org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext Java Examples

The following examples show how to use org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: AbstractAuthorizationGrantHandler.java    From carbon-identity with Apache License 2.0 6 votes vote down vote up
@Override
public boolean authorizeAccessDelegation(OAuthTokenReqMessageContext tokReqMsgCtx)
        throws IdentityOAuth2Exception {
    OAuthCallback authzCallback = new OAuthCallback(tokReqMsgCtx.getAuthorizedUser(),
            tokReqMsgCtx.getOauth2AccessTokenReqDTO().getClientId(),
            OAuthCallback.OAuthCallbackType.ACCESS_DELEGATION_TOKEN);
    authzCallback.setRequestedScope(tokReqMsgCtx.getScope());
    if (tokReqMsgCtx.getOauth2AccessTokenReqDTO().getGrantType().equals(
            org.wso2.carbon.identity.oauth.common.GrantType.SAML20_BEARER.toString())) {
        authzCallback.setCarbonGrantType(org.wso2.carbon.identity.oauth.common.GrantType.valueOf(
                OAuthConstants.OAUTH_SAML2_BEARER_GRANT_ENUM.toString()));
    } else if (tokReqMsgCtx.getOauth2AccessTokenReqDTO().getGrantType().equals(
            org.wso2.carbon.identity.oauth.common.GrantType.IWA_NTLM.toString())) {
        authzCallback.setCarbonGrantType(org.wso2.carbon.identity.oauth.common.GrantType.valueOf(
                OAuthConstants.OAUTH_IWA_NTLM_GRANT_ENUM.toString()));
    } else {
        authzCallback.setGrantType(tokReqMsgCtx.getOauth2AccessTokenReqDTO().getGrantType());
    }
    callbackManager.handleCallback(authzCallback);
    tokReqMsgCtx.setValidityPeriod(authzCallback.getValidityPeriod());
    return authzCallback.isAuthorized();
}
 
Example #2
Source File: PermissionBasedScopeIssuer.java    From carbon-apimgt with Apache License 2.0 6 votes vote down vote up
/**
 * This method is used to retrieve the authorized scopes with respect to a token.
 *
 * @param tokReqMsgCtx      token message context
 * @param whiteListedScopes scopes to be white listed
 * @return authorized scopes list
 */
@Override
public List<String> getScopes(OAuthTokenReqMessageContext tokReqMsgCtx, List<String> whiteListedScopes) {

    List<String> authorizedScopes = null;
    List<String> requestedScopes = Arrays.asList(tokReqMsgCtx.getScope());
    String clientId = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getClientId();
    AuthenticatedUser authenticatedUser = tokReqMsgCtx.getAuthorizedUser();
    Map<String, String> appScopes = getAppScopes(clientId, authenticatedUser);
    if (appScopes != null) {
        //If no scopes can be found in the context of the application
        if (isAppScopesEmpty(appScopes, clientId)) {
            return getAllowedScopes(whiteListedScopes, requestedScopes);
        }
        authorizedScopes = getAuthorizedScopes(authenticatedUser, requestedScopes, appScopes, whiteListedScopes);
    }
    return authorizedScopes;
}
 
Example #3
Source File: AbstractClientAuthHandler.java    From carbon-identity with Apache License 2.0 6 votes vote down vote up
@Override
public boolean authenticateClient(OAuthTokenReqMessageContext tokReqMsgCtx)
        throws IdentityOAuth2Exception {

    OAuth2AccessTokenReqDTO oAuth2AccessTokenReqDTO = tokReqMsgCtx.getOauth2AccessTokenReqDTO();

    //Skipping credential validation for saml2 bearer if not configured as needed
    if (StringUtils.isEmpty(oAuth2AccessTokenReqDTO.getClientSecret()) && org.wso2.carbon.identity.oauth.common
            .GrantType.SAML20_BEARER.toString().equals(oAuth2AccessTokenReqDTO.getGrantType()) && JavaUtils
            .isFalseExplicitly(authConfig)) {
        if (log.isDebugEnabled()) {
            log.debug("Grant type : " + oAuth2AccessTokenReqDTO.getGrantType() + " " +
                    "Strict client validation set to : " + authConfig + " Authenticating without client secret");
        }
        return true;
    }

    if (log.isDebugEnabled()) {
        log.debug("Grant type : " + oAuth2AccessTokenReqDTO.getGrantType() + " " +
                "Strict client validation set to : " + authConfig);
    }
    return false;
}
 
Example #4
Source File: ExtendedJWTGrantHandler.java    From carbon-device-mgt with Apache License 2.0 6 votes vote down vote up
@Override
public boolean validateGrant(OAuthTokenReqMessageContext tokReqMsgCtx) throws IdentityOAuth2Exception {

    RequestParameter[] requestParameters = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getRequestParameters();
    for (RequestParameter requestParameter : requestParameters) {
        if (TENANT_DOMAIN_KEY.equals(requestParameter.getKey())) {
            String[] values = requestParameter.getValue();
            if (values != null && values.length > 0) {
                tokReqMsgCtx.getOauth2AccessTokenReqDTO()
                        .setTenantDomain(values[0]);
            }
        }
    }

    return super.validateGrant(tokReqMsgCtx);
}
 
Example #5
Source File: ExtendedClientCredentialsGrantHandler.java    From carbon-apimgt with Apache License 2.0 6 votes vote down vote up
@Override
public boolean validateScope(OAuthTokenReqMessageContext tokReqMsgCtx) {
    // Execute ScopeIssuer
    boolean state = ScopesIssuer.getInstance().setScopes(tokReqMsgCtx);

    // If ScopeIssuer returns true, then see if application scope is set.
    if (state) {
        String[] scopes = tokReqMsgCtx.getScope();

        String applicationScope = TokenMgtDataHolder.getApplicationTokenScope();
        if (scopes != null) {

            // Arrays.asList won't work here, because list.add cannot be called
            // on the returned list as it's immutable.
            ArrayList<String> scopeList = new ArrayList<String>(scopes.length);
            scopeList.addAll(Arrays.asList(scopes));
            // Forcefully add application scope if it's not included in the list.
            if (!scopeList.contains(applicationScope)) {
                scopeList.add(applicationScope);
                tokReqMsgCtx.setScope(scopeList.toArray(new String[scopeList.size()]));
            }
        }
    }

    return state;
}
 
Example #6
Source File: AbstractAuthorizationGrantHandler.java    From carbon-identity with Apache License 2.0 6 votes vote down vote up
@Override
public boolean validateScope(OAuthTokenReqMessageContext tokReqMsgCtx)
        throws IdentityOAuth2Exception {
    OAuthCallback scopeValidationCallback = new OAuthCallback(tokReqMsgCtx.getAuthorizedUser(),
            tokReqMsgCtx.getOauth2AccessTokenReqDTO().getClientId(), OAuthCallback.OAuthCallbackType
            .SCOPE_VALIDATION_TOKEN);
    scopeValidationCallback.setRequestedScope(tokReqMsgCtx.getScope());
    if (tokReqMsgCtx.getOauth2AccessTokenReqDTO().getGrantType().equals(
            org.wso2.carbon.identity.oauth.common.GrantType.SAML20_BEARER.toString())) {
        scopeValidationCallback.setCarbonGrantType(org.wso2.carbon.identity.oauth.common.GrantType.valueOf(
                OAuthConstants.OAUTH_SAML2_BEARER_GRANT_ENUM.toString()));
    } else if (tokReqMsgCtx.getOauth2AccessTokenReqDTO().getGrantType().equals(
            org.wso2.carbon.identity.oauth.common.GrantType.IWA_NTLM.toString())) {
        scopeValidationCallback.setCarbonGrantType(org.wso2.carbon.identity.oauth.common.GrantType.valueOf(
                OAuthConstants.OAUTH_IWA_NTLM_GRANT_ENUM.toString()));
    } else {
        scopeValidationCallback.setGrantType(tokReqMsgCtx.getOauth2AccessTokenReqDTO().getGrantType());
    }

    callbackManager.handleCallback(scopeValidationCallback);
    tokReqMsgCtx.setValidityPeriod(scopeValidationCallback.getValidityPeriod());
    tokReqMsgCtx.setScope(scopeValidationCallback.getApprovedScope());
    return scopeValidationCallback.isValidScope();
}
 
Example #7
Source File: JWTAccessTokenBuilder.java    From msf4j with Apache License 2.0 6 votes vote down vote up
/**
 * Generic Signing function
 *
 * @param jwtClaimsSet contains JWT body
 * @param request
 * @return
 * @throws IdentityOAuth2Exception
 */
protected String signJWT(JWTClaimsSet jwtClaimsSet, OAuthTokenReqMessageContext request)
        throws IdentityOAuth2Exception {

    if (JWSAlgorithm.RS256.equals(signatureAlgorithm) || JWSAlgorithm.RS384.equals(signatureAlgorithm) ||
            JWSAlgorithm.RS512.equals(signatureAlgorithm)) {
        return signJWTWithRSA(jwtClaimsSet, request);
    } else if (JWSAlgorithm.HS256.equals(signatureAlgorithm) || JWSAlgorithm.HS384.equals(signatureAlgorithm) ||
            JWSAlgorithm.HS512.equals(signatureAlgorithm)) {
        // return signWithHMAC(jwtClaimsSet,jwsAlgorithm,request); implementation need to be done
        return null;
    } else {
        // return signWithEC(jwtClaimsSet,jwsAlgorithm,request); implementation need to be done
        return null;
    }
}
 
Example #8
Source File: ExtendedClientCredentialsGrantHandler.java    From carbon-apimgt with Apache License 2.0 6 votes vote down vote up
@Override
public boolean authorizeAccessDelegation(OAuthTokenReqMessageContext tokReqMsgCtx) {

    RequestParameter[] parameters = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getRequestParameters();

    long validityPeriod;

    if (parameters == null) {
        return true;
    }

    // find out validity period
    for (RequestParameter parameter : parameters) {
        if (VALIDITY_PERIOD.equals(parameter.getKey()) 
                && parameter.getValue() != null && parameter.getValue().length > 0) {
            validityPeriod = Long.parseLong(parameter.getValue()[0]);
            //set validity time
            tokReqMsgCtx.setValidityPeriod(validityPeriod);
        }
    }

    return true;
}
 
Example #9
Source File: DefaultIDTokenBuilder.java    From carbon-identity with Apache License 2.0 6 votes vote down vote up
/**
 * Generic Signing function
 *
 * @param jwtClaimsSet contains JWT body
 * @param request
 * @return
 * @throws IdentityOAuth2Exception
 */
protected String signJWT(JWTClaimsSet jwtClaimsSet, OAuthTokenReqMessageContext request)
        throws IdentityOAuth2Exception {

    if (JWSAlgorithm.RS256.equals(signatureAlgorithm) || JWSAlgorithm.RS384.equals(signatureAlgorithm) ||
            JWSAlgorithm.RS512.equals(signatureAlgorithm)) {
        return signJWTWithRSA(jwtClaimsSet, request);
    } else if (JWSAlgorithm.HS256.equals(signatureAlgorithm) || JWSAlgorithm.HS384.equals(signatureAlgorithm) ||
            JWSAlgorithm.HS512.equals(signatureAlgorithm)) {
        // return signWithHMAC(jwtClaimsSet,jwsAlgorithm,request); implementation need to be done
        return null;
    } else {
        // return signWithEC(jwtClaimsSet,jwsAlgorithm,request); implementation need to be done
        return null;
    }
}
 
Example #10
Source File: SAMLAssertionClaimsCallback.java    From carbon-identity with Apache License 2.0 6 votes vote down vote up
private String getSubjectClaimUri(OAuthTokenReqMessageContext request) {
    ApplicationManagementService applicationMgtService = OAuth2ServiceComponentHolder
            .getApplicationMgtService();
    ServiceProvider serviceProvider = null;
    try {
        String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
        String spName = applicationMgtService.getServiceProviderNameByClientId(request.getOauth2AccessTokenReqDTO()
                                                                                       .getClientId(),
                                                                               INBOUND_AUTH2_TYPE, tenantDomain);
        serviceProvider = applicationMgtService.getApplicationExcludingFileBasedSPs(spName, tenantDomain);
        if (serviceProvider != null) {
            return serviceProvider.getLocalAndOutBoundAuthenticationConfig().getSubjectClaimUri();
        }
    } catch (IdentityApplicationManagementException ex) {
        log.error("Error while getting service provider information.", ex);
    }
    return null;
}
 
Example #11
Source File: ClientCredentialsGrantHandler.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
@Override
public boolean validateGrant(OAuthTokenReqMessageContext tokReqMsgCtx)
        throws IdentityOAuth2Exception {

    if(!super.validateGrant(tokReqMsgCtx)){
        return false;
    }

    // By this time, we have already validated client credentials.
    tokReqMsgCtx.setScope(tokReqMsgCtx.getOauth2AccessTokenReqDTO().getScope());
    return true;
}
 
Example #12
Source File: ExtendedSAML2BearerGrantHandler.java    From carbon-device-mgt with Apache License 2.0 5 votes vote down vote up
@Override
public boolean validateGrant(OAuthTokenReqMessageContext tokReqMsgCtx) throws IdentityOAuth2Exception {
    if(!super.validateGrant(tokReqMsgCtx)){
        return false;
    }
    AuthenticatedUser authenticatedUser = tokReqMsgCtx.getAuthorizedUser();
    authenticatedUser.setUserName(MultitenantUtils.getTenantAwareUsername(authenticatedUser.getUserName()));
    return true;
}
 
Example #13
Source File: AbstractAuthorizationGrantHandler.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
@Override
public boolean validateGrant(OAuthTokenReqMessageContext tokReqMsgCtx)
        throws IdentityOAuth2Exception {

    OAuth2AccessTokenReqDTO tokenReqDTO = tokReqMsgCtx.getOauth2AccessTokenReqDTO();
    String grantType = tokenReqDTO.getGrantType();

    // Load application data from the cache
    AppInfoCache appInfoCache = AppInfoCache.getInstance();
    OAuthAppDO oAuthAppDO = appInfoCache.getValueFromCache(tokenReqDTO.getClientId());
    if (oAuthAppDO == null) {
        try {
            oAuthAppDO = new OAuthAppDAO().getAppInformation(tokenReqDTO.getClientId());
            appInfoCache.addToCache(tokenReqDTO.getClientId(), oAuthAppDO);
        } catch (InvalidOAuthClientException e) {
            throw new IdentityOAuth2Exception(e.getMessage(), e);
        }
    }
    // If the application has defined a limited set of grant types, then check the grant
    if (oAuthAppDO.getGrantTypes() != null && !oAuthAppDO.getGrantTypes().contains(grantType)) {
        if (log.isDebugEnabled()) {
            //Do not change this log format as these logs use by external applications
            log.debug("Unsupported Grant Type : " + grantType + " for client id : " + tokenReqDTO.getClientId());
        }
        return false;
    }
    return true;
}
 
Example #14
Source File: AuthorizationCodeGrantHandler.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
@Override
public OAuth2AccessTokenRespDTO issue(OAuthTokenReqMessageContext tokReqMsgCtx)
        throws IdentityOAuth2Exception {
    OAuth2AccessTokenRespDTO tokenRespDTO = super.issue(tokReqMsgCtx);

    // get the token from the OAuthTokenReqMessageContext which is stored while validating
    // the authorization code.
    String authzCode = (String) tokReqMsgCtx.getProperty(AUTHZ_CODE);
    // if it's not there (which is unlikely), recalculate it.
    if (authzCode == null) {
        authzCode = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getAuthorizationCode();
    }

    // Clear the cache entry
    if (cacheEnabled) {
        String clientId = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getClientId();
        OAuthCacheKey cacheKey = new OAuthCacheKey(OAuth2Util.buildCacheKeyStringForAuthzCode(
                clientId, authzCode));
        oauthCache.clearCacheEntry(cacheKey);

        if (log.isDebugEnabled()) {
            log.debug("Cache was cleared for authorization code info for client id : " + clientId);
        }
    }

    return tokenRespDTO;
}
 
Example #15
Source File: OAuth2Util.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
/**
    * 
    * @return
    */
   public static OAuthTokenReqMessageContext getTokenRequestContext() {
if (log.isDebugEnabled()) {
    log.debug("Retreived OAuthTokenReqMessageContext from threadlocal");
}
return tokenRequestContext.get();
   }
 
Example #16
Source File: OAuth2Util.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
/**
    * 
    * @param context
    */
   public static void setTokenRequestContext(OAuthTokenReqMessageContext context) {
tokenRequestContext.set(context);
if (log.isDebugEnabled()) {
    log.debug("Added OAuthTokenReqMessageContext to threadlocal");
}
   }
 
Example #17
Source File: ExtendedClientCredentialsGrantHandler.java    From carbon-apimgt with Apache License 2.0 5 votes vote down vote up
@Override
public boolean validateGrant(OAuthTokenReqMessageContext tokReqMsgCtx)
        throws IdentityOAuth2Exception {

    boolean validateResult = super.validateGrant(tokReqMsgCtx);
    AuthenticatedUser user = tokReqMsgCtx.getAuthorizedUser();
    String username = user.getUserName();
    user.setUserName(username);
    tokReqMsgCtx.setAuthorizedUser(user);

    return validateResult;
}
 
Example #18
Source File: ExtendedSAML2BearerGrantHandler.java    From carbon-apimgt with Apache License 2.0 5 votes vote down vote up
@Override
public boolean validateScope(OAuthTokenReqMessageContext tokReqMsgCtx) {
    String isSAML2Enabled = System.getProperty(ResourceConstants.CHECK_ROLES_FROM_SAML_ASSERTION);

    // set user as federated only if CHECK_ROLES_FROM_SAML_ASSERTION system property is set
    if (Boolean.parseBoolean(isSAML2Enabled)) {
        AuthenticatedUser authenticatedUser = tokReqMsgCtx.getAuthorizedUser();
        authenticatedUser.setUserStoreDomain("FEDERATED");
        tokReqMsgCtx.setAuthorizedUser(authenticatedUser);
    }

    return ScopesIssuer.getInstance().setScopes(tokReqMsgCtx);
}
 
Example #19
Source File: ClientCredentialsGrantHandler.java    From attic-stratos with Apache License 2.0 5 votes vote down vote up
@Override
public boolean validateGrant(OAuthTokenReqMessageContext tokReqMsgCtx)
        throws IdentityOAuth2Exception {
    // By this time, we have already validated client credentials.
    tokReqMsgCtx.setScope(tokReqMsgCtx.getOauth2AccessTokenReqDTO().getScope());
    return true;
}
 
Example #20
Source File: ClientCredentialsGrantHandler.java    From attic-stratos with Apache License 2.0 5 votes vote down vote up
protected String signJWT(String payLoad, OAuthTokenReqMessageContext request)
        throws IdentityOAuth2Exception {
    JWSAlgorithm jwsAlgorithm =
            mapSignatureAlgorithm(OAuthServerConfiguration.getInstance()
                    .getSignatureAlgorithm());
    if (JWSAlgorithm.RS256.equals(jwsAlgorithm) || JWSAlgorithm.RS384.equals(jwsAlgorithm) ||
            JWSAlgorithm.RS512.equals(jwsAlgorithm)) {
        return signJWTWithRSA(payLoad, jwsAlgorithm, request);
    }
    log.error("UnSupported Signature Algorithm");
    throw new IdentityOAuth2Exception("UnSupported Signature Algorithm");
}
 
Example #21
Source File: DefaultIDTokenBuilder.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
/**
 * @param request
 * @return AuthorizationGrantCacheEntry contains user attributes and nonce value
 */
private AuthorizationGrantCacheEntry getAuthorizationGrantCacheEntry(
        OAuthTokenReqMessageContext request) {

    String authorizationCode = (String) request.getProperty(AUTHORIZATION_CODE);
    AuthorizationGrantCacheKey authorizationGrantCacheKey = new AuthorizationGrantCacheKey(authorizationCode);
    AuthorizationGrantCacheEntry authorizationGrantCacheEntry =
            (AuthorizationGrantCacheEntry) AuthorizationGrantCache.getInstance().
                    getValueFromCacheByCode(authorizationGrantCacheKey);
    return authorizationGrantCacheEntry;
}
 
Example #22
Source File: AbstractClientAuthHandler.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
@Override
public boolean canAuthenticate(OAuthTokenReqMessageContext tokReqMsgCtx)
        throws IdentityOAuth2Exception {

    OAuth2AccessTokenReqDTO oAuth2AccessTokenReqDTO = tokReqMsgCtx.getOauth2AccessTokenReqDTO();

    if (StringUtils.isNotEmpty(oAuth2AccessTokenReqDTO.getClientId()) &&
            StringUtils.isNotEmpty(oAuth2AccessTokenReqDTO.getClientSecret())) {
        if (log.isDebugEnabled()) {
            log.debug("Can authenticate with client ID and Secret." +
                    " Client ID: "+ oAuth2AccessTokenReqDTO.getClientId());
        }
        return true;

    } else {
        if (org.wso2.carbon.identity.oauth.common.GrantType.SAML20_BEARER.toString().equals(
                oAuth2AccessTokenReqDTO.getGrantType())) {

            //Getting configured value for client credential validation requirements
            authConfig = properties.getProperty(
                    OAuthConstants.CLIENT_AUTH_CREDENTIAL_VALIDATION);

            if (log.isDebugEnabled()) {
                log.debug("Grant type : " + oAuth2AccessTokenReqDTO.getGrantType());
            }

            //If user has set strict validation to false, can authenticate without credentials
            if (StringUtils.isNotEmpty(authConfig) && JavaUtils.isFalseExplicitly(authConfig)) {
                if (log.isDebugEnabled()) {
                    log.debug("Client auth credential validation set to : " + authConfig + ". " +
                            "can authenticate without client secret");
                }
                return true;
            }
        }
    }
    return false;
}
 
Example #23
Source File: JWTAccessTokenBuilder.java    From msf4j with Apache License 2.0 5 votes vote down vote up
/**
 * To build id token from OauthToken request message context
 *
 * @param request Token request message context
 * @return Signed jwt string.
 * @throws IdentityOAuth2Exception
 */
protected String buildIDToken(OAuthTokenReqMessageContext request)
        throws IdentityOAuth2Exception {

    String issuer = OAuth2Util.getIDTokenIssuer();
    long lifetimeInMillis = OAuthServerConfiguration.getInstance().
            getApplicationAccessTokenValidityPeriodInSeconds() * 1000;
    long curTimeInMillis = Calendar.getInstance().getTimeInMillis();
    // setting subject
    String subject = request.getAuthorizedUser().getAuthenticatedSubjectIdentifier();
    if (!StringUtils.isNotBlank(subject)) {
        subject = request.getAuthorizedUser().getUserName();
    }
    // Set claims to jwt token.
    JWTClaimsSet jwtClaimsSet = new JWTClaimsSet();
    jwtClaimsSet.setIssuer(issuer);
    jwtClaimsSet.setSubject(subject);
    jwtClaimsSet.setAudience(Arrays.asList(request.getOauth2AccessTokenReqDTO().getClientId()));
    jwtClaimsSet.setClaim(Constants.AUTHORIZATION_PARTY, request.getOauth2AccessTokenReqDTO().getClientId());
    jwtClaimsSet.setExpirationTime(new Date(curTimeInMillis + lifetimeInMillis));
    jwtClaimsSet.setIssueTime(new Date(curTimeInMillis));
    addUserClaims(jwtClaimsSet, request.getAuthorizedUser());

    if (JWSAlgorithm.NONE.getName().equals(signatureAlgorithm.getName())) {
        return new PlainJWT(jwtClaimsSet).serialize();
    }
    return signJWT(jwtClaimsSet, request);
}
 
Example #24
Source File: JWTAccessTokenBuilder.java    From msf4j with Apache License 2.0 5 votes vote down vote up
public String accessToken(OAuthTokenReqMessageContext oAuthTokenReqMessageContext) throws OAuthSystemException {
    if (log.isDebugEnabled()) {
        log.debug("Access token request with token request message context. Authorized user " +
                oAuthTokenReqMessageContext.getAuthorizedUser().toString());
    }
    try {
        return this.buildIDToken(oAuthTokenReqMessageContext);
    } catch (IdentityOAuth2Exception e) {
        if (log.isDebugEnabled()) {
            log.debug("Error occurred while issuing jwt access token. Hence returning default token", e);
        }
        // Return default access token if it fails to build jwt
        return super.accessToken(oAuthTokenReqMessageContext);
    }
}
 
Example #25
Source File: SAMLAssertionClaimsCallback.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
/**
 * Get response map
 *
 * @param requestMsgCtx Token request message context
 * @return Mapped claimed
 * @throws OAuthSystemException
 */
private Map<String, Object> getResponse(OAuthTokenReqMessageContext requestMsgCtx)
        throws OAuthSystemException {

    Map<ClaimMapping, String> userAttributes =
            getUserAttributesFromCache(requestMsgCtx.getProperty(OAuthConstants.ACCESS_TOKEN).toString());
    Map<String, Object> claims = Collections.emptyMap();

    if (userAttributes.isEmpty() && requestMsgCtx.getProperty(OAuthConstants.AUTHZ_CODE) != null) {
        userAttributes =
                getUserAttributesFromCache(requestMsgCtx.getProperty(OAuthConstants.AUTHZ_CODE).toString());
    }

    // If subject claim uri is null, we get the actual user name of the logged in user.
    if (MapUtils.isEmpty(userAttributes) && (getSubjectClaimUri(requestMsgCtx) == null)) {
        if (log.isDebugEnabled()) {
            log.debug("User attributes not found in cache. Trying to retrieve attribute for user " + requestMsgCtx
                    .getAuthorizedUser());
        }
        try {
            claims = getClaimsFromUserStore(requestMsgCtx);
        } catch (UserStoreException | IdentityApplicationManagementException | IdentityException e) {
            log.error("Error occurred while getting claims for user " + requestMsgCtx.getAuthorizedUser(), e);
        }
    } else {
        claims = getClaimsMap(userAttributes);
    }
    return claims;
}
 
Example #26
Source File: ExtendedPasswordGrantHandler.java    From carbon-apimgt with Apache License 2.0 4 votes vote down vote up
@Override
public boolean validateScope(OAuthTokenReqMessageContext tokReqMsgCtx){
    return ScopesIssuer.getInstance().setScopes(tokReqMsgCtx);
}
 
Example #27
Source File: ExtendedAuthorizationCodeGrantHandler.java    From carbon-apimgt with Apache License 2.0 4 votes vote down vote up
@Override
public boolean validateGrant(OAuthTokenReqMessageContext tokReqMsgCtx) throws IdentityOAuth2Exception {
    return super.validateGrant(tokReqMsgCtx);
}
 
Example #28
Source File: ExtendedAuthorizationCodeGrantHandler.java    From carbon-apimgt with Apache License 2.0 4 votes vote down vote up
@Override
public OAuth2AccessTokenRespDTO issue(OAuthTokenReqMessageContext tokReqMsgCtx)
        throws IdentityOAuth2Exception {
    return super.issue(tokReqMsgCtx);
}
 
Example #29
Source File: ExtendedAuthorizationCodeGrantHandler.java    From carbon-apimgt with Apache License 2.0 4 votes vote down vote up
@Override
public boolean authorizeAccessDelegation(OAuthTokenReqMessageContext tokReqMsgCtx)
        throws IdentityOAuth2Exception {
    return super.authorizeAccessDelegation(tokReqMsgCtx);
}
 
Example #30
Source File: ExtendedAuthorizationCodeGrantHandler.java    From carbon-apimgt with Apache License 2.0 4 votes vote down vote up
@Override
public boolean validateScope(OAuthTokenReqMessageContext tokReqMsgCtx) {
    return ScopesIssuer.getInstance().setScopes(tokReqMsgCtx);
}