@Override public String generateState(Value<String> clientSecret, String sessionId) { if (OAUTH.is("stateless")) { return "OK"; } String rnd = Rnd.rndStr(10); String hash = Crypto.sha512(clientSecret.get() + rnd); return rnd + "_" + hash; }
@SuppressWarnings("unchecked") @Override public Object call(Method m, Object[] args) { U.must(!config.isEmpty(), "Cannot find configuration for the REST client interface: %s", clientInterface.getSimpleName()); Config cfg = config.sub(m.getName()); String verb = verbOf(cfg); String url = cfg.entry(verb).str().get(); U.must(!U.isEmpty(verb), "The [verb: url] entry is not configured for the method: %s", m); U.must(!U.isEmpty(url), "Cannot find 'url' configuration for the method: %s", m); Class<Object> retType = (Class<Object>) m.getReturnType(); Class<?>[] paramTypes = m.getParameterTypes(); Class<?> lastParamType = U.last(paramTypes); if (lastParamType != null && Callback.class.isAssignableFrom(lastParamType)) { // async result with callback U.must(retType.equals(void.class) || Future.class.isAssignableFrom(retType) || org.rapidoid.concurrent.Future.class.isAssignableFrom(retType)); Callback<Object> callback = (Callback<Object>) U.last(args); U.notNull(callback, "callback"); args = Arr.sub(args, 0, -1); String realUrl = String.format(url, args); OfType ofType = Metadata.get(U.last(m.getParameterAnnotations()), OfType.class); Class<Object> resultType = (Class<Object>) (ofType != null ? ofType.value() : Object.class); return REST.call(verb, realUrl, resultType, callback); } else { String realUrl = String.format(url, args); return REST.call(verb, realUrl, retType); } }
public static String getLoginURL(Req req, OAuthProvider provider, String oauthDomain) { if (OAUTH.isEmpty()) { Log.warn("OAuth is not configured!"); } String name = provider.getName().toLowerCase(); Config providerConfig = OAUTH.sub(name); Value<String> clientId = providerConfig.entry("clientId").str(); Value<String> clientSecret = providerConfig.entry("clientSecret").str(); String callbackPath = Msc.specialUri(name + "OauthCallback"); boolean popup = req.param("popup", null) != null; String redirectUrl = U.notEmpty(oauthDomain) ? oauthDomain + callbackPath : HttpUtils.constructUrl(req, callbackPath); String statePrefix = popup ? "P" : "N"; String state = statePrefix + STATE_CHECK.generateState(clientSecret, req.sessionId()); try { OAuthClientRequest request = OAuthClientRequest.authorizationLocation(provider.getAuthEndpoint()) .setClientId(clientId.str().get()).setRedirectURI(redirectUrl).setScope(provider.getEmailScope()) .setState(state).setResponseType("code").buildQueryMessage(); return request.getLocationUri(); } catch (OAuthSystemException e) { throw U.rte(e); } }