Search in sources :

Example 1 with OAuthClientException

use of org.wso2.carbon.identity.oauth.common.exception.OAuthClientException in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuthRevocationEndpoint method validateAuthorizationHeader.

private void validateAuthorizationHeader(HttpServletRequest request, MultivaluedMap<String, String> paramMap, String callback) throws RevokeEndpointAccessDeniedException {
    try {
        // The client MUST NOT use more than one authentication method in each request
        if (isClientCredentialsExistsAsParams(paramMap)) {
            if (log.isDebugEnabled()) {
                log.debug("Client Id and Client Secret found in request body and Authorization header" + ". Credentials should be sent in either request body or Authorization header, not both");
            }
            throw new RevokeEndpointAccessDeniedException("Client Authentication failed.", null, callback);
        }
        String[] credentials = getClientCredentials(request);
        // add the credentials available in Authorization header to the parameter map
        paramMap.add(OAuth.OAUTH_CLIENT_ID, credentials[0]);
        paramMap.add(OAuth.OAUTH_CLIENT_SECRET, credentials[1]);
        if (log.isDebugEnabled()) {
            log.debug("Client credentials extracted from the Authorization Header");
        }
    } catch (OAuthClientException e) {
        // malformed credential string is considered as an auth failure.
        if (log.isDebugEnabled()) {
            log.debug("Error while extracting credentials from authorization header", e);
        }
        throw new RevokeEndpointAccessDeniedException("Client Authentication failed. Invalid Authorization Header.", null, callback);
    }
}
Also used : RevokeEndpointAccessDeniedException(org.wso2.carbon.identity.oauth.endpoint.exception.RevokeEndpointAccessDeniedException) OAuthClientException(org.wso2.carbon.identity.oauth.common.exception.OAuthClientException)

Aggregations

OAuthClientException (org.wso2.carbon.identity.oauth.common.exception.OAuthClientException)1 RevokeEndpointAccessDeniedException (org.wso2.carbon.identity.oauth.endpoint.exception.RevokeEndpointAccessDeniedException)1