)

Aggregations

CibaAuthCodeDO (org.wso2.carbon.identity.oauth.ciba.model.CibaAuthCodeDO)2 CibaAuthFailureException (org.wso2.carbon.identity.oauth.endpoint.exception.CibaAuthFailureException)2 JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)1 SignedJWT (com.nimbusds.jwt.SignedJWT)1 Timestamp (java.sql.Timestamp)1 ParseException (java.text.ParseException)1 Map (java.util.Map)1 Consumes (javax.ws.rs.Consumes)1 POST (javax.ws.rs.POST)1 Path (javax.ws.rs.Path)1 Produces (javax.ws.rs.Produces)1 MultivaluedMap (javax.ws.rs.core.MultivaluedMap)1 JSONObject (net.minidev.json.JSONObject)1 CibaClientException (org.wso2.carbon.identity.oauth.ciba.exceptions.CibaClientException)1 CibaCoreException (org.wso2.carbon.identity.oauth.ciba.exceptions.CibaCoreException)1 CibaAuthCodeRequest (org.wso2.carbon.identity.oauth.ciba.model.CibaAuthCodeRequest)1 CibaAuthCodeResponse (org.wso2.carbon.identity.oauth.ciba.model.CibaAuthCodeResponse)1 InvalidOAuthClientException (org.wso2.carbon.identity.oauth.common.exception.InvalidOAuthClientException)1 OAuthAppDO (org.wso2.carbon.identity.oauth.dao.OAuthAppDO)1 OAuthRequestWrapper (org.wso2.carbon.identity.oauth.endpoint.OAuthRequestWrapper)1