List of usage examples for org.springframework.security.oauth2.provider OAuth2Request getResponseTypes
public Set<String> getResponseTypes()
From source file:org.mitre.oauth2.model.AuthenticationHolderEntity.java
public void setAuthentication(OAuth2Authentication authentication) { // pull apart the request and save its bits OAuth2Request o2Request = authentication.getOAuth2Request(); setAuthorities(o2Request.getAuthorities()); setClientId(o2Request.getClientId()); setExtensions(o2Request.getExtensions()); setRedirectUri(o2Request.getRedirectUri()); setRequestParameters(o2Request.getRequestParameters()); setResourceIds(o2Request.getResourceIds()); setResponseTypes(o2Request.getResponseTypes()); setScope(o2Request.getScope()); setApproved(o2Request.isApproved()); if (authentication.getUserAuthentication() != null) { this.userAuth = new SavedUserAuthentication(authentication.getUserAuthentication()); } else {//from www. j a v a 2 s . c om this.userAuth = null; } }
From source file:net.shibboleth.idp.oidc.client.userinfo.authn.ShibbolethAcrAwareTokenService.java
@Override public OAuth2AccessTokenEntity createIdToken(final ClientDetailsEntity client, final OAuth2Request request, final Date issueTime, final String sub, final OAuth2AccessTokenEntity accessToken) { JWSAlgorithm signingAlg = jwtService.getDefaultSigningAlgorithm(); if (client.getIdTokenSignedResponseAlg() != null) { signingAlg = client.getIdTokenSignedResponseAlg(); }/*from w ww .ja v a2 s .co m*/ final OAuth2AccessTokenEntity idTokenEntity = new OAuth2AccessTokenEntity(); final JWTClaimsSet.Builder idClaims = new JWTClaimsSet.Builder(); log.debug("Request {} extension {}", ConnectRequestParameters.MAX_AGE, request.getExtensions().get(ConnectRequestParameters.MAX_AGE)); log.debug("Request {} extension {}", OIDCConstants.ID_TOKEN, request.getExtensions().get(OIDCConstants.ID_TOKEN)); log.debug("Client require authN time {}", client.getRequireAuthTime()); calculateAuthTimeClaim(request, idClaims); idClaims.issueTime(issueTime); calculateAmrAndAcrClaims(accessToken, idClaims); calculateExpirationClaim(client, idTokenEntity, idClaims); idClaims.issuer(configBean.getIssuer()); log.debug("issuer is set to {}", configBean.getIssuer()); idClaims.subject(sub); log.debug("sub is set to {}", sub); idClaims.audience(Lists.newArrayList(client.getClientId())); log.debug("audience is set to {}", client.getClientId()); final String jwtId = UUID.randomUUID().toString(); idClaims.jwtID(jwtId); log.debug("JWT id is set to {}", jwtId); calculateNonceClaim(request, idClaims); final Set<String> responseTypes = request.getResponseTypes(); calculateAtHashClaim(accessToken, signingAlg, idClaims, responseTypes); if (client.getIdTokenEncryptedResponseAlg() != null && !client.getIdTokenEncryptedResponseAlg().equals(Algorithm.NONE) && client.getIdTokenEncryptedResponseEnc() != null && !client.getIdTokenEncryptedResponseEnc().equals(Algorithm.NONE) && (!Strings.isNullOrEmpty(client.getJwksUri()) || client.getJwks() != null)) { encryptIdToken(client, idTokenEntity, idClaims); } else { signIdToken(client, signingAlg, idTokenEntity, idClaims); } log.debug("Mapping the idToken to the authentication of client {}", accessToken.getAuthenticationHolder().getClientId()); idTokenEntity.setAuthenticationHolder(accessToken.getAuthenticationHolder()); // create a scope set with just the special "id-token" scope final Set<String> idScopes = Sets.newHashSet(SystemScopeService.ID_TOKEN_SCOPE); idTokenEntity.setScope(idScopes); log.debug("Configured scopes for the idToken scope {} are {}", SystemScopeService.ID_TOKEN_SCOPE, idScopes); idTokenEntity.setClient(accessToken.getClient()); return idTokenEntity; }
From source file:org.mitre.openid.connect.service.impl.DefaultOIDCTokenService.java
@Override public OAuth2AccessTokenEntity createIdToken(ClientDetailsEntity client, OAuth2Request request, Date issueTime, String sub, OAuth2AccessTokenEntity accessToken) { JWSAlgorithm signingAlg = jwtService.getDefaultSigningAlgorithm(); if (client.getIdTokenSignedResponseAlg() != null) { signingAlg = client.getIdTokenSignedResponseAlg(); }/*from w ww.j ava2 s .c o m*/ OAuth2AccessTokenEntity idTokenEntity = new OAuth2AccessTokenEntity(); JWTClaimsSet.Builder idClaims = new JWTClaimsSet.Builder(); // if the auth time claim was explicitly requested OR if the client always wants the auth time, put it in if (request.getExtensions().containsKey("max_age") || (request.getExtensions().containsKey("idtoken")) // TODO: parse the ID Token claims (#473) -- for now assume it could be in there || (client.getRequireAuthTime() != null && client.getRequireAuthTime())) { if (request.getExtensions().get(AuthenticationTimeStamper.AUTH_TIMESTAMP) != null) { Long authTimestamp = Long .parseLong((String) request.getExtensions().get(AuthenticationTimeStamper.AUTH_TIMESTAMP)); if (authTimestamp != null) { idClaims.claim("auth_time", authTimestamp / 1000L); } } else { // we couldn't find the timestamp! logger.warn( "Unable to find authentication timestamp! There is likely something wrong with the configuration."); } } idClaims.issueTime(issueTime); if (client.getIdTokenValiditySeconds() != null) { Date expiration = new Date(System.currentTimeMillis() + (client.getIdTokenValiditySeconds() * 1000L)); idClaims.expirationTime(expiration); idTokenEntity.setExpiration(expiration); } idClaims.issuer(configBean.getIssuer()); idClaims.subject(sub); idClaims.audience(Lists.newArrayList(client.getClientId())); idClaims.jwtID(UUID.randomUUID().toString()); // set a random NONCE in the middle of it String nonce = (String) request.getExtensions().get("nonce"); if (!Strings.isNullOrEmpty(nonce)) { idClaims.claim("nonce", nonce); } Set<String> responseTypes = request.getResponseTypes(); if (responseTypes.contains("token")) { // calculate the token hash Base64URL at_hash = IdTokenHashUtils.getAccessTokenHash(signingAlg, accessToken); idClaims.claim("at_hash", at_hash); } if (client.getIdTokenEncryptedResponseAlg() != null && !client.getIdTokenEncryptedResponseAlg().equals(Algorithm.NONE) && client.getIdTokenEncryptedResponseEnc() != null && !client.getIdTokenEncryptedResponseEnc().equals(Algorithm.NONE) && (!Strings.isNullOrEmpty(client.getJwksUri()) || client.getJwks() != null)) { JWTEncryptionAndDecryptionService encrypter = encrypters.getEncrypter(client); if (encrypter != null) { EncryptedJWT idToken = new EncryptedJWT(new JWEHeader(client.getIdTokenEncryptedResponseAlg(), client.getIdTokenEncryptedResponseEnc()), idClaims.build()); encrypter.encryptJwt(idToken); idTokenEntity.setJwt(idToken); } else { logger.error("Couldn't find encrypter for client: " + client.getClientId()); } } else { JWT idToken; if (signingAlg.equals(Algorithm.NONE)) { // unsigned ID token idToken = new PlainJWT(idClaims.build()); } else { // signed ID token if (signingAlg.equals(JWSAlgorithm.HS256) || signingAlg.equals(JWSAlgorithm.HS384) || signingAlg.equals(JWSAlgorithm.HS512)) { JWSHeader header = new JWSHeader(signingAlg, null, null, null, null, null, null, null, null, null, jwtService.getDefaultSignerKeyId(), null, null); idToken = new SignedJWT(header, idClaims.build()); JWTSigningAndValidationService signer = symmetricCacheService.getSymmetricValidtor(client); // sign it with the client's secret signer.signJwt((SignedJWT) idToken); } else { idClaims.claim("kid", jwtService.getDefaultSignerKeyId()); JWSHeader header = new JWSHeader(signingAlg, null, null, null, null, null, null, null, null, null, jwtService.getDefaultSignerKeyId(), null, null); idToken = new SignedJWT(header, idClaims.build()); // sign it with the server's key jwtService.signJwt((SignedJWT) idToken); } } idTokenEntity.setJwt(idToken); } idTokenEntity.setAuthenticationHolder(accessToken.getAuthenticationHolder()); // create a scope set with just the special "id-token" scope //Set<String> idScopes = new HashSet<String>(token.getScope()); // this would copy the original token's scopes in, we don't really want that Set<String> idScopes = Sets.newHashSet(SystemScopeService.ID_TOKEN_SCOPE); idTokenEntity.setScope(idScopes); idTokenEntity.setClient(accessToken.getClient()); return idTokenEntity; }
From source file:org.orcid.core.oauth.service.OrcidTokenStoreServiceImpl.java
private OrcidOauth2TokenDetail populatePropertiesFromTokenAndAuthentication(OAuth2AccessToken token, OAuth2Authentication authentication, OrcidOauth2TokenDetail detail) { OAuth2Request authorizationRequest = authentication.getOAuth2Request(); if (detail == null) { detail = new OrcidOauth2TokenDetail(); }// w w w .j av a 2s . c o m String clientId = authorizationRequest.getClientId(); String authKey = KEY_GENERATOR.extractKey(authentication); detail.setAuthenticationKey(authKey); detail.setClientDetailsId(clientId); OAuth2RefreshToken refreshToken = token.getRefreshToken(); if (refreshToken != null && StringUtils.isNotBlank(refreshToken.getValue())) { if (refreshToken instanceof ExpiringOAuth2RefreshToken) { // Override the refresh token expiration from the client // details, and make it the same as the token itself detail.setRefreshTokenExpiration(token.getExpiration()); } detail.setRefreshTokenValue(refreshToken.getValue()); } if (!authentication.isClientOnly()) { Object principal = authentication.getPrincipal(); if (principal instanceof ProfileEntity) { ProfileEntity profileEntity = (ProfileEntity) authentication.getPrincipal(); profileEntity = profileEntityCacheManager.retrieve(profileEntity.getId()); detail.setProfile(profileEntity); } } detail.setTokenValue(token.getValue()); detail.setTokenType(token.getTokenType()); detail.setTokenExpiration(token.getExpiration()); detail.setApproved(authorizationRequest.isApproved()); detail.setRedirectUri(authorizationRequest.getRedirectUri()); Set<String> resourceIds = authorizationRequest.getResourceIds(); if (resourceIds == null || resourceIds.isEmpty()) { ClientDetailsEntity clientDetails = clientDetailsEntityCacheManager.retrieve(clientId); resourceIds = clientDetails.getResourceIds(); } detail.setResourceId(OAuth2Utils.formatParameterList(resourceIds)); detail.setResponseType(OAuth2Utils.formatParameterList(authorizationRequest.getResponseTypes())); detail.setScope(OAuth2Utils.formatParameterList(authorizationRequest.getScope())); Map<String, Object> additionalInfo = token.getAdditionalInformation(); if (additionalInfo != null) { if (additionalInfo.containsKey(OrcidOauth2Constants.TOKEN_VERSION)) { String sVersion = String.valueOf(additionalInfo.get(OrcidOauth2Constants.TOKEN_VERSION)); detail.setVersion(Long.valueOf(sVersion)); } else { // TODO: As of Jan 2015 all tokens will be new tokens, so, we // will have to remove the token version code and // treat all tokens as new tokens detail.setVersion(Long.valueOf(OrcidOauth2Constants.PERSISTENT_TOKEN)); } if (additionalInfo.containsKey(OrcidOauth2Constants.PERSISTENT)) { boolean isPersistentKey = (Boolean) additionalInfo.get(OrcidOauth2Constants.PERSISTENT); detail.setPersistent(isPersistentKey); } else { detail.setPersistent(false); } } else { detail.setPersistent(false); } return detail; }