Search in sources :

Example 6 with InvalidRequestException

use of org.wso2.carbon.identity.oauth.endpoint.exception.InvalidRequestException in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuth2AuthzEndpoint method handleOAuthAuthorizationRequest.

/**
 * http://tools.ietf.org/html/rfc6749#section-4.1.2
 * <p/>
 * 4.1.2.1. Error Response
 * <p/>
 * If the request fails due to a missing, invalid, or mismatching
 * redirection URI, or if the client identifier is missing or invalid,
 * the authorization server SHOULD inform the resource owner of the
 * error and MUST NOT automatically redirect the user-agent to the
 * invalid redirection URI.
 * <p/>
 * If the resource owner denies the access request or if the request
 * fails for reasons other than a missing or invalid redirection URI,
 * the authorization server informs the client by adding the following
 * parameters to the query component of the redirection URI using the
 * "application/x-www-form-urlencoded" format
 *
 * @param oAuthMessage oAuthMessage
 * @return String redirectURL
 * @throws OAuthSystemException  OAuthSystemException
 * @throws OAuthProblemException OAuthProblemException
 */
private String handleOAuthAuthorizationRequest(OAuthMessage oAuthMessage) throws OAuthSystemException, OAuthProblemException, InvalidRequestException {
    OAuth2ClientValidationResponseDTO validationResponse = validateClient(oAuthMessage);
    if (!validationResponse.isValidClient()) {
        EndpointUtil.triggerOnRequestValidationFailure(oAuthMessage, validationResponse);
        return getErrorPageURL(oAuthMessage.getRequest(), validationResponse.getErrorCode(), OAuth2ErrorCodes.OAuth2SubErrorCodes.INVALID_CLIENT, validationResponse.getErrorMsg(), null);
    } else {
        if (LoggerUtils.isDiagnosticLogsEnabled()) {
            Map<String, Object> logParams = new HashMap<>();
            logParams.put("clientId", oAuthMessage.getClientId());
            LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, logParams, OAuthConstants.LogConstants.SUCCESS, "OAuth client validation is successful.", "validate-oauth-client", null);
        }
        String tenantDomain = EndpointUtil.getSPTenantDomainFromClientId(oAuthMessage.getClientId());
        setSPAttributeToRequest(oAuthMessage.getRequest(), validationResponse.getApplicationName(), tenantDomain);
    }
    OAuthAuthzRequest oauthRequest = new CarbonOAuthAuthzRequest(oAuthMessage.getRequest());
    OAuth2Parameters params = new OAuth2Parameters();
    String sessionDataKey = UUIDGenerator.generateUUID();
    params.setSessionDataKey(sessionDataKey);
    String redirectURI = populateOauthParameters(params, oAuthMessage, validationResponse, oauthRequest);
    if (redirectURI != null) {
        return redirectURI;
    }
    String prompt = oauthRequest.getParam(OAuthConstants.OAuth20Params.PROMPT);
    params.setPrompt(prompt);
    redirectURI = analyzePromptParameter(oAuthMessage, params, prompt);
    if (redirectURI != null) {
        return redirectURI;
    }
    if (isNonceMandatory(params.getResponseType())) {
        validateNonceParameter(params.getNonce());
    }
    addDataToSessionCache(oAuthMessage, params, sessionDataKey);
    LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, null, OAuthConstants.LogConstants.SUCCESS, "OIDC request input parameter validation is successful.", "validate-input-parameters", null);
    try {
        oAuthMessage.getRequest().setAttribute(FrameworkConstants.RequestParams.FLOW_STATUS, AuthenticatorFlowStatus.SUCCESS_COMPLETED);
        oAuthMessage.getRequest().setAttribute(FrameworkConstants.SESSION_DATA_KEY, sessionDataKey);
        return getLoginPageURL(oAuthMessage.getClientId(), sessionDataKey, oAuthMessage.isForceAuthenticate(), oAuthMessage.isPassiveAuthentication(), oauthRequest.getScopes(), oAuthMessage.getRequest().getParameterMap(), oAuthMessage.getRequest());
    } catch (IdentityOAuth2Exception e) {
        return handleException(e);
    }
}
Also used : OAuth2Parameters(org.wso2.carbon.identity.oauth2.model.OAuth2Parameters) IdentityOAuth2Exception(org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) HashMap(java.util.HashMap) CarbonOAuthAuthzRequest(org.wso2.carbon.identity.oauth2.model.CarbonOAuthAuthzRequest) OAuthAuthzRequest(org.apache.oltu.oauth2.as.request.OAuthAuthzRequest) OAuth2ClientValidationResponseDTO(org.wso2.carbon.identity.oauth2.dto.OAuth2ClientValidationResponseDTO) RequestObject(org.wso2.carbon.identity.openidconnect.model.RequestObject) JSONObject(org.json.JSONObject) CarbonOAuthAuthzRequest(org.wso2.carbon.identity.oauth2.model.CarbonOAuthAuthzRequest)

Aggregations

HashMap (java.util.HashMap)3 InvalidRequestException (org.wso2.carbon.identity.oauth.endpoint.exception.InvalidRequestException)3 RequestObjectException (org.wso2.carbon.identity.oauth2.RequestObjectException)3 RequestObject (org.wso2.carbon.identity.openidconnect.model.RequestObject)3 List (java.util.List)2 OAuth2Parameters (org.wso2.carbon.identity.oauth2.model.OAuth2Parameters)2 ArrayList (java.util.ArrayList)1 HashSet (java.util.HashSet)1 LinkedHashSet (java.util.LinkedHashSet)1 Map (java.util.Map)1 Scanner (java.util.Scanner)1 ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)1 Airavata (org.apache.airavata.api.Airavata)1 ApplicationModule (org.apache.airavata.model.appcatalog.appdeployment.ApplicationModule)1 AiravataClientException (org.apache.airavata.model.error.AiravataClientException)1 InvalidRequestException (org.apache.airavata.model.error.InvalidRequestException)1 AuthzToken (org.apache.airavata.model.security.AuthzToken)1 Gateway (org.apache.airavata.model.workspace.Gateway)1 AiravataSecurityException (org.apache.airavata.security.AiravataSecurityException)1 ConfigurationContext (org.apache.axis2.context.ConfigurationContext)1