Example 6 with InvalidRequestException
use of org.wso2.carbon.identity.oauth.endpoint.exception.InvalidRequestException in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuth2AuthzEndpoint method handleOAuthAuthorizationRequest.
/**
* http://tools.ietf.org/html/rfc6749#section-4.1.2
* <p/>
* 4.1.2.1. Error Response
* <p/>
* If the request fails due to a missing, invalid, or mismatching
* redirection URI, or if the client identifier is missing or invalid,
* the authorization server SHOULD inform the resource owner of the
* error and MUST NOT automatically redirect the user-agent to the
* invalid redirection URI.
* <p/>
* If the resource owner denies the access request or if the request
* fails for reasons other than a missing or invalid redirection URI,
* the authorization server informs the client by adding the following
* parameters to the query component of the redirection URI using the
* "application/x-www-form-urlencoded" format
*
* @param oAuthMessage oAuthMessage
* @return String redirectURL
* @throws OAuthSystemException OAuthSystemException
* @throws OAuthProblemException OAuthProblemException
*/
private String handleOAuthAuthorizationRequest(OAuthMessage oAuthMessage) throws OAuthSystemException, OAuthProblemException, InvalidRequestException {
OAuth2ClientValidationResponseDTO validationResponse = validateClient(oAuthMessage);
if (!validationResponse.isValidClient()) {
EndpointUtil.triggerOnRequestValidationFailure(oAuthMessage, validationResponse);
return getErrorPageURL(oAuthMessage.getRequest(), validationResponse.getErrorCode(), OAuth2ErrorCodes.OAuth2SubErrorCodes.INVALID_CLIENT, validationResponse.getErrorMsg(), null);
} else {
if (LoggerUtils.isDiagnosticLogsEnabled()) {
Map<String, Object> logParams = new HashMap<>();
logParams.put("clientId", oAuthMessage.getClientId());
LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, logParams, OAuthConstants.LogConstants.SUCCESS, "OAuth client validation is successful.", "validate-oauth-client", null);
}
String tenantDomain = EndpointUtil.getSPTenantDomainFromClientId(oAuthMessage.getClientId());
setSPAttributeToRequest(oAuthMessage.getRequest(), validationResponse.getApplicationName(), tenantDomain);
}
OAuthAuthzRequest oauthRequest = new CarbonOAuthAuthzRequest(oAuthMessage.getRequest());
OAuth2Parameters params = new OAuth2Parameters();
String sessionDataKey = UUIDGenerator.generateUUID();
params.setSessionDataKey(sessionDataKey);
String redirectURI = populateOauthParameters(params, oAuthMessage, validationResponse, oauthRequest);
if (redirectURI != null) {
return redirectURI;
}
String prompt = oauthRequest.getParam(OAuthConstants.OAuth20Params.PROMPT);
params.setPrompt(prompt);
redirectURI = analyzePromptParameter(oAuthMessage, params, prompt);
if (redirectURI != null) {
return redirectURI;
}
if (isNonceMandatory(params.getResponseType())) {
validateNonceParameter(params.getNonce());
}
addDataToSessionCache(oAuthMessage, params, sessionDataKey);
LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, null, OAuthConstants.LogConstants.SUCCESS, "OIDC request input parameter validation is successful.", "validate-input-parameters", null);
try {
oAuthMessage.getRequest().setAttribute(FrameworkConstants.RequestParams.FLOW_STATUS, AuthenticatorFlowStatus.SUCCESS_COMPLETED);
oAuthMessage.getRequest().setAttribute(FrameworkConstants.SESSION_DATA_KEY, sessionDataKey);
return getLoginPageURL(oAuthMessage.getClientId(), sessionDataKey, oAuthMessage.isForceAuthenticate(), oAuthMessage.isPassiveAuthentication(), oauthRequest.getScopes(), oAuthMessage.getRequest().getParameterMap(), oAuthMessage.getRequest());
} catch (IdentityOAuth2Exception e) {
return handleException(e);
}
}
Also used :
OAuth2Parameters(org.wso2.carbon.identity.oauth2.model.OAuth2Parameters)
IdentityOAuth2Exception(org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception)
ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap)
HashMap(java.util.HashMap)
CarbonOAuthAuthzRequest(org.wso2.carbon.identity.oauth2.model.CarbonOAuthAuthzRequest)
OAuthAuthzRequest(org.apache.oltu.oauth2.as.request.OAuthAuthzRequest)
OAuth2ClientValidationResponseDTO(org.wso2.carbon.identity.oauth2.dto.OAuth2ClientValidationResponseDTO)
RequestObject(org.wso2.carbon.identity.openidconnect.model.RequestObject)
JSONObject(org.json.JSONObject)
CarbonOAuthAuthzRequest(org.wso2.carbon.identity.oauth2.model.CarbonOAuthAuthzRequest)
Aggregations
HashMap (java.util.HashMap)3
InvalidRequestException (org.wso2.carbon.identity.oauth.endpoint.exception.InvalidRequestException)3
RequestObjectException (org.wso2.carbon.identity.oauth2.RequestObjectException)3
RequestObject (org.wso2.carbon.identity.openidconnect.model.RequestObject)3
List (java.util.List)2
OAuth2Parameters (org.wso2.carbon.identity.oauth2.model.OAuth2Parameters)2
ArrayList (java.util.ArrayList)1
HashSet (java.util.HashSet)1
LinkedHashSet (java.util.LinkedHashSet)1
Map (java.util.Map)1
Scanner (java.util.Scanner)1
ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)1
Airavata (org.apache.airavata.api.Airavata)1
ApplicationModule (org.apache.airavata.model.appcatalog.appdeployment.ApplicationModule)1
AiravataClientException (org.apache.airavata.model.error.AiravataClientException)1
InvalidRequestException (org.apache.airavata.model.error.InvalidRequestException)1
AuthzToken (org.apache.airavata.model.security.AuthzToken)1
Gateway (org.apache.airavata.model.workspace.Gateway)1
AiravataSecurityException (org.apache.airavata.security.AiravataSecurityException)1
ConfigurationContext (org.apache.axis2.context.ConfigurationContext)1
