public static boolean isGrantSupportedForClient(Client client, boolean canSupportPublicClients, String grantType) { if (grantType == null || !client.isConfidential() && !canSupportPublicClients) { return false; } List<String> allowedGrants = client.getAllowedGrantTypes(); return allowedGrants.isEmpty() || allowedGrants.contains(grantType); }
protected boolean isValidPublicClient(Client client, String clientId) { return canSupportPublicClients && !client.isConfidential() && client.getClientSecret() == null; }
private static Client checkClient(Client c) { if (!c.isConfidential()) { throw new OAuthServiceException("Public clients can not keep a MAC secret"); } return c; } }
protected boolean isValidPublicClient(Client client, String clientId) { return canSupportPublicClients && !client.isConfidential() && client.getClientSecret() == null; }
@Override protected boolean canSupportPublicClient(Client c) { return canSupportPublicClients && !c.isConfidential() && c.getClientSecret() == null; }
public static boolean isGrantSupportedForClient(Client client, boolean canSupportPublicClients, String grantType) { if (grantType == null || !client.isConfidential() && !canSupportPublicClients) { return false; } List<String> allowedGrants = client.getAllowedGrantTypes(); return allowedGrants.isEmpty() || allowedGrants.contains(grantType); }
private static Client checkClient(Client c) { if (!c.isConfidential()) { throw new OAuthServiceException("Public clients can not keep a MAC secret"); } return c; } }
private boolean compareCodeVerifierWithChallenge(Client c, String clientCodeVerifier, String clientCodeChallenge) { if (clientCodeChallenge == null && clientCodeVerifier == null && (c.isConfidential() || !expectCodeVerifierForPublicClients)) { return true; } else if (clientCodeChallenge != null && clientCodeVerifier == null || clientCodeChallenge == null && clientCodeVerifier != null) { return false; } else { String transformedCodeVerifier = codeVerifierTransformer == null ? clientCodeVerifier : codeVerifierTransformer.transformCodeVerifier(clientCodeVerifier); return clientCodeChallenge.equals(transformedCodeVerifier); } }
@Override protected boolean canSupportPublicClient(Client c) { return canSupportPublicClients && !c.isConfidential() && c.getClientSecret() == null; }
private boolean compareCodeVerifierWithChallenge(Client c, String clientCodeVerifier, String clientCodeChallenge) { if (clientCodeChallenge == null && clientCodeVerifier == null && (c.isConfidential() || !expectCodeVerifierForPublicClients)) { return true; } else if (clientCodeChallenge != null && clientCodeVerifier == null || clientCodeChallenge == null && clientCodeVerifier != null) { return false; } else { String transformedCodeVerifier = codeVerifierTransformer == null ? clientCodeVerifier : codeVerifierTransformer.transformCodeVerifier(clientCodeVerifier); return clientCodeChallenge.equals(transformedCodeVerifier); } }
@Override protected boolean canRedirectUriBeEmpty(Client c) { // If a redirect URI is empty then the code will be returned out of band, // typically will be returned directly to a human user return (c.isConfidential() && canSupportEmptyRedirectForPrivateClients || canSupportPublicClient(c)) && c.getRedirectUris().isEmpty(); }
@Override protected boolean canRedirectUriBeEmpty(Client c) { // If a redirect URI is empty then the code will be returned out of band, // typically will be returned directly to a human user return (c.isConfidential() && canSupportEmptyRedirectForPrivateClients || canSupportPublicClient(c)) && c.getRedirectUris().isEmpty(); }
protected Client getAndValidateClientFromIdAndSecret(String clientId, String providedClientSecret, MultivaluedMap<String, String> params) { Client client = getClient(clientId, providedClientSecret, params); if (!client.getClientId().equals(clientId)) { reportInvalidClient(); } if (!client.isConfidential() || !isConfidenatialClientSecretValid(client, providedClientSecret)) { reportInvalidClient(); } return client; } protected boolean isConfidenatialClientSecretValid(Client client, String providedClientSecret) {
public ServerAccessToken createAccessToken(Client client, MultivaluedMap<String, String> params) throws OAuthServiceException { if (!client.isConfidential()) { throw new OAuthServiceException(new OAuthError(OAuthConstants.INVALID_CLIENT)); } ServerAccessToken at = doCreateAccessToken(client, client.getSubject(), params); if (at.getRefreshToken() != null) { LOG.warning("Client credentials grant tokens SHOULD not have refresh tokens"); } return at; }
protected Client getAndValidateClientFromIdAndSecret(String clientId, String providedClientSecret, MultivaluedMap<String, String> params) { Client client = getClient(clientId, providedClientSecret, params); if (!client.getClientId().equals(clientId)) { reportInvalidClient(); } if (!client.isConfidential() || !isConfidenatialClientSecretValid(client, providedClientSecret)) { reportInvalidClient(); } return client; } protected boolean isConfidenatialClientSecretValid(Client client, String providedClientSecret) {
public ServerAccessToken createAccessToken(Client client, MultivaluedMap<String, String> params) throws OAuthServiceException { if (!client.isConfidential()) { throw new OAuthServiceException(new OAuthError(OAuthConstants.INVALID_CLIENT)); } ServerAccessToken at = doCreateAccessToken(client, client.getSubject(), params); if (at.getRefreshToken() != null) { LOG.warning("Client credentials grant tokens SHOULD not have refresh tokens"); } return at; }
reg.setClientName(c.getApplicationName()); reg.setGrantTypes(c.getAllowedGrantTypes()); reg.setApplicationType(c.isConfidential() ? "web" : "native"); if (!c.getRedirectUris().isEmpty()) { reg.setRedirectUris(c.getRedirectUris());
reg.setClientName(c.getApplicationName()); reg.setGrantTypes(c.getAllowedGrantTypes()); reg.setApplicationType(c.isConfidential() ? "web" : "native"); if (!c.getRedirectUris().isEmpty()) { reg.setRedirectUris(c.getRedirectUris());
public AccessTokenValidation(ServerAccessToken token) { this.clientId = token.getClient().getClientId(); this.clientSubject = token.getClient().getSubject(); this.isClientConfidential = token.getClient().isConfidential(); this.clientIpAddress = token.getClient().getClientIpAddress(); this.tokenKey = token.getTokenKey(); this.tokenType = token.getTokenType(); this.tokenGrantType = token.getGrantType(); this.tokenIssuedAt = token.getIssuedAt(); this.tokenLifetime = token.getExpiresIn(); this.tokenNotBefore = token.getNotBefore(); this.tokenIssuer = token.getIssuer(); this.tokenSubject = token.getSubject(); this.tokenScopes = token.getScopes(); this.audiences = token.getAudiences(); this.clientCodeVerifier = token.getClientCodeVerifier(); this.extraProps.putAll(token.getExtraProperties()); }
public AccessTokenValidation(ServerAccessToken token) { this.clientId = token.getClient().getClientId(); this.clientSubject = token.getClient().getSubject(); this.isClientConfidential = token.getClient().isConfidential(); this.clientIpAddress = token.getClient().getClientIpAddress(); this.tokenKey = token.getTokenKey(); this.tokenType = token.getTokenType(); this.tokenGrantType = token.getGrantType(); this.tokenIssuedAt = token.getIssuedAt(); this.tokenLifetime = token.getExpiresIn(); this.tokenNotBefore = token.getNotBefore(); this.tokenIssuer = token.getIssuer(); this.tokenSubject = token.getSubject(); this.tokenScopes = token.getScopes(); this.audiences = token.getAudiences(); this.clientCodeVerifier = token.getClientCodeVerifier(); this.extraProps.putAll(token.getExtraProperties()); }