List of usage examples for com.google.api.client.googleapis.auth.oauth2 GoogleIdToken parse
public static GoogleIdToken parse(JsonFactory jsonFactory, String idTokenString) throws IOException
From source file:co.uk.gauntface.devicelab.appengine.utils.GPlusTokenInfo.java
License:Open Source License
public static String getUserId(String token) { try {/* ww w . j a va 2 s . co m*/ JsonFactory jsonFactory = new JacksonFactory(); GoogleIdToken idToken = GoogleIdToken.parse(jsonFactory, token); if (token == null) { return null; } // Verify valid token, signed by google.com, intended for 3P GoogleIdTokenVerifier verifier = new GoogleIdTokenVerifier(new NetHttpTransport(), new JacksonFactory()); if (verifier.verify(idToken)) { Payload payload = idToken.getPayload(); return payload.getSubject(); } } catch (GeneralSecurityException e) { } catch (IOException e) { } return null; }
From source file:com.google.plus.samples.verifytoken.Checker.java
License:Open Source License
public GoogleIdToken.Payload check(String tokenString) { GoogleIdToken.Payload payload = null; try {//from w w w .j a v a2s .c o m GoogleIdToken token = GoogleIdToken.parse(mJFactory, tokenString); if (mVerifier.verify(token)) { GoogleIdToken.Payload tempPayload = token.getPayload(); if (!tempPayload.getAudience().equals(mAudience)) mProblem = "Audience mismatch"; else if (!mClientIDs.contains(tempPayload.getAuthorizedParty())) mProblem = "Client ID mismatch"; else payload = tempPayload; } } catch (GeneralSecurityException e) { mProblem = "Security issue: " + e.getLocalizedMessage(); } catch (IOException e) { mProblem = "Network problem: " + e.getLocalizedMessage(); } return payload; }
From source file:com.keybox.manage.action.LoginAction.java
License:Apache License
@Action(value = "/loginSubmit", results = { @Result(name = "input", location = "/login.jsp"), @Result(name = "change_password", location = "/admin/userSettings.action", type = "redirect"), @Result(name = "otp", location = "/admin/viewOTP.action", type = "redirect"), @Result(name = "success", location = "/admin/menu.action", type = "redirect") }) public String loginSubmit() { String retVal = SUCCESS;//w w w. java 2s . co m if (auth.getOauthToken() != null && !auth.getOauthToken().equals("")) { GoogleIdToken idToken = null; try { idToken = GoogleIdToken.parse(new JacksonFactory(), auth.getOauthToken()); } catch (IOException e) { loginAuditLogger.error("Token Verify Exception: " + e); addActionError(AUTH_ERROR); return (INPUT); } if (idToken != null) { Payload payload = idToken.getPayload(); auth.setUsername(payload.getEmail()); } } String authToken = AuthDB.login(auth); //get client IP String clientIP = null; if (StringUtils.isNotEmpty(AppConfig.getProperty("clientIPHeader"))) { clientIP = servletRequest.getHeader(AppConfig.getProperty("clientIPHeader")); } if (StringUtils.isEmpty(clientIP)) { clientIP = servletRequest.getRemoteAddr(); } if (authToken != null) { User user = AuthDB.getUserByAuthToken(authToken); if (user != null) { String sharedSecret = null; if (otpEnabled) { sharedSecret = AuthDB.getSharedSecret(user.getId()); if (StringUtils.isNotEmpty(sharedSecret) && (auth.getOtpToken() == null || !OTPUtil.verifyToken(sharedSecret, auth.getOtpToken()))) { loginAuditLogger.info(auth.getUsername() + " (" + clientIP + ") - " + AUTH_ERROR); addActionError(AUTH_ERROR); return INPUT; } } //check to see if admin has any assigned profiles if (!User.MANAGER.equals(user.getUserType()) && (user.getProfileList() == null || user.getProfileList().size() <= 0)) { loginAuditLogger.info(auth.getUsername() + " (" + clientIP + ") - " + AUTH_ERROR_NO_PROFILE); addActionError(AUTH_ERROR_NO_PROFILE); return INPUT; } AuthUtil.setAuthToken(servletRequest.getSession(), authToken); AuthUtil.setUserId(servletRequest.getSession(), user.getId()); AuthUtil.setAuthType(servletRequest.getSession(), user.getAuthType()); AuthUtil.setTimeout(servletRequest.getSession()); //for first time login redirect to set OTP if (otpEnabled && StringUtils.isEmpty(sharedSecret)) { retVal = "otp"; } else if ("changeme".equals(auth.getPassword()) && Auth.AUTH_BASIC.equals(user.getAuthType())) { retVal = "change_password"; } loginAuditLogger.info(auth.getUsername() + " (" + clientIP + ") - Authentication Success"); } } else { loginAuditLogger.info(auth.getUsername() + " (" + clientIP + ") - " + AUTH_ERROR); addActionError(AUTH_ERROR); retVal = INPUT; } return retVal; }
From source file:com.keybox.manage.util.GoogleAuthUtil.java
License:Apache License
/** * external auth login method//from ww w . j ava 2 s.c o m * * @param auth contains username and password * @return auth token if success */ public static String login(final Auth auth) { String authToken = null; if (externalAuthEnabled && auth != null && StringUtils.isNotEmpty(auth.getUsername()) && StringUtils.isNotEmpty(auth.getOauthToken())) { Connection con = null; try { Payload payload = GoogleIdToken.parse(new JacksonFactory(), auth.getOauthToken()).getPayload(); log.info("payload: " + payload); // Print user identifier String userId = payload.getSubject(); log.info("User ID: " + userId); // Get profile information from payload String email = payload.getEmail(); boolean emailVerified = Boolean.valueOf(payload.getEmailVerified()); String name = (String) payload.get("name"); String pictureUrl = (String) payload.get("picture"); String locale = (String) payload.get("locale"); String familyName = (String) payload.get("family_name"); String givenName = (String) payload.get("given_name"); String aud = (String) payload.get("aud"); String sub = (String) payload.get("sub"); String hd = (String) payload.get("hd"); // check for matching Google Apps domain if (hd == null || !hd.equals(AppConfig.getProperty("googleDomain"))) { return (null); } log.info("email: " + email + " | " + "name: " + name + " | " + "sub: " + sub + " | " + "hd: " + hd); // Use or store profile information // ... con = DBUtils.getConn(); User user = AuthDB.getUserByUID(con, auth.getUsername()); if (user == null) { user = new User(); user.setUserType(User.ADMINISTRATOR); user.setUsername(auth.getUsername()); //if it looks like name is returned default it user.setFirstNm((String) payload.get("given_name")); user.setLastNm((String) payload.get("family_name")); //set email if (auth.getUsername().contains("@")) { user.setEmail(auth.getUsername()); } user.setId(UserDB.insertUser(con, user)); Profile profile = new Profile(); profile.setNm("private_" + auth.getUsername() + "_" + user.getId()); profile.setDescr("private profile for " + auth.getUsername()); List<Long> profUserList = new ArrayList<Long>(); Long profileId = ProfileDB.insertProfile(profile); profUserList.add(user.getId()); UserProfileDB.setUsersForProfile(profileId, profUserList); } authToken = UUID.randomUUID().toString(); user.setAuthToken(authToken); user.setAuthType(Auth.AUTH_EXTERNAL); //set auth token AuthDB.updateLogin(con, user); } catch (Exception e) { log.error(e.toString(), e); } DBUtils.closeConn(con); } return authToken; }
From source file:com.predic8.membrane.core.interceptor.oauth2.GoogleAuthorizationService.java
License:Apache License
@Override public boolean handleRequest(Exchange exc, String state, String publicURL, Session session) throws Exception { String path = uriFactory.create(exc.getDestinations().get(0)).getPath(); if ("/oauth2callback".equals(path)) { try {/*from w w w . j a v a 2s .c o m*/ Map<String, String> params = URLParamUtil.getParams(uriFactory, exc); String state2 = params.get("state"); if (state2 == null) throw new RuntimeException("No CSRF token."); Map<String, String> param = URLParamUtil.parseQueryString(state2); if (param == null || !param.containsKey("security_token")) throw new RuntimeException("No CSRF token."); if (!param.get("security_token").equals(state)) throw new RuntimeException("CSRF token mismatch."); String url = param.get("url"); if (url == null) url = "/"; if (log.isDebugEnabled()) log.debug("CSRF token match."); String code = params.get("code"); if (code == null) throw new RuntimeException("No code received."); Exchange e = new Request.Builder().post("https://accounts.google.com/o/oauth2/token") .header(Header.CONTENT_TYPE, "application/x-www-form-urlencoded") .body("code=" + code + "&client_id=" + clientId + ".apps.googleusercontent.com&client_secret=" + clientSecret + "&" + "redirect_uri=" + publicURL + "oauth2callback&grant_type=authorization_code") .buildExchange(); e.setRule(new NullRule() { @Override public SSLContext getSslOutboundContext() { return new SSLContext(new SSLParser(), null, null); } }); LogInterceptor logi = null; if (log.isDebugEnabled()) { logi = new LogInterceptor(); logi.setHeaderOnly(false); logi.handleRequest(e); } Response response = httpClient.call(e).getResponse(); if (response.getStatusCode() != 200) { response.getBody().read(); throw new RuntimeException( "Google Authentication server returned " + response.getStatusCode() + "."); } if (log.isDebugEnabled()) logi.handleResponse(e); HashMap<String, String> json = Util.parseSimpleJSONResponse(response); if (!json.containsKey("id_token")) throw new RuntimeException("No id_token received."); GoogleIdToken idToken = GoogleIdToken.parse(factory, json.get("id_token")); if (idToken == null) throw new RuntimeException("Token cannot be parsed"); if (!verifier.verify(idToken) || !idToken .verifyAudience(Collections.singletonList(clientId + ".apps.googleusercontent.com"))) throw new RuntimeException("Invalid token"); Map<String, String> userAttributes = session.getUserAttributes(); synchronized (userAttributes) { userAttributes.put("headerX-Authenticated-Email", idToken.getPayload().getEmail()); } session.authorize(); exc.setResponse(Response.redirect(url, false).build()); return true; } catch (Exception e) { exc.setResponse(Response.badRequest().body(e.getMessage()).build()); } } return false; }
From source file:com.rse.middleware.GoogleTokenVerifier.java
public Payload verify(String token) { try {/*from w w w .j a v a 2s. com*/ String CLIENT_ID = this.CLIENT_ID; NetHttpTransport transport = new NetHttpTransport(); List mClientIDs = Arrays.asList(CLIENT_ID); JsonFactory jsonFactory = new GsonFactory(); GoogleIdTokenVerifier verifier; String mProblem = "Verification failed. (Time-out?)"; String mAudience = this.CLIENT_ID; verifier = new GoogleIdTokenVerifier(transport, jsonFactory); Payload payload = null; GoogleIdToken idToken = GoogleIdToken.parse(jsonFactory, token); if (verifier.verify(idToken)) { GoogleIdToken.Payload tempPayload = idToken.getPayload(); System.out.println(tempPayload.getAudience()); System.out.println(tempPayload.getIssuee()); System.out.println(tempPayload.getIssuer()); System.out.println(tempPayload.get("email")); if (!tempPayload.getAudience().equals(mAudience)) { mProblem = "Audience mismatch"; } else if (!mClientIDs.contains(tempPayload.getIssuee())) { mProblem = "Client ID mismatch"; } else { payload = tempPayload; } } else { System.out.println("Invalid ID token."); } return payload; } catch (GeneralSecurityException e) { System.out.println("Security issue: " + e.getLocalizedMessage()); } catch (IOException e) { System.out.println("Network problem: " + e.getLocalizedMessage()); } catch (IllegalArgumentException e) { System.out.println("Token Problem: " + e.getLocalizedMessage()); } catch (Exception e) { System.out.println("Exception: " + e.getLocalizedMessage()); } return null; }
From source file:com.traveloka.sonarqube.plugin.GoogleIdentityProvider.java
License:Open Source License
@Override public void callback(CallbackContext context) { context.verifyCsrfState();// w w w .ja v a2s. c o m HttpServletRequest request = context.getRequest(); String code = null; try { code = request.getParameter("code"); } catch (NullPointerException e) { throw new IllegalStateException("Authorization Code Fail", e); } JsonFactory jsonFactory = new JacksonFactory(); GoogleTokenResponse tokenResponse; try { tokenResponse = new GoogleAuthorizationCodeTokenRequest(new NetHttpTransport(), jsonFactory, settings.clientId(), settings.clientSecret(), code, settings.redirectUri()).execute(); } catch (IOException e) { throw new IllegalStateException("Authorization Token Fail", e); } GoogleIdToken googleIdToken; String idToken = tokenResponse.getIdToken(); try { googleIdToken = GoogleIdToken.parse(jsonFactory, idToken); } catch (IOException e) { throw new IllegalStateException("ID Token Fail", e); } if (!googleIdToken.getPayload().getHostedDomain().equals(settings.hostedDomain()) || !googleIdToken.getPayload().getEmailVerified()) throw new UnauthorizedException("You must be a verified member of traveloka"); String email = googleIdToken.getPayload().getEmail(); String userName = email.substring(0, email.indexOf('@')); UserIdentity userIdentity = UserIdentity.builder().setProviderLogin(userName).setLogin(userName) .setName(userName).setEmail(googleIdToken.getPayload().getEmail()).build(); context.authenticate(userIdentity); context.redirectToRequestedPage(); }
From source file:function.IdTokenVerifierAndParser.java
public static GoogleIdToken.Payload getPayload(String tokenString) throws Exception { JacksonFactory jacksonFactory = new JacksonFactory(); GoogleIdTokenVerifier googleIdTokenVerifier = new GoogleIdTokenVerifier(new NetHttpTransport(), jacksonFactory);/*w w w . j a va2s.co m*/ GoogleIdToken token = GoogleIdToken.parse(jacksonFactory, tokenString); if (googleIdTokenVerifier.verify(token)) { GoogleIdToken.Payload payload = token.getPayload(); if (!GOOGLE_CLIENT_ID.equals(payload.getAudience())) { throw new IllegalArgumentException("Audience mismatch"); } else if (!GOOGLE_CLIENT_ID.equals(payload.getAuthorizedParty())) { throw new IllegalArgumentException("Client ID mismatch"); } return payload; } else { throw new IllegalArgumentException("id token cannot be verified"); } }
From source file:me.lazerka.gae.jersey.oauth2.google.TokenVerifierGoogleSignature.java
License:Apache License
@Override public GoogleUserPrincipal verify(String token) throws IOException, GeneralSecurityException { GoogleIdToken idToken;//from ww w. j a v a 2 s .c o m try { idToken = GoogleIdToken.parse(verifier.getJsonFactory(), token); } catch (IllegalArgumentException e) { throw new InvalidKeyException("Cannot parse token as JWS"); } if (!verifier.verify(idToken)) { String email = idToken.getPayload().getEmail(); // Give meaningful message for the most common case. DateTime now = nowProvider.get(); if (!idToken.verifyTime(now.getMillis(), verifier.getAcceptableTimeSkewSeconds())) { throw new InvalidKeyException("Token expired for allegedly " + email); } throw new InvalidKeyException("Invalid token for allegedly " + email); } Payload payload = idToken.getPayload(); return new GoogleUserPrincipal(payload.getSubject(), payload.getEmail()); }
From source file:org.curioswitch.common.server.framework.auth.googleid.GoogleIdAuthorizer.java
License:Open Source License
@Override public CompletionStage<Boolean> authorize(ServiceRequestContext ctx, OAuth2Token data) { final GoogleIdToken token; try {//from w w w.j av a 2s . c o m token = GoogleIdToken.parse(JacksonFactory.getDefaultInstance(), data.accessToken()); } catch (IOException e) { logger.info("Could not parse id token {}", data.accessToken()); return completedFuture(false); } return verifier.verify(token).thenApply(result -> { if (!result) { logger.info("Invalid signature."); return false; } if (!commonNamesProvider.get().contains(token.getPayload().getEmail())) { logger.info("Rejecting client: {}", token.getPayload().getEmail()); return false; } return true; }); }