Java源码示例:com.nimbusds.oauth2.sdk.id.ClientID
示例1
@Override
public void initiateLogin() {
try {
ClientID clientID = new ClientID(clientId);
State state = new State(UUID.randomUUID().toString());
Session.get().setAttribute(SESSION_ATTR_STATE, state.getValue());
Session.get().setAttribute(SESSION_ATTR_PROVIDER_METADATA, discoverProviderMetadata());
String scopes = "openid email profile";
if (groupsClaim != null)
scopes = scopes + " " + groupsClaim;
AuthenticationRequest request = new AuthenticationRequest(
new URI(getCachedProviderMetadata().getAuthorizationEndpoint()),
new ResponseType("code"), Scope.parse(scopes), clientID, getCallbackUri(),
state, new Nonce());
throw new RedirectToUrlException(request.toURI().toString());
} catch (URISyntaxException|SerializeException e) {
throw new RuntimeException(e);
}
}
示例2
public Optional<Tokens> getUserTokens(String code) throws IOException, ParseException {
final ClientAuthentication basicAuth = new ClientSecretBasic(new ClientID(clientId), new Secret(clientSecret));
final URI redirectUri = fromUri(redirectUrl).build();
final AuthorizationCodeGrant authzGrant = new AuthorizationCodeGrant(new AuthorizationCode(code), redirectUri);
final TokenRequest tokenRequest = new TokenRequest(getTokenUrl(discoveryUrl), basicAuth, authzGrant);
final TokenResponse response = OIDCTokenResponseParser.parse(tokenRequest.toHTTPRequest().send());
if (response.indicatesSuccess()) {
final Tokens tokens = response.toSuccessResponse().getTokens();
// TODO check if the id is not fake
return Optional.of(tokens);
} else {
LOG.error("Could not retrieve client token: {}", response.toErrorResponse().getErrorObject());
return Optional.empty();
}
}
示例3
@Test
public void getAuthenticationRequest() throws URISyntaxException {
OidcClient underTest = newSpyOidcClient();
AuthenticationRequest request = underTest.getAuthenticationRequest(CALLBACK_URL, STATE);
assertEquals("invalid scope", Scope.parse("openid profile email"), request.getScope());
assertEquals("invalid client id", new ClientID("id"), request.getClientID());
assertEquals("invalid state", new State(STATE), request.getState());
assertEquals("invalid response type", ResponseType.getDefault(), request.getResponseType());
assertEquals("invalid redirect uri", new URI(CALLBACK_URL), request.getRedirectionURI());
assertEquals("invalid endpoint uri", new URI(ISSUER_URI).resolve("/protocol/openid-connect/auth"),
request.getEndpointURI());
}
示例4
private IDTokenClaimsSet validateToken(OAuthProvider provider, OAuthLoginRequestDTO oAuthLoginRequestDTO)
throws MalformedURLException, ParseException, BadJOSEException, JOSEException {
Issuer iss = new Issuer(provider.getIssuer());
ClientID clientID = new ClientID(provider.getClientID());
Nonce nonce = new Nonce(oAuthLoginRequestDTO.getNonce());
URL jwkSetURL = new URL(provider.getJwkSetURL());
JWSAlgorithm jwsAlg = JWSAlgorithm.parse(provider.getJwsAlgorithm());
IDTokenValidator validator = new IDTokenValidator(iss, clientID, jwsAlg, jwkSetURL);
JWT idToken = JWTParser.parse(oAuthLoginRequestDTO.getIdToken());
return validator.validate(idToken, nonce);
}
示例5
@Override
public ClientID getClientId() {
if (!isOidcEnabled()) {
throw new IllegalStateException(OPEN_ID_CONNECT_SUPPORT_IS_NOT_CONFIGURED);
}
return clientId;
}
示例6
private JWTAuthenticationClaimsSet getAuthenticationClaimsSet(final String subject, final String audience, final Date expiration) {
return new JWTAuthenticationClaimsSet(
new ClientID(subject),
new Audience(audience).toSingleAudienceList(),
expiration,
null,
null,
new JWTID());
}
示例7
@Override
public SsoAuthenticated processLoginResponse() {
HttpServletRequest request = (HttpServletRequest) RequestCycle.get().getRequest().getContainerRequest();
try {
AuthenticationResponse authenticationResponse = AuthenticationResponseParser.parse(
new URI(request.getRequestURI() + "?" + request.getQueryString()));
if (authenticationResponse instanceof AuthenticationErrorResponse) {
throw buildException(((AuthenticationErrorResponse)authenticationResponse).getErrorObject());
} else {
AuthenticationSuccessResponse authenticationSuccessResponse =
(AuthenticationSuccessResponse)authenticationResponse;
String state = (String) Session.get().getAttribute(SESSION_ATTR_STATE);
if (state == null || !state.equals(authenticationSuccessResponse.getState().getValue()))
throw new AuthenticationException("Unsolicited OIDC authentication response");
AuthorizationGrant codeGrant = new AuthorizationCodeGrant(
authenticationSuccessResponse.getAuthorizationCode(), getCallbackUri());
ClientID clientID = new ClientID(getClientId());
Secret clientSecret = new Secret(getClientSecret());
ClientAuthentication clientAuth = new ClientSecretBasic(clientID, clientSecret);
TokenRequest tokenRequest = new TokenRequest(
new URI(getCachedProviderMetadata().getTokenEndpoint()), clientAuth, codeGrant);
HTTPResponse httpResponse = tokenRequest.toHTTPRequest().send();
if (httpResponse.getStatusCode() == HTTPResponse.SC_OK) {
JSONObject jsonObject = httpResponse.getContentAsJSONObject();
if (jsonObject.get("error") != null)
throw buildException(TokenErrorResponse.parse(jsonObject).getErrorObject());
else
return processTokenResponse(OIDCAccessTokenResponse.parse(jsonObject));
} else {
ErrorObject error = TokenErrorResponse.parse(httpResponse).getErrorObject();
if (error != null) {
throw buildException(error);
} else {
String message = String.format("Error requesting OIDC token: http status: %d",
httpResponse.getStatusCode());
throw new AuthenticationException(message);
}
}
}
} catch (ParseException | URISyntaxException|SerializeException|IOException e) {
throw new RuntimeException(e);
}
}
示例8
private ClientID getClientId() {
return new ClientID(config.clientId());
}
示例9
protected ClientSecretGet(ClientID clientID, Secret secret) {
super(new ClientAuthenticationMethod("get"), clientID, secret);
}
示例10
@Override
public TokenResponseAttributes exchange(
AuthorizationCodeAuthenticationToken authorizationCodeAuthenticationToken)
throws OAuth2AuthenticationException {
ClientRegistration clientRegistration = authorizationCodeAuthenticationToken.getClientRegistration();
AuthorizationCode authorizationCode = new AuthorizationCode(
authorizationCodeAuthenticationToken.getAuthorizationCode());
AuthorizationGrant authorizationCodeGrant = new AuthorizationCodeGrant(
authorizationCode, URI.create(clientRegistration.getRedirectUri()));
URI tokenUri = URI.create(clientRegistration.getProviderDetails().getTokenUri());
ClientID clientId = new ClientID(clientRegistration.getClientId());
Secret clientSecret = new Secret(clientRegistration.getClientSecret());
ClientAuthentication clientAuthentication = new ClientSecretGet(clientId, clientSecret);
try {
HTTPRequest httpRequest = createTokenRequest(
clientRegistration, authorizationCodeGrant,
tokenUri, clientAuthentication);
TokenResponse tokenResponse = TokenResponse.parse(httpRequest.send());
if (!tokenResponse.indicatesSuccess()) {
OAuth2Error errorObject = new OAuth2Error("invalid_token_response");
throw new OAuth2AuthenticationException(errorObject, "error");
}
return createTokenResponse((AccessTokenResponse) tokenResponse);
} catch (MalformedURLException e) {
throw new SerializeException(e.getMessage(), e);
} catch (ParseException pe) {
throw new OAuth2AuthenticationException(new OAuth2Error("invalid_token_response"), pe);
} catch (IOException ioe) {
throw new AuthenticationServiceException(
"An error occurred while sending the Access Token Request: " +
ioe.getMessage(), ioe);
}
}
示例11
/**
* Returns the configured client id.
*
* @return the client id
*/
ClientID getClientId();
