Refine search
public OAuth2Authentication extractAuthentication(Map<String, ?> map) { Map<String, String> parameters = new HashMap<String, String>(); Set<String> scope = extractScope(map); Authentication user = userTokenConverter.extractAuthentication(map); String clientId = (String) map.get(clientIdAttribute); parameters.put(clientIdAttribute, clientId); if (includeGrantType && map.containsKey(GRANT_TYPE)) { parameters.put(GRANT_TYPE, (String) map.get(GRANT_TYPE)); } Set<String> resourceIds = new LinkedHashSet<String>(map.containsKey(AUD) ? getAudience(map) : Collections.<String>emptySet()); Collection<? extends GrantedAuthority> authorities = null; if (user==null && map.containsKey(AUTHORITIES)) { @SuppressWarnings("unchecked") String[] roles = ((Collection<String>)map.get(AUTHORITIES)).toArray(new String[0]); authorities = AuthorityUtils.createAuthorityList(roles); } OAuth2Request request = new OAuth2Request(parameters, clientId, authorities, true, scope, resourceIds, null, null, null); return new OAuth2Authentication(request, user); }
public String extractKey(OAuth2Authentication authentication) { Map<String, String> values = new LinkedHashMap<String, String>(); OAuth2Request authorizationRequest = authentication.getOAuth2Request(); if (!authentication.isClientOnly()) { values.put(USERNAME, authentication.getName()); } values.put(CLIENT_ID, authorizationRequest.getClientId()); if (authorizationRequest.getScope() != null) { values.put(SCOPE, OAuth2Utils.formatParameterList(new TreeSet<String>(authorizationRequest.getScope()))); } return generateKey(values); }
protected OAuth2Request(OAuth2Request other) { this(other.getRequestParameters(), other.getClientId(), other.getAuthorities(), other.isApproved(), other .getScope(), other.getResourceIds(), other.getRedirectUri(), other.getResponseTypes(), other .getExtensions()); }
public OAuth2Request refresh(TokenRequest tokenRequest) { OAuth2Request request = new OAuth2Request(getRequestParameters(), getClientId(), authorities, approved, getScope(), resourceIds, redirectUri, responseTypes, extensions); request.refresh = tokenRequest; return request; }
/** * Update the request parameters and return a new object with the same properties except the parameters. * @param parameters new parameters replacing the existing ones * @return a new OAuth2Request */ public OAuth2Request createOAuth2Request(Map<String, String> parameters) { return new OAuth2Request(parameters, getClientId(), authorities, approved, getScope(), resourceIds, redirectUri, responseTypes, extensions); }
Object oaDetails = oa.getDetails(); OAuth2Request request = oa.getOAuth2Request(); Collection<String> requestAuthorities = UaaStringUtils.getStringsFromAuthorities(request.getAuthorities()); Set<String> clientScopes = new HashSet<>(); Set<String> clientAuthorities = new HashSet<>(); for (String s : getZoneSwitchingScopes(identityZoneId)) { String scope = stripPrefix(s, identityZoneId); if (request.getScope().contains(s)) { clientScopes.add(scope); request = new OAuth2Request( request.getRequestParameters(), request.getClientId(), UaaStringUtils.getAuthoritiesFromStrings(clientAuthorities), request.isApproved(), clientScopes, request.getResourceIds(), request.getRedirectUri(), request.getResponseTypes(), request.getExtensions() ); UaaAuthentication userAuthentication = (UaaAuthentication)oa.getUserAuthentication(); if (userAuthentication!=null) { userAuthentication = new UaaAuthentication(
public Map<String, ?> convertAccessToken(OAuth2AccessToken token, OAuth2Authentication authentication) { Map<String, Object> response = new HashMap<String, Object>(); OAuth2Request clientToken = authentication.getOAuth2Request(); if (!authentication.isClientOnly()) { response.putAll(userTokenConverter.convertUserAuthentication(authentication.getUserAuthentication())); } else { if (clientToken.getAuthorities()!=null && !clientToken.getAuthorities().isEmpty()) { response.put(UserAuthenticationConverter.AUTHORITIES, AuthorityUtils.authorityListToSet(clientToken.getAuthorities())); if (includeGrantType && authentication.getOAuth2Request().getGrantType()!=null) { response.put(GRANT_TYPE, authentication.getOAuth2Request().getGrantType()); response.put(clientIdAttribute, clientToken.getClientId()); if (clientToken.getResourceIds() != null && !clientToken.getResourceIds().isEmpty()) { response.put(AUD, clientToken.getResourceIds());
Collection<String> resourceIds = auth.getOAuth2Request().getResourceIds(); if (resourceId != null && resourceIds != null && !resourceIds.isEmpty() && !resourceIds.contains(resourceId)) { throw new OAuth2AccessDeniedException("Invalid token does not contain resource id (" + resourceId + ")"); OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails) authentication.getDetails(); if (!details.equals(auth.getDetails())) { details.setDecodedDetails(auth.getDetails());
OAuth2Request pendingOAuth2Request = storedAuth.getOAuth2Request(); String redirectUriApprovalParameter = pendingOAuth2Request.getRequestParameters().get( OAuth2Utils.REDIRECT_URI); && !pendingOAuth2Request.getRedirectUri().equals(redirectUri)) { throw new RedirectMismatchException("Redirect URI mismatch."); String pendingClientId = pendingOAuth2Request.getClientId(); String clientId = tokenRequest.getClientId(); if (clientId != null && !clientId.equals(pendingClientId)) { .getRequestParameters()); OAuth2Request finalStoredOAuth2Request = pendingOAuth2Request.createOAuth2Request(combinedParameters); Authentication userAuth = storedAuth.getUserAuthentication(); return new OAuth2Authentication(finalStoredOAuth2Request, userAuth);
/** * Create a refreshed authentication. * * @param authentication The authentication. * @param request The scope for the refreshed token. * @return The refreshed authentication. * @throws InvalidScopeException If the scope requested is invalid or wider than the original scope. */ private OAuth2Authentication createRefreshedAuthentication(OAuth2Authentication authentication, TokenRequest request) { OAuth2Authentication narrowed = authentication; Set<String> scope = request.getScope(); OAuth2Request clientAuth = authentication.getOAuth2Request().refresh(request); if (scope != null && !scope.isEmpty()) { Set<String> originalScope = clientAuth.getScope(); if (originalScope == null || !originalScope.containsAll(scope)) { throw new InvalidScopeException("Unable to narrow the scope of the client authentication to " + scope + ".", originalScope); } else { clientAuth = clientAuth.narrowScope(scope); } } narrowed = new OAuth2Authentication(clientAuth, authentication.getUserAuthentication()); return narrowed; }
private static String getApprovalKey(OAuth2Authentication authentication) { String userName = authentication.getUserAuthentication() == null ? "" : authentication.getUserAuthentication().getName(); return getApprovalKey(authentication.getOAuth2Request().getClientId(), userName); }
Set<String> authNContextClassRef = null; OAuth2Request oAuth2Request = authentication.getOAuth2Request(); BaseClientDetails client = (BaseClientDetails) clientDetailsService.loadClientByClientId(oAuth2Request.getClientId(), IdentityZoneHolder.get().getId()); Collection<GrantedAuthority> clientScopes = null; if(client.getAuthorizedGrantTypes().contains(GRANT_TYPE_REFRESH_TOKEN)){ RefreshTokenRequestData refreshTokenRequestData = new RefreshTokenRequestData( oAuth2Request.getGrantType(), oAuth2Request.getScope(), authenticationMethods, oAuth2Request.getRequestParameters().get(REQUEST_AUTHORITIES), oAuth2Request.getResourceIds(), oAuth2Request.getClientId(), isRefreshTokenRevocable, userAuthenticationTime, String clientId = oAuth2Request.getClientId(); Set<String> userScopes = oAuth2Request.getScope(); Map<String, String> requestParameters = oAuth2Request.getRequestParameters(); String grantType = requestParameters.get(GRANT_TYPE); clientScopes, clientId, oAuth2Request.getResourceIds(), refreshTokenValue, additionalAuthorizationAttributes,
if (authentication.getOAuth2Request().getRequestParameters().get("code") != null){ detail.setAuthorizationCode(authentication.getOAuth2Request().getRequestParameters().get("code").toString()); String clientId = authorizationRequest.getClientId(); String authKey = authenticationKeyGenerator.extractKey(authentication); detail.setAuthenticationKey(authKey); detail.setTokenType(token.getTokenType()); detail.setTokenExpiration(token.getExpiration()); detail.setApproved(authorizationRequest.isApproved()); detail.setRedirectUri(authorizationRequest.getRedirectUri()); Set<String> resourceIds = authorizationRequest.getResourceIds(); if(resourceIds == null || resourceIds.isEmpty()) { ClientDetailsEntity clientDetails = clientDetailsEntityCacheManager.retrieve(clientId); detail.setResponseType(OAuth2Utils.formatParameterList(authorizationRequest.getResponseTypes())); detail.setScope(OAuth2Utils.formatParameterList(authorizationRequest.getScope())); if(OrcidOauth2Constants.IETF_EXCHANGE_GRANT_TYPE.equals(authentication.getOAuth2Request().getGrantType()) && authentication.getOAuth2Request().getRequestParameters().containsKey(OrcidOauth2Constants.IETF_EXCHANGE_SUBJECT_TOKEN) && OrcidOauth2Constants.IETF_EXCHANGE_ID_TOKEN.equals(authentication.getOAuth2Request().getRequestParameters().get(OrcidOauth2Constants.IETF_EXCHANGE_SUBJECT_TOKEN_TYPE))) { try { SignedJWT claims = SignedJWT.parse(authentication.getOAuth2Request().getRequestParameters().get(OrcidOauth2Constants.IETF_EXCHANGE_SUBJECT_TOKEN)); detail.setOboClientDetailsId(claims.getJWTClaimsSet().getAudience().get(0)); } catch (ParseException e) {
private void remove(String token) { if (approvalStore != null) { OAuth2Authentication auth = readAuthentication(token); String clientId = auth.getOAuth2Request().getClientId(); Authentication user = auth.getUserAuthentication(); if (user != null) { Collection<Approval> approvals = new ArrayList<Approval>(); for (String scope : auth.getOAuth2Request().getScope()) { approvals.add(new Approval(user.getName(), clientId, scope, new Date(), ApprovalStatus.APPROVED)); } approvalStore.revokeApprovals(approvals); } } } }
@Test public void testTokenRetrieval() throws Exception { OAuth2Authentication result = services.loadAuthentication("FOO"); assertNotNull(result); assertEquals("remote", result.getOAuth2Request().getClientId()); assertEquals("olds", result.getUserAuthentication().getName()); assertEquals("HDGFJSHGDF", ((RemoteUserAuthentication) result.getUserAuthentication()).getId()); assertNotNull(result.getOAuth2Request().getRequestParameters()); assertNull(result.getOAuth2Request().getRequestParameters().get(ClaimConstants.ISS)); }
public static boolean hasAnyScopeMatching(Authentication authentication, String[] scopesRegex) { if (authentication instanceof OAuth2Authentication) { OAuth2Request clientAuthentication = ((OAuth2Authentication) authentication).getOAuth2Request(); for (String scope : clientAuthentication.getScope()) { for (String regex : scopesRegex) { if (scope.matches(regex)) { return true; } } } } return false; }
if (OrcidOauth2Constants.IMPLICIT_GRANT_TYPE.equals(authentication.getOAuth2Request().getGrantType())) { Collection<String> combinedStrings = ScopePathType.getCombinedScopesFromStringsAsStrings(authentication.getOAuth2Request().getScope()); Set<ScopePathType> requestedScopes = ScopePathType.getScopesFromStrings(combinedStrings); Set<String> allowedScopes = Sets.newHashSet(); accessToken.setScope(authentication.getOAuth2Request().getScope()); accessToken = new DefaultOAuth2AccessToken(customTokenEnhancer.enhance(accessToken, authentication)); OAuth2Request r = authentication.getOAuth2Request().narrowScope(allowedScopes); authentication = new OAuth2Authentication(r, authentication.getUserAuthentication());
protected String extractClientIdFromAuthentication(Authentication authentication) { if (authentication==null) { return null; } if (authentication instanceof OAuth2Authentication) { OAuth2Authentication a = (OAuth2Authentication)authentication; return a.getOAuth2Request().getClientId(); } return null; }
@Override @Transactional(value="defaultTransactionManager") public OAuth2AccessTokenEntity createAccessToken(OAuth2Authentication authentication) throws AuthenticationException, InvalidClientException { if (authentication != null && authentication.getOAuth2Request() != null) { OAuth2Request request = authentication.getOAuth2Request(); ClientDetailsEntity client = clientDetailsService.loadClientByClientId(request.getClientId()); throw new InvalidClientException("Client not found: " + request.getClientId()); if (request.getExtensions().containsKey(CODE_CHALLENGE)) { String challenge = (String) request.getExtensions().get(CODE_CHALLENGE); PKCEAlgorithm alg = PKCEAlgorithm.parse((String) request.getExtensions().get(CODE_CHALLENGE_METHOD)); String verifier = request.getRequestParameters().get(CODE_VERIFIER); Set<SystemScope> scopes = scopeService.fromStrings(request.getScope()); OAuth2Request originalAuthRequest = authHolder.getAuthentication().getOAuth2Request(); if (originalAuthRequest.getExtensions() != null && originalAuthRequest.getExtensions().containsKey("approved_site")) { Long apId = Long.parseLong((String) originalAuthRequest.getExtensions().get("approved_site")); ApprovedSite ap = approvedSiteService.getById(apId);
@Override public OAuth2AccessToken getAccessToken(OAuth2Authentication authentication) { String principal = authentication.getPrincipal().toString(); String clientId = authentication.getOAuth2Request().getClientId(); String grantType = authentication.getOAuth2Request().getGrantType(); return this.getAccessToken(principal, clientId, grantType); }