throw new RuntimeException("Client ID is required when configuring an OIDC Provider."); clientId = new ClientID(rawClientId);
/** * Returns the OpenId Connect client id. * * @return client id */ public String getClientId() { return identityProvider.getClientId().getValue(); }
&& queryParameters.get(OAuthConstants.CLIENT_SECRET_QUERY_PARAM) != null) { log.debug("Authorization header is missing"); clientId = new ClientID(queryParameters.get(OAuthConstants.CLIENT_ID_QUERY_PARAM)); clientSecret = new Secret(queryParameters.get(OAuthConstants.CLIENT_SECRET_QUERY_PARAM)); } else { boolean isValid = oauthDAO.isClientCredentialsValid(clientId.getValue(), clientSecret.getValue()); if (!isValid) { context.setErrorObject(OAuth2Error.INVALID_CLIENT); return null; return clientId.getValue(); } catch (OAuthDAOException e) { log.error("Error while validating client credentials", e);
@Override public void remove(String id, ClientID clientId) { TokenEntity tokenEntity = entityManager.find(TokenEntity.class, id); if (tokenEntity == null) { LOG.warn("Attempt to delete not existing token: " + id); return; } entityManager.detach(tokenEntity); if (clientId != null && !clientId.equals(tokenEntity.getClientId())) { LOG.warn("clientIds are different: " + clientId + " vs. " + tokenEntity.getClientId()); } // delete the refresh tokens for this token Query queryRefreshToken = entityManager.createNamedQuery(TokenEntity.DELETE_REFRESH_TOKEN_BY_PARENT_ID); queryRefreshToken.setParameter("id", id); int updateCountRefreshToken = queryRefreshToken.executeUpdate(); LOG.debug("Removed Refresh-Tokens for parent id {}, count {}", id, updateCountRefreshToken); Query q = entityManager.createNamedQuery(TokenEntity.DELETE_TOKEN_BY_ID); q.setParameter("id", id); int updateCount = q.executeUpdate(); LOG.debug("Remove Token {}, Count {}", id, updateCount); }
@Override protected ModelAndView onSubmit(Object command, BindException errors) throws Exception { ClientID clientId = ((MyCommand) command).getClientId(); return new ModelAndView(new RedirectView(getSuccessView()), "clientId", clientId.toString()); }
!authCodeMetadata.getClientId().equals(request.getClientAuthentication().getClientID()) || !authCodeMetadata.getRedirectURI().equals(servletRequest.getParameter("redirect_uri")) ) {
ClientID clientId = new ClientID(clientRegistration.getClientId()); Secret clientSecret = new Secret(clientRegistration.getClientSecret()); ClientAuthentication clientAuthentication;
public static Cookie getCookieToken(HttpServletRequest request, ClientID clientId) { Cookie[] cookies = request.getCookies(); if (cookies == null) { return null; } for (Cookie cookie : cookies) { if (cookie.getName().equals("REMEMBER_" + clientId.getValue()) && StringUtils.isNotEmpty(cookie.getValue())) { return cookie; } } return null; }
private void doRefreshTokenGrantFlow(TokenRequest request, HttpServletRequest servletRequest, HttpServletResponse servletResponse) throws IOException { RefreshTokenGrant refreshTokenGrant = (RefreshTokenGrant) request.getAuthorizationGrant(); RefreshTokenAndMetadata refreshTokeMetadata = tokenStore.findRefreshToken(refreshTokenGrant.getRefreshToken()); if (refreshTokeMetadata == null || !refreshTokeMetadata.getClientId().equals(request.getClientAuthentication().getClientID())) { ServletUtils.applyHTTPResponse( new TokenErrorResponse(OAuth2Error.INVALID_GRANT).toHTTPResponse(), servletResponse); return; } RefreshToken refreshToken = new RefreshToken(); tokenStore.addRefreshToken(refreshToken, refreshTokeMetadata.getUserInfo(), refreshTokeMetadata.getClientId(), refreshTokeMetadata.getLoginSession(), refreshTokenLifetime); BearerAccessToken accessToken = new BearerAccessToken(tokenLifetime, request.getScope()); tokenStore.addAccessToken(accessToken, refreshTokeMetadata.getUserInfo(), refreshTokeMetadata.getClientId(), refreshToken); tokenStore.remove(refreshTokeMetadata.getRefreshToken().getValue(), refreshTokeMetadata.getClientId()); ServletUtils.applyHTTPResponse( new AccessTokenResponse(new Tokens(accessToken, refreshToken)).toHTTPResponse(), servletResponse); }
public ClientID getClientId() { return new ClientID(clientId); }
public static void setLoginSessionCookie(HttpServletRequest request, HttpServletResponse response, String encryptedToken, ClientID clientID) { Cookie cookie = new Cookie("REMEMBER_" + clientID.getValue(), encryptedToken); cookie.setMaxAge(EXPIRATION); cookie.setSecure(request.isSecure()); response.addCookie(cookie); }
@Override public AuthCodeAndMetadata consumeAuthCode(AuthorizationCode authCode) { String authCodeId = authCode.getValue(); AuthCodeEntity authCodeEntity = entityManager.find(AuthCodeEntity.class, authCodeId); if (authCodeEntity == null) { return null; } AuthCodeAndMetadata authCodeAndMetadata = new AuthCodeAndMetadata( authCodeEntity.getRedirectUri(), authCodeEntity.getUserInfo(), new ClientID(authCodeEntity.getClientId()), authCodeEntity.getLoginSession() != null ? new LoginSessionToken(authCodeEntity.getLoginSession()) : null); entityManager.remove(authCodeEntity); return authCodeAndMetadata; }
public static void removeCookieToken(HttpServletRequest request, HttpServletResponse response, ClientID clientID) { Cookie[] cookies = request.getCookies(); if (cookies == null) { return; } for (Cookie cookie : cookies) { if (cookie.getName().equals("REMEMBER_" + clientID.getValue())) { Cookie delete = new Cookie("REMEMBER_" + clientID.getValue(), ""); delete.setMaxAge(-1); response.addCookie(delete); return; } } }
/** * Acquires security token from the authority using an device code previously received. * * @param deviceCode The device code result received from calling acquireDeviceCode. * @param callback optional callback object for non-blocking execution. * @return A {@link Future} object representing the {@link AuthenticationResult} of the call. * It contains AccessToken, Refresh Token and the Access Token's expiration time. * @throws AuthenticationException thrown if authorization is pending or another error occurred. * If the errorCode of the exception is AdalErrorCode.AUTHORIZATION_PENDING, * the call needs to be retried until the AccessToken is returned. * DeviceCode.interval - The minimum amount of time in seconds that the client * SHOULD wait between polling requests to the token endpoin */ public Future<AuthenticationResult> acquireTokenByDeviceCode( final DeviceCode deviceCode, final AuthenticationCallback callback) throws AuthenticationException { final ClientAuthentication clientAuth = new ClientAuthenticationPost( ClientAuthenticationMethod.NONE, new ClientID(deviceCode.getClientId())); this.validateDeviceCodeRequestInput(deviceCode, clientAuth, deviceCode.getResource()); final AdalDeviceCodeAuthorizationGrant deviceCodeGrant = new AdalDeviceCodeAuthorizationGrant(deviceCode, deviceCode.getResource()); return this.acquireToken(deviceCodeGrant, clientAuth, callback); }
/** * Returns the OpenId Connect client id. * * @return client id */ public String getClientId() { return identityProvider.getClientId().getValue(); }
/** * Acquires security token from the authority using an device code previously received. * * @param deviceCode The device code result received from calling acquireDeviceCode. * @param callback optional callback object for non-blocking execution. * @return A {@link Future} object representing the {@link AuthenticationResult} of the call. * It contains AccessToken, Refresh Token and the Access Token's expiration time. * @throws AuthenticationException thrown if authorization is pending or another error occurred. * If the errorCode of the exception is AdalErrorCode.AUTHORIZATION_PENDING, * the call needs to be retried until the AccessToken is returned. * DeviceCode.interval - The minimum amount of time in seconds that the client * SHOULD wait between polling requests to the token endpoin */ public Future<AuthenticationResult> acquireTokenByDeviceCode( final DeviceCode deviceCode, final AuthenticationCallback callback) throws AuthenticationException { final ClientAuthentication clientAuth = new ClientAuthenticationPost( ClientAuthenticationMethod.NONE, new ClientID(deviceCode.getClientId())); this.validateDeviceCodeRequestInput(deviceCode, clientAuth, deviceCode.getResource()); final AdalDeviceCodeAuthorizationGrant deviceCodeGrant = new AdalDeviceCodeAuthorizationGrant(deviceCode, deviceCode.getResource()); return this.acquireToken(deviceCodeGrant, clientAuth, callback); }
Map<String, String> toParameters() { Map<String, String> params = new HashMap<String, String>(); params.put("client_id", getClientID().getValue()); return params; }
/** * Acquires an access token from the authority on behalf of a user. It * requires using a user token previously received. * * @param resource * Identifier of the target resource that is the recipient of the * requested token. * @param userAssertion * userAssertion to use as Authorization grant * @param credential * The client credential to use for token acquisition. * @param callback * optional callback object for non-blocking execution. * @return A {@link Future} object representing the * {@link AuthenticationResult} of the call. It contains Access * Token and the Access Token's expiration time. Refresh Token * property will be null for this overload. * @throws AuthenticationException {@link AuthenticationException} */ public Future<AuthenticationResult> acquireToken(final String resource, final UserAssertion userAssertion, final ClientCredential credential, final AuthenticationCallback callback) { this.validateOnBehalfOfRequestInput(resource, userAssertion, credential, true); final ClientAuthentication clientAuth = new ClientSecretPost( new ClientID(credential.getClientId()), new Secret( credential.getClientSecret())); return acquireTokenOnBehalfOf(resource, userAssertion, clientAuth, callback); }
Map<String, String> toParameters() { Map<String, String> params = new HashMap<String, String>(); params.put("client_id", getClientID().getValue()); return params; }
/** * Acquires an access token from the authority on behalf of a user. It * requires using a user token previously received. * * @param resource * Identifier of the target resource that is the recipient of the * requested token. * @param userAssertion * userAssertion to use as Authorization grant * @param credential * The client credential to use for token acquisition. * @param callback * optional callback object for non-blocking execution. * @return A {@link Future} object representing the * {@link AuthenticationResult} of the call. It contains Access * Token and the Access Token's expiration time. Refresh Token * property will be null for this overload. * @throws AuthenticationException {@link AuthenticationException} */ public Future<AuthenticationResult> acquireToken(final String resource, final UserAssertion userAssertion, final ClientCredential credential, final AuthenticationCallback callback) { this.validateOnBehalfOfRequestInput(resource, userAssertion, credential, true); final ClientAuthentication clientAuth = new ClientSecretPost( new ClientID(credential.getClientId()), new Secret( credential.getClientSecret())); return acquireTokenOnBehalfOf(resource, userAssertion, clientAuth, callback); }