use of org.wso2.carbon.identity.oauth2.dto.OAuth2AuthorizeRespDTO in project identity-inbound-auth-oauth by wso2-extensions.
the class ResponseTypeHandlerUtil method buildIDTokenResponseDTO.
/**
* This method is used to set the id_token value in respDTO.
* When creating the id_token, an access token is issued and through that access token user attributes are called.
* This access token details are not necessary for respDTO when issuing the id_token.
* So a new OAuth2AuthorizeRespDTO object is created and set all the relevant details that are needed in
* DefaultIDTokenBuilder class. After the id_token is issued, set the id_token value to respDTO object and return.
* @param respDTO
* @param accessTokenDO
* @param oauthAuthzMsgCtx
* @return OAuth2AuthorizeRespDTO object with id_token details.
* @throws IdentityOAuth2Exception
*/
public static OAuth2AuthorizeRespDTO buildIDTokenResponseDTO(OAuth2AuthorizeRespDTO respDTO, AccessTokenDO accessTokenDO, OAuthAuthzReqMessageContext oauthAuthzMsgCtx) throws IdentityOAuth2Exception {
if (isOIDCRequest(oauthAuthzMsgCtx)) {
OAuth2AuthorizeRespDTO newRespDTO = new OAuth2AuthorizeRespDTO();
newRespDTO.setAccessToken(accessTokenDO.getAccessToken());
newRespDTO.setAuthorizationCode(respDTO.getAuthorizationCode());
buildIdToken(oauthAuthzMsgCtx, newRespDTO);
respDTO.setIdToken(newRespDTO.getIdToken());
respDTO.setOidcSessionId(newRespDTO.getOidcSessionId());
}
return respDTO;
}
use of org.wso2.carbon.identity.oauth2.dto.OAuth2AuthorizeRespDTO in project identity-inbound-auth-oauth by wso2-extensions.
the class AuthorizationHandlerManager method validateAuthzRequest.
private OAuth2AuthorizeRespDTO validateAuthzRequest(OAuth2AuthorizeReqDTO authzReqDTO, OAuthAuthzReqMessageContext authzReqMsgCtx, ResponseTypeHandler authzHandler) throws IdentityOAuth2Exception {
OAuth2AuthorizeRespDTO authorizeRespDTO = new OAuth2AuthorizeRespDTO();
if (isInvalidResponseType(authzReqDTO, authorizeRespDTO)) {
return authorizeRespDTO;
}
if (isInvalidClient(authzReqDTO, authorizeRespDTO, authzReqMsgCtx, authzHandler)) {
return authorizeRespDTO;
}
if (isInvalidAccessDelegation(authzReqDTO, authorizeRespDTO, authzReqMsgCtx, authzHandler)) {
return authorizeRespDTO;
}
List<String> allowedScopes = OAuthServerConfiguration.getInstance().getAllowedScopes();
List<String> requestedAllowedScopes = new ArrayList<>();
String[] requestedScopes = authzReqMsgCtx.getAuthorizationReqDTO().getScopes();
List<String> scopesToBeValidated = new ArrayList<>();
if (requestedScopes != null) {
for (String scope : requestedScopes) {
if (OAuth2Util.isAllowedScope(allowedScopes, scope)) {
requestedAllowedScopes.add(scope);
} else {
scopesToBeValidated.add(scope);
}
}
authzReqMsgCtx.getAuthorizationReqDTO().setScopes(scopesToBeValidated.toArray(new String[0]));
}
// Execute Internal SCOPE Validation.
String[] authorizedInternalScopes = new String[0];
boolean isManagementApp = isManagementApp(authzReqDTO);
if (isManagementApp) {
if (log.isDebugEnabled()) {
log.debug("Handling the internal scope validation.");
}
JDBCPermissionBasedInternalScopeValidator scopeValidator = new JDBCPermissionBasedInternalScopeValidator();
authorizedInternalScopes = scopeValidator.validateScope(authzReqMsgCtx);
// Execute internal console scopes validation.
if (IdentityUtil.isSystemRolesEnabled()) {
RoleBasedInternalScopeValidator roleBasedInternalScopeValidator = new RoleBasedInternalScopeValidator();
String[] roleBasedInternalConsoleScopes = roleBasedInternalScopeValidator.validateScope(authzReqMsgCtx);
authorizedInternalScopes = (String[]) ArrayUtils.addAll(authorizedInternalScopes, roleBasedInternalConsoleScopes);
}
} else {
if (log.isDebugEnabled()) {
log.debug("Skipping the internal scope validation as the application is not" + " configured as Management App");
}
}
// Clear the internal scopes. Internal scopes should only handle in JDBCPermissionBasedInternalScopeValidator.
// Those scopes should not send to the other scopes validators.
// Thus remove the scopes from the authzReqMsgCtx. Will be added to the response after executing
// the other scope validators.
removeInternalScopes(authzReqMsgCtx);
// Adding the authorized internal scopes to tokReqMsgCtx for any special validators to use.
authzReqMsgCtx.setAuthorizedInternalScopes(authorizedInternalScopes);
boolean isDropUnregisteredScopes = OAuthServerConfiguration.getInstance().isDropUnregisteredScopes();
if (isDropUnregisteredScopes) {
if (log.isDebugEnabled()) {
log.debug("DropUnregisteredScopes config is enabled. Attempting to drop unregistered scopes.");
}
String[] filteredScopes = OAuth2Util.dropUnregisteredScopes(authzReqMsgCtx.getAuthorizationReqDTO().getScopes(), authzReqMsgCtx.getAuthorizationReqDTO().getTenantDomain());
authzReqMsgCtx.getAuthorizationReqDTO().setScopes(filteredScopes);
}
boolean valid = validateScope(authzReqDTO, authorizeRespDTO, authzReqMsgCtx, authzHandler);
if (valid) {
// Add authorized internal scopes to the request for sending in the response.
addAuthorizedInternalScopes(authzReqMsgCtx, authzReqMsgCtx.getAuthorizedInternalScopes());
addAllowedScopes(authzReqMsgCtx, requestedAllowedScopes.toArray(new String[0]));
}
return authorizeRespDTO;
}
use of org.wso2.carbon.identity.oauth2.dto.OAuth2AuthorizeRespDTO in project identity-inbound-auth-oauth by wso2-extensions.
the class CodeResponseTypeHandler method issue.
/**
* Issue an authorization code and return the OAuth2AuthorizeRespDTO.
* First the respDTO must be initialized using initResponse method in abstract class.
*
* @param oauthAuthzMsgCtx
* @return OAuth2AuthorizeRespDTO
* @throws IdentityOAuth2Exception
*/
@Override
public OAuth2AuthorizeRespDTO issue(OAuthAuthzReqMessageContext oauthAuthzMsgCtx) throws IdentityOAuth2Exception {
AuthzCodeDO authorizationCode = ResponseTypeHandlerUtil.generateAuthorizationCode(oauthAuthzMsgCtx, cacheEnabled);
String sessionDataKey = oauthAuthzMsgCtx.getAuthorizationReqDTO().getSessionDataKey();
if (log.isDebugEnabled()) {
log.debug("Issued code: " + authorizationCode + " for the session data key: " + sessionDataKey);
}
// Trigger an event to update request_object_reference table.
OAuth2TokenUtil.postIssueCode(authorizationCode.getAuthzCodeId(), sessionDataKey, oauthAuthzMsgCtx.getAuthorizationReqDTO().isRequestObjectFlow());
return buildResponseDTO(oauthAuthzMsgCtx, authorizationCode);
}
use of org.wso2.carbon.identity.oauth2.dto.OAuth2AuthorizeRespDTO in project identity-inbound-auth-oauth by wso2-extensions.
the class HybridResponseTypeHandler method issue.
@Override
public OAuth2AuthorizeRespDTO issue(OAuthAuthzReqMessageContext oauthAuthzMsgCtx) throws IdentityOAuth2Exception {
OAuth2AuthorizeReqDTO authorizationReqDTO = oauthAuthzMsgCtx.getAuthorizationReqDTO();
String responseType = authorizationReqDTO.getResponseType();
// Initializing the response.
OAuth2AuthorizeRespDTO respDTO = initResponse(oauthAuthzMsgCtx);
// Generating authorization code and generating response for authorization code flow.
if (isAuthorizationCodeIssued(responseType)) {
AuthzCodeDO authzCodeDO = ResponseTypeHandlerUtil.generateAuthorizationCode(oauthAuthzMsgCtx, cacheEnabled);
String sessionDataKey = oauthAuthzMsgCtx.getAuthorizationReqDTO().getSessionDataKey();
// Trigger an event to update request_object_reference table.
OAuth2TokenUtil.postIssueCode(authzCodeDO.getAuthzCodeId(), sessionDataKey, oauthAuthzMsgCtx.getAuthorizationReqDTO().isRequestObjectFlow());
ResponseTypeHandlerUtil.buildAuthorizationCodeResponseDTO(respDTO, authzCodeDO);
}
// Generating a single access token if id_token and/or token is in response_type.
if (isAccessTokenIssued(responseType) || isIDTokenIssued(responseType)) {
AccessTokenDO accessTokenDO = ResponseTypeHandlerUtil.generateAccessToken(oauthAuthzMsgCtx, cacheEnabled);
// Starting to trigger post listeners.
ResponseTypeHandlerUtil.triggerPostListeners(oauthAuthzMsgCtx, accessTokenDO, respDTO);
// Generating response for access token flow.
if (isAccessTokenIssued(responseType)) {
ResponseTypeHandlerUtil.buildAccessTokenResponseDTO(respDTO, accessTokenDO);
}
// Generating id_token and generating response for id_token flow.
if (isIDTokenIssued(responseType)) {
ResponseTypeHandlerUtil.buildIDTokenResponseDTO(respDTO, accessTokenDO, oauthAuthzMsgCtx);
}
}
return respDTO;
}
use of org.wso2.carbon.identity.oauth2.dto.OAuth2AuthorizeRespDTO in project identity-inbound-auth-oauth by wso2-extensions.
the class IDTokenResponseTypeHandler method issue.
@Override
public OAuth2AuthorizeRespDTO issue(OAuthAuthzReqMessageContext oauthAuthzMsgCtx) throws IdentityOAuth2Exception {
// Starting to trigger pre listeners.
ResponseTypeHandlerUtil.triggerPreListeners(oauthAuthzMsgCtx);
// Generating access token.
AccessTokenDO accessTokenDO = ResponseTypeHandlerUtil.generateAccessToken(oauthAuthzMsgCtx, cacheEnabled);
// Generating response for id_token flow.
OAuth2AuthorizeRespDTO respDTO = buildResponseDTO(oauthAuthzMsgCtx, accessTokenDO);
// Trigger this to notify to update the request object reference table with the issued access token.
OAuth2TokenUtil.postIssueAccessToken(accessTokenDO.getTokenId(), oauthAuthzMsgCtx.getAuthorizationReqDTO().getSessionDataKey());
// Starting to trigger post listeners.
ResponseTypeHandlerUtil.triggerPostListeners(oauthAuthzMsgCtx, accessTokenDO, respDTO);
return respDTO;
}
Aggregations