Search in sources :

Example 1 with OAuth2AuthorizeRespDTO

use of org.wso2.carbon.identity.oauth2.dto.OAuth2AuthorizeRespDTO in project identity-inbound-auth-oauth by wso2-extensions.

the class ResponseTypeHandlerUtil method buildIDTokenResponseDTO.

/**
 * This method is used to set the id_token value in respDTO.
 * When creating the id_token, an access token is issued and through that access token user attributes are called.
 * This access token details are not necessary for respDTO when issuing the id_token.
 * So a new OAuth2AuthorizeRespDTO object is created and set all the relevant details that are needed in
 * DefaultIDTokenBuilder class. After the id_token is issued, set the id_token value to respDTO object and return.
 * @param respDTO
 * @param accessTokenDO
 * @param oauthAuthzMsgCtx
 * @return OAuth2AuthorizeRespDTO object with id_token details.
 * @throws IdentityOAuth2Exception
 */
public static OAuth2AuthorizeRespDTO buildIDTokenResponseDTO(OAuth2AuthorizeRespDTO respDTO, AccessTokenDO accessTokenDO, OAuthAuthzReqMessageContext oauthAuthzMsgCtx) throws IdentityOAuth2Exception {
    if (isOIDCRequest(oauthAuthzMsgCtx)) {
        OAuth2AuthorizeRespDTO newRespDTO = new OAuth2AuthorizeRespDTO();
        newRespDTO.setAccessToken(accessTokenDO.getAccessToken());
        newRespDTO.setAuthorizationCode(respDTO.getAuthorizationCode());
        buildIdToken(oauthAuthzMsgCtx, newRespDTO);
        respDTO.setIdToken(newRespDTO.getIdToken());
        respDTO.setOidcSessionId(newRespDTO.getOidcSessionId());
    }
    return respDTO;
}
Also used : OAuth2AuthorizeRespDTO(org.wso2.carbon.identity.oauth2.dto.OAuth2AuthorizeRespDTO)

Example 2 with OAuth2AuthorizeRespDTO

use of org.wso2.carbon.identity.oauth2.dto.OAuth2AuthorizeRespDTO in project identity-inbound-auth-oauth by wso2-extensions.

the class AuthorizationHandlerManager method validateAuthzRequest.

private OAuth2AuthorizeRespDTO validateAuthzRequest(OAuth2AuthorizeReqDTO authzReqDTO, OAuthAuthzReqMessageContext authzReqMsgCtx, ResponseTypeHandler authzHandler) throws IdentityOAuth2Exception {
    OAuth2AuthorizeRespDTO authorizeRespDTO = new OAuth2AuthorizeRespDTO();
    if (isInvalidResponseType(authzReqDTO, authorizeRespDTO)) {
        return authorizeRespDTO;
    }
    if (isInvalidClient(authzReqDTO, authorizeRespDTO, authzReqMsgCtx, authzHandler)) {
        return authorizeRespDTO;
    }
    if (isInvalidAccessDelegation(authzReqDTO, authorizeRespDTO, authzReqMsgCtx, authzHandler)) {
        return authorizeRespDTO;
    }
    List<String> allowedScopes = OAuthServerConfiguration.getInstance().getAllowedScopes();
    List<String> requestedAllowedScopes = new ArrayList<>();
    String[] requestedScopes = authzReqMsgCtx.getAuthorizationReqDTO().getScopes();
    List<String> scopesToBeValidated = new ArrayList<>();
    if (requestedScopes != null) {
        for (String scope : requestedScopes) {
            if (OAuth2Util.isAllowedScope(allowedScopes, scope)) {
                requestedAllowedScopes.add(scope);
            } else {
                scopesToBeValidated.add(scope);
            }
        }
        authzReqMsgCtx.getAuthorizationReqDTO().setScopes(scopesToBeValidated.toArray(new String[0]));
    }
    // Execute Internal SCOPE Validation.
    String[] authorizedInternalScopes = new String[0];
    boolean isManagementApp = isManagementApp(authzReqDTO);
    if (isManagementApp) {
        if (log.isDebugEnabled()) {
            log.debug("Handling the internal scope validation.");
        }
        JDBCPermissionBasedInternalScopeValidator scopeValidator = new JDBCPermissionBasedInternalScopeValidator();
        authorizedInternalScopes = scopeValidator.validateScope(authzReqMsgCtx);
        // Execute internal console scopes validation.
        if (IdentityUtil.isSystemRolesEnabled()) {
            RoleBasedInternalScopeValidator roleBasedInternalScopeValidator = new RoleBasedInternalScopeValidator();
            String[] roleBasedInternalConsoleScopes = roleBasedInternalScopeValidator.validateScope(authzReqMsgCtx);
            authorizedInternalScopes = (String[]) ArrayUtils.addAll(authorizedInternalScopes, roleBasedInternalConsoleScopes);
        }
    } else {
        if (log.isDebugEnabled()) {
            log.debug("Skipping the internal scope validation as the application is not" + " configured as Management App");
        }
    }
    // Clear the internal scopes. Internal scopes should only handle in JDBCPermissionBasedInternalScopeValidator.
    // Those scopes should not send to the other scopes validators.
    // Thus remove the scopes from the authzReqMsgCtx. Will be added to the response after executing
    // the other scope validators.
    removeInternalScopes(authzReqMsgCtx);
    // Adding the authorized internal scopes to tokReqMsgCtx for any special validators to use.
    authzReqMsgCtx.setAuthorizedInternalScopes(authorizedInternalScopes);
    boolean isDropUnregisteredScopes = OAuthServerConfiguration.getInstance().isDropUnregisteredScopes();
    if (isDropUnregisteredScopes) {
        if (log.isDebugEnabled()) {
            log.debug("DropUnregisteredScopes config is enabled. Attempting to drop unregistered scopes.");
        }
        String[] filteredScopes = OAuth2Util.dropUnregisteredScopes(authzReqMsgCtx.getAuthorizationReqDTO().getScopes(), authzReqMsgCtx.getAuthorizationReqDTO().getTenantDomain());
        authzReqMsgCtx.getAuthorizationReqDTO().setScopes(filteredScopes);
    }
    boolean valid = validateScope(authzReqDTO, authorizeRespDTO, authzReqMsgCtx, authzHandler);
    if (valid) {
        // Add authorized internal scopes to the request for sending in the response.
        addAuthorizedInternalScopes(authzReqMsgCtx, authzReqMsgCtx.getAuthorizedInternalScopes());
        addAllowedScopes(authzReqMsgCtx, requestedAllowedScopes.toArray(new String[0]));
    }
    return authorizeRespDTO;
}
Also used : RoleBasedInternalScopeValidator(org.wso2.carbon.identity.oauth2.validators.RoleBasedInternalScopeValidator) OAuth2AuthorizeRespDTO(org.wso2.carbon.identity.oauth2.dto.OAuth2AuthorizeRespDTO) JDBCPermissionBasedInternalScopeValidator(org.wso2.carbon.identity.oauth2.validators.JDBCPermissionBasedInternalScopeValidator) ArrayList(java.util.ArrayList)

Example 3 with OAuth2AuthorizeRespDTO

use of org.wso2.carbon.identity.oauth2.dto.OAuth2AuthorizeRespDTO in project identity-inbound-auth-oauth by wso2-extensions.

the class CodeResponseTypeHandler method issue.

/**
 * Issue an authorization code and return the OAuth2AuthorizeRespDTO.
 * First the respDTO must be initialized using initResponse method in abstract class.
 *
 * @param oauthAuthzMsgCtx
 * @return OAuth2AuthorizeRespDTO
 * @throws IdentityOAuth2Exception
 */
@Override
public OAuth2AuthorizeRespDTO issue(OAuthAuthzReqMessageContext oauthAuthzMsgCtx) throws IdentityOAuth2Exception {
    AuthzCodeDO authorizationCode = ResponseTypeHandlerUtil.generateAuthorizationCode(oauthAuthzMsgCtx, cacheEnabled);
    String sessionDataKey = oauthAuthzMsgCtx.getAuthorizationReqDTO().getSessionDataKey();
    if (log.isDebugEnabled()) {
        log.debug("Issued code: " + authorizationCode + " for the session data key: " + sessionDataKey);
    }
    // Trigger an event to update request_object_reference table.
    OAuth2TokenUtil.postIssueCode(authorizationCode.getAuthzCodeId(), sessionDataKey, oauthAuthzMsgCtx.getAuthorizationReqDTO().isRequestObjectFlow());
    return buildResponseDTO(oauthAuthzMsgCtx, authorizationCode);
}
Also used : AuthzCodeDO(org.wso2.carbon.identity.oauth2.model.AuthzCodeDO)

Example 4 with OAuth2AuthorizeRespDTO

use of org.wso2.carbon.identity.oauth2.dto.OAuth2AuthorizeRespDTO in project identity-inbound-auth-oauth by wso2-extensions.

the class HybridResponseTypeHandler method issue.

@Override
public OAuth2AuthorizeRespDTO issue(OAuthAuthzReqMessageContext oauthAuthzMsgCtx) throws IdentityOAuth2Exception {
    OAuth2AuthorizeReqDTO authorizationReqDTO = oauthAuthzMsgCtx.getAuthorizationReqDTO();
    String responseType = authorizationReqDTO.getResponseType();
    // Initializing the response.
    OAuth2AuthorizeRespDTO respDTO = initResponse(oauthAuthzMsgCtx);
    // Generating authorization code and generating response for authorization code flow.
    if (isAuthorizationCodeIssued(responseType)) {
        AuthzCodeDO authzCodeDO = ResponseTypeHandlerUtil.generateAuthorizationCode(oauthAuthzMsgCtx, cacheEnabled);
        String sessionDataKey = oauthAuthzMsgCtx.getAuthorizationReqDTO().getSessionDataKey();
        // Trigger an event to update request_object_reference table.
        OAuth2TokenUtil.postIssueCode(authzCodeDO.getAuthzCodeId(), sessionDataKey, oauthAuthzMsgCtx.getAuthorizationReqDTO().isRequestObjectFlow());
        ResponseTypeHandlerUtil.buildAuthorizationCodeResponseDTO(respDTO, authzCodeDO);
    }
    // Generating a single access token if id_token and/or token is in response_type.
    if (isAccessTokenIssued(responseType) || isIDTokenIssued(responseType)) {
        AccessTokenDO accessTokenDO = ResponseTypeHandlerUtil.generateAccessToken(oauthAuthzMsgCtx, cacheEnabled);
        // Starting to trigger post listeners.
        ResponseTypeHandlerUtil.triggerPostListeners(oauthAuthzMsgCtx, accessTokenDO, respDTO);
        // Generating response for access token flow.
        if (isAccessTokenIssued(responseType)) {
            ResponseTypeHandlerUtil.buildAccessTokenResponseDTO(respDTO, accessTokenDO);
        }
        // Generating id_token and generating response for id_token flow.
        if (isIDTokenIssued(responseType)) {
            ResponseTypeHandlerUtil.buildIDTokenResponseDTO(respDTO, accessTokenDO, oauthAuthzMsgCtx);
        }
    }
    return respDTO;
}
Also used : AccessTokenDO(org.wso2.carbon.identity.oauth2.model.AccessTokenDO) OAuth2AuthorizeRespDTO(org.wso2.carbon.identity.oauth2.dto.OAuth2AuthorizeRespDTO) OAuth2AuthorizeReqDTO(org.wso2.carbon.identity.oauth2.dto.OAuth2AuthorizeReqDTO) AuthzCodeDO(org.wso2.carbon.identity.oauth2.model.AuthzCodeDO)

Example 5 with OAuth2AuthorizeRespDTO

use of org.wso2.carbon.identity.oauth2.dto.OAuth2AuthorizeRespDTO in project identity-inbound-auth-oauth by wso2-extensions.

the class IDTokenResponseTypeHandler method issue.

@Override
public OAuth2AuthorizeRespDTO issue(OAuthAuthzReqMessageContext oauthAuthzMsgCtx) throws IdentityOAuth2Exception {
    // Starting to trigger pre listeners.
    ResponseTypeHandlerUtil.triggerPreListeners(oauthAuthzMsgCtx);
    // Generating access token.
    AccessTokenDO accessTokenDO = ResponseTypeHandlerUtil.generateAccessToken(oauthAuthzMsgCtx, cacheEnabled);
    // Generating response for id_token flow.
    OAuth2AuthorizeRespDTO respDTO = buildResponseDTO(oauthAuthzMsgCtx, accessTokenDO);
    // Trigger this to notify to update the request object reference table with the issued access token.
    OAuth2TokenUtil.postIssueAccessToken(accessTokenDO.getTokenId(), oauthAuthzMsgCtx.getAuthorizationReqDTO().getSessionDataKey());
    // Starting to trigger post listeners.
    ResponseTypeHandlerUtil.triggerPostListeners(oauthAuthzMsgCtx, accessTokenDO, respDTO);
    return respDTO;
}
Also used : AccessTokenDO(org.wso2.carbon.identity.oauth2.model.AccessTokenDO) OAuth2AuthorizeRespDTO(org.wso2.carbon.identity.oauth2.dto.OAuth2AuthorizeRespDTO)

Aggregations

OAuth2AuthorizeRespDTO (org.wso2.carbon.identity.oauth2.dto.OAuth2AuthorizeRespDTO)36 Test (org.testng.annotations.Test)22 AuthenticatedUser (org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser)18 Matchers.anyString (org.mockito.Matchers.anyString)13 IdentityBaseTest (org.wso2.carbon.identity.testutil.IdentityBaseTest)12 OAuth2AuthorizeReqDTO (org.wso2.carbon.identity.oauth2.dto.OAuth2AuthorizeReqDTO)10 HashMap (java.util.HashMap)7 IdentityOAuth2Exception (org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception)6 OAuthAuthzReqMessageContext (org.wso2.carbon.identity.oauth2.authz.OAuthAuthzReqMessageContext)6 AccessTokenDO (org.wso2.carbon.identity.oauth2.model.AccessTokenDO)6 OAuthAppDO (org.wso2.carbon.identity.oauth.dao.OAuthAppDO)5 JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)4 Date (java.util.Date)4 OAuthResponse (org.apache.oltu.oauth2.common.message.OAuthResponse)4 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)4 ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)3 BeforeTest (org.testng.annotations.BeforeTest)3 OAuthEventInterceptor (org.wso2.carbon.identity.oauth.event.OAuthEventInterceptor)3 OAuth2Parameters (org.wso2.carbon.identity.oauth2.model.OAuth2Parameters)3 RequestObject (org.wso2.carbon.identity.openidconnect.model.RequestObject)3