private static View buildCallbackViewViaRedirectUri(final J2EContext context, final String clientId, final Authentication authentication, final OAuthCode code) { val attributes = authentication.getAttributes(); val state = attributes.get(OAuth20Constants.STATE).toString(); val nonce = attributes.get(OAuth20Constants.NONCE).toString(); val redirectUri = context.getRequestParameter(OAuth20Constants.REDIRECT_URI); LOGGER.debug("Authorize request verification successful for client [{}] with redirect uri [{}]", clientId, redirectUri); var callbackUrl = redirectUri; callbackUrl = CommonHelper.addParameter(callbackUrl, OAuth20Constants.CODE, code.getId()); if (StringUtils.isNotBlank(state)) { callbackUrl = CommonHelper.addParameter(callbackUrl, OAuth20Constants.STATE, state); } if (StringUtils.isNotBlank(nonce)) { callbackUrl = CommonHelper.addParameter(callbackUrl, OAuth20Constants.NONCE, nonce); } LOGGER.debug("Redirecting to URL [{}]", callbackUrl); return new RedirectView(callbackUrl); } }
protected HttpAction handleInvalidCredentials(final WebContext context, final String username, String message, String errorMessage) { // it's an AJAX request -> unauthorized (instead of a redirection) if (getAjaxRequestResolver().isAjax(context)) { logger.info("AJAX request detected -> returning 401"); return HttpAction.status(HttpConstants.UNAUTHORIZED, context); } else { String redirectionUrl = CommonHelper.addParameter(this.loginUrl, this.usernameParameter, username); redirectionUrl = CommonHelper.addParameter(redirectionUrl, ERROR_PARAMETER, errorMessage); logger.debug("redirectionUrl: {}", redirectionUrl); return HttpAction.redirect(context, redirectionUrl); } }
@Override public String getProfileUrl(final OAuth2AccessToken accessToken, final OAuth20Configuration configuration) { if (accessToken instanceof WeiboToken) { return CommonHelper.addParameter("https://api.weibo.com/2/users/show.json", "uid", ((WeiboToken) accessToken).getUid()); } else throw new OAuthException("Token in getProfileUrl is not an WeiboToken"); }
/** * The code in this method is based on this blog post: * https://www.sammyk.me/the-single-most-important-way-to-make-your-facebook-app-more-secure * and this answer: https://stackoverflow.com/questions/7124735/hmac-sha256-algorithm-for-signature-calculation * * @param url the URL to which we're adding the proof * @param token the application token we pass back and forth * @param configuration the current configuration * @return URL with the appsecret_proof parameter added */ public String computeAppSecretProof(final String url, final OAuth2AccessToken token, final FacebookConfiguration configuration) { try { Mac sha256_HMAC = Mac.getInstance("HmacSHA256"); SecretKeySpec secret_key = new SecretKeySpec(configuration.getSecret().getBytes(StandardCharsets.UTF_8), "HmacSHA256"); sha256_HMAC.init(secret_key); String proof = org.apache.commons.codec.binary.Hex.encodeHexString(sha256_HMAC.doFinal(token.getAccessToken() .getBytes(StandardCharsets.UTF_8))); final String computedUrl = CommonHelper.addParameter(url, APPSECRET_PARAMETER, proof); return computedUrl; } catch (final InvalidKeyException | NoSuchAlgorithmException e) { throw new TechnicalException("Unable to compute appsecret_proof", e); } }
/** * Adds the token to the URL in question. If we require appsecret_proof, then this method * will also add the appsecret_proof parameter to the URL, as Facebook expects. * * @param url the URL to modify * @param accessToken the token we're passing back and forth * @return url with additional parameter(s) */ protected String addExchangeToken(final String url, final OAuth2AccessToken accessToken) { final FacebookProfileDefinition profileDefinition = (FacebookProfileDefinition) configuration.getProfileDefinition(); final FacebookConfiguration facebookConfiguration = (FacebookConfiguration) configuration; String computedUrl = url; if (facebookConfiguration.isUseAppsecretProof()) { computedUrl = profileDefinition.computeAppSecretProof(computedUrl, accessToken, facebookConfiguration); } return CommonHelper.addParameter(computedUrl, EXCHANGE_TOKEN_PARAMETER, accessToken.getAccessToken()); } }
addAccessTokenToProfile(profile, accessToken); if (profile != null && facebookConfiguration.isRequiresExtendedToken()) { String url = CommonHelper.addParameter(EXCHANGE_TOKEN_URL, OAuthConstants.CLIENT_ID, configuration.getKey()); url = CommonHelper.addParameter(url, OAuthConstants.CLIENT_SECRET, configuration.getSecret()); url = addExchangeToken(url, accessToken); final OAuthRequest request = createOAuthRequest(url, Verb.GET);
pac4jCallbackUrl = CommonHelper.addParameter(pac4jCallbackUrl, PAC4J_CALLBACK_PARAMETER, "true");
pac4jCallbackUrl = CommonHelper.addParameter(pac4jCallbackUrl, PAC4J_CALLBACK_PARAMETER, "true");
@Override public QQProfile retrieveUserProfileFromToken(WebContext context, OAuth2AccessToken accessToken) { QQProfileDefinition profileDefinition = (QQProfileDefinition) configuration.getProfileDefinition(); String openidUrl = profileDefinition.getOpenidUrl(accessToken, configuration); final OAuth20Service service = this.configuration.buildService(context, client, null); String body = sendRequestForData(service, accessToken, openidUrl, Verb.GET); String openid = profileDefinition.extractOpenid(body); String profileUrl = profileDefinition.getProfileUrl(accessToken, configuration); profileUrl = CommonHelper.addParameter(profileUrl, "openid", openid); profileUrl = CommonHelper.addParameter(profileUrl, "oauth_consumer_key", configuration.getKey()); body = sendRequestForData(service, accessToken, profileUrl, Verb.GET); if (body == null) { throw new HttpCommunicationException("Not data found for accessToken: " + accessToken); } final QQProfile profile = profileDefinition.extractUserProfile(body); addAccessTokenToProfile(profile, accessToken); profile.setId(openid); return profile; } }
private MetadataResolver prepareServiceProviderMetadata() { try { final SAML2MetadataGenerator metadataGenerator = new SAML2MetadataGenerator(); metadataGenerator.setWantAssertionSigned(configuration.isWantsAssertionsSigned()); metadataGenerator.setAuthnRequestSigned(configuration.isAuthnRequestSigned()); metadataGenerator.setNameIdPolicyFormat(configuration.getNameIdPolicyFormat()); metadataGenerator.setRequestedAttributes(configuration.getRequestedServiceProviderAttributes()); metadataGenerator.setCredentialProvider(this.credentialProvider); metadataGenerator.setEntityId(configuration.getServiceProviderEntityId()); metadataGenerator.setRequestInitiatorLocation(callbackUrl); // Assertion consumer service url is the callback URL metadataGenerator.setAssertionConsumerServiceUrl(callbackUrl); final String logoutUrl = CommonHelper.addParameter(callbackUrl, LOGOUT_ENDPOINT_PARAMETER, "true"); // the logout URL is callback URL with an extra parameter metadataGenerator.setSingleLogoutServiceUrl(logoutUrl); // Initialize metadata provider for our SP and get the XML as a String final EntityDescriptor entity = metadataGenerator.buildEntityDescriptor(); final String tempMetadata = metadataGenerator.getMetadata(entity); this.spMetadata = tempMetadata; writeServiceProviderMetadataToResource(tempMetadata); return metadataGenerator.buildMetadataResolver(configuration.getServiceProviderMetadataResource()); } catch (final Exception e) { throw new TechnicalException("Unable to generate metadata for service provider", e); } }