com.nimbusds.oauth2.sdk.id.ClientID Java Examples

The following examples show how to use com.nimbusds.oauth2.sdk.id.ClientID. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: OpenIdConnector.java    From onedev with MIT License 6 votes vote down vote up 
@Override
public void initiateLogin() {
	try {
		ClientID clientID = new ClientID(clientId);
		
		State state = new State(UUID.randomUUID().toString());
		Session.get().setAttribute(SESSION_ATTR_STATE, state.getValue());
		Session.get().setAttribute(SESSION_ATTR_PROVIDER_METADATA, discoverProviderMetadata());
		
		String scopes = "openid email profile";
		if (groupsClaim != null)
			scopes = scopes + " " + groupsClaim;
		
		AuthenticationRequest request = new AuthenticationRequest(
				new URI(getCachedProviderMetadata().getAuthorizationEndpoint()),
			    new ResponseType("code"), Scope.parse(scopes), clientID, getCallbackUri(),
			    state, new Nonce());
		throw new RedirectToUrlException(request.toURI().toString());
	} catch (URISyntaxException|SerializeException e) {
		throw new RuntimeException(e);
	}		
}
Example #2
Source File: OpenIdClient.java    From timbuctoo with GNU General Public License v3.0 6 votes vote down vote up 
public Optional<Tokens> getUserTokens(String code) throws IOException, ParseException {
  final ClientAuthentication basicAuth = new ClientSecretBasic(new ClientID(clientId), new Secret(clientSecret));
  final URI redirectUri = fromUri(redirectUrl).build();
  final AuthorizationCodeGrant authzGrant = new AuthorizationCodeGrant(new AuthorizationCode(code), redirectUri);
  final TokenRequest tokenRequest = new TokenRequest(getTokenUrl(discoveryUrl), basicAuth, authzGrant);
  final TokenResponse response = OIDCTokenResponseParser.parse(tokenRequest.toHTTPRequest().send());

  if (response.indicatesSuccess()) {
    final Tokens tokens = response.toSuccessResponse().getTokens();

    // TODO check if the id is not fake
    return Optional.of(tokens);
  } else {
    LOG.error("Could not retrieve client token: {}", response.toErrorResponse().getErrorObject());
    return Optional.empty();
  }
}
Example #3
Source File: OidcClientTest.java    From sonar-auth-oidc with Apache License 2.0 5 votes vote down vote up 
@Test
public void getAuthenticationRequest() throws URISyntaxException {
  OidcClient underTest = newSpyOidcClient();
  AuthenticationRequest request = underTest.getAuthenticationRequest(CALLBACK_URL, STATE);
  assertEquals("invalid scope", Scope.parse("openid profile email"), request.getScope());
  assertEquals("invalid client id", new ClientID("id"), request.getClientID());
  assertEquals("invalid state", new State(STATE), request.getState());
  assertEquals("invalid response type", ResponseType.getDefault(), request.getResponseType());
  assertEquals("invalid redirect uri", new URI(CALLBACK_URL), request.getRedirectionURI());
  assertEquals("invalid endpoint uri", new URI(ISSUER_URI).resolve("/protocol/openid-connect/auth"),
      request.getEndpointURI());
}
Example #4
Source File: AuthResource.java    From eplmp with Eclipse Public License 1.0 5 votes vote down vote up 
private IDTokenClaimsSet validateToken(OAuthProvider provider, OAuthLoginRequestDTO oAuthLoginRequestDTO)
        throws MalformedURLException, ParseException, BadJOSEException, JOSEException {
    Issuer iss = new Issuer(provider.getIssuer());
    ClientID clientID = new ClientID(provider.getClientID());
    Nonce nonce = new Nonce(oAuthLoginRequestDTO.getNonce());
    URL jwkSetURL = new URL(provider.getJwkSetURL());
    JWSAlgorithm jwsAlg = JWSAlgorithm.parse(provider.getJwsAlgorithm());
    IDTokenValidator validator = new IDTokenValidator(iss, clientID, jwsAlg, jwkSetURL);
    JWT idToken = JWTParser.parse(oAuthLoginRequestDTO.getIdToken());
    return validator.validate(idToken, nonce);
}
Example #5
Source File: StandardOidcIdentityProvider.java    From nifi with Apache License 2.0 5 votes vote down vote up 
@Override
public ClientID getClientId() {
    if (!isOidcEnabled()) {
        throw new IllegalStateException(OPEN_ID_CONNECT_SUPPORT_IS_NOT_CONFIGURED);
    }

    return clientId;
}
Example #6
Source File: KnoxServiceTest.java    From nifi with Apache License 2.0 5 votes vote down vote up 
private JWTAuthenticationClaimsSet getAuthenticationClaimsSet(final String subject, final String audience, final Date expiration) {
    return new JWTAuthenticationClaimsSet(
            new ClientID(subject),
            new Audience(audience).toSingleAudienceList(),
            expiration,
            null,
            null,
            new JWTID());
}
Example #7
Source File: OpenIdConnector.java    From onedev with MIT License 4 votes vote down vote up 
@Override
public SsoAuthenticated processLoginResponse() {
	HttpServletRequest request = (HttpServletRequest) RequestCycle.get().getRequest().getContainerRequest();
	try {
		AuthenticationResponse authenticationResponse = AuthenticationResponseParser.parse(
				new URI(request.getRequestURI() + "?" + request.getQueryString()));
		if (authenticationResponse instanceof AuthenticationErrorResponse) {
			throw buildException(((AuthenticationErrorResponse)authenticationResponse).getErrorObject()); 
		} else {
			AuthenticationSuccessResponse authenticationSuccessResponse = 
					(AuthenticationSuccessResponse)authenticationResponse;
			
			String state = (String) Session.get().getAttribute(SESSION_ATTR_STATE);
			
			if (state == null || !state.equals(authenticationSuccessResponse.getState().getValue()))
				throw new AuthenticationException("Unsolicited OIDC authentication response");
			
			AuthorizationGrant codeGrant = new AuthorizationCodeGrant(
					authenticationSuccessResponse.getAuthorizationCode(), getCallbackUri());

			ClientID clientID = new ClientID(getClientId());
			Secret clientSecret = new Secret(getClientSecret());
			ClientAuthentication clientAuth = new ClientSecretBasic(clientID, clientSecret);
			TokenRequest tokenRequest = new TokenRequest(
					new URI(getCachedProviderMetadata().getTokenEndpoint()), clientAuth, codeGrant);
			HTTPResponse httpResponse = tokenRequest.toHTTPRequest().send();
			if (httpResponse.getStatusCode() == HTTPResponse.SC_OK) {
				JSONObject jsonObject = httpResponse.getContentAsJSONObject();
				if (jsonObject.get("error") != null) 
					throw buildException(TokenErrorResponse.parse(jsonObject).getErrorObject());
				else 
					return processTokenResponse(OIDCAccessTokenResponse.parse(jsonObject));
			} else {
				ErrorObject error = TokenErrorResponse.parse(httpResponse).getErrorObject();
				if (error != null) {
					throw buildException(error);
				} else {
					String message = String.format("Error requesting OIDC token: http status: %d", 
							httpResponse.getStatusCode());
					throw new AuthenticationException(message);
				}
			}
		}
	} catch (ParseException | URISyntaxException|SerializeException|IOException e) {
		throw new RuntimeException(e);
	}
}
Example #8
Source File: OidcClient.java    From sonar-auth-oidc with Apache License 2.0 4 votes vote down vote up 
private ClientID getClientId() {
  return new ClientID(config.clientId());
}
Example #9
Source File: ClientSecretGet.java    From OAuth-2.0-Cookbook with MIT License 4 votes vote down vote up 
protected ClientSecretGet(ClientID clientID, Secret secret) {
    super(new ClientAuthenticationMethod("get"), clientID, secret);
}
Example #10
Source File: FacebookAuthorizationGrantTokenExchanger.java    From OAuth-2.0-Cookbook with MIT License 4 votes vote down vote up 
@Override
public TokenResponseAttributes exchange(
    AuthorizationCodeAuthenticationToken authorizationCodeAuthenticationToken)
    throws OAuth2AuthenticationException {

    ClientRegistration clientRegistration = authorizationCodeAuthenticationToken.getClientRegistration();

    AuthorizationCode authorizationCode = new AuthorizationCode(
        authorizationCodeAuthenticationToken.getAuthorizationCode());
    AuthorizationGrant authorizationCodeGrant = new AuthorizationCodeGrant(
        authorizationCode, URI.create(clientRegistration.getRedirectUri()));
    URI tokenUri = URI.create(clientRegistration.getProviderDetails().getTokenUri());

    ClientID clientId = new ClientID(clientRegistration.getClientId());
    Secret clientSecret = new Secret(clientRegistration.getClientSecret());
    ClientAuthentication clientAuthentication = new ClientSecretGet(clientId, clientSecret);

    try {
        HTTPRequest httpRequest = createTokenRequest(
                clientRegistration, authorizationCodeGrant,
                tokenUri, clientAuthentication);

        TokenResponse tokenResponse = TokenResponse.parse(httpRequest.send());

        if (!tokenResponse.indicatesSuccess()) {
            OAuth2Error errorObject = new OAuth2Error("invalid_token_response");
            throw new OAuth2AuthenticationException(errorObject, "error");
        }

        return createTokenResponse((AccessTokenResponse) tokenResponse);

    } catch (MalformedURLException e) {
        throw new SerializeException(e.getMessage(), e);
    } catch (ParseException pe) {
        throw new OAuth2AuthenticationException(new OAuth2Error("invalid_token_response"), pe);
    } catch (IOException ioe) {
        throw new AuthenticationServiceException(
            "An error occurred while sending the Access Token Request: " +
            ioe.getMessage(), ioe);
    }

}
Example #11
Source File: OidcIdentityProvider.java    From nifi with Apache License 2.0 2 votes vote down vote up 
/**
 * Returns the configured client id.
 *
 * @return the client id
 */
ClientID getClientId();