use of org.wso2.carbon.identity.oidc.session.OIDCSessionState in project identity-inbound-auth-oauth by wso2-extensions.
the class OIDCSessionManager method storeOIDCSessionState.
/**
* Stores the session state against the provided session id.
*
* @param sessionId session id value
* @param sessionState OIDCSessionState instance
* @param loginTenantDomain login tenant domain
*/
public void storeOIDCSessionState(String sessionId, OIDCSessionState sessionState, String loginTenantDomain) {
String tenantDomain = resolveCacheTenantDomain(loginTenantDomain);
OIDCSessionParticipantCacheKey cacheKey = new OIDCSessionParticipantCacheKey();
cacheKey.setSessionID(sessionId);
OIDCSessionParticipantCacheEntry cacheEntry = new OIDCSessionParticipantCacheEntry();
cacheEntry.setSessionState(sessionState);
cacheEntry.setTenantDomain(tenantDomain);
OIDCSessionParticipantCache.getInstance().addToCache(cacheKey, cacheEntry, tenantDomain);
}
use of org.wso2.carbon.identity.oidc.session.OIDCSessionState in project identity-inbound-auth-oauth by wso2-extensions.
the class OIDCSessionManager method getOIDCSessionState.
/**
* Retrieves session state for the given session id.
*
* @param sessionId session id value
* @param loginTenantDomain login tenant domain
* @return OIDCSessionState instance
*/
public OIDCSessionState getOIDCSessionState(String sessionId, String loginTenantDomain) {
String tenantDomain = resolveCacheTenantDomain(loginTenantDomain);
OIDCSessionParticipantCacheKey cacheKey = new OIDCSessionParticipantCacheKey();
cacheKey.setSessionID(sessionId);
OIDCSessionParticipantCacheEntry cacheEntry = OIDCSessionParticipantCache.getInstance().getValueFromCache(cacheKey, tenantDomain);
return cacheEntry == null ? null : cacheEntry.getSessionState();
}
use of org.wso2.carbon.identity.oidc.session.OIDCSessionState in project identity-inbound-auth-oauth by wso2-extensions.
the class DefaultLogoutTokenBuilder method buildLogoutToken.
@Override
public Map<String, String> buildLogoutToken(HttpServletRequest request) throws IdentityOAuth2Exception, InvalidOAuthClientException {
Map<String, String> logoutTokenList = new HashMap<>();
// Send logout token to all RPs.
Cookie opbsCookie = OIDCSessionManagementUtil.getOPBrowserStateCookie(request);
// For backward compatibility, SUPER_TENANT_DOMAIN was added as the cache maintained tenant.
OIDCSessionState sessionState = getSessionState(opbsCookie != null ? opbsCookie.getValue() : null, MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);
if (sessionState != null) {
Set<String> sessionParticipants = getSessionParticipants(sessionState);
if (!sessionParticipants.isEmpty()) {
for (String clientID : sessionParticipants) {
OAuthAppDO oAuthAppDO;
try {
oAuthAppDO = getOAuthAppDO(clientID);
} catch (InvalidOAuthClientException e) {
if (log.isDebugEnabled()) {
log.debug("The application with client id: " + clientID + " does not exists. This application may be deleted after" + " this session is created. So skipping it in logout token list.", e);
}
continue;
}
String tenantDomain = oAuthAppDO.getAppOwner().getTenantDomain();
if (StringUtils.equals(clientID, getClientId(request, tenantDomain))) {
// No need to send logout token if the client id of the RP initiated logout is known.
continue;
}
addToLogoutTokenList(logoutTokenList, sessionState, clientID);
}
}
}
return logoutTokenList;
}
use of org.wso2.carbon.identity.oidc.session.OIDCSessionState in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuth2AuthzEndpoint method handleResponseFromConsent.
private Response handleResponseFromConsent(OAuthMessage oAuthMessage) throws OAuthSystemException, URISyntaxException, ConsentHandlingFailedException {
if (LoggerUtils.isDiagnosticLogsEnabled()) {
Map<String, Object> params = new HashMap<>();
if (oAuthMessage.getRequest() != null && MapUtils.isNotEmpty(oAuthMessage.getRequest().getParameterMap())) {
oAuthMessage.getRequest().getParameterMap().forEach((key, value) -> {
if (ArrayUtils.isNotEmpty(value)) {
params.put(key, Arrays.asList(value));
}
});
}
LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, params, OAuthConstants.LogConstants.SUCCESS, "Successfully received consent response", "receive-consent-response", null);
}
updateAuthTimeInSessionDataCacheEntry(oAuthMessage);
addSessionDataKeyToSessionDataCacheEntry(oAuthMessage);
String consent = getConsentFromRequest(oAuthMessage);
if (consent != null) {
if (OAuthConstants.Consent.DENY.equals(consent)) {
return handleDeniedConsent(oAuthMessage);
}
/*
Get the user consented claims from the consent response and create a consent receipt.
*/
handlePostConsent(oAuthMessage);
OIDCSessionState sessionState = new OIDCSessionState();
String redirectURL = handleUserConsent(oAuthMessage, consent, sessionState);
if (isFormPostResponseMode(oAuthMessage, redirectURL)) {
return handleFormPostResponseMode(oAuthMessage, sessionState, redirectURL);
}
redirectURL = manageOIDCSessionState(oAuthMessage, sessionState, redirectURL);
return Response.status(HttpServletResponse.SC_FOUND).location(new URI(redirectURL)).build();
} else {
return handleEmptyConsent(oAuthMessage);
}
}
use of org.wso2.carbon.identity.oidc.session.OIDCSessionState in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuth2AuthzEndpoint method handleApprovedAlwaysWithoutPromptingForNewConsent.
private String handleApprovedAlwaysWithoutPromptingForNewConsent(OAuthMessage oAuthMessage, OIDCSessionState sessionState, OAuth2Parameters oauth2Params) throws ConsentHandlingFailedException, OAuthSystemException, OAuthProblemException {
AuthenticatedUser authenticatedUser = getLoggedInUser(oAuthMessage);
String preConsent = handlePreConsentIncludingExistingConsents(oauth2Params, authenticatedUser);
if (isConsentFromUserRequired(preConsent)) {
if (LoggerUtils.isDiagnosticLogsEnabled()) {
Map<String, Object> params = new HashMap<>();
params.put("clientId", oauth2Params.getClientId());
params.put("prompt", oauth2Params.getPrompt());
Map<String, Object> configs = new HashMap<>();
configs.put("consentRequiredClaims", preConsent);
LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, params, OAuthConstants.LogConstants.FAILED, "'prompt' is set to none, and existing user consent is incomplete for the OAuth client.", "validate-existing-consent", configs);
}
throw OAuthProblemException.error(OAuth2ErrorCodes.CONSENT_REQUIRED, "Consent approved always without prompting for new consent");
} else {
if (LoggerUtils.isDiagnosticLogsEnabled()) {
Map<String, Object> params = new HashMap<>();
params.put("clientId", oauth2Params.getClientId());
params.put("prompt", oauth2Params.getPrompt());
LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, params, OAuthConstants.LogConstants.SUCCESS, "'prompt' is set to none, and existing user consent found for the OAuth client.", "validate-existing-consent", null);
}
return handleUserConsent(oAuthMessage, APPROVE, sessionState);
}
}
Aggregations