List of usage examples for org.springframework.security.oauth2.common.util RandomValueStringGenerator generate
public String generate()
From source file:org.hspconsortium.platform.authorization.launchcontext.LaunchOrchestrationEndpoint.java
private LaunchContext createLaunchContext(String launchId, String patientId) { LaunchContext launchContext = null;/*from w w w . j ava2 s . co m*/ if (StringUtils.isNotBlank(launchId)) { launchContext = LaunchContextHolder.getLaunchContext(launchId); } if (launchContext == null) { launchContext = new LaunchContext(); RandomValueStringGenerator randomValueStringGenerator = new RandomValueStringGenerator(); launchId = randomValueStringGenerator.generate(); launchContext.setLaunchId(launchId); launchContext.setPatientId(patientId); } return launchContext; }
From source file:org.smartplatforms.oauth2.LaunchOrchestrationEndpoint.java
private LaunchContext createLaunchContext(String launchId, Map<String, Object> launchContextParams) { LaunchContext launchContext = null;/*from ww w. j av a 2 s. c om*/ if (StringUtils.isNotBlank(launchId)) { launchContext = LaunchContextHolder.getLaunchContext(launchId); } if (launchContext == null) { launchContext = new LaunchContext(); RandomValueStringGenerator randomValueStringGenerator = new RandomValueStringGenerator(); launchId = randomValueStringGenerator.generate(); launchContext.setLaunchId(launchId); launchContext.setLaunchContextParams(launchContextParams); } return launchContext; }
From source file:org.cloudfoundry.identity.uaa.codestore.CodeStoreEndpointsTests.java
@Test public void testGenerateCodeWithDuplicateCode() throws Exception { RandomValueStringGenerator generator = mock(RandomValueStringGenerator.class); when(generator.generate()).thenReturn("duplicate"); expiringCodeStore.setGenerator(generator); String data = "{}"; Timestamp expiresAt = new Timestamp(System.currentTimeMillis() + 60000); ExpiringCode expiringCode = new ExpiringCode(null, expiresAt, data); try {/*w w w .j a va 2 s . com*/ codeStoreEndpoints.generateCode(expiringCode); codeStoreEndpoints.generateCode(expiringCode); fail("duplicate code generated, should throw CodeStoreException."); } catch (CodeStoreException e) { assertEquals(e.getStatus(), HttpStatus.INTERNAL_SERVER_ERROR); } }
From source file:org.cloudfoundry.identity.uaa.codestore.ExpiringCodeStoreTests.java
@Test(expected = DataIntegrityViolationException.class) public void testGenerateCodeWithDuplicateCode() throws Exception { RandomValueStringGenerator generator = mock(RandomValueStringGenerator.class); when(generator.generate()).thenReturn("duplicate"); expiringCodeStore.setGenerator(generator); String data = "{}"; Timestamp expiresAt = new Timestamp(System.currentTimeMillis() + 60000); expiringCodeStore.generateCode(data, expiresAt); expiringCodeStore.generateCode(data, expiresAt); }
From source file:org.cloudfoundry.identity.uaa.mock.token.RefreshTokenMockMvcTests.java
private void createClientAndUserInRandomZone() throws Exception { RandomValueStringGenerator generator = new RandomValueStringGenerator(); zone = setupIdentityZone(generator.generate()); IdentityZoneHolder.set(zone);/*from w w w. j a v a 2 s.c o m*/ IdentityProvider<UaaIdentityProviderDefinition> provider = setupIdentityProvider(); assertTrue(provider.isActive()); IdentityZoneHolder.clear(); keys = new HashMap<>(); keys.put("key1", signingKey1); keys.put("key2", signingKey2); zone.getConfig().getTokenPolicy().setKeys(keys); zone.getConfig().getTokenPolicy().setActiveKeyId("key1"); zone = identityZoneProvisioning.update(zone); String clientId = "refreshclient"; client = setUpClients(clientId, "uaa.resource", "uaa.user,openid", "client_credentials,password,refresh_token", true, TEST_REDIRECT_URI, Arrays.asList(OriginKeys.UAA), 30 * 60, zone); String username = "testuser"; user = setUpUser(username, "", OriginKeys.UAA, zone.getId()); refreshToken = getJwtRefreshToken(client.getClientId(), SECRET, user.getUserName(), SECRET, getZoneHostUrl(zone)); }
From source file:org.cloudfoundry.identity.uaa.db.StoreSubDomainAsLowerCase_V2_7_3.java
@Override public synchronized void migrate(JdbcTemplate jdbcTemplate) throws Exception { RandomValueStringGenerator generator = new RandomValueStringGenerator(3); Map<String, List<IdentityZone>> zones = new HashMap<>(); Set<String> duplicates = new HashSet<>(); List<IdentityZone> identityZones = retrieveIdentityZones(jdbcTemplate); for (IdentityZone zone : identityZones) { addToMap(zone, zones, duplicates); }//from w ww . j a va 2s.c o m for (String s : duplicates) { logger.debug("Processing zone duplicates for subdomain:" + s); List<IdentityZone> dupZones = zones.get(s); for (int i = 1; dupZones.size() > 1 && i < dupZones.size(); i++) { IdentityZone dupZone = dupZones.get(i); String newsubdomain = null; while (newsubdomain == null) { String potentialsubdomain = (dupZone.getSubdomain() + "-" + generator.generate()).toLowerCase(); if (zones.get(potentialsubdomain) == null) { newsubdomain = potentialsubdomain; } } logger.debug(String.format("Updating zone id:%s; old subdomain: %s; new subdomain: %s;", dupZone.getId(), dupZone.getSubdomain(), newsubdomain)); dupZone.setSubdomain(newsubdomain); dupZone = updateIdentityZone(dupZone, jdbcTemplate); zones.put(newsubdomain, Arrays.asList(dupZone)); } } for (IdentityZone zone : identityZones) { String subdomain = zone.getSubdomain(); if (StringUtils.hasText(subdomain) && !(subdomain.toLowerCase().equals(subdomain))) { logger.debug( String.format("Lowercasing zone subdomain for id:%s; old subdomain: %s; new subdomain: %s;", zone.getId(), zone.getSubdomain(), zone.getSubdomain().toLowerCase())); zone.setSubdomain(subdomain.toLowerCase()); updateIdentityZone(zone, jdbcTemplate); } } }
From source file:org.cloudfoundry.identity.uaa.mock.token.TokenMvcMockTests.java
@Test public void testOpenIdToken() throws Exception { RandomValueStringGenerator generator = this.generator; String clientId = "testclient" + generator.generate(); String scopes = "space.*.developer,space.*.admin,org.*.reader,org.123*.admin,*.*,*,openid"; setUpClients(clientId, scopes, scopes, GRANT_TYPES, true); String username = "testuser" + generator.generate(); String userScopes = "space.1.developer,space.2.developer,org.1.reader,org.2.reader,org.12345.admin,scope.one,scope.two,scope.three,openid"; ScimUser developer = setUpUser(username, userScopes, OriginKeys.UAA, IdentityZoneHolder.get().getId()); getWebApplicationContext().getBean(UaaUserDatabase.class).updateLastLogonTime(developer.getId()); getWebApplicationContext().getBean(UaaUserDatabase.class).updateLastLogonTime(developer.getId()); String authCodeClientId = "testclient" + generator.generate(); setUpClients(authCodeClientId, scopes, scopes, "authorization_code", true); String implicitClientId = "testclient" + generator.generate(); setUpClients(implicitClientId, scopes, scopes, "implicit", true); String basicDigestHeaderValue = "Basic " + new String( org.apache.commons.codec.binary.Base64.encodeBase64((clientId + ":" + SECRET).getBytes())); String authCodeBasicDigestHeaderValue = "Basic " + new String( org.apache.commons.codec.binary.Base64.encodeBase64((authCodeClientId + ":" + SECRET).getBytes())); //password grant - request for id_token MockHttpServletRequestBuilder oauthTokenPost = post("/oauth/token") .header("Authorization", basicDigestHeaderValue).param(OAuth2Utils.RESPONSE_TYPE, "token id_token") .param(OAuth2Utils.GRANT_TYPE, "password").param(OAuth2Utils.CLIENT_ID, clientId) .param("username", username).param("password", SECRET).param(OAuth2Utils.SCOPE, "openid"); MvcResult result = getMockMvc().perform(oauthTokenPost).andExpect(status().isOk()).andReturn(); Map token = JsonUtils.readValue(result.getResponse().getContentAsString(), Map.class); assertNotNull(token.get("access_token")); assertNotNull(token.get(REFRESH_TOKEN)); assertNotNull(token.get("id_token")); assertNotEquals(token.get("access_token"), token.get("id_token")); validateOpenIdConnectToken((String) token.get("id_token"), developer.getId(), clientId); //request for id_token using our old-style direct authentication //this returns a redirect with a fragment in the URL/Location header String credentials = String.format("{ \"username\":\"%s\", \"password\":\"%s\" }", username, SECRET); oauthTokenPost = post("/oauth/authorize").header("Accept", "application/json") .param(OAuth2Utils.RESPONSE_TYPE, "token id_token").param(OAuth2Utils.CLIENT_ID, implicitClientId) .param(OAuth2Utils.REDIRECT_URI, TEST_REDIRECT_URI).param("credentials", credentials) .param(OAuth2Utils.STATE, generator.generate()).param(OAuth2Utils.SCOPE, "openid"); result = getMockMvc().perform(oauthTokenPost).andExpect(status().is3xxRedirection()).andReturn(); URL url = new URL(result.getResponse().getHeader("Location").replace("redirect#", "redirect?")); token = splitQuery(url);//from w w w.j a v a 2 s.c o m assertNotNull(((List<String>) token.get("access_token")).get(0)); assertNotNull(((List<String>) token.get("id_token")).get(0)); assertNotEquals(((List<String>) token.get("access_token")).get(0), ((List<String>) token.get("id_token")).get(0)); validateOpenIdConnectToken(((List<String>) token.get("id_token")).get(0), developer.getId(), implicitClientId); //authorization_code grant - requesting id_token MockHttpSession session = new MockHttpSession(); setAuthentication(session, developer); String state = generator.generate(); oauthTokenPost = get("/oauth/authorize").header("Authorization", basicDigestHeaderValue).session(session) .param(OAuth2Utils.RESPONSE_TYPE, "code").param(OAuth2Utils.SCOPE, "openid") .param(OAuth2Utils.STATE, state).param(OAuth2Utils.CLIENT_ID, authCodeClientId) .param(ClaimConstants.NONCE, "testnonce").param(OAuth2Utils.REDIRECT_URI, TEST_REDIRECT_URI); result = getMockMvc().perform(oauthTokenPost).andExpect(status().is3xxRedirection()).andReturn(); url = new URL(result.getResponse().getHeader("Location")); token = splitQuery(url); assertNotNull(token.get(OAuth2Utils.STATE)); assertEquals(state, ((List<String>) token.get(OAuth2Utils.STATE)).get(0)); assertNotNull(token.get("code")); assertNotNull(((List<String>) token.get(OAuth2Utils.STATE)).get(0)); String code = ((List<String>) token.get("code")).get(0); oauthTokenPost = post("/oauth/token").header("Authorization", authCodeBasicDigestHeaderValue) .session(session).param(OAuth2Utils.GRANT_TYPE, "authorization_code").param("code", code) .param(OAuth2Utils.RESPONSE_TYPE, "token id_token").param(OAuth2Utils.SCOPE, "openid") .param(OAuth2Utils.STATE, state).param(OAuth2Utils.CLIENT_ID, authCodeClientId) .param(OAuth2Utils.REDIRECT_URI, TEST_REDIRECT_URI); result = getMockMvc().perform(oauthTokenPost).andExpect(status().isOk()).andReturn(); token = JsonUtils.readValue(result.getResponse().getContentAsString(), Map.class); assertNotNull(token.get("access_token")); assertNotNull(token.get(REFRESH_TOKEN)); assertNotNull(token.get("id_token")); assertNotEquals(token.get("access_token"), token.get("id_token")); validateOpenIdConnectToken((String) token.get("id_token"), developer.getId(), authCodeClientId); //nonce must be in id_token if was in auth request, see http://openid.net/specs/openid-connect-core-1_0.html#IDToken Map<String, Object> claims = getClaimsForToken((String) token.get("id_token")); assertEquals("testnonce", claims.get(ClaimConstants.NONCE)); //hybrid flow defined in - response_types=code token id_token //http://openid.net/specs/openid-connect-core-1_0.html#HybridFlowAuth session = new MockHttpSession(); setAuthentication(session, developer); state = generator.generate(); oauthTokenPost = get("/oauth/authorize").header("Authorization", basicDigestHeaderValue).session(session) .param(OAuth2Utils.RESPONSE_TYPE, "code id_token token").param(OAuth2Utils.SCOPE, "openid") .param(OAuth2Utils.STATE, state).param(OAuth2Utils.CLIENT_ID, clientId) .param(OAuth2Utils.REDIRECT_URI, TEST_REDIRECT_URI); result = getMockMvc().perform(oauthTokenPost).andExpect(status().is3xxRedirection()).andReturn(); url = new URL(result.getResponse().getHeader("Location").replace("redirect#", "redirect?")); token = splitQuery(url); assertNotNull(token.get(OAuth2Utils.STATE)); assertEquals(state, ((List<String>) token.get(OAuth2Utils.STATE)).get(0)); assertNotNull(token.get("code")); assertNotNull(((List<String>) token.get(OAuth2Utils.STATE)).get(0)); assertNotNull(((List<String>) token.get("access_token")).get(0)); assertNotNull(((List<String>) token.get("id_token")).get(0)); assertNotEquals(((List<String>) token.get("access_token")).get(0), ((List<String>) token.get("id_token")).get(0)); validateOpenIdConnectToken(((List<String>) token.get("id_token")).get(0), developer.getId(), clientId); //hybrid flow defined in - response_types=code token //http://openid.net/specs/openid-connect-core-1_0.html#HybridFlowAuth session = new MockHttpSession(); setAuthentication(session, developer); state = generator.generate(); oauthTokenPost = get("/oauth/authorize").header("Authorization", basicDigestHeaderValue).session(session) .param(OAuth2Utils.RESPONSE_TYPE, "code token").param(OAuth2Utils.SCOPE, "openid") .param(OAuth2Utils.STATE, state).param(OAuth2Utils.CLIENT_ID, clientId) .param(OAuth2Utils.REDIRECT_URI, TEST_REDIRECT_URI); result = getMockMvc().perform(oauthTokenPost).andExpect(status().is3xxRedirection()).andReturn(); url = new URL(result.getResponse().getHeader("Location").replace("redirect#", "redirect?")); token = splitQuery(url); assertNotNull(token.get(OAuth2Utils.STATE)); assertEquals(state, ((List<String>) token.get(OAuth2Utils.STATE)).get(0)); assertNotNull(token.get("code")); assertNotNull(((List<String>) token.get(OAuth2Utils.STATE)).get(0)); assertNotNull(((List<String>) token.get("access_token")).get(0)); //hybrid flow defined in - response_types=code id_token //http://openid.net/specs/openid-connect-core-1_0.html#HybridFlowAuth session = new MockHttpSession(); setAuthentication(session, developer); state = generator.generate(); oauthTokenPost = get("/oauth/authorize").session(session).param(OAuth2Utils.RESPONSE_TYPE, "code id_token") .param(OAuth2Utils.SCOPE, "openid").param(OAuth2Utils.STATE, state) .param(OAuth2Utils.CLIENT_ID, authCodeClientId).param(OAuth2Utils.REDIRECT_URI, TEST_REDIRECT_URI); result = getMockMvc().perform(oauthTokenPost).andExpect(status().is3xxRedirection()).andReturn(); url = new URL(result.getResponse().getHeader("Location").replace("redirect#", "redirect?")); token = splitQuery(url); assertNotNull(token.get(OAuth2Utils.STATE)); assertEquals(state, ((List<String>) token.get(OAuth2Utils.STATE)).get(0)); assertNotNull(token.get("code")); assertNotNull(((List<String>) token.get(OAuth2Utils.STATE)).get(0)); assertNotNull(((List<String>) token.get("id_token")).get(0)); assertNull(((List<String>) token.get("token"))); validateOpenIdConnectToken(((List<String>) token.get("id_token")).get(0), developer.getId(), authCodeClientId); //authorization code flow with parameter scope=openid //http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest session = new MockHttpSession(); setAuthentication(session, developer); state = generator.generate(); oauthTokenPost = get("/oauth/authorize").header("Authorization", basicDigestHeaderValue).session(session) .param(OAuth2Utils.RESPONSE_TYPE, "code").param(OAuth2Utils.SCOPE, "openid") .param(OAuth2Utils.STATE, state).param(OAuth2Utils.CLIENT_ID, clientId) .param(OAuth2Utils.REDIRECT_URI, TEST_REDIRECT_URI); result = getMockMvc().perform(oauthTokenPost).andExpect(status().is3xxRedirection()).andReturn(); assertFalse("Redirect URL should not be a fragment.", result.getResponse().getHeader("Location").contains("#")); url = new URL(result.getResponse().getHeader("Location")); token = splitQuery(url); assertNotNull(token.get(OAuth2Utils.STATE)); assertEquals(state, ((List<String>) token.get(OAuth2Utils.STATE)).get(0)); code = ((List<String>) token.get("code")).get(0); assertNotNull(code); oauthTokenPost = post("/oauth/token").accept(APPLICATION_JSON) .header("Authorization", basicDigestHeaderValue).param(OAuth2Utils.GRANT_TYPE, "authorization_code") .param(OAuth2Utils.REDIRECT_URI, TEST_REDIRECT_URI).param("code", code); result = getMockMvc().perform(oauthTokenPost).andExpect(status().isOk()).andReturn(); token = JsonUtils.readValue(result.getResponse().getContentAsString(), Map.class); assertNotNull("ID Token should be present when scope=openid", token.get("id_token")); assertNotNull(token.get("id_token")); validateOpenIdConnectToken((String) token.get("id_token"), developer.getId(), clientId); //authorization code flow without parameter scope=openid //http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest //this behavior should NOT return an id_token session = new MockHttpSession(); setAuthentication(session, developer); state = generator.generate(); oauthTokenPost = get("/oauth/authorize").header("Authorization", basicDigestHeaderValue).session(session) .param(OAuth2Utils.RESPONSE_TYPE, "code").param(OAuth2Utils.STATE, state) .param(OAuth2Utils.CLIENT_ID, clientId).param(OAuth2Utils.REDIRECT_URI, TEST_REDIRECT_URI); result = getMockMvc().perform(oauthTokenPost).andExpect(status().is3xxRedirection()).andReturn(); assertFalse("Redirect URL should not be a fragment.", result.getResponse().getHeader("Location").contains("#")); url = new URL(result.getResponse().getHeader("Location")); token = splitQuery(url); assertNotNull(token.get(OAuth2Utils.STATE)); assertEquals(state, ((List<String>) token.get(OAuth2Utils.STATE)).get(0)); code = ((List<String>) token.get("code")).get(0); assertNotNull(code); oauthTokenPost = post("/oauth/token").accept(APPLICATION_JSON) .header("Authorization", basicDigestHeaderValue).param(OAuth2Utils.GRANT_TYPE, "authorization_code") .param(OAuth2Utils.REDIRECT_URI, TEST_REDIRECT_URI).param("code", code); result = getMockMvc().perform(oauthTokenPost).andExpect(status().isOk()).andReturn(); token = JsonUtils.readValue(result.getResponse().getContentAsString(), Map.class); assertNull("ID Token should not be present when scope=openid is not present", token.get("id_token")); //test if we can retrieve an ID token using //response type token+id_token after a regular auth_code flow session = new MockHttpSession(); setAuthentication(session, developer); state = generator.generate(); oauthTokenPost = get("/oauth/authorize").header("Authorization", basicDigestHeaderValue).session(session) .param(OAuth2Utils.RESPONSE_TYPE, "code").param(OAuth2Utils.STATE, state) .param(OAuth2Utils.CLIENT_ID, clientId).param(OAuth2Utils.REDIRECT_URI, TEST_REDIRECT_URI); result = getMockMvc().perform(oauthTokenPost).andExpect(status().is3xxRedirection()).andReturn(); url = new URL(result.getResponse().getHeader("Location").replace("redirect#", "redirect?")); token = splitQuery(url); assertNotNull(token.get(OAuth2Utils.STATE)); assertEquals(state, ((List<String>) token.get(OAuth2Utils.STATE)).get(0)); code = ((List<String>) token.get("code")).get(0); assertNotNull(code); oauthTokenPost = post("/oauth/token").accept(APPLICATION_JSON) .header("Authorization", basicDigestHeaderValue).param(OAuth2Utils.GRANT_TYPE, "authorization_code") .param(OAuth2Utils.RESPONSE_TYPE, "token id_token") .param(OAuth2Utils.REDIRECT_URI, TEST_REDIRECT_URI).param("code", code); result = getMockMvc().perform(oauthTokenPost).andExpect(status().isOk()).andReturn(); token = JsonUtils.readValue(result.getResponse().getContentAsString(), Map.class); assertNotNull("ID Token should be present when response_type includes id_token", token.get("id_token")); assertNotNull(token.get("id_token")); assertNotNull(token.get("access_token")); validateOpenIdConnectToken((String) token.get("id_token"), developer.getId(), clientId); session = new MockHttpSession(); setAuthentication(session, developer); state = generator.generate(); oauthTokenPost = get("/oauth/authorize").session(session).param(OAuth2Utils.RESPONSE_TYPE, "id_token") .param(OAuth2Utils.STATE, state).param(OAuth2Utils.CLIENT_ID, implicitClientId) .param(OAuth2Utils.REDIRECT_URI, TEST_REDIRECT_URI); result = getMockMvc().perform(oauthTokenPost).andExpect(status().is3xxRedirection()).andReturn(); url = new URL(result.getResponse().getHeader("Location").replace("redirect#", "redirect?")); token = splitQuery(url); assertNotNull(token.get(OAuth2Utils.STATE)); assertNotNull(token.get("id_token")); assertEquals(state, ((List<String>) token.get(OAuth2Utils.STATE)).get(0)); }
From source file:org.cloudfoundry.identity.uaa.mock.util.MockMvcUtils.java
public static ZoneScimInviteData createZoneForInvites(MockMvc mockMvc, ApplicationContext context, String clientId, String redirectUri) throws Exception { RandomValueStringGenerator generator = new RandomValueStringGenerator(); String superAdmin = getClientCredentialsOAuthAccessToken(mockMvc, "admin", "adminsecret", "", null); IdentityZoneCreationResult zone = utils() .createOtherIdentityZoneAndReturnResult(generator.generate().toLowerCase(), mockMvc, context, null); BaseClientDetails appClient = new BaseClientDetails("app", "", "scim.invite", "client_credentials,password,authorization_code", "uaa.admin,clients.admin,scim.write,scim.read,scim.invite", redirectUri); appClient.setClientSecret("secret"); appClient = utils().createClient(mockMvc, zone.getZoneAdminToken(), appClient, zone.getIdentityZone()); appClient.setClientSecret("secret"); String adminToken = utils().getClientCredentialsOAuthAccessToken(mockMvc, appClient.getClientId(), appClient.getClientSecret(), "", zone.getIdentityZone().getSubdomain()); String username = new RandomValueStringGenerator().generate().toLowerCase() + "@example.com"; ScimUser user = new ScimUser(clientId, username, "given-name", "family-name"); user.setPrimaryEmail(username);/*ww w . j a v a2 s . c o m*/ user.setPassword("password"); user = createUserInZone(mockMvc, adminToken, user, zone.getIdentityZone().getSubdomain()); user.setPassword("password"); ScimGroup group = new ScimGroup("scim.invite"); group.setMembers(Arrays.asList(new ScimGroupMember(user.getId(), USER, Arrays.asList(MEMBER)))); return new ZoneScimInviteData(adminToken, zone, appClient, superAdmin); }
From source file:org.cloudfoundry.identity.uaa.provider.oauth.XOAuthProviderConfigurator.java
public String getCompleteAuthorizationURI(String alias, String baseURL, AbstractXOAuthIdentityProviderDefinition definition) { try {/*from ww w .ja v a2s . com*/ String authUrlBase; if (definition instanceof OIDCIdentityProviderDefinition) { authUrlBase = overlay((OIDCIdentityProviderDefinition) definition).getAuthUrl().toString(); } else { authUrlBase = definition.getAuthUrl().toString(); } String queryAppendDelimiter = authUrlBase.contains("?") ? "&" : "?"; List<String> query = new ArrayList<>(); query.add("client_id=" + definition.getRelyingPartyId()); query.add("response_type=" + URLEncoder.encode(definition.getResponseType(), "UTF-8")); query.add("redirect_uri=" + URLEncoder.encode(baseURL + "/login/callback/" + alias, "UTF-8")); query.add("state=" + RandomStringUtils.randomAlphanumeric(10)); if (definition.getScopes() != null && !definition.getScopes().isEmpty()) { query.add("scope=" + URLEncoder.encode(String.join(" ", definition.getScopes()), "UTF-8")); } if (OIDCIdentityProviderDefinition.class.equals(definition.getParameterizedClass())) { final RandomValueStringGenerator nonceGenerator = new RandomValueStringGenerator(12); query.add("nonce=" + nonceGenerator.generate()); } String queryString = String.join("&", query); return authUrlBase + queryAppendDelimiter + queryString; } catch (UnsupportedEncodingException e) { throw new IllegalStateException(e); } }