@Override public String getAccessTokenHash(String accessToken) throws OAuthSystemException { try { JWT parse = JWTParser.parse(accessToken); return parse.getJWTClaimsSet().getJWTID(); } catch (ParseException e) { if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.ACCESS_TOKEN)) { log.debug("Error while getting JWTID from token: " + accessToken); } throw new OAuthSystemException("Error while getting access token hash", e); } }
@Override public String getAccessTokenHash(String accessToken) throws OAuthSystemException { if (StringUtils.isNotEmpty(accessToken) && accessToken.contains(APIConstants.DOT)) { try { JWT parse = JWTParser.parse(accessToken); return parse.getJWTClaimsSet().getJWTID(); } catch (ParseException e) { if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.ACCESS_TOKEN)) { log.debug("Error while getting JWTID from token: " + accessToken); } throw new OAuthSystemException("Error while getting access token hash", e); } } else { return accessToken; } }
private boolean validateRequiredFields(JWTClaimsSet claimsSet) throws IdentityOAuth2Exception { String subject = resolveSubject(claimsSet); List<String> audience = claimsSet.getAudience(); String jti = claimsSet.getJWTID(); if (StringUtils.isEmpty(claimsSet.getIssuer()) || StringUtils.isEmpty(subject) || claimsSet.getExpirationTime() == null || audience == null || jti == null) { throw new IdentityOAuth2Exception("Mandatory fields(Issuer, Subject, Expiration time," + " jtl or Audience) are empty in the given Token."); } return true; }
@Override public void generateAccessToken(AccessTokenContext context) { JWTClaimsSet jwtClaimsSet = getJWTClaimSet(context); String jwtToken; if (JWSAlgorithm.NONE.getName().equals(signatureAlgorithm.getName())) { jwtToken = new PlainJWT(jwtClaimsSet).serialize(); context.getParams().put(OAuthConstants.TOKEN_ALIAS, jwtClaimsSet.getJWTID()); context.getParams().put(OAuthConstants.TOKEN, jwtToken); super.generateAccessToken(context); } else { try { jwtToken = signJwt(jwtClaimsSet); context.getParams().put(OAuthConstants.TOKEN_ALIAS, jwtClaimsSet.getJWTID()); context.getParams().put(OAuthConstants.TOKEN, jwtToken); super.generateAccessToken(context); } catch (AuthException e) { context.setSuccessful(false); context.setErrorObject(OAuth2Error.SERVER_ERROR); } } }
private void validateRequiredClaims(JWTClaimsSet claims) throws MissingRequiredClaimException { checkClaimNotNull(claims.getAudience(), Claim.AUDIENCE); checkClaimNotNull(claims.getIssuer(), Claim.ISSUER); checkClaimNotNull(claims.getJWTID(), Claim.JWT_ID); checkClaimNotNull(claims.getIssueTime(), Claim.ISSUED_AT); checkClaimNotNull(claims.getExpirationTime(), Claim.EXPIRY); }
public String sign(final boolean internalOnly, final JWTClaimsSet claimsSet, final ActivableAndExpirable internalKey, final ActivableAndExpirable externalKey, final boolean isRefreshToken) { final ProfileOAuth2 profile = this.profile.getProfile(); final String inner = super.signJWT(new Payload(claimsSet.toJSONObject()), profile.getInternalKeyAlgorithm(), internalKey, isRefreshToken, Jwt.CTY.DEFAULT.getValue()); // no need to wrap if both keys are equals - this is the case for internal clients who are going to set both to internal key // obviously the JWT algorithm will reject the token if it is used to get in as the internal key isn't in the permitted keys if (internalOnly || externalKey == null || internalKey.equals(externalKey)) { LOGGER.fine(Oauth2Codes.PLAIN_INNER_TOKEN_2, "Return plain inner token with JTI {0}, internal-key={1}, external-key={2}", claimsSet.getJWTID(), internalKey, externalKey); return inner; } return super.signJWT(new Payload(Base64URL.encode(inner)), profile.getExternalKeyAlgorithm(), externalKey, isRefreshToken, Jwt.CTY.WRAPPED.getValue()); } }
"Successfully generated an embedded refresh token with JTI {0}, internal-key={1}, external-key={2}", jwtClaimsSet.getJWTID(), internalKey, externalKey); "Successfully generated an embedded access token with JTI {0}, internal-key={1}, external-key={2}", jwtClaimsSet.getJWTID(), internalKey, externalKey);
token.setProfile(profile.getProfile().getName()); token.setGrantType(request.getGrantType()); token.setJti((refreshToken == null ? accessToken : refreshToken).getClaims().getJWTID()); token.setKeyId((refreshToken == null ? accessToken : refreshToken).getMainKey()); };
public String sign(final boolean internalOnlyClient, final JWTClaimsSet claimsSet, final ActivableAndExpirable internalKey, final ActivableAndExpirable externalKey, final boolean isRefreshToken) { final ProfileMetaData.ProfileOAuth2 profile = this.profile.getProfile(); final String inner = super.signJWT(new Payload(claimsSet.toJSONObject()), profile.getInternalKeyAlgorithm(), internalKey, isRefreshToken, Jwt.CTY.DEFAULT.getValue()); // no need to wrap if both keys are equals - this is the case for internal clients who are going to set both to internal key // obviously the JWT algorithm will reject the token if it is used to get in as the internal key isn't in the permitted keys if (internalOnlyClient || externalKey == null || internalKey.equals(externalKey)) { LOGGER.fine(Oauth2Codes.PLAIN_INNER_TOKEN_1, "Return plain inner token with JTI {0}, internal-private-key={1}, external-private-key={2}", claimsSet.getJWTID(), internalKey, externalKey); return inner; } // add inner token of the internal JWT token as a claim in the tag-internal section final JSONObject tagInternal = (JSONObject) claimsSet.getClaim("tag-internal"); tagInternal.put("inner-jwt", inner); return super.signJWT(new Payload(claimsSet.toJSONObject()), profile.getExternalKeyAlgorithm(), externalKey, isRefreshToken, Jwt.CTY.EMBEDDED.getValue()); } }
"Successfully generated a refresh token with JTI {0}, key={1}, content-type={2}", jwtClaimsSet.getJWTID(), key, contentType); return new TokenWithMeta(token, key.getName(), jwtClaimsSet); "Successfully generated a access token with JTI {0}, key={1}, content-type={2}", jwtClaimsSet.getJWTID(), key, contentType); return new TokenWithMeta(token, key.getName(), jwtClaimsSet);