com.nimbusds.oauth2.sdk.http.HTTPResponse Java Examples

The following examples show how to use com.nimbusds.oauth2.sdk.http.HTTPResponse. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: GitHubConnector.java    From onedev with MIT License 6 votes vote down vote up 
@Override
protected SsoAuthenticated processTokenResponse(OIDCAccessTokenResponse tokenSuccessResponse) {
	BearerAccessToken accessToken = (BearerAccessToken) tokenSuccessResponse.getAccessToken();

	try {
		UserInfoRequest userInfoRequest = new UserInfoRequest(
				new URI(getCachedProviderMetadata().getUserInfoEndpoint()), accessToken);
		HTTPResponse httpResponse = userInfoRequest.toHTTPRequest().send();

		if (httpResponse.getStatusCode() == HTTPResponse.SC_OK) {
			JSONObject json = httpResponse.getContentAsJSONObject();
			String userName = (String) json.get("login");
			String email = (String) json.get("email");
			if (StringUtils.isBlank(email))
				throw new AuthenticationException("A public email is required");
			String fullName = (String) json.get("name");
			
			return new SsoAuthenticated(userName, userName, email, fullName, null, null, this);
		} else {
			throw buildException(UserInfoErrorResponse.parse(httpResponse).getErrorObject());
		}
	} catch (SerializeException | ParseException | URISyntaxException | IOException e) {
		throw new RuntimeException(e);
	}
}
Example #2
Source File: StandardOidcIdentityProvider.java    From nifi with Apache License 2.0 5 votes vote down vote up 
private OIDCProviderMetadata retrieveOidcProviderMetadata(final String discoveryUri) throws IOException, ParseException {
    final URL url = new URL(discoveryUri);
    final HTTPRequest httpRequest = new HTTPRequest(HTTPRequest.Method.GET, url);
    httpRequest.setConnectTimeout(oidcConnectTimeout);
    httpRequest.setReadTimeout(oidcReadTimeout);

    final HTTPResponse httpResponse = httpRequest.send();

    if (httpResponse.getStatusCode() != 200) {
        throw new IOException("Unable to download OpenId Connect Provider metadata from " + url + ": Status code " + httpResponse.getStatusCode());
    }

    final JSONObject jsonObject = httpResponse.getContentAsJSONObject();
    return OIDCProviderMetadata.parse(jsonObject);
}
Example #3
Source File: OpenIdConnector.java    From onedev with MIT License 4 votes vote down vote up 
@Override
public SsoAuthenticated processLoginResponse() {
	HttpServletRequest request = (HttpServletRequest) RequestCycle.get().getRequest().getContainerRequest();
	try {
		AuthenticationResponse authenticationResponse = AuthenticationResponseParser.parse(
				new URI(request.getRequestURI() + "?" + request.getQueryString()));
		if (authenticationResponse instanceof AuthenticationErrorResponse) {
			throw buildException(((AuthenticationErrorResponse)authenticationResponse).getErrorObject()); 
		} else {
			AuthenticationSuccessResponse authenticationSuccessResponse = 
					(AuthenticationSuccessResponse)authenticationResponse;
			
			String state = (String) Session.get().getAttribute(SESSION_ATTR_STATE);
			
			if (state == null || !state.equals(authenticationSuccessResponse.getState().getValue()))
				throw new AuthenticationException("Unsolicited OIDC authentication response");
			
			AuthorizationGrant codeGrant = new AuthorizationCodeGrant(
					authenticationSuccessResponse.getAuthorizationCode(), getCallbackUri());

			ClientID clientID = new ClientID(getClientId());
			Secret clientSecret = new Secret(getClientSecret());
			ClientAuthentication clientAuth = new ClientSecretBasic(clientID, clientSecret);
			TokenRequest tokenRequest = new TokenRequest(
					new URI(getCachedProviderMetadata().getTokenEndpoint()), clientAuth, codeGrant);
			HTTPResponse httpResponse = tokenRequest.toHTTPRequest().send();
			if (httpResponse.getStatusCode() == HTTPResponse.SC_OK) {
				JSONObject jsonObject = httpResponse.getContentAsJSONObject();
				if (jsonObject.get("error") != null) 
					throw buildException(TokenErrorResponse.parse(jsonObject).getErrorObject());
				else 
					return processTokenResponse(OIDCAccessTokenResponse.parse(jsonObject));
			} else {
				ErrorObject error = TokenErrorResponse.parse(httpResponse).getErrorObject();
				if (error != null) {
					throw buildException(error);
				} else {
					String message = String.format("Error requesting OIDC token: http status: %d", 
							httpResponse.getStatusCode());
					throw new AuthenticationException(message);
				}
			}
		}
	} catch (ParseException | URISyntaxException|SerializeException|IOException e) {
		throw new RuntimeException(e);
	}
}
Example #4
Source File: OpenIdConnector.java    From onedev with MIT License 4 votes vote down vote up 
protected SsoAuthenticated processTokenResponse(OIDCAccessTokenResponse tokenSuccessResponse) {
	try {
		JWT idToken = tokenSuccessResponse.getIDToken();
		ReadOnlyJWTClaimsSet claims = idToken.getJWTClaimsSet();
		
		if (!claims.getIssuer().equals(getCachedProviderMetadata().getIssuer()))
			throw new AuthenticationException("Inconsistent issuer in provider metadata and ID token");
		
		DateTime now = new DateTime();
		
		if (claims.getIssueTime() != null && claims.getIssueTime().after(now.plusSeconds(10).toDate()))
			throw new AuthenticationException("Invalid issue date of ID token");
		
		if (claims.getExpirationTime() != null && now.toDate().after(claims.getExpirationTime()))
			throw new AuthenticationException("ID token was expired");

		String subject = claims.getSubject();
		
		BearerAccessToken accessToken = (BearerAccessToken) tokenSuccessResponse.getAccessToken();

		UserInfoRequest userInfoRequest = new UserInfoRequest(
				new URI(getCachedProviderMetadata().getUserInfoEndpoint()), accessToken);
		HTTPResponse httpResponse = userInfoRequest.toHTTPRequest().send();

		if (httpResponse.getStatusCode() == HTTPResponse.SC_OK) {
			JSONObject json = httpResponse.getContentAsJSONObject();
			if (!subject.equals(json.get("sub")))
				throw new AuthenticationException("OIDC error: Inconsistent sub in ID token and userinfo");
			String email = (String) json.get("email");
			if (StringUtils.isBlank(email))
				throw new AuthenticationException("OIDC error: No email claim returned");
			String userName = (String) json.get("preferred_username");
			if (StringUtils.isBlank(userName))
				userName = email;
			userName = StringUtils.substringBefore(userName, "@");
			
			String fullName = (String) json.get("name");

			List<String> groupNames;
			if (getGroupsClaim() != null) {
				groupNames = new ArrayList<>();
				JSONArray jsonArray = (JSONArray) json.get(getGroupsClaim());
				if (jsonArray != null) {
					for (Object group: jsonArray)
						groupNames.add((String) group);
				}
			} else {
				groupNames = null;
			}
			
			return new SsoAuthenticated(claims.getSubject(), userName, email, fullName, groupNames, null, this);
		} else {
			throw buildException(UserInfoErrorResponse.parse(httpResponse).getErrorObject());
		}
	} catch (Exception e) {
		throw ExceptionUtils.unchecked(e);
	}
}
Example #5
Source File: UserInfoErrorResponse.java    From onedev with MIT License 3 votes vote down vote up 
/**
 * Parses a UserInfo error response from the specified HTTP response.
 *
 * <p>Note: The HTTP status code is not checked for matching the error
 * code semantics.
 *
 * @param httpResponse The HTTP response to parse. Its status code must
 *                     not be 200 (OK). Must not be {@code null}.
 *
 * @throws ParseException If the HTTP response couldn't be parsed to a 
 *                        UserInfo error response.
 */
public static UserInfoErrorResponse parse(final HTTPResponse httpResponse)
	throws ParseException {
	
	httpResponse.ensureStatusCodeNotOK();

	String wwwAuth = httpResponse.getWWWAuthenticate();
	
	if (StringUtils.isNotBlank(wwwAuth))
		return parse(wwwAuth);

	return new UserInfoErrorResponse();
}