Java Code Examples for io.vertx.ext.auth.JWTOptions#getAudience()
The following examples show how to use
io.vertx.ext.auth.JWTOptions#getAudience() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: OAuth2AuthProviderImpl.java From vertx-auth with Apache License 2.0 | 4 votes |
|
private void validateUser(User user, Handler<AsyncResult<User>> handler) {
if (!user.attributes().containsKey("accessToken")) {
// nothing else to do
handler.handle(Future.succeededFuture(user));
return;
}
// the user object is a JWT so we should validate it as mandated by OIDC
final JWTOptions jwtOptions = config.getJWTOptions();
// basic validation passed, the token is not expired,
// the spec mandates that that a few extra checks are performed
final JsonObject payload;
try {
payload = user.attributes().getJsonObject("accessToken");
} catch (RuntimeException e) {
handler.handle(Future.failedFuture("User accessToken isn't a JsonObject"));
return;
}
if (jwtOptions.getAudience() != null) {
JsonArray target;
if (payload.getValue("aud") instanceof String) {
target = new JsonArray().add(payload.getValue("aud", ""));
} else {
target = payload.getJsonArray("aud", new JsonArray());
}
if (Collections.disjoint(jwtOptions.getAudience(), target.getList())) {
handler.handle(Future.failedFuture("Invalid JWT audience. expected: " + Json.encode(jwtOptions.getAudience())));
return;
}
}
if (jwtOptions.getIssuer() != null) {
if (!jwtOptions.getIssuer().equals(payload.getString("iss"))) {
handler.handle(Future.failedFuture("Invalid JWT issuer"));
return;
}
}
handler.handle(Future.succeededFuture(user));
}
Example 2
| Source File: JWT.java From vertx-auth with Apache License 2.0 | 4 votes |
|
public String sign(JsonObject payload, JWTOptions options) {
final String algorithm = options.getAlgorithm();
List<Crypto> cryptos = SIGN.get(algorithm);
if (cryptos == null || cryptos.size() == 0) {
throw new RuntimeException("Algorithm not supported: " + algorithm);
}
// lock the crypto implementation
final Crypto crypto = cryptos.get(RND.nextInt(cryptos.size()));
// header, typ is fixed value.
JsonObject header = new JsonObject()
.mergeIn(options.getHeader())
.put("typ", "JWT")
.put("alg", algorithm);
// add kid if present
if (crypto.getId() != null) {
header.put("kid", crypto.getId());
}
// NumericDate is a number is seconds since 1st Jan 1970 in UTC
long timestamp = System.currentTimeMillis() / 1000;
if (!options.isNoTimestamp()) {
payload.put("iat", payload.getValue("iat", timestamp));
}
if (options.getExpiresInSeconds() > 0) {
payload.put("exp", timestamp + options.getExpiresInSeconds());
}
if (options.getAudience() != null && options.getAudience().size() >= 1) {
if (options.getAudience().size() > 1) {
payload.put("aud", new JsonArray(options.getAudience()));
} else {
payload.put("aud", options.getAudience().get(0));
}
}
if(options.getScopes() != null && options.getScopes().size() >= 1) {
if(options.hasScopeDelimiter()) {
payload.put("scope", String.join(options.getScopeDelimiter(), options.getScopes()));
} else {
payload.put("scope", new JsonArray(options.getScopes()));
}
}
if (options.getIssuer() != null) {
payload.put("iss", options.getIssuer());
}
if (options.getSubject() != null) {
payload.put("sub", options.getSubject());
}
// create segments, all segment should be base64 string
String headerSegment = base64urlEncode(header.encode());
String payloadSegment = base64urlEncode(payload.encode());
String signingInput = headerSegment + "." + payloadSegment;
String signSegment = base64urlEncode(crypto.sign(signingInput.getBytes(UTF8)));
return headerSegment + "." + payloadSegment + "." + signSegment;
}
