Search in sources :

Example 1 with ConsentHandlingFailedException

use of org.wso2.carbon.identity.oauth.endpoint.exception.ConsentHandlingFailedException in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuth2AuthzEndpoint method doUserAuthorization.

/**
 * prompt : none
 * The Authorization Server MUST NOT display any authentication
 * or consent user interface pages. An error is returned if the
 * End-User is not already authenticated or the Client does not
 * have pre-configured consent for the requested scopes. This
 * can be used as a method to check for existing authentication
 * and/or consent.
 * <p/>
 * prompt : consent
 * The Authorization Server MUST prompt the End-User for consent before
 * returning information to the Client.
 * <p/>
 * prompt Error : consent_required
 * The Authorization Server requires End-User consent. This
 * error MAY be returned when the prompt parameter in the
 * Authorization Request is set to none to request that the
 * Authorization Server should not display any user
 * interfaces to the End-User, but the Authorization Request
 * cannot be completed without displaying a user interface
 * for End-User consent.
 *
 * @return String URL
 * @throws OAuthSystemException OAuthSystemException
 */
private String doUserAuthorization(OAuthMessage oAuthMessage, String sessionDataKeyFromLogin, OIDCSessionState sessionState) throws OAuthSystemException, ConsentHandlingFailedException, OAuthProblemException {
    OAuth2Parameters oauth2Params = getOauth2Params(oAuthMessage);
    AuthenticatedUser authenticatedUser = getLoggedInUser(oAuthMessage);
    boolean hasUserApproved = isUserAlreadyApproved(oauth2Params, authenticatedUser);
    if (hasPromptContainsConsent(oauth2Params)) {
        // Remove any existing consents.
        String clientId = oauth2Params.getClientId();
        OpenIDConnectUserRPStore.getInstance().removeConsentForUser(authenticatedUser, clientId);
        if (LoggerUtils.isDiagnosticLogsEnabled()) {
            Map<String, Object> params = new HashMap<>();
            params.put("clientId", oauth2Params.getClientId());
            params.put("prompt", oauth2Params.getPrompt());
            if (authenticatedUser != null) {
                try {
                    params.put("user", authenticatedUser.getUserId());
                } catch (UserIdNotFoundException e) {
                    if (StringUtils.isNotBlank(authenticatedUser.getAuthenticatedSubjectIdentifier())) {
                        params.put("user", authenticatedUser.getAuthenticatedSubjectIdentifier().replaceAll(".", "*"));
                    }
                }
            }
            LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, params, OAuthConstants.LogConstants.SUCCESS, "'prompt' contains consent. Hence existing user consent is revoked.", "remove-user-consent", null);
        }
        if (log.isDebugEnabled()) {
            log.debug("Prompt parameter contains 'consent'. Existing consents for user: " + authenticatedUser.toFullQualifiedUsername() + " for oauth app with clientId: " + clientId + " are revoked and user will be prompted to give consent again.");
        }
        // Need to prompt for consent and get user consent for claims as well.
        return promptUserForConsent(sessionDataKeyFromLogin, oauth2Params, authenticatedUser, true, oAuthMessage);
    } else if (isPromptNone(oauth2Params)) {
        return handlePromptNone(oAuthMessage, sessionState, oauth2Params, authenticatedUser, hasUserApproved);
    } else if (isPromptLogin(oauth2Params) || isPromptParamsNotPresent(oauth2Params)) {
        return handleConsent(oAuthMessage, sessionDataKeyFromLogin, sessionState, oauth2Params, authenticatedUser, hasUserApproved);
    } else {
        return StringUtils.EMPTY;
    }
}
Also used : OAuth2Parameters(org.wso2.carbon.identity.oauth2.model.OAuth2Parameters) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) HashMap(java.util.HashMap) RequestObject(org.wso2.carbon.identity.openidconnect.model.RequestObject) JSONObject(org.json.JSONObject) UserIdNotFoundException(org.wso2.carbon.identity.application.authentication.framework.exception.UserIdNotFoundException) AuthenticatedUser(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser)

Example 2 with ConsentHandlingFailedException

use of org.wso2.carbon.identity.oauth.endpoint.exception.ConsentHandlingFailedException in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuth2AuthzEndpoint method handlePostConsent.

private void handlePostConsent(OAuthMessage oAuthMessage) throws ConsentHandlingFailedException {
    OAuth2Parameters oauth2Params = getOauth2Params(oAuthMessage);
    String tenantDomain = EndpointUtil.getSPTenantDomainFromClientId(oauth2Params.getClientId());
    setSPAttributeToRequest(oAuthMessage.getRequest(), oauth2Params.getApplicationName(), tenantDomain);
    String spTenantDomain = oauth2Params.getTenantDomain();
    AuthenticatedUser loggedInUser = getLoggedInUser(oAuthMessage);
    String clientId = oauth2Params.getClientId();
    ServiceProvider serviceProvider;
    if (log.isDebugEnabled()) {
        log.debug("Initiating post user consent handling for user: " + loggedInUser.toFullQualifiedUsername() + " for client_id: " + clientId + " of tenantDomain: " + spTenantDomain);
    }
    try {
        if (isConsentHandlingFromFrameworkSkipped(oauth2Params)) {
            if (log.isDebugEnabled()) {
                log.debug("Consent handling from framework skipped for client_id: " + clientId + " of tenantDomain: " + spTenantDomain + " for user: " + loggedInUser.toFullQualifiedUsername() + ". " + "Therefore handling post consent is not applicable.");
            }
            if (LoggerUtils.isDiagnosticLogsEnabled()) {
                Map<String, Object> params = new HashMap<>();
                params.put("clientId", clientId);
                Map<String, Object> configs = new HashMap<>();
                configs.put("skipConsent", "true");
                LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, params, OAuthConstants.LogConstants.SUCCESS, "Consent is disabled for the OAuth client.", "handle-consent", configs);
            }
            return;
        }
        List<Integer> approvedClaimIds = getUserConsentClaimIds(oAuthMessage);
        serviceProvider = getServiceProvider(clientId);
        /*
                With the current implementation of the SSOConsentService we need to send back the original
                ConsentClaimsData object we got during pre consent stage. Currently we are repeating the API call
                during post consent handling to get the original ConsentClaimsData object (Assuming there is no
                change in SP during pre-consent and post-consent).

                The API on the SSO Consent Service will be improved to avoid having to send the original
                ConsentClaimsData object.
             */
        ConsentClaimsData value = getConsentRequiredClaims(loggedInUser, serviceProvider, oauth2Params);
        /*
                It is needed to pitch the consent required claims with the OIDC claims. otherwise the consent of the
                the claims which are not in the OIDC claims will be saved as consent denied.
            */
        if (value != null) {
            // Remove the claims which dont have values given by the user.
            value.setRequestedClaims(removeConsentRequestedNullUserAttributes(value.getRequestedClaims(), loggedInUser.getUserAttributes(), spTenantDomain));
            List<ClaimMetaData> requestedOidcClaimsList = getRequestedOidcClaimsList(value, oauth2Params, spTenantDomain);
            value.setRequestedClaims(requestedOidcClaimsList);
        }
        // Call framework and create the consent receipt.
        if (log.isDebugEnabled()) {
            log.debug("Creating user consent receipt for user: " + loggedInUser.toFullQualifiedUsername() + " for client_id: " + clientId + " of tenantDomain: " + spTenantDomain);
        }
        Map<String, Object> params;
        if (hasPromptContainsConsent(oauth2Params)) {
            if (LoggerUtils.isDiagnosticLogsEnabled()) {
                params = new HashMap<>();
                params.put("clientId", clientId);
                params.put("prompt", oauth2Params.getPrompt());
                LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, params, OAuthConstants.LogConstants.SUCCESS, null, "hand-over-to-consent-service", null);
            }
            getSSOConsentService().processConsent(approvedClaimIds, serviceProvider, loggedInUser, value, true);
        } else {
            if (LoggerUtils.isDiagnosticLogsEnabled()) {
                params = new HashMap<>();
                params.put("clientId", clientId);
                params.put("prompt", oauth2Params.getPrompt());
                LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, params, OAuthConstants.LogConstants.SUCCESS, null, "hand-over-to-consent-service", null);
            }
            getSSOConsentService().processConsent(approvedClaimIds, serviceProvider, loggedInUser, value, false);
        }
    } catch (OAuthSystemException | SSOConsentServiceException e) {
        if (LoggerUtils.isDiagnosticLogsEnabled()) {
            LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, null, OAuthConstants.LogConstants.FAILED, "System error occurred.", "process-consent", null);
        }
        String msg = "Error while processing consent of user: " + loggedInUser.toFullQualifiedUsername() + " for " + "client_id: " + clientId + " of tenantDomain: " + spTenantDomain;
        throw new ConsentHandlingFailedException(msg, e);
    } catch (ClaimMetadataException e) {
        if (LoggerUtils.isDiagnosticLogsEnabled()) {
            LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, null, OAuthConstants.LogConstants.FAILED, String.format("Error occurred while getting " + "claim mappings for %s.", OIDC_DIALECT), "process-consent", null);
        }
        throw new ConsentHandlingFailedException("Error while getting claim mappings for " + OIDC_DIALECT, e);
    } catch (RequestObjectException e) {
        if (LoggerUtils.isDiagnosticLogsEnabled()) {
            LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, null, OAuthConstants.LogConstants.FAILED, String.format("Error occurred while getting essential claims for the session data key : %s.", oauth2Params.getSessionDataKey()), "process-consent", null);
        }
        throw new ConsentHandlingFailedException("Error while getting essential claims for the session data key " + ": " + oauth2Params.getSessionDataKey(), e);
    }
}
Also used : RequestObjectException(org.wso2.carbon.identity.oauth2.RequestObjectException) ClaimMetadataException(org.wso2.carbon.identity.claim.metadata.mgt.exception.ClaimMetadataException) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) HashMap(java.util.HashMap) OAuthSystemException(org.apache.oltu.oauth2.common.exception.OAuthSystemException) ConsentClaimsData(org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.ConsentClaimsData) SSOConsentServiceException(org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentServiceException) ClaimMetaData(org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.ClaimMetaData) AuthenticatedUser(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser) ConsentHandlingFailedException(org.wso2.carbon.identity.oauth.endpoint.exception.ConsentHandlingFailedException) OAuth2Parameters(org.wso2.carbon.identity.oauth2.model.OAuth2Parameters) ServiceProvider(org.wso2.carbon.identity.application.common.model.ServiceProvider) RequestObject(org.wso2.carbon.identity.openidconnect.model.RequestObject) JSONObject(org.json.JSONObject)

Example 3 with ConsentHandlingFailedException

use of org.wso2.carbon.identity.oauth.endpoint.exception.ConsentHandlingFailedException in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuth2AuthzEndpoint method handleApproveAlwaysWithPromptForNewConsent.

private String handleApproveAlwaysWithPromptForNewConsent(OAuthMessage oAuthMessage, OIDCSessionState sessionState, OAuth2Parameters oauth2Params) throws ConsentHandlingFailedException, OAuthSystemException {
    AuthenticatedUser authenticatedUser = getLoggedInUser(oAuthMessage);
    String preConsent = handlePreConsentIncludingExistingConsents(oauth2Params, authenticatedUser);
    if (isConsentFromUserRequired(preConsent)) {
        String sessionDataKeyFromLogin = getSessionDataKeyFromLogin(oAuthMessage);
        preConsent = buildQueryParamString(preConsent, USER_CLAIMS_CONSENT_ONLY + "=true");
        return getUserConsentURL(sessionDataKeyFromLogin, oauth2Params, authenticatedUser, preConsent, oAuthMessage);
    } else {
        sessionState.setAddSessionState(true);
        return handleUserConsent(oAuthMessage, APPROVE, sessionState);
    }
}
Also used : AuthenticatedUser(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser)

Example 4 with ConsentHandlingFailedException

use of org.wso2.carbon.identity.oauth.endpoint.exception.ConsentHandlingFailedException in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuth2AuthzEndpoint method handlePreConsent.

/**
 * Handle user consent from claims that will be shared in OIDC responses. Claims that require consent will be
 * sent to the consent page as query params. Consent page will interpret the query params and prompt the user
 * for consent.
 *
 * @param oauth2Params
 * @param user                Authenticated User
 * @param useExistingConsents Whether to consider existing user consents
 * @return
 * @throws ConsentHandlingFailedException
 * @throws OAuthSystemException
 */
private String handlePreConsent(OAuth2Parameters oauth2Params, AuthenticatedUser user, boolean useExistingConsents) throws ConsentHandlingFailedException, OAuthSystemException {
    String additionalQueryParam = StringUtils.EMPTY;
    String clientId = oauth2Params.getClientId();
    String spTenantDomain = oauth2Params.getTenantDomain();
    ServiceProvider serviceProvider = getServiceProvider(clientId);
    Map<String, Object> params = new HashMap<>();
    params.put("clientId", clientId);
    try {
        params.put("user", user.getUserId());
    } catch (UserIdNotFoundException e) {
        if (StringUtils.isNotBlank(user.getAuthenticatedSubjectIdentifier())) {
            params.put("user", user.getAuthenticatedSubjectIdentifier());
        }
    }
    if (log.isDebugEnabled()) {
        log.debug("Initiating consent handling for user: " + user.toFullQualifiedUsername() + " for client_id: " + clientId + " of tenantDomain: " + spTenantDomain);
    }
    if (isConsentHandlingFromFrameworkSkipped(oauth2Params)) {
        if (log.isDebugEnabled()) {
            log.debug("Consent handling from framework skipped for client_id: " + clientId + " of tenantDomain: " + spTenantDomain + " for user: " + user.toFullQualifiedUsername());
        }
        if (LoggerUtils.isDiagnosticLogsEnabled()) {
            Map<String, Object> configs = new HashMap<>();
            configs.put("skipConsent", "true");
            LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, params, OAuthConstants.LogConstants.SUCCESS, "'skipConsent' is enabled for the OAuth client. Hence consent claims not generated.", "generate-consent-claims", configs);
        }
        return StringUtils.EMPTY;
    }
    try {
        ConsentClaimsData claimsForApproval = getConsentRequiredClaims(user, serviceProvider, useExistingConsents, oauth2Params);
        if (claimsForApproval != null) {
            String requestClaimsQueryParam = null;
            // Get the mandatory claims and append as query param.
            String mandatoryClaimsQueryParam = null;
            // Remove the claims which dont have values given by the user.
            claimsForApproval.setRequestedClaims(removeConsentRequestedNullUserAttributes(claimsForApproval.getRequestedClaims(), user.getUserAttributes(), spTenantDomain));
            List<ClaimMetaData> requestedOidcClaimsList = getRequestedOidcClaimsList(claimsForApproval, oauth2Params, spTenantDomain);
            if (CollectionUtils.isNotEmpty(requestedOidcClaimsList)) {
                requestClaimsQueryParam = REQUESTED_CLAIMS + "=" + buildConsentClaimString(requestedOidcClaimsList);
            }
            if (CollectionUtils.isNotEmpty(claimsForApproval.getMandatoryClaims())) {
                mandatoryClaimsQueryParam = MANDATORY_CLAIMS + "=" + buildConsentClaimString(claimsForApproval.getMandatoryClaims());
            }
            if (LoggerUtils.isDiagnosticLogsEnabled()) {
                Map<String, Object> configs = new HashMap<>();
                List<String> requestedClaims = new ArrayList<>();
                requestedOidcClaimsList.forEach(claim -> requestedClaims.add(claim.getClaimUri()));
                List<String> mandatoryClaims = new ArrayList<>();
                claimsForApproval.getMandatoryClaims().forEach(claim -> mandatoryClaims.add(claim.getClaimUri()));
                configs.put("skipConsent", "false");
                configs.put("requestedClaims", requestedClaims);
                configs.put("mandatoryClaims", mandatoryClaims);
                LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, params, OAuthConstants.LogConstants.SUCCESS, "Consent claims generation successful. Consent claims query parameter: " + additionalQueryParam, "generate-consent-claims", configs);
            }
            additionalQueryParam = buildQueryParamString(requestClaimsQueryParam, mandatoryClaimsQueryParam);
        }
    } catch (UnsupportedEncodingException | SSOConsentServiceException e) {
        String msg = "Error while handling user consent for claim for user: " + user.toFullQualifiedUsername() + " for client_id: " + clientId + " of tenantDomain: " + spTenantDomain;
        if (LoggerUtils.isDiagnosticLogsEnabled()) {
            LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, params, OAuthConstants.LogConstants.FAILED, "System error occurred.", "generate-consent-claims", null);
        }
        throw new ConsentHandlingFailedException(msg, e);
    } catch (ClaimMetadataException e) {
        if (LoggerUtils.isDiagnosticLogsEnabled()) {
            LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, params, OAuthConstants.LogConstants.FAILED, "System error occurred.", "generate-consent-claims", null);
        }
        throw new ConsentHandlingFailedException("Error while getting claim mappings for " + OIDC_DIALECT, e);
    } catch (RequestObjectException e) {
        if (LoggerUtils.isDiagnosticLogsEnabled()) {
            LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, params, OAuthConstants.LogConstants.FAILED, "System error occurred.", "generate-consent-claims", null);
        }
        throw new ConsentHandlingFailedException("Error while getting essential claims for the session data key " + ": " + oauth2Params.getSessionDataKey(), e);
    }
    if (log.isDebugEnabled()) {
        log.debug("Additional Query param to be sent to consent page for user: " + user.toFullQualifiedUsername() + " for client_id: " + clientId + " is '" + additionalQueryParam + "'");
    }
    return additionalQueryParam;
}
Also used : RequestObjectException(org.wso2.carbon.identity.oauth2.RequestObjectException) ClaimMetadataException(org.wso2.carbon.identity.claim.metadata.mgt.exception.ClaimMetadataException) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) ConsentClaimsData(org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.ConsentClaimsData) UnsupportedEncodingException(java.io.UnsupportedEncodingException) SSOConsentServiceException(org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentServiceException) UserIdNotFoundException(org.wso2.carbon.identity.application.authentication.framework.exception.UserIdNotFoundException) ClaimMetaData(org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.ClaimMetaData) ConsentHandlingFailedException(org.wso2.carbon.identity.oauth.endpoint.exception.ConsentHandlingFailedException) ServiceProvider(org.wso2.carbon.identity.application.common.model.ServiceProvider) RequestObject(org.wso2.carbon.identity.openidconnect.model.RequestObject) JSONObject(org.json.JSONObject)

Example 5 with ConsentHandlingFailedException

use of org.wso2.carbon.identity.oauth.endpoint.exception.ConsentHandlingFailedException in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuth2AuthzEndpoint method handleResponseFromConsent.

private Response handleResponseFromConsent(OAuthMessage oAuthMessage) throws OAuthSystemException, URISyntaxException, ConsentHandlingFailedException {
    if (LoggerUtils.isDiagnosticLogsEnabled()) {
        Map<String, Object> params = new HashMap<>();
        if (oAuthMessage.getRequest() != null && MapUtils.isNotEmpty(oAuthMessage.getRequest().getParameterMap())) {
            oAuthMessage.getRequest().getParameterMap().forEach((key, value) -> {
                if (ArrayUtils.isNotEmpty(value)) {
                    params.put(key, Arrays.asList(value));
                }
            });
        }
        LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, params, OAuthConstants.LogConstants.SUCCESS, "Successfully received consent response", "receive-consent-response", null);
    }
    updateAuthTimeInSessionDataCacheEntry(oAuthMessage);
    addSessionDataKeyToSessionDataCacheEntry(oAuthMessage);
    String consent = getConsentFromRequest(oAuthMessage);
    if (consent != null) {
        if (OAuthConstants.Consent.DENY.equals(consent)) {
            return handleDeniedConsent(oAuthMessage);
        }
        /*
                Get the user consented claims from the consent response and create a consent receipt.
            */
        handlePostConsent(oAuthMessage);
        OIDCSessionState sessionState = new OIDCSessionState();
        String redirectURL = handleUserConsent(oAuthMessage, consent, sessionState);
        if (isFormPostResponseMode(oAuthMessage, redirectURL)) {
            return handleFormPostResponseMode(oAuthMessage, sessionState, redirectURL);
        }
        redirectURL = manageOIDCSessionState(oAuthMessage, sessionState, redirectURL);
        return Response.status(HttpServletResponse.SC_FOUND).location(new URI(redirectURL)).build();
    } else {
        return handleEmptyConsent(oAuthMessage);
    }
}
Also used : ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) HashMap(java.util.HashMap) OIDCSessionState(org.wso2.carbon.identity.oidc.session.OIDCSessionState) RequestObject(org.wso2.carbon.identity.openidconnect.model.RequestObject) JSONObject(org.json.JSONObject) URI(java.net.URI) REDIRECT_URI(org.wso2.carbon.identity.oauth.common.OAuthConstants.OAuth20Params.REDIRECT_URI)

Aggregations

HashMap (java.util.HashMap)7 ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)7 JSONObject (org.json.JSONObject)7 RequestObject (org.wso2.carbon.identity.openidconnect.model.RequestObject)7 AuthenticatedUser (org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser)5 UserIdNotFoundException (org.wso2.carbon.identity.application.authentication.framework.exception.UserIdNotFoundException)3 ServiceProvider (org.wso2.carbon.identity.application.common.model.ServiceProvider)3 OAuth2Parameters (org.wso2.carbon.identity.oauth2.model.OAuth2Parameters)3 URI (java.net.URI)2 ClaimMetaData (org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.ClaimMetaData)2 ConsentClaimsData (org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.ConsentClaimsData)2 SSOConsentServiceException (org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentServiceException)2 ClaimMetadataException (org.wso2.carbon.identity.claim.metadata.mgt.exception.ClaimMetadataException)2 REDIRECT_URI (org.wso2.carbon.identity.oauth.common.OAuthConstants.OAuth20Params.REDIRECT_URI)2 ConsentHandlingFailedException (org.wso2.carbon.identity.oauth.endpoint.exception.ConsentHandlingFailedException)2 RequestObjectException (org.wso2.carbon.identity.oauth2.RequestObjectException)2 OIDCSessionState (org.wso2.carbon.identity.oidc.session.OIDCSessionState)2 UnsupportedEncodingException (java.io.UnsupportedEncodingException)1 ArrayList (java.util.ArrayList)1 Map (java.util.Map)1