Search in sources :

Example 1 with OAuthRequestWrapper

use of org.wso2.carbon.identity.oauth.endpoint.OAuthRequestWrapper in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuth2CibaEndpoint method ciba.

@POST
@Path("/")
@Consumes("application/x-www-form-urlencoded")
@Produces("application/json")
public Response ciba(@Context HttpServletRequest request, @Context HttpServletResponse response, MultivaluedMap paramMap) {
    OAuthClientAuthnContext oAuthClientAuthnContext = getClientAuthnContext(request);
    if (!oAuthClientAuthnContext.isAuthenticated()) {
        return getErrorResponse(new CibaAuthFailureException(OAuth2ErrorCodes.UNAUTHORIZED_CLIENT, "Client authentication required"));
    }
    request = new OAuthRequestWrapper(request, (Map<String, List<String>>) paramMap);
    if (log.isDebugEnabled()) {
        log.debug("Authentication request has hit Client Initiated Back-channel Authentication EndPoint.");
    }
    try {
        // Check whether request has the 'request' parameter.
        checkForRequestParam(request);
        // Capturing authentication request.
        String authRequest = request.getParameter(CibaConstants.REQUEST);
        // Validate authentication request.
        validateAuthenticationRequest(authRequest, oAuthClientAuthnContext.getClientId());
        // Prepare RequestDTO with validated parameters.
        cibaAuthCodeRequest = getCibaAuthCodeRequest(authRequest);
        // Obtain Response from service layer of CIBA.
        cibaAuthCodeResponse = getCibaAuthCodeResponse(cibaAuthCodeRequest);
        // Create an internal authorize call to the authorize endpoint.
        generateAuthorizeCall(request, response, cibaAuthCodeResponse);
        // Create and return Ciba Authentication Response.
        return getAuthResponse(response, cibaAuthCodeResponse);
    } catch (CibaAuthFailureException e) {
        // Returning error response.
        return getErrorResponse(e);
    }
}
Also used : OAuthRequestWrapper(org.wso2.carbon.identity.oauth.endpoint.OAuthRequestWrapper) CibaAuthFailureException(org.wso2.carbon.identity.oauth.endpoint.exception.CibaAuthFailureException) OAuthClientAuthnContext(org.wso2.carbon.identity.oauth2.bean.OAuthClientAuthnContext) Map(java.util.Map) MultivaluedMap(javax.ws.rs.core.MultivaluedMap) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces)

Example 2 with OAuthRequestWrapper

use of org.wso2.carbon.identity.oauth.endpoint.OAuthRequestWrapper in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuthRevocationEndpoint method revokeAccessToken.

@POST
@Path("/")
@Consumes("application/x-www-form-urlencoded")
public Response revokeAccessToken(@Context HttpServletRequest request, MultivaluedMap<String, String> paramMap) throws OAuthSystemException, InvalidRequestParentException {
    try {
        startSuperTenantFlow();
        Map<String, Object> params = new HashMap<>();
        if (MapUtils.isNotEmpty(paramMap)) {
            paramMap.forEach((key, value) -> {
                if (TOKEN_PARAM.equals(key) && CollectionUtils.isNotEmpty(value)) {
                    params.put("token", value.get(0).replaceAll(".", "*"));
                } else {
                    params.put(key, value);
                }
            });
        }
        if (LoggerUtils.isDiagnosticLogsEnabled()) {
            LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, params, OAuthConstants.LogConstants.SUCCESS, "Successfully received token revocation request.", "receive-revoke-request", null);
        }
        validateRepeatedParams(request, paramMap);
        HttpServletRequestWrapper httpRequest = new OAuthRequestWrapper(request, paramMap);
        String token = getToken(paramMap, httpRequest);
        String callback = getCallback(paramMap, httpRequest);
        if (isEmpty(token)) {
            if (LoggerUtils.isDiagnosticLogsEnabled()) {
                LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, params, OAuthConstants.LogConstants.FAILED, "'token' parameter is missing in the revoke request.", "validate-input-parameters", null);
            }
            return handleClientFailure(callback);
        }
        String tokenType = getTokenType(paramMap, httpRequest);
        OAuthRevocationRequestDTO revokeRequest = buildOAuthRevocationRequest(httpRequest, paramMap, token, tokenType);
        OAuthRevocationResponseDTO oauthRevokeResp = revokeTokens(revokeRequest);
        if (oauthRevokeResp.getErrorMsg() != null) {
            return handleErrorResponse(callback, oauthRevokeResp);
        } else {
            return handleRevokeResponse(callback, oauthRevokeResp);
        }
    } finally {
        PrivilegedCarbonContext.endTenantFlow();
    }
}
Also used : OAuthRevocationRequestDTO(org.wso2.carbon.identity.oauth2.dto.OAuthRevocationRequestDTO) OAuthRequestWrapper(org.wso2.carbon.identity.oauth.endpoint.OAuthRequestWrapper) HashMap(java.util.HashMap) HttpServletRequestWrapper(javax.servlet.http.HttpServletRequestWrapper) OAuthRevocationResponseDTO(org.wso2.carbon.identity.oauth2.dto.OAuthRevocationResponseDTO) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes)

Example 3 with OAuthRequestWrapper

use of org.wso2.carbon.identity.oauth.endpoint.OAuthRequestWrapper in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuth2TokenEndpoint method issueAccessToken.

protected Response issueAccessToken(HttpServletRequest request, Map<String, List<String>> paramMap) throws OAuthSystemException, InvalidRequestParentException {
    try {
        startSuperTenantFlow();
        validateRepeatedParams(request, paramMap);
        HttpServletRequestWrapper httpRequest = new OAuthRequestWrapper(request, paramMap);
        CarbonOAuthTokenRequest oauthRequest = buildCarbonOAuthTokenRequest(httpRequest);
        validateOAuthApplication(oauthRequest.getoAuthClientAuthnContext());
        OAuth2AccessTokenRespDTO oauth2AccessTokenResp = issueAccessToken(oauthRequest, httpRequest);
        if (oauth2AccessTokenResp.getErrorMsg() != null) {
            return handleErrorResponse(oauth2AccessTokenResp);
        } else {
            return buildTokenResponse(oauth2AccessTokenResp);
        }
    } catch (TokenEndpointBadRequestException | OAuthSystemException | InvalidApplicationClientException e) {
        triggerOnTokenExceptionListeners(e, request, paramMap);
        throw e;
    } finally {
        PrivilegedCarbonContext.endTenantFlow();
    }
}
Also used : OAuthRequestWrapper(org.wso2.carbon.identity.oauth.endpoint.OAuthRequestWrapper) OAuth2AccessTokenRespDTO(org.wso2.carbon.identity.oauth2.dto.OAuth2AccessTokenRespDTO) TokenEndpointBadRequestException(org.wso2.carbon.identity.oauth.endpoint.exception.TokenEndpointBadRequestException) HttpServletRequestWrapper(javax.servlet.http.HttpServletRequestWrapper) OAuthSystemException(org.apache.oltu.oauth2.common.exception.OAuthSystemException) InvalidApplicationClientException(org.wso2.carbon.identity.oauth.endpoint.exception.InvalidApplicationClientException) CarbonOAuthTokenRequest(org.wso2.carbon.identity.oauth2.model.CarbonOAuthTokenRequest)

Aggregations

OAuthRequestWrapper (org.wso2.carbon.identity.oauth.endpoint.OAuthRequestWrapper)3 HttpServletRequestWrapper (javax.servlet.http.HttpServletRequestWrapper)2 Consumes (javax.ws.rs.Consumes)2 POST (javax.ws.rs.POST)2 Path (javax.ws.rs.Path)2 HashMap (java.util.HashMap)1 Map (java.util.Map)1 Produces (javax.ws.rs.Produces)1 MultivaluedMap (javax.ws.rs.core.MultivaluedMap)1 OAuthSystemException (org.apache.oltu.oauth2.common.exception.OAuthSystemException)1 CibaAuthFailureException (org.wso2.carbon.identity.oauth.endpoint.exception.CibaAuthFailureException)1 InvalidApplicationClientException (org.wso2.carbon.identity.oauth.endpoint.exception.InvalidApplicationClientException)1 TokenEndpointBadRequestException (org.wso2.carbon.identity.oauth.endpoint.exception.TokenEndpointBadRequestException)1 OAuthClientAuthnContext (org.wso2.carbon.identity.oauth2.bean.OAuthClientAuthnContext)1 OAuth2AccessTokenRespDTO (org.wso2.carbon.identity.oauth2.dto.OAuth2AccessTokenRespDTO)1 OAuthRevocationRequestDTO (org.wso2.carbon.identity.oauth2.dto.OAuthRevocationRequestDTO)1 OAuthRevocationResponseDTO (org.wso2.carbon.identity.oauth2.dto.OAuthRevocationResponseDTO)1 CarbonOAuthTokenRequest (org.wso2.carbon.identity.oauth2.model.CarbonOAuthTokenRequest)1