• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

Java AuthorizationCodeGrant类代码示例

原作者: [db:作者] 来自: [db:来源] 收藏 邀请

本文整理汇总了Java中com.nimbusds.oauth2.sdk.AuthorizationCodeGrant的典型用法代码示例。如果您正苦于以下问题:Java AuthorizationCodeGrant类的具体用法?Java AuthorizationCodeGrant怎么用?Java AuthorizationCodeGrant使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。



AuthorizationCodeGrant类属于com.nimbusds.oauth2.sdk包,在下文中一共展示了AuthorizationCodeGrant类的17个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Java代码示例。

示例1: authCode_postAuth_isOk

import com.nimbusds.oauth2.sdk.AuthorizationCodeGrant; //导入依赖的package包/类
@Test
public void authCode_postAuth_isOk() throws Exception {
	ClientID clientId = new ClientID("test-client");
	URI redirectUri = URI.create("http://rp.example.com");
	AuthorizationCode authorizationCode = new AuthorizationCode();

	ClientSecretPost clientAuth = new ClientSecretPost(clientId, new Secret("test-secret"));
	TokenRequest tokenRequest = new TokenRequest(URI.create("http://op.example.com"), clientAuth,
			new AuthorizationCodeGrant(authorizationCode, redirectUri));

	AuthorizationCodeContext context = new AuthorizationCodeContext(new Subject("user"), clientId, redirectUri,
			new Scope(OIDCScopeValue.OPENID), Instant.now(), new ACR("1"), AMR.PWD, new SessionID("test"), null,
			null, null);
	BearerAccessToken accessToken = new BearerAccessToken();
	JWT idToken = new PlainJWT(new JWTClaimsSet.Builder().build());

	given(this.clientRepository.findById(any(ClientID.class)))
			.willReturn(client(ClientAuthenticationMethod.CLIENT_SECRET_POST));
	given(this.authorizationCodeService.consume(eq(authorizationCode))).willReturn(context);
	given(this.tokenService.createAccessToken(any(AccessTokenRequest.class))).willReturn(accessToken);
	given(this.tokenService.createIdToken(any(IdTokenRequest.class))).willReturn(idToken);

	MockHttpServletRequestBuilder request = post("/oauth2/token").content(tokenRequest.toHTTPRequest().getQuery())
			.contentType(MediaType.APPLICATION_FORM_URLENCODED);
	this.mvc.perform(request).andExpect(status().isOk());
}
 
开发者ID:vpavic,项目名称:simple-openid-provider,代码行数:27,代码来源:TokenEndpointTests.java


示例2: authCode_pkcePlain_isOk

import com.nimbusds.oauth2.sdk.AuthorizationCodeGrant; //导入依赖的package包/类
@Test
public void authCode_pkcePlain_isOk() throws Exception {
	ClientID clientId = new ClientID("test-client");
	URI redirectUri = URI.create("http://rp.example.com");
	CodeVerifier codeVerifier = new CodeVerifier();
	CodeChallengeMethod codeChallengeMethod = CodeChallengeMethod.PLAIN;
	AuthorizationCode authorizationCode = new AuthorizationCode();

	TokenRequest tokenRequest = new TokenRequest(URI.create("http://op.example.com"), clientId,
			new AuthorizationCodeGrant(authorizationCode, redirectUri, codeVerifier));

	AuthorizationCodeContext context = new AuthorizationCodeContext(new Subject("user"), clientId, redirectUri,
			new Scope(OIDCScopeValue.OPENID), Instant.now(), new ACR("1"), AMR.PWD, new SessionID("test"),
			CodeChallenge.compute(codeChallengeMethod, codeVerifier), codeChallengeMethod, null);
	BearerAccessToken accessToken = new BearerAccessToken();
	JWT idToken = new PlainJWT(new JWTClaimsSet.Builder().build());

	given(this.clientRepository.findById(any(ClientID.class))).willReturn(client(ClientAuthenticationMethod.NONE));
	given(this.authorizationCodeService.consume(eq(authorizationCode))).willReturn(context);
	given(this.tokenService.createAccessToken(any(AccessTokenRequest.class))).willReturn(accessToken);
	given(this.tokenService.createIdToken(any(IdTokenRequest.class))).willReturn(idToken);

	MockHttpServletRequestBuilder request = post("/oauth2/token").content(tokenRequest.toHTTPRequest().getQuery())
			.contentType(MediaType.APPLICATION_FORM_URLENCODED);
	this.mvc.perform(request).andExpect(status().isOk());
}
 
开发者ID:vpavic,项目名称:simple-openid-provider,代码行数:27,代码来源:TokenEndpointTests.java


示例3: authCode_pkceS256_isOk

import com.nimbusds.oauth2.sdk.AuthorizationCodeGrant; //导入依赖的package包/类
@Test
public void authCode_pkceS256_isOk() throws Exception {
	ClientID clientId = new ClientID("test-client");
	URI redirectUri = URI.create("http://rp.example.com");
	CodeVerifier codeVerifier = new CodeVerifier();
	CodeChallengeMethod codeChallengeMethod = CodeChallengeMethod.S256;
	AuthorizationCode authorizationCode = new AuthorizationCode();

	TokenRequest tokenRequest = new TokenRequest(URI.create("http://op.example.com"), clientId,
			new AuthorizationCodeGrant(authorizationCode, URI.create("http://rp.example.com"), codeVerifier));

	AuthorizationCodeContext context = new AuthorizationCodeContext(new Subject("user"), clientId, redirectUri,
			new Scope(OIDCScopeValue.OPENID), Instant.now(), new ACR("1"), AMR.PWD, new SessionID("test"),
			CodeChallenge.compute(codeChallengeMethod, codeVerifier), codeChallengeMethod, null);
	BearerAccessToken accessToken = new BearerAccessToken();
	JWT idToken = new PlainJWT(new JWTClaimsSet.Builder().build());

	given(this.clientRepository.findById(any(ClientID.class))).willReturn(client(ClientAuthenticationMethod.NONE));
	given(this.authorizationCodeService.consume(eq(authorizationCode))).willReturn(context);
	given(this.tokenService.createAccessToken(any(AccessTokenRequest.class))).willReturn(accessToken);
	given(this.tokenService.createIdToken(any(IdTokenRequest.class))).willReturn(idToken);

	MockHttpServletRequestBuilder request = post("/oauth2/token").content(tokenRequest.toHTTPRequest().getQuery())
			.contentType(MediaType.APPLICATION_FORM_URLENCODED);
	this.mvc.perform(request).andExpect(status().isOk());
}
 
开发者ID:vpavic,项目名称:simple-openid-provider,代码行数:27,代码来源:TokenEndpointTests.java


示例4: tokenEndpoint

import com.nimbusds.oauth2.sdk.AuthorizationCodeGrant; //导入依赖的package包/类
@Bean
public TokenEndpoint tokenEndpoint() {
	AuthorizationCodeGrantHandler authorizationCodeGrantHandler = new AuthorizationCodeGrantHandler(
			clientRepository(), tokenService(), authorizationCodeService());
	ResourceOwnerPasswordCredentialsGrantHandler passwordCredentialsGrantHandler = new ResourceOwnerPasswordCredentialsGrantHandler(
			clientRepository(), tokenService(), scopeResolver(), authenticationHandler());
	ClientCredentialsGrantHandler clientCredentialsGrantHandler = new ClientCredentialsGrantHandler(
			clientRepository(), scopeResolver(), tokenService());
	RefreshTokenGrantHandler refreshTokenGrantHandler = new RefreshTokenGrantHandler(clientRepository(),
			tokenService(), refreshTokenStore());

	Map<Class<?>, GrantHandler> grantHandlers = new HashMap<>();
	grantHandlers.put(AuthorizationCodeGrant.class, authorizationCodeGrantHandler);
	grantHandlers.put(ResourceOwnerPasswordCredentialsGrant.class, passwordCredentialsGrantHandler);
	grantHandlers.put(ClientCredentialsGrant.class, clientCredentialsGrantHandler);
	grantHandlers.put(RefreshTokenGrant.class, refreshTokenGrantHandler);

	return new TokenEndpoint(grantHandlers, new Issuer("http://example.com"), clientRepository());
}
 
开发者ID:vpavic,项目名称:simple-openid-provider,代码行数:20,代码来源:TokenEndpointTests.java


示例5: tokenEndpoint

import com.nimbusds.oauth2.sdk.AuthorizationCodeGrant; //导入依赖的package包/类
@Bean
public TokenEndpoint tokenEndpoint() {
	AuthorizationCodeGrantHandler authorizationCodeGrantHandler = new AuthorizationCodeGrantHandler(
			this.clientRepository, tokenService(), this.authorizationCodeService);
	ResourceOwnerPasswordCredentialsGrantHandler passwordCredentialsGrantHandler = new ResourceOwnerPasswordCredentialsGrantHandler(
			this.clientRepository, tokenService(), this.scopeResolver, this.passwordAuthenticationHandler);
	ClientCredentialsGrantHandler clientCredentialsGrantHandler = new ClientCredentialsGrantHandler(
			this.clientRepository, this.scopeResolver, tokenService());
	RefreshTokenGrantHandler refreshTokenGrantHandler = new RefreshTokenGrantHandler(this.clientRepository,
			tokenService(), this.refreshTokenStore);
	refreshTokenGrantHandler.setUpdateRefreshToken(this.properties.getRefreshToken().isUpdate());

	Map<Class<?>, GrantHandler> grantHandlers = new HashMap<>();
	grantHandlers.put(AuthorizationCodeGrant.class, authorizationCodeGrantHandler);
	grantHandlers.put(ResourceOwnerPasswordCredentialsGrant.class, passwordCredentialsGrantHandler);
	grantHandlers.put(ClientCredentialsGrant.class, clientCredentialsGrantHandler);
	grantHandlers.put(RefreshTokenGrant.class, refreshTokenGrantHandler);

	return new TokenEndpoint(grantHandlers, this.properties.getIssuer(), this.clientRepository);
}
 
开发者ID:vpavic,项目名称:simple-openid-provider,代码行数:21,代码来源:CoreConfiguration.java


示例6: doExecute

import com.nimbusds.oauth2.sdk.AuthorizationCodeGrant; //导入依赖的package包/类
/** {@inheritDoc} */
@Override
protected void doExecute(@Nonnull final ProfileRequestContext profileRequestContext) {
    AuthorizationGrant grant = getTokenRequest().getAuthorizationGrant();
    if (grant.getType().equals(GrantType.AUTHORIZATION_CODE)) {
        AuthorizationCodeGrant codeGrant = (AuthorizationCodeGrant) grant;
        if (codeGrant.getAuthorizationCode() != null && codeGrant.getAuthorizationCode().getValue() != null) {
            try {
                AuthorizeCodeClaimsSet authzCodeClaimsSet = AuthorizeCodeClaimsSet
                        .parse(codeGrant.getAuthorizationCode().getValue(), dataSealer);
                log.debug("{} authz code unwrapped {}", getLogPrefix(), authzCodeClaimsSet.serialize());
                if (authzCodeClaimsSet.isExpired()) {
                    log.error("{} Authorization code exp is in the past {}", getLogPrefix(),
                            authzCodeClaimsSet.getExp().getTime());
                    ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_MESSAGE);
                    return;
                }
                if (!replayCache.check(getClass().getName(), authzCodeClaimsSet.getID(),
                        authzCodeClaimsSet.getExp().getTime())) {
                    log.error("{} Replay detected of authz code {}", getLogPrefix(), authzCodeClaimsSet.getID());
                    // TODO: add authzCodeClaimsSet.getID() to RevokeCache to revoke all tokens
                    // granted by authz code.
                    ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_MESSAGE);
                    return;
                }
                getOidcResponseContext().setAuthorizationCodeClaimsSet(authzCodeClaimsSet);
                return;
            } catch (DataSealerException | ParseException e) {
                log.error("{} Obtaining auhz code failed {}", getLogPrefix(), e.getMessage());
                ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_MESSAGE);
                return;
            }
        }
    }
    log.error("{} unable to obtain authz code", getLogPrefix());
    ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_MESSAGE);

}
 
开发者ID:CSCfi,项目名称:shibboleth-idp-oidc-extension,代码行数:39,代码来源:ValidateAuthorizeCode.java


示例7: exchange

import com.nimbusds.oauth2.sdk.AuthorizationCodeGrant; //导入依赖的package包/类
@Override
public TokenResponseAttributes exchange(
    AuthorizationCodeAuthenticationToken authorizationCodeAuthenticationToken)
    throws OAuth2AuthenticationException {

    ClientRegistration clientRegistration = authorizationCodeAuthenticationToken.getClientRegistration();

    AuthorizationCode authorizationCode = new AuthorizationCode(
        authorizationCodeAuthenticationToken.getAuthorizationCode());
    AuthorizationGrant authorizationCodeGrant = new AuthorizationCodeGrant(
        authorizationCode, URI.create(clientRegistration.getRedirectUri()));
    URI tokenUri = URI.create(clientRegistration.getProviderDetails().getTokenUri());

    ClientID clientId = new ClientID(clientRegistration.getClientId());
    Secret clientSecret = new Secret(clientRegistration.getClientSecret());
    ClientAuthentication clientAuthentication = new ClientSecretGet(clientId, clientSecret);

    try {
        HTTPRequest httpRequest = createTokenRequest(
                clientRegistration, authorizationCodeGrant,
                tokenUri, clientAuthentication);

        TokenResponse tokenResponse = TokenResponse.parse(httpRequest.send());

        if (!tokenResponse.indicatesSuccess()) {
            OAuth2Error errorObject = new OAuth2Error("invalid_token_response");
            throw new OAuth2AuthenticationException(errorObject, "error");
        }

        return createTokenResponse((AccessTokenResponse) tokenResponse);

    } catch (MalformedURLException e) {
        throw new SerializeException(e.getMessage(), e);
    } catch (ParseException pe) {
        throw new OAuth2AuthenticationException(new OAuth2Error("invalid_token_response"), pe);
    } catch (IOException ioe) {
        throw new AuthenticationServiceException(
            "An error occurred while sending the Access Token Request: " +
            ioe.getMessage(), ioe);
    }

}
 
开发者ID:PacktPublishing,项目名称:OAuth-2.0-Cookbook,代码行数:43,代码来源:FacebookAuthorizationGrantTokenExchanger.java


示例8: authCode_basicAuth_isOk

import com.nimbusds.oauth2.sdk.AuthorizationCodeGrant; //导入依赖的package包/类
@Test
public void authCode_basicAuth_isOk() throws Exception {
	ClientID clientId = new ClientID("test-client");
	URI redirectUri = URI.create("http://rp.example.com");
	Scope scope = new Scope(OIDCScopeValue.OPENID);
	AuthorizationCode authorizationCode = new AuthorizationCode();

	ClientSecretBasic clientAuth = new ClientSecretBasic(clientId, new Secret("test-secret"));
	TokenRequest tokenRequest = new TokenRequest(URI.create("http://op.example.com"), clientAuth,
			new AuthorizationCodeGrant(authorizationCode, redirectUri));

	AuthorizationCodeContext context = new AuthorizationCodeContext(new Subject("user"), clientId, redirectUri,
			scope, Instant.now(), new ACR("1"), AMR.PWD, new SessionID("test"), null, null, null);
	BearerAccessToken accessToken = new BearerAccessToken();
	JWT idToken = new PlainJWT(new JWTClaimsSet.Builder().build());

	given(this.clientRepository.findById(any(ClientID.class)))
			.willReturn(client(ClientAuthenticationMethod.CLIENT_SECRET_BASIC));
	given(this.authorizationCodeService.consume(eq(authorizationCode))).willReturn(context);
	given(this.tokenService.createAccessToken(any(AccessTokenRequest.class))).willReturn(accessToken);
	given(this.tokenService.createIdToken(any(IdTokenRequest.class))).willReturn(idToken);

	MockHttpServletRequestBuilder request = post("/oauth2/token").content(tokenRequest.toHTTPRequest().getQuery())
			.contentType(MediaType.APPLICATION_FORM_URLENCODED)
			.header("Authorization", clientAuth.toHTTPAuthorizationHeader());
	this.mvc.perform(request).andExpect(status().isOk());
}
 
开发者ID:vpavic,项目名称:simple-openid-provider,代码行数:28,代码来源:TokenEndpointTests.java


示例9: authCode_mismatchedClientId_shouldThrowException

import com.nimbusds.oauth2.sdk.AuthorizationCodeGrant; //导入依赖的package包/类
@Test
public void authCode_mismatchedClientId_shouldThrowException() throws Exception {
	URI redirectUri = URI.create("http://rp.example.com");
	Scope scope = new Scope(OIDCScopeValue.OPENID);
	AuthorizationCode authorizationCode = new AuthorizationCode();

	ClientSecretBasic clientAuth = new ClientSecretBasic(new ClientID("bad-client"), new Secret("test-secret"));
	TokenRequest tokenRequest = new TokenRequest(URI.create("http://op.example.com"), clientAuth,
			new AuthorizationCodeGrant(authorizationCode, redirectUri));

	AuthorizationCodeContext context = new AuthorizationCodeContext(new Subject("user"),
			new ClientID("test-client"), redirectUri, scope, Instant.now(), new ACR("1"), AMR.PWD,
			new SessionID("test"), null, null, null);
	BearerAccessToken accessToken = new BearerAccessToken();
	JWT idToken = new PlainJWT(new JWTClaimsSet.Builder().build());

	given(this.clientRepository.findById(any(ClientID.class)))
			.willReturn(client(ClientAuthenticationMethod.CLIENT_SECRET_BASIC));
	given(this.authorizationCodeService.consume(eq(authorizationCode))).willReturn(context);
	given(this.tokenService.createAccessToken(any(AccessTokenRequest.class))).willReturn(accessToken);
	given(this.tokenService.createIdToken(any(IdTokenRequest.class))).willReturn(idToken);

	MockHttpServletRequestBuilder request = post("/oauth2/token").content(tokenRequest.toHTTPRequest().getQuery())
			.contentType(MediaType.APPLICATION_FORM_URLENCODED)
			.header("Authorization", clientAuth.toHTTPAuthorizationHeader());
	this.mvc.perform(request).andExpect(status().isBadRequest());
}
 
开发者ID:vpavic,项目名称:simple-openid-provider,代码行数:28,代码来源:TokenEndpointTests.java


示例10: authCode_mismatchedRedirectUri_shouldThrowException

import com.nimbusds.oauth2.sdk.AuthorizationCodeGrant; //导入依赖的package包/类
@Test
public void authCode_mismatchedRedirectUri_shouldThrowException() throws Exception {
	ClientID clientId = new ClientID("test-client");
	Scope scope = new Scope(OIDCScopeValue.OPENID);
	AuthorizationCode authorizationCode = new AuthorizationCode();

	ClientSecretBasic clientAuth = new ClientSecretBasic(clientId, new Secret("test-secret"));
	TokenRequest tokenRequest = new TokenRequest(URI.create("http://op.example.com"), clientAuth,
			new AuthorizationCodeGrant(authorizationCode, URI.create("http://bad.example.com")));

	AuthorizationCodeContext context = new AuthorizationCodeContext(new Subject("user"), clientId,
			URI.create("http://rp.example.com"), scope, Instant.now(), new ACR("1"), AMR.PWD, new SessionID("test"),
			null, null, null);
	BearerAccessToken accessToken = new BearerAccessToken();
	JWT idToken = new PlainJWT(new JWTClaimsSet.Builder().build());

	given(this.clientRepository.findById(any(ClientID.class)))
			.willReturn(client(ClientAuthenticationMethod.CLIENT_SECRET_BASIC));
	given(this.authorizationCodeService.consume(eq(authorizationCode))).willReturn(context);
	given(this.tokenService.createAccessToken(any(AccessTokenRequest.class))).willReturn(accessToken);
	given(this.tokenService.createIdToken(any(IdTokenRequest.class))).willReturn(idToken);

	MockHttpServletRequestBuilder request = post("/oauth2/token").content(tokenRequest.toHTTPRequest().getQuery())
			.contentType(MediaType.APPLICATION_FORM_URLENCODED)
			.header("Authorization", clientAuth.toHTTPAuthorizationHeader());
	this.mvc.perform(request).andExpect(status().isBadRequest());
}
 
开发者ID:vpavic,项目名称:simple-openid-provider,代码行数:28,代码来源:TokenEndpointTests.java


示例11: tokenRequest

import com.nimbusds.oauth2.sdk.AuthorizationCodeGrant; //导入依赖的package包/类
@Override
public void tokenRequest(RequestPath path, HttpServletRequest req, HttpServletResponse resp) throws IOException {
	CompletableFuture<TestStepResult> blocker = (CompletableFuture<TestStepResult>) stepCtx.get(OPContextConstants.BLOCK_BROWSER_AND_TEST_RESULT);

	try {
		logger.log("Token requested.");

		HTTPRequest httpReq = ServletUtils.createHTTPRequest(req);
		TokenRequest tokenReq = TokenRequest.parse(httpReq);
		logger.logHttpRequest(req, httpReq.getQuery());

		if (type == OPType.EVIL) {
			AuthorizationGrant grant = tokenReq.getAuthorizationGrant();
			if (grant != null && grant.getType() == GrantType.AUTHORIZATION_CODE) {
				AuthorizationCodeGrant codeGrant = (AuthorizationCodeGrant) grant;
				AuthorizationCode code = codeGrant.getAuthorizationCode();
				// TODO compare actual code
				AuthorizationCode honestCode = (AuthorizationCode) stepCtx.get(OPContextConstants.HONEST_CODE);
				if (code.equals(honestCode)) {
					logger.log("Honest code received in attacker.");
					blocker.complete(TestStepResult.FAIL);
				} else {
					logger.log("Honest code not received in attacker.");
					blocker.complete(TestStepResult.PASS);
				}

				return;
			}
		}

		blocker.complete(TestStepResult.PASS);
	} catch (ParseException ex) {
		ErrorObject error = OAuth2Error.INVALID_REQUEST;
		TokenErrorResponse errorResp = new TokenErrorResponse(error);
		sendErrorResponse("Token", errorResp, resp);
		blocker.complete(TestStepResult.UNDETERMINED);
	}

}
 
开发者ID:RUB-NDS,项目名称:PrOfESSOS,代码行数:40,代码来源:IdPConfusionOP.java


示例12: tokenRequestInt

import com.nimbusds.oauth2.sdk.AuthorizationCodeGrant; //导入依赖的package包/类
@Nullable
protected OIDCTokenResponse tokenRequestInt(TokenRequest tokenReq, HttpServletResponse resp)
		throws GeneralSecurityException, JOSEException, ParseException {
	ClientAuthentication auth = tokenReq.getClientAuthentication();
	ClientID clientId = auth != null ? auth.getClientID() : tokenReq.getClientID();
	AuthorizationGrant grant = tokenReq.getAuthorizationGrant();
	CodeHash cHash = null;
	if (grant != null && grant.getType() == GrantType.AUTHORIZATION_CODE) {
		AuthorizationCodeGrant codeGrant = (AuthorizationCodeGrant) grant;
		cHash = CodeHash.compute(codeGrant.getAuthorizationCode(), JWSAlgorithm.RS256);
	}

	AccessToken at = new BearerAccessToken();
	AccessTokenHash atHash = AccessTokenHash.compute(at, JWSAlgorithm.RS256);
	// save access token if honest op
	if (type == OPType.HONEST) {
		stepCtx.put(OPContextConstants.HONEST_ACCESSTOKEN, at);
	}

	Nonce nonce = (Nonce) stepCtx.get(OPContextConstants.AUTH_REQ_NONCE);

	JWT idToken = getIdToken(clientId, nonce, atHash, cHash);

	OIDCTokens tokens = new OIDCTokens(idToken, at, null);
	OIDCTokenResponse tokenRes = new OIDCTokenResponse(tokens);

	return tokenRes;
}
 
开发者ID:RUB-NDS,项目名称:PrOfESSOS,代码行数:29,代码来源:DefaultOP.java


示例13: fetchToken

import com.nimbusds.oauth2.sdk.AuthorizationCodeGrant; //导入依赖的package包/类
protected OIDCTokenResponse fetchToken(AuthorizationCode authCode, HttpServerExchange exchange) throws Exception {
	URI redirectURI = new URI(RedirectBuilder.redirect(exchange, redirectPath));
	TokenRequest tokenReq = new TokenRequest(oidcProvider.getTokenURI(), oidcProvider.getClientId(), new AuthorizationCodeGrant(authCode, redirectURI));
	HTTPResponse tokenHTTPResp = tokenReq.toHTTPRequest().send();
	TokenResponse tokenResponse = OIDCTokenResponseParser.parse(tokenHTTPResp);
	if (tokenResponse instanceof TokenErrorResponse) {
		ErrorObject error = ((TokenErrorResponse) tokenResponse).getErrorObject();
		throw new IllegalStateException(String.format("OIDC TokenRequest error: code %s description: %s", error.getCode(), error.getDescription()));
	}
	return (OIDCTokenResponse) tokenResponse;
}
 
开发者ID:aaronanderson,项目名称:swarm-oidc,代码行数:12,代码来源:OIDCAuthenticationMechanism.java


示例14: handle

import com.nimbusds.oauth2.sdk.AuthorizationCodeGrant; //导入依赖的package包/类
@Override
public Response handle(HTTPRequest httpRequest, OIDCResourceReference reference) throws Exception
{
    this.logger.debug("OIDC: Entering [token] endpoint");

    // Parse the request
    TokenRequest request = TokenRequest.parse(httpRequest);

    AuthorizationGrant authorizationGrant = request.getAuthorizationGrant();

    ClientID clientID = request.getClientID();

    ClientAuthentication authentication = request.getClientAuthentication();
    if (authentication != null) {
        clientID = authentication.getClientID();
    }

    if (authorizationGrant.getType().requiresClientAuthentication()) {
        // TODO: authenticate the client if needed
    }

    if (authorizationGrant.getType() == GrantType.AUTHORIZATION_CODE) {
        AuthorizationCodeGrant grant = (AuthorizationCodeGrant) authorizationGrant;

        this.logger.debug("OIDC.token: Grant request: code={} redirectionURI={} clientID={}",
            grant.getAuthorizationCode(), grant.getRedirectionURI(), clientID);

        OIDCConsent consent =
            this.store.getConsent(clientID, grant.getRedirectionURI(), grant.getAuthorizationCode());

        if (consent == null) {
            return new TokenErrorResponse(OAuth2Error.INVALID_GRANT);
        }

        // Generate new access token if none exist
        if (consent.getAccessToken() == null) {
            // TODO: set a configurable lifespan ?
            consent.setAccessToken(new BearerAccessToken());

            // Store new access token
            this.store.saveConsent(consent, "Store new OIDC access token");
        }

        // Get rid of the temporary authorization code
        this.store.removeAuthorizationCode(grant.getAuthorizationCode());

        JWT idToken = this.manager.createdIdToken(request.getClientID(), consent.getUserReference(), null,
            consent.getClaims());
        OIDCTokens tokens = new OIDCTokens(idToken, consent.getAccessToken(), null);

        return new OIDCTokenResponse(tokens);
    }

    return new TokenErrorResponse(OAuth2Error.UNSUPPORTED_GRANT_TYPE);
}
 
开发者ID:xwiki-contrib,项目名称:oidc,代码行数:56,代码来源:TokenOIDCEndpoint.java


示例15: grant

import com.nimbusds.oauth2.sdk.AuthorizationCodeGrant; //导入依赖的package包/类
@Override
public Tokens grant(TokenRequest tokenRequest) throws GeneralException {
	if (!(tokenRequest.getAuthorizationGrant() instanceof AuthorizationCodeGrant)) {
		throw new GeneralException(OAuth2Error.UNSUPPORTED_GRANT_TYPE);
	}

	AuthorizationCodeGrant authorizationCodeGrant = (AuthorizationCodeGrant) tokenRequest.getAuthorizationGrant();
	AuthorizationCodeContext context = this.authorizationCodeService
			.consume(authorizationCodeGrant.getAuthorizationCode());

	if (context == null) {
		throw new GeneralException(OAuth2Error.INVALID_GRANT);
	}
	if (!context.getClientId().equals(resolveClientId(tokenRequest))) {
		throw new GeneralException(OAuth2Error.INVALID_GRANT);
	}
	if (!context.getRedirectUri()
			.equals(((AuthorizationCodeGrant) tokenRequest.getAuthorizationGrant()).getRedirectionURI())) {
		throw new GeneralException(OAuth2Error.INVALID_GRANT);
	}

	CodeChallenge codeChallenge = context.getCodeChallenge();

	if (codeChallenge != null) {
		CodeChallengeMethod codeChallengeMethod = context.getCodeChallengeMethod();

		if (codeChallengeMethod == null) {
			codeChallengeMethod = CodeChallengeMethod.PLAIN;
		}

		CodeVerifier codeVerifier = authorizationCodeGrant.getCodeVerifier();

		if (codeVerifier == null
				|| !codeChallenge.equals(CodeChallenge.compute(codeChallengeMethod, codeVerifier))) {
			throw new GeneralException(OAuth2Error.INVALID_REQUEST);
		}
	}

	Subject subject = context.getSubject();
	ClientID clientId = context.getClientId();
	Scope savedScope = context.getScope();
	Instant authenticationTime = context.getAuthenticationTime();
	ACR acr = context.getAcr();
	AMR amr = context.getAmr();
	SessionID sessionId = context.getSessionId();
	Nonce nonce = context.getNonce();

	OIDCClientInformation client = this.clientRepository.findById(clientId);
	AccessTokenRequest accessTokenRequest = new AccessTokenRequest(subject, client, savedScope);
	AccessToken accessToken = this.tokenService.createAccessToken(accessTokenRequest);
	RefreshToken refreshToken = null;

	if (client.getOIDCMetadata().getGrantTypes().contains(GrantType.REFRESH_TOKEN)
			|| savedScope.contains(OIDCScopeValue.OFFLINE_ACCESS)) {
		RefreshTokenRequest refreshTokenRequest = new RefreshTokenRequest(subject, clientId, savedScope);
		refreshToken = this.tokenService.createRefreshToken(refreshTokenRequest);
	}

	IdTokenRequest idTokenRequest = new IdTokenRequest(subject, client, savedScope, authenticationTime, acr, amr,
			sessionId, nonce, accessToken, null);
	JWT idToken = this.tokenService.createIdToken(idTokenRequest);

	return new OIDCTokens(idToken.serialize(), accessToken, refreshToken);
}
 
开发者ID:vpavic,项目名称:simple-openid-provider,代码行数:65,代码来源:AuthorizationCodeGrantHandler.java


示例16: tokenRequestInt

import com.nimbusds.oauth2.sdk.AuthorizationCodeGrant; //导入依赖的package包/类
@Override
protected OIDCTokenResponse tokenRequestInt(TokenRequest tokenReq, HttpServletResponse resp)
		throws GeneralSecurityException, JOSEException, ParseException {
	// extract values from request
	ClientAuthentication auth = tokenReq.getClientAuthentication();
	ClientID clientId = auth != null ? auth.getClientID() : tokenReq.getClientID();
	AuthorizationGrant grant = tokenReq.getAuthorizationGrant();
	AuthorizationCode code = null;
	if (grant != null && grant.getType() == GrantType.AUTHORIZATION_CODE) {
		AuthorizationCodeGrant codeGrant = (AuthorizationCodeGrant) grant;
		code = codeGrant.getAuthorizationCode();
	}

	// get values from honest OP for comparison
	OIDCClientInformation info = (OIDCClientInformation) suiteCtx.get(OPContextConstants.REGISTERED_CLIENT_INFO_HONEST);
	ClientID refClientId = info.getID();
	AuthorizationCode refCode = (AuthorizationCode) stepCtx.get(OPContextConstants.HONEST_CODE);

	// compare values
	Object fo = stepCtx.get(OPContextConstants.TOKEN_INFORMATIONLEAK_FUTURE);
	CompletableFuture<TestStepResult> f = (CompletableFuture<TestStepResult>) fo;
	if (f != null) {
		TestStepResult result = null;
		if (refClientId != null && refClientId.equals(clientId)) {
			logger.log("Detected Honest ClientID in Evil OP.");
			result = TestStepResult.FAIL;
		} else if (clientId != null) {
			logger.log("Detected unknown ClientID in Evil OP.");
			result = TestStepResult.UNDETERMINED;
		}
		if (refCode != null && refCode.equals(code)) {
			logger.log("Detected Honest Code in Evil OP.");
			result = TestStepResult.FAIL;
		} else if (code != null) {
			logger.log("Detected unknown Code in Evil OP.");
			result = Misc.getWorst(TestStepResult.UNDETERMINED, result);
		}

		f.complete(result);
	}

	return super.tokenRequestInt(tokenReq, resp);
}
 
开发者ID:RUB-NDS,项目名称:PrOfESSOS,代码行数:44,代码来源:MaliciousEndpointOP.java


示例17: handle

import com.nimbusds.oauth2.sdk.AuthorizationCodeGrant; //导入依赖的package包/类
@Override
public Response handle(HTTPRequest httpRequest, OIDCResourceReference reference) throws Exception
{
    // Parse the request
    AuthorizationResponse authorizationResponse = AuthorizationResponse.parse(httpRequest);

    // Validate state
    State state = authorizationResponse.getState();
    if (!Objects.equal(state, this.configuration.getSessionState())) {
        throw new OIDCException("Invalid state [" + state + "]");
    }
    // TODO: remove the state from the session ?

    // Deal with errors
    if (!authorizationResponse.indicatesSuccess()) {
        // Cast to error response
        AuthorizationErrorResponse errorResponse = (AuthorizationErrorResponse) authorizationResponse;

        // If impossible to authenticate without prompt, just ignore and redirect
        if (OIDCError.INTERACTION_REQUIRED.getCode().equals(errorResponse.getErrorObject().getCode())
            || OIDCError.LOGIN_REQUIRED.getCode().equals(errorResponse.getErrorObject().getCode())) {
            // Redirect to original request
            return new RedirectResponse(new URI(authorizationResponse.getState().getValue()));
        }
    }

    // Cast to success response
    AuthorizationSuccessResponse successResponse = (AuthorizationSuccessResponse) authorizationResponse;

    // Get authorization code
    AuthorizationCode code = successResponse.getAuthorizationCode();

    // Generate callback URL
    URI callback = this.oidc.createEndPointURI(CallbackOIDCEndpoint.HINT);

    // Get access token
    AuthorizationGrant authorizationGrant = new AuthorizationCodeGrant(code, callback);
    // TODO: setup some client authentication, secret, all that
    TokenRequest tokeRequest = new TokenRequest(this.configuration.getTokenOIDCEndpoint(),
        this.configuration.getClientID(), authorizationGrant);
    HTTPRequest tokenHTTP = tokeRequest.toHTTPRequest();
    tokenHTTP.setHeader("User-Agent", this.getClass().getPackage().getImplementationTitle() + '/'
        + this.getClass().getPackage().getImplementationVersion());
    HTTPResponse httpResponse = tokenHTTP.send();

    if (httpResponse.getStatusCode() != HTTPResponse.SC_OK) {
        TokenErrorResponse error = TokenErrorResponse.parse(httpResponse);
        throw new OIDCException("Failed to get access token", error.getErrorObject());
    }

    OIDCTokenResponse tokenResponse = OIDCTokenResponse.parse(httpResponse);

    IDTokenClaimsSet idToken = new IDTokenClaimsSet(tokenResponse.getOIDCTokens().getIDToken().getJWTClaimsSet());
    BearerAccessToken accessToken = tokenResponse.getTokens().getBearerAccessToken();

    HttpSession session = ((ServletSession) this.container.getSession()).getHttpSession();

    // Store the access token in the session
    this.configuration.setIdToken(idToken);
    this.configuration.setAccessToken(accessToken);

    // Update/Create XWiki user
    Principal principal = this.users.updateUserInfo(accessToken);

    // Remember user in the session
    session.setAttribute(SecurityRequestWrapper.PRINCIPAL_SESSION_KEY, principal);

    // TODO: put enough information in the cookie to automatically authenticate when coming back

    // Redirect to original request
    return new RedirectResponse(this.configuration.getSuccessRedirectURI());
}
 
开发者ID:xwiki-contrib,项目名称:oidc,代码行数:73,代码来源:CallbackOIDCEndpoint.java



注:本文中的com.nimbusds.oauth2.sdk.AuthorizationCodeGrant类示例整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。


鲜花

握手

雷人

路过

鸡蛋
该文章已有0人参与评论

请发表评论

全部评论

专题导读
上一篇:
Java SecurityContext类代码示例发布时间:2022-05-22
下一篇:
Java SaveNamespaceResponseProto类代码示例发布时间:2022-05-22
热门推荐
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap