Examples with TokenBinder org.wso2.carbon.identity.oauth2.token.bindings.TokenBinder used on opensource projects

Example 1 with TokenBinder

use of org.wso2.carbon.identity.oauth2.token.bindings.TokenBinder in project identity-inbound-auth-oauth by wso2-extensions.

the class RefreshGrantHandler method validateTokenBindingReference.

private void validateTokenBindingReference(OAuth2AccessTokenReqDTO tokenReqDTO, RefreshTokenValidationDataDO validationDataDO) throws IdentityOAuth2Exception {
    if (StringUtils.isBlank(validationDataDO.getTokenBindingReference()) || NONE.equals(validationDataDO.getTokenBindingReference())) {
        return;
    }
    OAuthAppDO oAuthAppDO;
    try {
        oAuthAppDO = OAuth2Util.getAppInformationByClientId(tokenReqDTO.getClientId());
    } catch (InvalidOAuthClientException e) {
        throw new IdentityOAuth2Exception("Failed load the application with client id: " + tokenReqDTO.getClientId());
    }
    if (StringUtils.isBlank(oAuthAppDO.getTokenBindingType())) {
        return;
    }
    Optional<TokenBinder> tokenBinderOptional = OAuth2ServiceComponentHolder.getInstance().getTokenBinder(oAuthAppDO.getTokenBindingType());
    if (!tokenBinderOptional.isPresent()) {
        throw new IdentityOAuth2Exception("Token binder for the binding type: " + oAuthAppDO.getTokenBindingType() + " is not registered.");
    }
    TokenBinder tokenBinder = tokenBinderOptional.get();
    if ((oAuthAppDO.isTokenBindingValidationEnabled()) && !tokenBinder.isValidTokenBinding(tokenReqDTO, validationDataDO.getTokenBindingReference())) {
        throw new IdentityOAuth2Exception("Invalid token binding value is present in the request.");
    }
}

Example 2 with TokenBinder

use of org.wso2.carbon.identity.oauth2.token.bindings.TokenBinder in project identity-inbound-auth-oauth by wso2-extensions.

the class TokenBindingExpiryEventHandler method getBindingRefFromType.

/**
 * Retrieve the token binding reference from the logout request based on the token binding type that is defined
 * for the oauth application.
 *
 * @param request     logout request
 * @param consumerKey consumer key of the application that user logged out from
 * @param bindingType binding type of the application that user logged out from
 * @return token binding reference
 * @throws IdentityOAuth2Exception if an exception occurs when retrieving the binding reference
 * @throws OAuthSystemException    if an exception occurs when retrieving the binding reference
 */
private String getBindingRefFromType(HttpServletRequest request, String consumerKey, String bindingType) throws IdentityOAuth2Exception, OAuthSystemException {
    if (StringUtils.isBlank(bindingType)) {
        return null;
    }
    Optional<TokenBinder> tokenBinderOptional = OAuth2ServiceComponentHolder.getInstance().getTokenBinder(bindingType);
    if (!tokenBinderOptional.isPresent()) {
        throw new IdentityOAuth2Exception("Token binder for the binding type: " + bindingType + " is not " + "registered.");
    }
    TokenBinder tokenBinder = tokenBinderOptional.get();
    String tokenBindingRef = OAuth2Util.getTokenBindingReference(tokenBinder.getTokenBindingValue(request));
    if (StringUtils.isBlank(tokenBindingRef)) {
        throw new IdentityOAuth2Exception("Token binding reference is null for the application " + consumerKey + " with binding type " + bindingType + ".");
    }
    return tokenBindingRef;
}

Example 3 with TokenBinder

use of org.wso2.carbon.identity.oauth2.token.bindings.TokenBinder in project identity-inbound-auth-oauth by wso2-extensions.

the class AccessTokenIssuer method handleTokenBinding.

/**
 * Handle token binding for the grant type.
 *
 * @param tokenReqDTO  token request DTO.
 * @param grantType    grant type.
 * @param tokReqMsgCtx token request message context.
 * @param oAuthAppDO   oauth application.
 * @throws IdentityOAuth2Exception in case of failure.
 */
private void handleTokenBinding(OAuth2AccessTokenReqDTO tokenReqDTO, String grantType, OAuthTokenReqMessageContext tokReqMsgCtx, OAuthAppDO oAuthAppDO) throws IdentityOAuth2Exception {
    if (StringUtils.isBlank(oAuthAppDO.getTokenBindingType())) {
        tokReqMsgCtx.setTokenBinding(null);
        return;
    }
    Optional<TokenBinder> tokenBinderOptional = OAuth2ServiceComponentHolder.getInstance().getTokenBinder(oAuthAppDO.getTokenBindingType());
    if (!tokenBinderOptional.isPresent()) {
        throw new IdentityOAuth2Exception("Token binder for the binding type: " + oAuthAppDO.getTokenBindingType() + " is not registered.");
    }
    if (REFRESH_TOKEN.equals(grantType)) {
        // Token binding values are already set to the OAuthTokenReqMessageContext.
        return;
    }
    tokReqMsgCtx.setTokenBinding(null);
    TokenBinder tokenBinder = tokenBinderOptional.get();
    if (!tokenBinder.getSupportedGrantTypes().contains(grantType)) {
        return;
    }
    Optional<String> tokenBindingValueOptional = tokenBinder.getTokenBindingValue(tokenReqDTO);
    if (!tokenBindingValueOptional.isPresent()) {
        throw new IdentityOAuth2Exception("Token binding reference cannot be retrieved form the token binder: " + tokenBinder.getBindingType());
    }
    String tokenBindingValue = tokenBindingValueOptional.get();
    tokReqMsgCtx.setTokenBinding(new TokenBinding(tokenBinder.getBindingType(), OAuth2Util.getTokenBindingReference(tokenBindingValue), tokenBindingValue));
}

Example 4 with TokenBinder

use of org.wso2.carbon.identity.oauth2.token.bindings.TokenBinder in project identity-inbound-auth-oauth by wso2-extensions.

the class OIDCLogoutServlet method clearTokenBindingElements.

private void clearTokenBindingElements(String clientId, HttpServletRequest request, HttpServletResponse response) {
    if (StringUtils.isBlank(clientId)) {
        log.debug("Logout request received without a client id. " + "So skipping the clearing token binding element.");
        return;
    }
    OAuthAppDO oAuthAppDO;
    try {
        oAuthAppDO = OAuth2Util.getAppInformationByClientId(clientId);
    } catch (IdentityOAuth2Exception e) {
        log.error("Failed to load the app information for the client id: " + clientId, e);
        return;
    } catch (InvalidOAuthClientException e) {
        if (log.isDebugEnabled()) {
            log.debug("The application with client id: " + clientId + " does not exists. This application may be deleted after this session is created.", e);
        }
        return;
    }
    if (StringUtils.isBlank(oAuthAppDO.getTokenBindingType())) {
        return;
    }
    List<TokenBinder> tokenBinders = OIDCSessionManagementComponentServiceHolder.getInstance().getTokenBinders();
    if (tokenBinders.isEmpty()) {
        return;
    }
    tokenBinders.stream().filter(t -> oAuthAppDO.getTokenBindingType().equals(t.getBindingType())).findAny().ifPresent(t -> t.clearTokenBindingElements(request, response));
}

Example 5 with TokenBinder

use of org.wso2.carbon.identity.oauth2.token.bindings.TokenBinder in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuth2AuthzEndpoint method getTokenBinder.

private Optional<TokenBinder> getTokenBinder(String clientId) throws OAuthSystemException {
    OAuthAppDO oAuthAppDO;
    try {
        oAuthAppDO = OAuth2Util.getAppInformationByClientId(clientId);
    } catch (IdentityOAuth2Exception | InvalidOAuthClientException e) {
        throw new OAuthSystemException("Failed to retrieve OAuth application with client id: " + clientId, e);
    }
    if (oAuthAppDO == null || StringUtils.isBlank(oAuthAppDO.getTokenBindingType())) {
        return Optional.empty();
    }
    OAuth2Service oAuth2Service = getOAuth2Service();
    List<TokenBinder> supportedTokenBinders = oAuth2Service.getSupportedTokenBinders();
    if (supportedTokenBinders == null || supportedTokenBinders.isEmpty()) {
        return Optional.empty();
    }
    return supportedTokenBinders.stream().filter(t -> t.getBindingType().equals(oAuthAppDO.getTokenBindingType())).findAny();
}