/** * Creates a new instance of the DelegatedTokenCredentials from an auth file. * * @param authFile The credentials based on the file * @param redirectUrl the URL to redirect to after authentication in Active Directory * @return a new delegated token credentials * @throws IOException exception thrown from file access errors. */ public static DelegatedTokenCredentials fromFile(File authFile, String redirectUrl) throws IOException { return new DelegatedTokenCredentials(ApplicationTokenCredentials.fromFile(authFile), redirectUrl); }
/** * Generate the URL to authenticate through OAuth2. * * @param responseMode the method that should be used to send the resulting token back to your app * @param state a value included in the request that is also returned in the token response * @return the URL to authenticate through OAuth2 */ public String generateAuthenticationUrl(ResponseMode responseMode, String state) { return String.format("%s/%s/oauth2/authorize?client_id=%s&response_type=code&redirect_uri=%s&response_mode=%s&state=%s", environment().activeDirectoryEndpoint(), domain(), clientId(), this.redirectUrl, responseMode.value, state); }
private AuthenticationResult acquireAccessTokenFromRefreshToken(String resource, String refreshToken, boolean isMultipleResourceRefreshToken) throws IOException { ExecutorService executor = Executors.newSingleThreadExecutor(); try { return refreshTokenClient.refreshToken(domain(), clientId(), resource, refreshToken, isMultipleResourceRefreshToken); } catch (Exception e) { return null; } finally { executor.shutdown(); } }
throw new IllegalArgumentException("You must acquire an authorization code by redirecting to the authentication URL"); String authorityUrl = this.environment().activeDirectoryEndpoint() + this.domain(); ExecutorService executor = Executors.newSingleThreadExecutor(); AuthenticationContext context = new AuthenticationContext(authorityUrl, false, executor); if (proxy() != null) { context.setProxy(proxy()); new URI(redirectUrl), AsymmetricKeyCredential.create( clientId(), ApplicationTokenCredentials.privateKeyFromPem(new String(applicationCredentials.clientCertificate())), ApplicationTokenCredentials.publicKeyFromPem(new String(applicationCredentials.clientCertificate()))),
@Override public synchronized String getToken(String resource) throws IOException { // Find exact match for the resource AuthenticationResult authenticationResult = tokens.get(resource); // Return if found and not expired if (authenticationResult != null && authenticationResult.getExpiresOnDate().after(new Date())) { return authenticationResult.getAccessToken(); } // If found then refresh boolean shouldRefresh = authenticationResult != null; // If not found for the resource, but is MRRT then also refresh if (authenticationResult == null && !tokens.isEmpty()) { authenticationResult = new ArrayList<>(tokens.values()).get(0); shouldRefresh = authenticationResult.isMultipleResourceRefreshToken(); } // Refresh if (shouldRefresh) { authenticationResult = acquireAccessTokenFromRefreshToken(resource, authenticationResult.getRefreshToken(), authenticationResult.isMultipleResourceRefreshToken()); } // If refresh fails or not refreshable, acquire new token if (authenticationResult == null) { authenticationResult = acquireNewAccessToken(resource); } tokens.put(resource, authenticationResult); return authenticationResult.getAccessToken(); }
/** * Initializes a new instance of the DelegatedTokenCredentials. * * @param applicationCredentials the credentials representing a service principal * @param redirectUrl the URL to redirect to after authentication in Active Directory */ public DelegatedTokenCredentials(ApplicationTokenCredentials applicationCredentials, String redirectUrl) { super(applicationCredentials.environment(), applicationCredentials.domain()); // defer token acquisition this.applicationCredentials = applicationCredentials; this.tokens = new ConcurrentHashMap<>(); this.redirectUrl = redirectUrl; this.refreshTokenClient = new RefreshTokenClient(applicationCredentials.environment().activeDirectoryEndpoint(), proxy()); }
/** * @return the URL to authenticate through OAuth2 */ public String generateAuthenticationUrl() { return String.format("%s/%s/oauth2/authorize?client_id=%s&response_type=code&redirect_uri=%s&response_mode=query&state=%s", environment().activeDirectoryEndpoint(), domain(), clientId(), this.redirectUrl, UUID.randomUUID()); }
/** * Creates a new instance of the DelegatedTokenCredentials from an auth file, * with a pre-acquired oauth2 authorization code. * * @param authFile The credentials based on the file * @param redirectUrl the URL to redirect to after authentication in Active Directory * @param authorizationCode the oauth2 authorization code * @return a new delegated token credentials * @throws IOException exception thrown from file access errors. */ public static DelegatedTokenCredentials fromFile(File authFile, String redirectUrl, String authorizationCode) throws IOException { return new DelegatedTokenCredentials(ApplicationTokenCredentials.fromFile(authFile), redirectUrl, authorizationCode); }