/** * Get the auth time out of the current session and add it to the * auth request in the extensions map. * * @param authorizationRequest */ private void setAuthTime(AuthorizationRequest authorizationRequest) { // Get the session auth time, if we have it, and store it in the request ServletRequestAttributes attr = (ServletRequestAttributes) RequestContextHolder.currentRequestAttributes(); if (attr != null) { HttpSession session = attr.getRequest().getSession(); if (session != null) { Date authTime = (Date) session.getAttribute(AuthenticationTimeStamper.AUTH_TIMESTAMP); if (authTime != null) { String authTimeString = Long.toString(authTime.getTime()); authorizationRequest.getExtensions().put(AuthenticationTimeStamper.AUTH_TIMESTAMP, authTimeString); } } } }
request.getExtensions().put(PROMPT, inputParams.get(PROMPT)); request.getExtensions().put(NONCE, inputParams.get(NONCE)); JsonObject claimsRequest = parseClaimRequest(inputParams.get(CLAIMS)); if (claimsRequest != null) { request.getExtensions().put(CLAIMS, claimsRequest.toString()); request.getExtensions().put(MAX_AGE, inputParams.get(MAX_AGE)); request.getExtensions().put(LOGIN_HINT, inputParams.get(LOGIN_HINT)); request.getExtensions().put(AUD, inputParams.get(AUD)); request.getExtensions().put(CODE_CHALLENGE, inputParams.get(CODE_CHALLENGE)); if (inputParams.containsKey(CODE_CHALLENGE_METHOD)) { request.getExtensions().put(CODE_CHALLENGE_METHOD, inputParams.get(CODE_CHALLENGE_METHOD)); } else { request.getExtensions().put(CODE_CHALLENGE_METHOD, PKCEAlgorithm.plain.getName()); request.getExtensions().put(REQUEST, inputParams.get(REQUEST)); processRequestObject(inputParams.get(REQUEST), request); if (request.getExtensions().get(MAX_AGE) == null && client.getDefaultMaxAge() != null) { request.getExtensions().put(MAX_AGE, client.getDefaultMaxAge().toString());
String loginHint = loginHintExtracter.extractHint((String) authRequest.getExtensions().get(LOGIN_HINT)); if (!Strings.isNullOrEmpty(loginHint)) { session.setAttribute(LOGIN_HINT, loginHint); if (authRequest.getExtensions().get(PROMPT) != null) { String prompt = (String)authRequest.getExtensions().get(PROMPT); List<String> prompts = Splitter.on(PROMPT_SEPARATOR).splitToList(Strings.nullToEmpty(prompt)); } else if (authRequest.getExtensions().get(MAX_AGE) != null || (client != null && client.getDefaultMaxAge() != null)) { String maxAge = (String) authRequest.getExtensions().get(MAX_AGE); if (maxAge != null) { max = Integer.parseInt(maxAge);
authorizationRequest.getExtensions().put(APPROVED_SITE, newSiteId);
String prompt = (String)authRequest.getExtensions().get(PROMPT); List<String> prompts = Splitter.on(PROMPT_SEPARATOR).splitToList(Strings.nullToEmpty(prompt)); ClientDetailsEntity client = null;
String prompt = (String) authorizationRequest.getExtensions().get(PROMPT); List<String> prompts = Splitter.on(PROMPT_SEPARATOR).splitToList(Strings.nullToEmpty(prompt)); if (!prompts.contains(PROMPT_CONSENT)) { authorizationRequest.getExtensions().put(APPROVED_SITE, apId); authorizationRequest.setApproved(true); alreadyApproved = true;
public OAuth2Request createOAuth2Request() { return new OAuth2Request(getRequestParameters(), getClientId(), getAuthorities(), isApproved(), getScope(), getResourceIds(), getRedirectUri(), getResponseTypes(), getExtensions()); }
if (!nonce.equals(request.getExtensions().get(NONCE))) { logger.info("Mismatch between request object and regular parameter for nonce, using request object"); request.getExtensions().put(NONCE, nonce); if (!display.equals(request.getExtensions().get(DISPLAY))) { logger.info("Mismatch between request object and regular parameter for display, using request object"); request.getExtensions().put(DISPLAY, display); if (!prompt.equals(request.getExtensions().get(PROMPT))) { logger.info("Mismatch between request object and regular parameter for prompt, using request object"); request.getExtensions().put(PROMPT, prompt); Serializable claimExtension = request.getExtensions().get(CLAIMS); if (claimExtension == null || !claimRequest.equals(parseClaimRequest(claimExtension.toString()))) { logger.info("Mismatch between request object and regular parameter for claims, using request object"); request.getExtensions().put(CLAIMS, claimRequest.toString()); if (!loginHint.equals(request.getExtensions().get(LOGIN_HINT))) { logger.info("Mistmatch between request object and regular parameter for login_hint, using requst object"); request.getExtensions().put(LOGIN_HINT, loginHint);
/** * Gets nonce. * * @return the nonce */ public String getNonce() { return (String) authorizationRequest.getExtensions().get(ConnectRequestParameters.NONCE); }
/** * Gets login hint. * * @return the login hint */ public Object getLoginHint() { return authorizationRequest.getExtensions().get(ConnectRequestParameters.LOGIN_HINT); }
/** * Gets max age. * * @return the max age */ public String getMaxAge() { return (String) authorizationRequest.getExtensions().get(ConnectRequestParameters.MAX_AGE); }
@Override public void validateScope(AuthorizationRequest authorizationRequest, ClientDetails client) throws InvalidScopeException { super.validateScope(authorizationRequest, client); if (authorizationRequest.getExtensions().get("invalid_launch") != null) { throw new InvalidScopeException((String)authorizationRequest.getExtensions().get("invalid_launch")); } }
/** * Store authentication time into authorization request. * * @param authentication the authentication * @param authRequest the auth request */ private static void storeAuthenticationTimeIntoAuthorizationRequest(final Authentication authentication, final AuthorizationRequest authRequest) { authRequest.getExtensions().put(OIDCConstants.AUTH_TIME, ((SpringSecurityAuthenticationToken) authentication).getAuthenticationDateTime().getMillis()); }
@Override public AuthorizationRequest createAuthorizationRequest(final Map<String, String> inputParams) { final AuthorizationRequest request = super.createAuthorizationRequest(inputParams); if (inputParams.containsKey(OIDCConstants.ACR_VALUES)) { try { log.debug("Authorization request contains {}. Decoding and storing values into the request", OIDCConstants.ACR_VALUES); request.getExtensions().put(OIDCConstants.ACR_VALUES, URLDecoder.decode(inputParams.get(OIDCConstants.ACR_VALUES), "UTF-8")); } catch (final Exception e) { log.warn("Unable to decode acr_values in the authorization request", e); } } return request; } }
@Override public AuthorizationRequest createAuthorizationRequest(Map<String, String> inputParams) { AuthorizationRequest ret = super.createAuthorizationRequest(inputParams); String aud = ret.getRequestParameters().get("aud"); if (!fhirService.equals(aud)) { ret.getExtensions().put("invalid_launch", "Incorrect service URL (aud): " + aud); } return ret; } }
/** * Get the auth time out of the current session and add it to the * auth request in the extensions map. * * @param authorizationRequest */ private void setAuthTime(AuthorizationRequest authorizationRequest) { // Get the session auth time, if we have it, and store it in the request ServletRequestAttributes attr = (ServletRequestAttributes) RequestContextHolder.currentRequestAttributes(); if (attr != null) { HttpSession session = attr.getRequest().getSession(); if (session != null) { Date authTime = (Date) session.getAttribute(AuthenticationTimeStamper.AUTH_TIMESTAMP); if (authTime != null) { String authTimeString = Long.toString(authTime.getTime()); authorizationRequest.getExtensions().put(AuthenticationTimeStamper.AUTH_TIMESTAMP, authTimeString); } } } }
/** * Process requested acr values if any. * * @param authorizationRequest the authorization request * @param principals the principals */ private void processRequestedAcrValuesIfAny(final AuthorizationRequest authorizationRequest, final List<Principal> principals) { if (authorizationRequest.getExtensions().containsKey(OIDCConstants.ACR_VALUES)) { final String[] acrValues = authorizationRequest.getExtensions() .get(OIDCConstants.ACR_VALUES).toString().split(" "); for (final String acrValue : acrValues) { final AuthnContextClassRefPrincipal requestedPrincipal = new AuthnContextClassRefPrincipal(acrValue.trim()); for (final AuthenticationFlowDescriptor flow : this.availableAuthenticationFlows) { if (!principals.contains(requestedPrincipal) && flow.getSupportedPrincipals().contains(requestedPrincipal)) { principals.add(requestedPrincipal); } } } } }
@Override public String toString() { return MoreObjects.toStringHelper(this) .add("authorizationRequestClientId", authorizationRequest.getClientId()) .add("authorizationRequestRedirectUri", authorizationRequest.getRedirectUri()) .add("authorizationRequestRequestParameters", authorizationRequest.getRequestParameters()) .add("authorizationRequestExtensions", authorizationRequest.getExtensions().values()) .add("authorizationRequestScope", authorizationRequest.getScope()) .add("authorizationRequestState", authorizationRequest.getState()) .add("authorizationRequestResponseTypes", authorizationRequest.getResponseTypes()) .toString(); }
final String prompt = (String) authorizationRequest.getExtensions().get(ConnectRequestParameters.PROMPT); if (prompt != null) { log.debug("Authorization request contains prompt {}", prompt);
public OAuth2Request createOAuth2Request() { return new OAuth2Request(getRequestParameters(), getClientId(), getAuthorities(), isApproved(), getScope(), getResourceIds(), getRedirectUri(), getResponseTypes(), getExtensions()); }