本文整理汇总了Java中com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet类的典型用法代码示例。如果您正苦于以下问题:Java IDTokenClaimsSet类的具体用法?Java IDTokenClaimsSet怎么用?Java IDTokenClaimsSet使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
IDTokenClaimsSet类属于com.nimbusds.openid.connect.sdk.claims包,在下文中一共展示了IDTokenClaimsSet类的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Java代码示例。
示例1: doExecute
import com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet; //导入依赖的package包/类
/** {@inheritDoc} */
@Override
protected void doExecute(@Nonnull final ProfileRequestContext profileRequestContext) {
if (getOidcResponseContext().getIDToken() == null) {
log.error("{} No id token", getLogPrefix());
ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_MSG_CTX);
return;
}
if (getOidcResponseContext().getAuthTime() != null) {
log.debug("{} Setting auth_time to id token", getLogPrefix());
getOidcResponseContext().getIDToken().setClaim(IDTokenClaimsSet.AUTH_TIME_CLAIM_NAME,
getOidcResponseContext().getAuthTime().getTime() / 1000);
log.debug("{} Updated token {}", getLogPrefix(), getOidcResponseContext().getIDToken().toJSONObject()
.toJSONString());
}
}
开发者ID:CSCfi,项目名称:shibboleth-idp-oidc-extension,代码行数:19,代码来源:AddAuthTimeToIDToken.java
示例2: validate
import com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet; //导入依赖的package包/类
@Override
public IDTokenClaimsSet validate(final JWT idToken, final Nonce expectedNonce) throws BadJOSEException, JOSEException {
try {
if (originalIssuer.contains("%7Btenantid%7D")) {
Object tid = idToken.getJWTClaimsSet().getClaim("tid");
if (tid == null) {
throw new BadJWTException("ID token does not contain the 'tid' claim");
}
base = new IDTokenValidator(new Issuer(originalIssuer.replace("%7Btenantid%7D", tid.toString())),
base.getClientID(), base.getJWSKeySelector(), base.getJWEKeySelector());
base.setMaxClockSkew(getMaxClockSkew());
}
} catch (ParseException e) {
throw new BadJWTException(e.getMessage(), e);
}
return base.validate(idToken, expectedNonce);
}
开发者ID:yaochi,项目名称:pac4j-plus,代码行数:18,代码来源:AzureAdIdTokenValidator.java
示例3: updateUserInfoAsync
import com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet; //导入依赖的package包/类
public void updateUserInfoAsync() throws MalformedURLException, URISyntaxException
{
final URI userInfoEndpoint = this.configuration.getUserInfoOIDCEndpoint();
final IDTokenClaimsSet idToken = this.configuration.getIdToken();
final BearerAccessToken accessToken = this.configuration.getAccessToken();
this.executor.execute(new ExecutionContextRunnable(new Runnable()
{
@Override
public void run()
{
try {
updateUserInfo(userInfoEndpoint, idToken, accessToken);
} catch (Exception e) {
logger.error("Failed to update user informations", e);
}
}
}, this.componentManager));
}
开发者ID:xwiki-contrib,项目名称:oidc,代码行数:20,代码来源:OIDCUserManager.java
示例4: updateUserInfo
import com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet; //导入依赖的package包/类
public Principal updateUserInfo(URI userInfoEndpoint, IDTokenClaimsSet idToken, BearerAccessToken accessToken)
throws IOException, ParseException, OIDCException, XWikiException, QueryException
{
// Get OIDC user info
UserInfoRequest userinfoRequest = new UserInfoRequest(userInfoEndpoint, accessToken);
HTTPRequest userinfoHTTP = userinfoRequest.toHTTPRequest();
userinfoHTTP.setHeader("User-Agent", this.getClass().getPackage().getImplementationTitle() + '/'
+ this.getClass().getPackage().getImplementationVersion());
HTTPResponse httpResponse = userinfoHTTP.send();
UserInfoResponse userinfoResponse = UserInfoResponse.parse(httpResponse);
if (!userinfoResponse.indicatesSuccess()) {
UserInfoErrorResponse error = (UserInfoErrorResponse) userinfoResponse;
throw new OIDCException("Failed to get user info", error.getErrorObject());
}
UserInfoSuccessResponse userinfoSuccessResponse = (UserInfoSuccessResponse) userinfoResponse;
UserInfo userInfo = userinfoSuccessResponse.getUserInfo();
// Update/Create XWiki user
return updateUser(idToken, userInfo);
}
开发者ID:xwiki-contrib,项目名称:oidc,代码行数:23,代码来源:OIDCUserManager.java
示例5: doPreExecute
import com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet; //导入依赖的package包/类
/** {@inheritDoc} */
@Override
protected boolean doPreExecute(@Nonnull final ProfileRequestContext profileRequestContext) {
if (!super.doPreExecute(profileRequestContext)) {
log.error("{} pre-execute failed", getLogPrefix());
return false;
}
acrValues = getAuthenticationRequest().getACRValues();
if (getAuthenticationRequest().getClaims() != null
&& getAuthenticationRequest().getClaims().getIDTokenClaims() != null) {
for (Entry entry : getAuthenticationRequest().getClaims().getIDTokenClaims()) {
if (IDTokenClaimsSet.ACR_CLAIM_NAME.equals(entry.getClaimName())) {
acrClaim = entry;
break;
}
}
}
if ((acrValues == null || acrValues.isEmpty())
&& (acrClaim == null || (acrClaim.getValues() == null && acrClaim.getValue() == null))) {
log.debug("No acr values nor acr claim values in request, nothing to do");
return false;
}
authenticationContext = profileRequestContext.getSubcontext(AuthenticationContext.class, false);
if (authenticationContext == null) {
log.error("{} No authentication context", getLogPrefix());
ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_PROFILE_CTX);
return false;
}
return true;
}
开发者ID:CSCfi,项目名称:shibboleth-idp-oidc-extension,代码行数:31,代码来源:ProcessRequestedAuthnContext.java
示例6: testSetters
import com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet; //导入依赖的package包/类
@Test
public void testSetters() throws URISyntaxException, ParseException {
ctx.setAcr("acrValue");
ctx.setAuthTime(1);
ctx.setExp(2);
Issuer issuer = new Issuer("iss");
Subject sub = new Subject("sub");
List<Audience> aud = new ArrayList<Audience>();
aud.add(new Audience("aud"));
IDTokenClaimsSet token = new IDTokenClaimsSet(issuer, sub, aud, new Date(), new Date());
ctx.setIDToken(token);
NameID id = new MockNameID();
ctx.setNameId(id);
URI uri = new URI("https://example.org");
ctx.setRedirectURI(uri);
ctx.setRequestedSubject("sub");
Scope scope = new Scope();
ctx.setScope(scope);
JWSHeader header = new JWSHeader(JWSAlgorithm.ES256);
SignedJWT sJWT = new SignedJWT(header, token.toJWTClaimsSet());
ctx.setSignedIDToken(sJWT);
Assert.assertEquals(ctx.getAcr().toString(), "acrValue");
ctx.setAcr(null);
Assert.assertNull(ctx.getAcr());
Assert.assertEquals(ctx.getAuthTime(), new Date(1));
Assert.assertEquals(ctx.getExp(), new Date(2));
Assert.assertEquals(ctx.getIDToken(), token);
Assert.assertEquals(ctx.getNameId(), id);
Assert.assertEquals(ctx.getSignedIDToken(), sJWT);
Assert.assertEquals(ctx.getRedirectURI(), uri);
Assert.assertEquals(ctx.getRequestedSubject(), "sub");
Assert.assertEquals(ctx.getScope(), scope);
}
开发者ID:CSCfi,项目名称:shibboleth-idp-oidc-extension,代码行数:34,代码来源:OIDCAuthenticationResponseContextTest.java
示例7: validateToken
import com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet; //导入依赖的package包/类
private IDTokenClaimsSet validateToken(OAuthProvider provider, OAuthLoginRequestDTO oAuthLoginRequestDTO) throws MalformedURLException, ParseException, BadJOSEException, JOSEException {
Issuer iss = new Issuer(provider.getIssuer());
ClientID clientID = new ClientID(provider.getClientID());
Nonce nonce = new Nonce(oAuthLoginRequestDTO.getNonce());
URL jwkSetURL = new URL(provider.getJwkSetURL());
JWSAlgorithm jwsAlg = JWSAlgorithm.parse(provider.getJwsAlgorithm());
IDTokenValidator validator = new IDTokenValidator(iss, clientID, jwsAlg, jwkSetURL);
JWT idToken = JWTParser.parse(oAuthLoginRequestDTO.getIdToken());
return validator.validate(idToken, nonce);
}
开发者ID:polarsys,项目名称:eplmp,代码行数:11,代码来源:AuthResource.java
示例8: createdIdToken
import com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet; //导入依赖的package包/类
/**
* Generate an OIDC ID Token.
*
* @param clientID the client id
* @param userReference the reference of the user
* @param nonce the nonce
* @param claims the custom fields to return
* @return the id token
* @throws ParseException when failing to create the id token
* @throws MalformedURLException when failing to get issuer
* @since 1.3
*/
public JWT createdIdToken(ClientID clientID, DocumentReference userReference, Nonce nonce, ClaimsRequest claims)
throws ParseException, MalformedURLException
{
Issuer issuer = getIssuer();
Subject subject = getSubject(userReference);
List<Audience> audiences =
clientID != null ? Arrays.asList(new Audience(clientID)) : Collections.<Audience>emptyList();
LocalDateTime now = LocalDateTime.now();
LocalDateTime now1year = now.plusYears(1);
IDTokenClaimsSet idTokenClaimSet =
new IDTokenClaimsSet(issuer, subject, audiences, now1year.toDate(), now.toDate());
idTokenClaimSet.setNonce(nonce);
// Add custom claims
if (claims != null) {
for (Entry claim : claims.getIDTokenClaims()) {
switch (claim.getClaimName()) {
case OIDCIdToken.CLAIM_XWIKI_INSTANCE_ID:
idTokenClaimSet.setClaim(OIDCIdToken.CLAIM_XWIKI_INSTANCE_ID, this.instance.getInstanceId());
break;
default:
break;
}
}
}
// Convert to JWT
return new PlainJWT(idTokenClaimSet.toJWTClaimsSet());
}
开发者ID:xwiki-contrib,项目名称:oidc,代码行数:46,代码来源:OIDCManager.java
示例9: formatUserName
import com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet; //导入依赖的package包/类
private String formatUserName(IDTokenClaimsSet idToken, UserInfo userInfo)
{
Map<String, String> map = new HashMap<>();
// User informations
putVariable(map, "oidc.user.subject", userInfo.getSubject().getValue());
putVariable(map, "oidc.user.mail", userInfo.getEmail() == null ? "" : userInfo.getEmail().getAddress());
putVariable(map, "oidc.user.familyName", userInfo.getFamilyName());
putVariable(map, "oidc.user.givenName", userInfo.getGivenName());
// Provider (only XWiki OIDC providers)
URL providerURL = this.configuration.getXWikiProvider();
if (providerURL != null) {
putVariable(map, "oidc.provider", providerURL.toString());
putVariable(map, "oidc.provider.host", providerURL.getHost());
putVariable(map, "oidc.provider.path", providerURL.getPath());
putVariable(map, "oidc.provider.protocol", providerURL.getProtocol());
putVariable(map, "oidc.provider.port", String.valueOf(providerURL.getPort()));
}
// Issuer
putVariable(map, "oidc.issuer", idToken.getIssuer().getValue());
try {
URI issuerURI = new URI(idToken.getIssuer().getValue());
putVariable(map, "oidc.issuer.host", issuerURI.getHost());
putVariable(map, "oidc.issuer.path", issuerURI.getPath());
putVariable(map, "oidc.issuer.scheme", issuerURI.getScheme());
putVariable(map, "oidc.issuer.port", String.valueOf(issuerURI.getPort()));
} catch (URISyntaxException e) {
// TODO: log something ?
}
StrSubstitutor substitutor = new StrSubstitutor(map);
return substitutor.replace(this.configuration.getUserNameFormater());
}
开发者ID:xwiki-contrib,项目名称:oidc,代码行数:37,代码来源:OIDCUserManager.java
示例10: doExecute
import com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet; //导入依赖的package包/类
/** {@inheritDoc} */
@Override
protected void doExecute(@Nonnull final ProfileRequestContext profileRequestContext) {
/**
* aud REQUIRED. Audience(s) that this ID Token is intended for. It MUST contain
* the OAuth 2.0 client_id of the Relying Party as an audience value. It MAY
* also contain identifiers for other audiences. In the general case, the aud
* value is an array of case sensitive strings. In the common special case when
* there is one audience, the aud value MAY be a single case sensitive string.
*
* NOTE. TODO. We allow only single value in this first version.
*/
List<Audience> aud = new ArrayList<Audience>();
aud.add(new Audience(rpCtx.getRelyingPartyId()));
/**
* exp REQUIRED. Expiration time on or after which the ID Token MUST NOT be
* accepted for processing. The processing of this parameter requires that the
* current date/time MUST be before the expiration date/time listed in the
* value. Implementers MAY provide for some small leeway, usually no more than a
* few minutes, to account for clock skew. Its value is a JSON number
* representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC
* until the date/time. See RFC 3339 [RFC3339] for details regarding date/times
* in general and UTC in particular.
*
* NOTE. We set here exp to +180s unless set in response context.
*/
// NOTE: There is no control for id token exp, always +180s
// TODO: The purpose and mechanism how to control id token exp
Date exp = getOidcResponseContext().getExp();
if (exp == null) {
Calendar calExp = Calendar.getInstance();
calExp.add(Calendar.SECOND, 180);
exp = calExp.getTime();
}
/**
* iss REQUIRED. Issuer Identifier for the Issuer of the response. The iss value
* is a case sensitive URL using the https scheme that contains scheme, host,
* and optionally, port number and path components and no query or fragment
* components.
*
*/
/**
* sub REQUIRED. Subject Identifier. A locally unique and never reassigned
* identifier within the Issuer for the End-User, which is intended to be
* consumed by the Client, e.g., 24400320 or
* AItOawmwtWwcT0k51BayewNvutrJUqsvl6qs7A4. It MUST NOT exceed 255 ASCII
* characters in length. The sub value is a case sensitive string.
*
*
* Note. We use Name ID based value as the sub.
*
*/
/**
* iat REQUIRED. Time at which the JWT was issued. Its value is a JSON number
* representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC
* until the date/time.
*
* Note. We consider time of idtoken shell generation as iat.
*/
IDTokenClaimsSet idToken = new IDTokenClaimsSet(new Issuer(issuerId),
new Subject(getOidcResponseContext().getNameId().getValue()), aud, exp, new Date());
log.debug("{} Setting id token shell to response context {}", getLogPrefix(),
idToken.toJSONObject().toJSONString());
getOidcResponseContext().setIDToken(idToken);
}
开发者ID:CSCfi,项目名称:shibboleth-idp-oidc-extension,代码行数:71,代码来源:AddIDTokenShell.java
示例11: setIdTokenToResponseContext
import com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet; //导入依赖的package包/类
protected void setIdTokenToResponseContext(String iss, String sub, String aud, Date exp, Date iat) {
List<Audience> audience = new ArrayList<Audience>();
audience.add(new Audience(aud));
IDTokenClaimsSet idToken = new IDTokenClaimsSet(new Issuer(iss), new Subject(sub), audience, exp, iat);
respCtx.setIDToken(idToken);
}
开发者ID:CSCfi,项目名称:shibboleth-idp-oidc-extension,代码行数:7,代码来源:BaseOIDCResponseActionTest.java
示例12: createIdToken
import com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet; //导入依赖的package包/类
@Override
public JWT createIdToken(IdTokenRequest idTokenRequest) {
Instant now = Instant.now();
Subject subject = idTokenRequest.getSubject();
OIDCClientInformation client = idTokenRequest.getClient();
ClientID clientId = client.getID();
JWSAlgorithm algorithm = client.getOIDCMetadata().getIDTokenJWSAlg();
UserInfo userInfo = this.claimSource.load(subject, resolveClaims(idTokenRequest));
List<Audience> audience = Audience.create(clientId.getValue());
Date expirationTime = Date.from(now.plus(this.idTokenLifetime));
Date issueTime = Date.from(now);
IDTokenClaimsSet claimsSet = new IDTokenClaimsSet(this.issuer, userInfo.getSubject(), audience, expirationTime,
issueTime);
claimsSet.setAuthenticationTime(Date.from(idTokenRequest.getAuthenticationTime()));
claimsSet.setNonce(idTokenRequest.getNonce());
claimsSet.setACR(idTokenRequest.getAcr());
claimsSet.setAMR(Collections.singletonList(idTokenRequest.getAmr()));
claimsSet.setAuthorizedParty(new AuthorizedParty(clientId.getValue()));
claimsSet.putAll(userInfo);
if (this.frontChannelLogoutEnabled) {
SessionID sessionId = idTokenRequest.getSessionId();
claimsSet.setSessionID(sessionId);
}
AccessToken accessToken = idTokenRequest.getAccessToken();
if (accessToken != null) {
AccessTokenHash accessTokenHash = AccessTokenHash.compute(accessToken, algorithm);
claimsSet.setAccessTokenHash(accessTokenHash);
}
AuthorizationCode code = idTokenRequest.getCode();
if (code != null) {
CodeHash codeHash = CodeHash.compute(code, algorithm);
claimsSet.setCodeHash(codeHash);
}
try {
JWTAssertionDetails details = JWTAssertionDetails.parse(claimsSet.toJWTClaimsSet());
if (JWSAlgorithm.Family.HMAC_SHA.contains(algorithm)) {
Secret secret = client.getSecret();
return JWTAssertionFactory.create(details, algorithm, secret);
}
else if (JWSAlgorithm.Family.RSA.contains(algorithm)) {
RSAKey rsaKey = (RSAKey) resolveJwk(algorithm);
return JWTAssertionFactory.create(details, algorithm, rsaKey.toRSAPrivateKey(), rsaKey.getKeyID(),
jcaProvider);
}
else if (JWSAlgorithm.Family.EC.contains(algorithm)) {
ECKey ecKey = (ECKey) resolveJwk(algorithm);
return JWTAssertionFactory.create(details, algorithm, ecKey.toECPrivateKey(), ecKey.getKeyID(),
jcaProvider);
}
throw new KeyException("Unsupported algorithm: " + algorithm);
}
catch (ParseException | JOSEException e) {
throw new RuntimeException(e);
}
}
开发者ID:vpavic,项目名称:simple-openid-provider,代码行数:68,代码来源:DefaultTokenService.java
示例13: claims
import com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet; //导入依赖的package包/类
private List<String> claims() {
return Arrays.asList(IDTokenClaimsSet.ISS_CLAIM_NAME, IDTokenClaimsSet.SUB_CLAIM_NAME,
IDTokenClaimsSet.AUD_CLAIM_NAME, IDTokenClaimsSet.EXP_CLAIM_NAME, IDTokenClaimsSet.IAT_CLAIM_NAME,
IDTokenClaimsSet.AUTH_TIME_CLAIM_NAME, IDTokenClaimsSet.NONCE_CLAIM_NAME,
IDTokenClaimsSet.ACR_CLAIM_NAME, IDTokenClaimsSet.AMR_CLAIM_NAME, IDTokenClaimsSet.AZP_CLAIM_NAME);
}
开发者ID:vpavic,项目名称:simple-openid-provider,代码行数:7,代码来源:DiscoveryConfiguration.java
示例14: create
import com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet; //导入依赖的package包/类
@Override
@SuppressWarnings("unchecked")
public U create(final OidcCredentials credentials, final WebContext context) throws HttpAction {
init(context);
final AccessToken accessToken = credentials.getAccessToken();
// Create profile
final U profile = getProfileFactory().get();
profile.setAccessToken(accessToken);
final JWT idToken = credentials.getIdToken();
profile.setIdTokenString(idToken.getParsedString());
// Check if there is a refresh token
final RefreshToken refreshToken = credentials.getRefreshToken();
if (refreshToken != null && !refreshToken.getValue().isEmpty()) {
profile.setRefreshToken(refreshToken);
logger.debug("Refresh Token successful retrieved");
}
try {
// check idToken
final Nonce nonce;
if (configuration.isUseNonce()) {
nonce = new Nonce((String) context.getSessionAttribute(OidcConfiguration.NONCE_SESSION_ATTRIBUTE));
} else {
nonce = null;
}
// Check ID Token
final IDTokenClaimsSet claimsSet = this.idTokenValidator.validate(idToken, nonce);
assertNotNull("claimsSet", claimsSet);
profile.setId(claimsSet.getSubject());
// User Info request
if (configuration.getProviderMetadata().getUserInfoEndpointURI() != null && accessToken != null) {
final UserInfoRequest userInfoRequest = new UserInfoRequest(configuration.getProviderMetadata().getUserInfoEndpointURI(), (BearerAccessToken) accessToken);
final HTTPRequest userInfoHttpRequest = userInfoRequest.toHTTPRequest();
userInfoHttpRequest.setConnectTimeout(configuration.getConnectTimeout());
userInfoHttpRequest.setReadTimeout(configuration.getReadTimeout());
final HTTPResponse httpResponse = userInfoHttpRequest.send();
logger.debug("Token response: status={}, content={}", httpResponse.getStatusCode(),
httpResponse.getContent());
final UserInfoResponse userInfoResponse = UserInfoResponse.parse(httpResponse);
if (userInfoResponse instanceof UserInfoErrorResponse) {
logger.error("Bad User Info response, error={}",
((UserInfoErrorResponse) userInfoResponse).getErrorObject());
} else {
final UserInfoSuccessResponse userInfoSuccessResponse = (UserInfoSuccessResponse) userInfoResponse;
final UserInfo userInfo = userInfoSuccessResponse.getUserInfo();
if (userInfo != null) {
profile.addAttributes(userInfo.toJWTClaimsSet().getClaims());
}
}
}
// add attributes of the ID token if they don't already exist
for (final Map.Entry<String, Object> entry : idToken.getJWTClaimsSet().getClaims().entrySet()) {
final String key = entry.getKey();
final Object value = entry.getValue();
if (profile.getAttribute(key) == null) {
profile.addAttribute(key, value);
}
}
return profile;
} catch (final IOException | ParseException | JOSEException | BadJOSEException | java.text.ParseException e) {
throw new TechnicalException(e);
}
}
开发者ID:yaochi,项目名称:pac4j-plus,代码行数:72,代码来源:OidcProfileCreator.java
示例15: getIdToken
import com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet; //导入依赖的package包/类
/**
* @since 1.2
*/
public IDTokenClaimsSet getIdToken()
{
return getSessionAttribute(PROP_SESSION_IDTOKEN);
}
开发者ID:xwiki-contrib,项目名称:oidc,代码行数:8,代码来源:OIDCClientConfiguration.java
示例16: setIdToken
import com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet; //导入依赖的package包/类
/**
* @since 1.2
*/
public void setIdToken(IDTokenClaimsSet idToken)
{
setSessionAttribute(PROP_SESSION_IDTOKEN, idToken);
}
开发者ID:xwiki-contrib,项目名称:oidc,代码行数:8,代码来源:OIDCClientConfiguration.java
示例17: NimbusOIDCIdToken
import com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet; //导入依赖的package包/类
/**
* @param idToken the Nimbus SDK id token
*/
public NimbusOIDCIdToken(IDTokenClaimsSet idToken)
{
super(idToken);
}
开发者ID:xwiki-contrib,项目名称:oidc,代码行数:8,代码来源:NimbusOIDCIdToken.java
示例18: handle
import com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet; //导入依赖的package包/类
@Override
public Response handle(HTTPRequest httpRequest, OIDCResourceReference reference) throws Exception
{
// Parse the request
AuthorizationResponse authorizationResponse = AuthorizationResponse.parse(httpRequest);
// Validate state
State state = authorizationResponse.getState();
if (!Objects.equal(state, this.configuration.getSessionState())) {
throw new OIDCException("Invalid state [" + state + "]");
}
// TODO: remove the state from the session ?
// Deal with errors
if (!authorizationResponse.indicatesSuccess()) {
// Cast to error response
AuthorizationErrorResponse errorResponse = (AuthorizationErrorResponse) authorizationResponse;
// If impossible to authenticate without prompt, just ignore and redirect
if (OIDCError.INTERACTION_REQUIRED.getCode().equals(errorResponse.getErrorObject().getCode())
|| OIDCError.LOGIN_REQUIRED.getCode().equals(errorResponse.getErrorObject().getCode())) {
// Redirect to original request
return new RedirectResponse(new URI(authorizationResponse.getState().getValue()));
}
}
// Cast to success response
AuthorizationSuccessResponse successResponse = (AuthorizationSuccessResponse) authorizationResponse;
// Get authorization code
AuthorizationCode code = successResponse.getAuthorizationCode();
// Generate callback URL
URI callback = this.oidc.createEndPointURI(CallbackOIDCEndpoint.HINT);
// Get access token
AuthorizationGrant authorizationGrant = new AuthorizationCodeGrant(code, callback);
// TODO: setup some client authentication, secret, all that
TokenRequest tokeRequest = new TokenRequest(this.configuration.getTokenOIDCEndpoint(),
this.configuration.getClientID(), authorizationGrant);
HTTPRequest tokenHTTP = tokeRequest.toHTTPRequest();
tokenHTTP.setHeader("User-Agent", this.getClass().getPackage().getImplementationTitle() + '/'
+ this.getClass().getPackage().getImplementationVersion());
HTTPResponse httpResponse = tokenHTTP.send();
if (httpResponse.getStatusCode() != HTTPResponse.SC_OK) {
TokenErrorResponse error = TokenErrorResponse.parse(httpResponse);
throw new OIDCException("Failed to get access token", error.getErrorObject());
}
OIDCTokenResponse tokenResponse = OIDCTokenResponse.parse(httpResponse);
IDTokenClaimsSet idToken = new IDTokenClaimsSet(tokenResponse.getOIDCTokens().getIDToken().getJWTClaimsSet());
BearerAccessToken accessToken = tokenResponse.getTokens().getBearerAccessToken();
HttpSession session = ((ServletSession) this.container.getSession()).getHttpSession();
// Store the access token in the session
this.configuration.setIdToken(idToken);
this.configuration.setAccessToken(accessToken);
// Update/Create XWiki user
Principal principal = this.users.updateUserInfo(accessToken);
// Remember user in the session
session.setAttribute(SecurityRequestWrapper.PRINCIPAL_SESSION_KEY, principal);
// TODO: put enough information in the cookie to automatically authenticate when coming back
// Redirect to original request
return new RedirectResponse(this.configuration.getSuccessRedirectURI());
}
开发者ID:xwiki-contrib,项目名称:oidc,代码行数:73,代码来源:CallbackOIDCEndpoint.java
示例19: doExecute
import com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet; //导入依赖的package包/类
/** {@inheritDoc} */
@Override
protected void doExecute(@Nonnull final ProfileRequestContext profileRequestContext) {
try {
if (idTokenHint != null && idTokenHint.getJWTClaimsSet() != null) {
log.debug("{} Using requested sub claim value", getLogPrefix());
getOidcResponseContext().setRequestedSubject(idTokenHint.getJWTClaimsSet().getSubject());
}
} catch (ParseException e) {
log.error("{} error parsing id token hint", getLogPrefix(), e);
ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_PROFILE_CTX);
return;
}
if (idTokenClaims != null && !idTokenClaims.isEmpty()) {
for (Entry entry : idTokenClaims) {
if (IDTokenClaimsSet.SUB_CLAIM_NAME.equals(entry.getClaimName())) {
log.debug("{} Setting requested sub claim value {} ", getLogPrefix(), entry.getValue());
getOidcResponseContext().setRequestedSubject(entry.getValue());
}
}
}
}
开发者ID:CSCfi,项目名称:shibboleth-idp-oidc-extension,代码行数:23,代码来源:SetRequestedSubjectToResponseContext.java
示例20: getIDToken
import com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet; //导入依赖的package包/类
/**
* Get the id token.
*
* @return The id token.
*/
@Nullable
public IDTokenClaimsSet getIDToken() {
return idToken;
}
开发者ID:CSCfi,项目名称:shibboleth-idp-oidc-extension,代码行数:10,代码来源:OIDCAuthenticationResponseContext.java
注:本文中的com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet类示例整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
请发表评论