use of org.wso2.carbon.identity.oauth.ciba.model.CibaAuthCodeRequest in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuth2CibaEndpoint method ciba.
@POST
@Path("/")
@Consumes("application/x-www-form-urlencoded")
@Produces("application/json")
public Response ciba(@Context HttpServletRequest request, @Context HttpServletResponse response, MultivaluedMap paramMap) {
OAuthClientAuthnContext oAuthClientAuthnContext = getClientAuthnContext(request);
if (!oAuthClientAuthnContext.isAuthenticated()) {
return getErrorResponse(new CibaAuthFailureException(OAuth2ErrorCodes.UNAUTHORIZED_CLIENT, "Client authentication required"));
}
request = new OAuthRequestWrapper(request, (Map<String, List<String>>) paramMap);
if (log.isDebugEnabled()) {
log.debug("Authentication request has hit Client Initiated Back-channel Authentication EndPoint.");
}
try {
// Check whether request has the 'request' parameter.
checkForRequestParam(request);
// Capturing authentication request.
String authRequest = request.getParameter(CibaConstants.REQUEST);
// Validate authentication request.
validateAuthenticationRequest(authRequest, oAuthClientAuthnContext.getClientId());
// Prepare RequestDTO with validated parameters.
cibaAuthCodeRequest = getCibaAuthCodeRequest(authRequest);
// Obtain Response from service layer of CIBA.
cibaAuthCodeResponse = getCibaAuthCodeResponse(cibaAuthCodeRequest);
// Create an internal authorize call to the authorize endpoint.
generateAuthorizeCall(request, response, cibaAuthCodeResponse);
// Create and return Ciba Authentication Response.
return getAuthResponse(response, cibaAuthCodeResponse);
} catch (CibaAuthFailureException e) {
// Returning error response.
return getErrorResponse(e);
}
}
use of org.wso2.carbon.identity.oauth.ciba.model.CibaAuthCodeRequest in project identity-inbound-auth-oauth by wso2-extensions.
the class CibaAuthServiceImpl method generateCibaAuthCodeDO.
/**
* Builds and returns Ciba AuthCode DO.
*
* @param cibaAuthCodeRequest CIBA Request Data Transfer Object.
* @return CibaAuthCodeDO.
*/
private CibaAuthCodeDO generateCibaAuthCodeDO(CibaAuthCodeRequest cibaAuthCodeRequest) {
CibaAuthCodeDO cibaAuthCodeDO = new CibaAuthCodeDO();
long issuedTimeInMillis = Calendar.getInstance(TimeZone.getTimeZone(CibaConstants.UTC)).getTimeInMillis();
Timestamp issuedTime = new Timestamp(issuedTimeInMillis);
long expiryTime = getExpiresIn(cibaAuthCodeRequest);
String[] scopes = cibaAuthCodeRequest.getScopes();
cibaAuthCodeDO.setCibaAuthCodeKey(this.generateAuthCodeKey());
cibaAuthCodeDO.setAuthReqId(this.generateAuthRequestId());
cibaAuthCodeDO.setConsumerKey(cibaAuthCodeRequest.getIssuer());
cibaAuthCodeDO.setIssuedTime(issuedTime);
// Initially last polled time is set to issued time.
cibaAuthCodeDO.setLastPolledTime(issuedTime);
cibaAuthCodeDO.setAuthReqStatus(AuthReqStatus.REQUESTED);
cibaAuthCodeDO.setInterval(CibaConstants.INTERVAL_DEFAULT_VALUE_IN_SEC);
cibaAuthCodeDO.setExpiresIn(expiryTime);
cibaAuthCodeDO.setScopes(scopes);
return cibaAuthCodeDO;
}
use of org.wso2.carbon.identity.oauth.ciba.model.CibaAuthCodeRequest in project identity-inbound-auth-oauth by wso2-extensions.
the class CibaAuthRequestValidator method prepareAuthCodeRequest.
/**
* Extracts validated parameters from request and prepare a DTO.
*
* @param request CIBA Authentication Request as a String.
* @throws CibaAuthFailureException CIBA Authentication Failed Exception.
*/
public CibaAuthCodeRequest prepareAuthCodeRequest(String request) throws CibaAuthFailureException {
CibaAuthCodeRequest cibaAuthCodeRequest = new CibaAuthCodeRequest();
try {
SignedJWT signedJWT = SignedJWT.parse(request);
JWTClaimsSet claimsSet = signedJWT.getJWTClaimsSet();
// Set the clientID since properly validated.
cibaAuthCodeRequest.setIssuer(claimsSet.getIssuer());
List<String> aud = claimsSet.getAudience();
// Adding issuer of the request to AuthenticationRequest after validation.
cibaAuthCodeRequest.setAudience(aud.toArray(new String[aud.size()]));
// Adding user_hint to the CIBA authentication request after successful validation.
if (claimsSet.getClaim(Constants.LOGIN_HINT) != null) {
// Since we have multiple parameters for user hints we need this check.
cibaAuthCodeRequest.setUserHint(String.valueOf(claimsSet.getClaim(Constants.LOGIN_HINT)));
} else {
if (claimsSet.getClaim(Constants.ID_TOKEN_HINT) != null) {
cibaAuthCodeRequest.setUserHint(getUserfromIDToken(String.valueOf(claimsSet.getClaim(Constants.ID_TOKEN_HINT))));
}
}
// Set the validated value to JWT.
cibaAuthCodeRequest.setJwtId(claimsSet.getJWTID());
// Setting the validated expiredTime of the AuthenticationRequest.
cibaAuthCodeRequest.setExpiredTime(claimsSet.getExpirationTime().getTime());
// Setting the validated IssuedTime.
cibaAuthCodeRequest.setIssuedTime(claimsSet.getIssueTime().getTime());
// Setting the validated NBF after validation of the AuthenticationRequest.
cibaAuthCodeRequest.setNotBeforeTime(claimsSet.getNotBeforeTime().getTime());
// Setting the scope of the AuthenticationRequest.
cibaAuthCodeRequest.setScopes(OAuth2Util.buildScopeArray(claimsSet.getStringClaim(Constants.SCOPE)));
// Setting scope to CIBA AuthenticationRequest after validation.
cibaAuthCodeRequest.setAcrValues(buildACRArray(claimsSet.getStringClaim(Constants.ACR_VALUES)));
// Setting binding_message to AuthenticationRequest after successful validation.
cibaAuthCodeRequest.setBindingMessage(claimsSet.getStringClaim(CibaConstants.BINDING_MESSAGE));
// Setting transaction_context to AuthenticationRequest after successful validation.
JSONObject transactionContext = claimsSet.getJSONObjectClaim(CibaConstants.TRANSACTION_CONTEXT);
if (transactionContext != null) {
cibaAuthCodeRequest.setTransactionContext(transactionContext.toJSONString());
}
// Setting requested_expiry to AuthenticationRequest after successful validation.
if (claimsSet.getClaim(CibaConstants.REQUESTED_EXPIRY) != null) {
if (claimsSet.getClaim(CibaConstants.REQUESTED_EXPIRY) instanceof String) {
cibaAuthCodeRequest.setRequestedExpiry(Long.parseLong(claimsSet.getStringClaim(CibaConstants.REQUESTED_EXPIRY)));
} else {
cibaAuthCodeRequest.setRequestedExpiry(claimsSet.getLongClaim(CibaConstants.REQUESTED_EXPIRY));
}
} else {
cibaAuthCodeRequest.setRequestedExpiry(0);
}
} catch (ParseException e) {
throw new CibaAuthFailureException(OAuth2ErrorCodes.SERVER_ERROR, "Error when processing request parameters.", e);
}
return cibaAuthCodeRequest;
}
use of org.wso2.carbon.identity.oauth.ciba.model.CibaAuthCodeRequest in project identity-inbound-auth-oauth by wso2-extensions.
the class CibaAuthServiceImpl method buildAuthCodeResponse.
/**
* Builds and returns CibaAuthCodeResponse.
*
* @param cibaAuthCodeDO DO with information regarding authenticationRequest.
* @param cibaAuthCodeRequest Auth Code request object.
* @throws CibaCoreException Exception thrown from CibaCore Component.
* @throws CibaClientException Client exception thrown from CibaCore Component.
*/
private CibaAuthCodeResponse buildAuthCodeResponse(CibaAuthCodeRequest cibaAuthCodeRequest, CibaAuthCodeDO cibaAuthCodeDO) throws CibaCoreException, CibaClientException {
String clientID = cibaAuthCodeRequest.getIssuer();
try {
CibaAuthCodeResponse cibaAuthCodeResponse = new CibaAuthCodeResponse();
String user = cibaAuthCodeRequest.getUserHint();
OAuthAppDO appDO = OAuth2Util.getAppInformationByClientId(clientID);
String callbackUri = appDO.getCallbackUrl();
cibaAuthCodeResponse.setAuthReqId(cibaAuthCodeDO.getAuthReqId());
cibaAuthCodeResponse.setCallBackUrl(callbackUri);
cibaAuthCodeResponse.setUserHint(user);
cibaAuthCodeResponse.setClientId(clientID);
cibaAuthCodeResponse.setScopes(cibaAuthCodeRequest.getScopes());
cibaAuthCodeResponse.setExpiresIn(cibaAuthCodeDO.getExpiresIn());
if (StringUtils.isNotBlank(cibaAuthCodeRequest.getBindingMessage())) {
cibaAuthCodeResponse.setBindingMessage(cibaAuthCodeRequest.getBindingMessage());
}
if (StringUtils.isNotBlank(cibaAuthCodeRequest.getTransactionContext())) {
cibaAuthCodeResponse.setTransactionDetails(cibaAuthCodeRequest.getTransactionContext());
}
if (log.isDebugEnabled()) {
log.debug("Successful in creating AuthCodeResponse for the client: " + clientID);
}
return cibaAuthCodeResponse;
} catch (IdentityOAuth2Exception e) {
throw new CibaCoreException("Error in creating AuthCodeResponse for the client: " + clientID, e);
} catch (InvalidOAuthClientException e) {
throw new CibaClientException("Error in creating AuthCodeResponse for the client: " + clientID, e);
}
}
use of org.wso2.carbon.identity.oauth.ciba.model.CibaAuthCodeRequest in project identity-inbound-auth-oauth by wso2-extensions.
the class CibaAuthServiceImpl method generateAuthCodeResponse.
@Override
public CibaAuthCodeResponse generateAuthCodeResponse(CibaAuthCodeRequest cibaAuthCodeRequest) throws CibaCoreException, CibaClientException {
CibaAuthCodeDO cibaAuthCodeDO = generateCibaAuthCodeDO(cibaAuthCodeRequest);
CibaDAOFactory.getInstance().getCibaAuthMgtDAO().persistCibaAuthCode(cibaAuthCodeDO);
return buildAuthCodeResponse(cibaAuthCodeRequest, cibaAuthCodeDO);
}
Aggregations