Search in sources :

Example 1 with HttpRequestHeaderHandler

use of org.wso2.carbon.identity.oauth2.model.HttpRequestHeaderHandler in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuth2AuthzEndpoint method handleUserConsent.

private String handleUserConsent(OAuthMessage oAuthMessage, String consent, OIDCSessionState sessionState) throws OAuthSystemException {
    OAuth2Parameters oauth2Params = getOauth2Params(oAuthMessage);
    storeUserConsent(oAuthMessage, consent);
    OAuthResponse oauthResponse;
    String responseType = oauth2Params.getResponseType();
    HttpRequestHeaderHandler httpRequestHeaderHandler = new HttpRequestHeaderHandler(oAuthMessage.getRequest());
    // authorizing the request
    OAuth2AuthorizeRespDTO authzRespDTO = authorize(oauth2Params, oAuthMessage.getSessionDataCacheEntry(), httpRequestHeaderHandler);
    if (isSuccessfulAuthorization(authzRespDTO)) {
        oauthResponse = handleSuccessAuthorization(oAuthMessage, sessionState, oauth2Params, responseType, authzRespDTO);
    } else if (isFailureAuthorizationWithErorrCode(authzRespDTO)) {
        // Authorization failure due to various reasons
        return handleFailureAuthorization(oAuthMessage, sessionState, oauth2Params, authzRespDTO);
    } else {
        // Authorization failure due to various reasons
        return handleServerErrorAuthorization(oAuthMessage, sessionState, oauth2Params);
    }
    // When response_mode equals to form_post, body parameter is passed back.
    if (isFormPostModeAndResponseBodyExists(oauth2Params, oauthResponse)) {
        return oauthResponse.getBody();
    } else {
        // as per the specification: http://openid.net/specs/openid-connect-core-1_0.html#HybridCallback
        if (hasIDTokenInResponseType(responseType)) {
            return buildOIDCResponseWithURIFragment(oauthResponse, authzRespDTO);
        } else {
            return appendAuthenticatedIDPs(oAuthMessage.getSessionDataCacheEntry(), oauthResponse.getLocationUri());
        }
    }
}
Also used : OAuth2Parameters(org.wso2.carbon.identity.oauth2.model.OAuth2Parameters) HttpRequestHeaderHandler(org.wso2.carbon.identity.oauth2.model.HttpRequestHeaderHandler) OAuth2AuthorizeRespDTO(org.wso2.carbon.identity.oauth2.dto.OAuth2AuthorizeRespDTO) OAuthResponse(org.apache.oltu.oauth2.common.message.OAuthResponse)

Example 2 with HttpRequestHeaderHandler

use of org.wso2.carbon.identity.oauth2.model.HttpRequestHeaderHandler in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuth2AuthzEndpoint method buildAuthRequest.

private OAuth2AuthorizeReqDTO buildAuthRequest(OAuth2Parameters oauth2Params, SessionDataCacheEntry sessionDataCacheEntry, HttpRequestHeaderHandler httpRequestHeaderHandler) {
    OAuth2AuthorizeReqDTO authzReqDTO = new OAuth2AuthorizeReqDTO();
    authzReqDTO.setCallbackUrl(oauth2Params.getRedirectURI());
    authzReqDTO.setConsumerKey(oauth2Params.getClientId());
    authzReqDTO.setResponseType(oauth2Params.getResponseType());
    authzReqDTO.setScopes(oauth2Params.getScopes().toArray(new String[oauth2Params.getScopes().size()]));
    authzReqDTO.setUser(sessionDataCacheEntry.getLoggedInUser());
    authzReqDTO.setACRValues(oauth2Params.getACRValues());
    authzReqDTO.setNonce(oauth2Params.getNonce());
    authzReqDTO.setPkceCodeChallenge(oauth2Params.getPkceCodeChallenge());
    authzReqDTO.setPkceCodeChallengeMethod(oauth2Params.getPkceCodeChallengeMethod());
    authzReqDTO.setTenantDomain(oauth2Params.getTenantDomain());
    authzReqDTO.setAuthTime(sessionDataCacheEntry.getAuthTime());
    authzReqDTO.setMaxAge(oauth2Params.getMaxAge());
    authzReqDTO.setEssentialClaims(oauth2Params.getEssentialClaims());
    authzReqDTO.setSessionDataKey(oauth2Params.getSessionDataKey());
    authzReqDTO.setRequestObjectFlow(oauth2Params.isRequestObjectFlow());
    authzReqDTO.setIdpSessionIdentifier(sessionDataCacheEntry.getSessionContextIdentifier());
    authzReqDTO.setLoggedInTenantDomain(oauth2Params.getLoginTenantDomain());
    if (sessionDataCacheEntry.getParamMap() != null && sessionDataCacheEntry.getParamMap().get(OAuthConstants.AMR) != null) {
        authzReqDTO.addProperty(OAuthConstants.AMR, sessionDataCacheEntry.getParamMap().get(OAuthConstants.AMR));
    }
    // Set Selected acr value.
    String[] sessionIds = sessionDataCacheEntry.getParamMap().get(FrameworkConstants.SESSION_DATA_KEY);
    if (ArrayUtils.isNotEmpty(sessionIds)) {
        String commonAuthSessionId = sessionIds[0];
        SessionContext sessionContext = FrameworkUtils.getSessionContextFromCache(commonAuthSessionId, oauth2Params.getLoginTenantDomain());
        if (sessionContext != null && sessionContext.getSessionAuthHistory() != null) {
            authzReqDTO.setSelectedAcr(sessionContext.getSessionAuthHistory().getSelectedAcrValue());
        }
    }
    // Adding Httprequest headers and cookies in AuthzDTO.
    authzReqDTO.setHttpRequestHeaders(httpRequestHeaderHandler.getHttpRequestHeaders());
    authzReqDTO.setCookie(httpRequestHeaderHandler.getCookies());
    return authzReqDTO;
}
Also used : OAuth2AuthorizeReqDTO(org.wso2.carbon.identity.oauth2.dto.OAuth2AuthorizeReqDTO) SessionContext(org.wso2.carbon.identity.application.authentication.framework.context.SessionContext)

Aggregations

OAuthResponse (org.apache.oltu.oauth2.common.message.OAuthResponse)1 SessionContext (org.wso2.carbon.identity.application.authentication.framework.context.SessionContext)1 OAuth2AuthorizeReqDTO (org.wso2.carbon.identity.oauth2.dto.OAuth2AuthorizeReqDTO)1 OAuth2AuthorizeRespDTO (org.wso2.carbon.identity.oauth2.dto.OAuth2AuthorizeRespDTO)1 HttpRequestHeaderHandler (org.wso2.carbon.identity.oauth2.model.HttpRequestHeaderHandler)1 OAuth2Parameters (org.wso2.carbon.identity.oauth2.model.OAuth2Parameters)1