OAuthConsumerAppDTO dto = new OAuthConsumerAppDTO(); dto.setApplicationName(appDO.getApplicationName()); dto.setCallbackUrl(appDO.getCallbackUrl()); dto.setOauthConsumerKey(appDO.getOauthConsumerKey()); dto.setOauthConsumerSecret(appDO.getOauthConsumerSecret()); dto.setOAuthVersion(appDO.getOauthVersion()); dto.setGrantTypes(appDO.getGrantTypes()); dto.setScopeValidators(appDO.getScopeValidators()); dto.setUsername(appDO.getUser().toFullQualifiedUsername()); dto.setState(appDO.getState()); dto.setPkceMandatory(appDO.isPkceMandatory()); dto.setPkceSupportPlain(appDO.isPkceSupportPlain()); dto.setUserAccessTokenExpiryTime(appDO.getUserAccessTokenExpiryTime()); dto.setApplicationAccessTokenExpiryTime(appDO.getApplicationAccessTokenExpiryTime()); dto.setRefreshTokenExpiryTime(appDO.getRefreshTokenExpiryTime()); dto.setIdTokenExpiryTime(appDO.getIdTokenExpiryTime()); dto.setAudiences(appDO.getAudiences()); dto.setRequestObjectSignatureValidationEnabled(appDO.isRequestObjectSignatureValidationEnabled()); dto.setIdTokenEncryptionEnabled(appDO.isIdTokenEncryptionEnabled()); dto.setIdTokenEncryptionAlgorithm(appDO.getIdTokenEncryptionAlgorithm()); dto.setIdTokenEncryptionMethod(appDO.getIdTokenEncryptionMethod()); dto.setBackChannelLogoutUrl(appDO.getBackChannelLogoutUrl()); dto.setFrontchannelLogoutUrl(appDO.getFrontchannelLogoutUrl()); dto.setTokenType(appDO.getTokenType()); dto.setBypassClientCredentials(appDO.isBypassClientCredentials()); return dto;
if (StringUtils.isEmpty(consumerAppDTO.getOauthConsumerKey()) || StringUtils.isEmpty(consumerAppDTO .getOauthConsumerSecret())) { errorMessage = "OauthConsumerKey or OauthConsumerSecret is not provided for " + "updating the OAuth application."; OAuthAppDO oauthappdo; try { oauthappdo = dao.getAppInformation(consumerAppDTO.getOauthConsumerKey()); if (oauthappdo == null) { if (log.isDebugEnabled()) { log.debug("Error while retrieving the app information using " + "provided OauthConsumerKey: " + consumerAppDTO.getOauthConsumerKey()); if (!StringUtils.equals(consumerAppDTO.getOauthConsumerSecret(), oauthappdo.getOauthConsumerSecret())) { if (log.isDebugEnabled()) { log.debug("Invalid oauthConsumerSecret is provided for updating the OAuth" + " application with ConsumerKey: " + consumerAppDTO.getOauthConsumerKey()); String consumerKey = consumerAppDTO.getOauthConsumerKey(); oauthappdo.setOauthConsumerSecret(consumerAppDTO.getOauthConsumerSecret()); oauthappdo.setCallbackUrl(consumerAppDTO.getCallbackUrl()); oauthappdo.setApplicationName(consumerAppDTO.getApplicationName()); oauthappdo.setPkceMandatory(consumerAppDTO.getPkceMandatory()); oauthappdo.setPkceSupportPlain(consumerAppDTO.getPkceSupportPlain()); oauthappdo.setUserAccessTokenExpiryTime(consumerAppDTO.getUserAccessTokenExpiryTime()); oauthappdo.setApplicationAccessTokenExpiryTime(consumerAppDTO.getApplicationAccessTokenExpiryTime()); oauthappdo.setRefreshTokenExpiryTime(consumerAppDTO.getRefreshTokenExpiryTime());
private Application buildResponse(OAuthConsumerAppDTO createdApp) { Application application = new Application(); application.setClient_name(createdApp.getApplicationName()); application.setClient_id(createdApp.getOauthConsumerKey()); application.setClient_secret(createdApp.getOauthConsumerSecret()); List<String> redirectUrisList = new ArrayList<>(); redirectUrisList.add(createdApp.getCallbackUrl()); application.setRedirect_uris(redirectUrisList); return application; }
private void validateTokenExpiryConfigurations(OAuthConsumerAppDTO oAuthConsumerAppDTO) { if (oAuthConsumerAppDTO.getUserAccessTokenExpiryTime() == 0) { oAuthConsumerAppDTO.setUserAccessTokenExpiryTime( OAuthServerConfiguration.getInstance().getUserAccessTokenValidityPeriodInSeconds()); logOnInvalidConfig(oAuthConsumerAppDTO.getApplicationName(), "user access token", oAuthConsumerAppDTO.getUserAccessTokenExpiryTime()); } if (oAuthConsumerAppDTO.getApplicationAccessTokenExpiryTime() == 0) { oAuthConsumerAppDTO.setApplicationAccessTokenExpiryTime( OAuthServerConfiguration.getInstance().getApplicationAccessTokenValidityPeriodInSeconds()); logOnInvalidConfig(oAuthConsumerAppDTO.getApplicationName(), "application access token", oAuthConsumerAppDTO.getApplicationAccessTokenExpiryTime()); } if (oAuthConsumerAppDTO.getRefreshTokenExpiryTime() == 0) { oAuthConsumerAppDTO.setRefreshTokenExpiryTime( OAuthServerConfiguration.getInstance().getRefreshTokenValidityPeriodInSeconds()); logOnInvalidConfig(oAuthConsumerAppDTO.getApplicationName(), "refresh token", oAuthConsumerAppDTO.getRefreshTokenExpiryTime()); } if (oAuthConsumerAppDTO.getIdTokenExpiryTime() == 0) { oAuthConsumerAppDTO.setIdTokenExpiryTime( OAuthServerConfiguration.getInstance().getOpenIDConnectIDTokenExpiryTimeInSeconds()); logOnInvalidConfig(oAuthConsumerAppDTO.getApplicationName(), "id token", oAuthConsumerAppDTO.getIdTokenExpiryTime()); } }
OAuthConsumerAppDTO oAuthConsumerAppDTO = new OAuthConsumerAppDTO(); oAuthConsumerAppDTO.setApplicationName(applicationName); oAuthConsumerAppDTO.setCallbackUrl(callbackUrl); oAuthConsumerAppDTO.setUsername(userName); String[] audienceStringArray = new String[1]; audienceStringArray[0] = APIConstants.JWT_DEFAULT_AUDIENCE; oAuthConsumerAppDTO.setAudiences(audienceStringArray); String clientId = (String) jsonObj.get(APIConstants.JSON_CLIENT_ID); if (!clientId.isEmpty()) { oAuthConsumerAppDTO.setOauthConsumerKey(clientId); if (jsonObj.has(APIConstants.JSON_CLIENT_SECRET)) { String clientSecret = (String) jsonObj.get(APIConstants.JSON_CLIENT_SECRET); if (!clientSecret.isEmpty()) { oAuthConsumerAppDTO.setOauthConsumerSecret(clientSecret); oAuthConsumerAppDTO.setGrantTypes(grantTypeString.toString().trim()); log.debug("Setting Grant Type String : " + grantTypeString); oAuthConsumerAppDTO.setOAuthVersion(OAuthConstants.OAuthVersions.VERSION_2); log.debug("Creating OAuth App " + applicationName); OAuthConsumerAppDTO createdApp; oAuthAdminService.registerOAuthApplicationData(oAuthConsumerAppDTO); createdApp = oAuthAdminService.getOAuthApplicationDataByAppName(oAuthConsumerAppDTO .getApplicationName()); } else { createdApp = oAuthAdminService.registerAndRetrieveOAuthApplicationData(oAuthConsumerAppDTO);
OAuthConsumerAppDTO oAuthConsumerApp = new OAuthConsumerAppDTO(); oAuthConsumerApp.setApplicationName(applicationName); oAuthConsumerApp.setCallbackUrl(redirectUri); } catch (IdentityValidationException e) { oAuthConsumerApp.setCallbackUrl(OAuthConstants.CALLBACK_URL_REGEXP_PREFIX + createRegexPattern(profile.getRedirectUris())); oAuthConsumerApp.setGrantTypes(grantType); oAuthConsumerApp.setOAuthVersion(OAUTH_VERSION); if (log.isDebugEnabled()) { log.debug("Creating OAuth App " + applicationName); log.debug("Retrieved Details for OAuth App " + createdApp.getApplicationName()); inboundAuthenticationRequestConfig.setInboundAuthKey(createdApp.getOauthConsumerKey()); inboundAuthenticationRequestConfig.setInboundAuthType(AUTH_TYPE_OAUTH_2); String oauthConsumerSecret = createdApp.getOauthConsumerSecret(); if (oauthConsumerSecret != null && !oauthConsumerSecret.isEmpty()) { Property property = new Property(); registrationResponseProfile.setClientId(createdApp.getOauthConsumerKey()); registrationResponseProfile.getRedirectUrls().add(createdApp.getCallbackUrl()); registrationResponseProfile.setClientSecret(oauthConsumerSecret); registrationResponseProfile.setClientName(createdApp.getApplicationName()); registrationResponseProfile.setClientSecretExpiresAt(DEFAULT_CLIENT_SECRET_EXPIRY_TIME); if (StringUtils.isNotBlank(createdApp.getGrantTypes())) { String[] split = createdApp.getGrantTypes().split(" ");
/** * Get OAuth application data by the application name. * * @param appName OAuth application name * @return <code>OAuthConsumerAppDTO</code> with application information * @throws Exception Error when reading application information from persistence store. */ public OAuthConsumerAppDTO getOAuthApplicationDataByAppName(String appName) throws IdentityOAuthAdminException { OAuthConsumerAppDTO dto = new OAuthConsumerAppDTO(); OAuthAppDAO dao = new OAuthAppDAO(); try { OAuthAppDO app = dao.getAppInformationByAppName(appName); if (app != null) { dto.setApplicationName(app.getApplicationName()); dto.setCallbackUrl(app.getCallbackUrl()); dto.setOauthConsumerKey(app.getOauthConsumerKey()); dto.setOauthConsumerSecret(app.getOauthConsumerSecret()); dto.setOAuthVersion(app.getOauthVersion()); dto.setGrantTypes(app.getGrantTypes()); dto.setPkceMandatory(app.isPkceMandatory()); dto.setPkceSupportPlain(app.isPkceSupportPlain()); } return dto; } catch (InvalidOAuthClientException | IdentityOAuth2Exception e) { throw new IdentityOAuthAdminException("Error while retrieving the app information by app name", e); } }
String spName) throws DCRMException { OAuthConsumerAppDTO oAuthConsumerApp = new OAuthConsumerAppDTO(); oAuthConsumerApp.setApplicationName(spName); oAuthConsumerApp.setCallbackUrl( validateAndSetCallbackURIs(registrationRequest.getRedirectUris(), registrationRequest.getGrantTypes())); oAuthConsumerApp.setGrantTypes(grantType); oAuthConsumerApp.setOAuthVersion(OAUTH_VERSION); oAuthConsumerApp.setTokenType(registrationRequest.getTokenType()); oAuthConsumerApp.setOauthConsumerKey(registrationRequest.getConsumerKey()); } else { throw DCRMUtils.generateClientException(DCRMConstants.ErrorMessages.BAD_REQUEST_CLIENT_ID_VIOLATES_PATTERN, oAuthConsumerApp.setOauthConsumerSecret(registrationRequest.getConsumerSecret()); createdApp = oAuthAdminService.getOAuthApplicationDataByAppName(oAuthConsumerApp.getApplicationName()); } catch (IdentityOAuthAdminException e) { throw DCRMUtils.generateServerException( DCRMConstants.ErrorMessages.FAILED_TO_GET_APPLICATION, oAuthConsumerApp.getApplicationName(), e); log.debug("Retrieved Details of OAuth App: " + createdApp.getApplicationName() + " in tenant: " + tenantDomain);
user.setUserStoreDomain(IdentityUtil.extractDomainFromName(userName)); oauthappdo.setUser(user); oauthappdo.setOauthConsumerKey(consumerAppDTO.getOauthConsumerKey()); oauthappdo.setOauthConsumerSecret(consumerAppDTO.getOauthConsumerSecret()); oauthappdo.setCallbackUrl(consumerAppDTO.getCallbackUrl()); oauthappdo.setApplicationName(consumerAppDTO.getApplicationName()); oauthappdo.setPkceMandatory(consumerAppDTO.getPkceMandatory()); oauthappdo.setPkceSupportPlain(consumerAppDTO.getPkceSupportPlain()); if (OAuthConstants.OAuthVersions.VERSION_2.equals(consumerAppDTO.getOAuthVersion())) { List<String> allowedGrants = new ArrayList<>(Arrays.asList(getAllowedGrantTypes())); String[] requestGrants = consumerAppDTO.getGrantTypes().split("\\s"); for (String requestedGrant : requestGrants) { if (StringUtils.isBlank(requestedGrant)) { oauthappdo.setGrantTypes(consumerAppDTO.getGrantTypes());
oAuthConsumerAppDTO.setCallbackUrl(callbackUrl); log.debug("CallbackURL is set to : " + callbackUrl); oAuthConsumerAppDTO.setOauthConsumerKey(consumerKey); if (applicationName != null && !applicationName.isEmpty()) { oAuthConsumerAppDTO.setApplicationName(applicationName); log.debug("Name of the OAuthApplication is set to : " + applicationName); oAuthConsumerAppDTO.setGrantTypes(builder.toString()); } else { oAuthConsumerAppDTO.setGrantTypes(grantTypeString.toString().trim());
clientId, authenticatedUser, userStoreDomain, scopeString, true); if (scopedToken != null && !distinctClientUserScopeCombo.contains(clientId + ":" + username)) { OAuthConsumerAppDTO appDTO = new OAuthConsumerAppDTO(); OAuthAppDO appDO; try { appDO = appDAO.getAppInformation(scopedToken.getConsumerKey()); appDTO.setOauthConsumerKey(scopedToken.getConsumerKey()); appDTO.setApplicationName(appDO.getApplicationName()); appDTO.setUsername(appDO.getUser().toString()); appDTO.setGrantTypes(appDO.getGrantTypes()); appDTO.setPkceMandatory(appDO.isPkceMandatory()); appDTO.setPkceSupportPlain(appDO.isPkceSupportPlain()); appDTOs.add(appDTO); } catch (InvalidOAuthClientException e) {
ServiceProvider sp = getServiceProvider(appDTO.getApplicationName(), tenantDomain); if (StringUtils.isNotEmpty(clientName)) { DCRConstants.APP_NAME_VALIDATING_REGEX, null); appDTO.setApplicationName(clientName); appDTO.setGrantTypes(grantType); appDTO.setCallbackUrl(callbackUrl); appDTO.setTokenType(updateRequest.getTokenType());
/** * Regenerate consumer secret for the application and retrieve application details. * * @param consumerKey Consumer key for the application. * @return OAuthConsumerAppDTO OAuth application details. * @throws IdentityOAuthAdminException Error while regenerating the consumer secret. */ public OAuthConsumerAppDTO updateAndRetrieveOauthSecretKey(String consumerKey) throws IdentityOAuthAdminException { OAuthConsumerAppDTO oAuthConsumerAppDTO = new OAuthConsumerAppDTO(); String newSecretKey = OAuthUtil.getRandomNumber(); CacheEntry clientCredentialDO = new ClientCredentialDO(newSecretKey); oAuthConsumerAppDTO.setOauthConsumerKey(consumerKey); oAuthConsumerAppDTO.setOauthConsumerSecret(newSecretKey); Properties properties = new Properties(); properties.setProperty(OAuthConstants.OAUTH_APP_NEW_SECRET_KEY, newSecretKey); properties.setProperty(OAuthConstants.ACTION_PROPERTY_KEY, OAuthConstants.ACTION_REGENERATE); updateAppAndRevokeTokensAndAuthzCodes(consumerKey, properties); OAuthCache.getInstance().addToCache(new OAuthCacheKey(consumerKey), clientCredentialDO); if (log.isDebugEnabled()) { log.debug("Client Secret for OAuth app with consumerKey: " + consumerKey + " updated in OAuthCache."); } return oAuthConsumerAppDTO; }
for (String appName : revokeRequestDTO.getApps()) { for (OAuthConsumerAppDTO appDTO : appDTOs) { if (appDTO.getApplicationName().equals(appName)) { Set<AccessTokenDO> accessTokenDOs = null; try { appDTO.getOauthConsumerKey(), user, userStoreDomain, true); } catch (IdentityOAuth2Exception e) { String errorMsg = "Error occurred while retrieving access tokens issued for " + "Client ID : " + appDTO.getOauthConsumerKey() + ", User ID : " + userName; log.error(errorMsg, e); throw new IdentityOAuthAdminException(errorMsg, e); appDTO.getOauthConsumerKey(), user, userStoreDomain, OAuth2Util.buildScopeString(accessTokenDO.getScope()), true); } catch (IdentityOAuth2Exception e) { String errorMsg = "Error occurred while retrieving latest " + "access token issued for Client ID : " + appDTO.getOauthConsumerKey() + ", User ID : " + userName + " and Scope : " + OAuth2Util.buildScopeString(accessTokenDO.getScope()); log.error(errorMsg, e);
/** * Get OAuth application data by the consumer key. * * @param consumerKey Consumer Key * @return <code>OAuthConsumerAppDTO</code> with application information * @throws IdentityOAuthAdminException Error when reading application information from persistence store. */ public OAuthConsumerAppDTO getOAuthApplicationData(String consumerKey) throws IdentityOAuthAdminException { OAuthConsumerAppDTO dto; OAuthAppDAO dao = new OAuthAppDAO(); try { OAuthAppDO app = dao.getAppInformation(consumerKey); if (app != null) { dto = buildConsumerAppDTO(app); if (log.isDebugEnabled()) { log.debug("Found App :" + dto.getApplicationName() + " for consumerKey: " + consumerKey); } } else { dto = new OAuthConsumerAppDTO(); } return dto; } catch (InvalidOAuthClientException | IdentityOAuth2Exception e) { throw handleError("Error while retrieving the app information using consumerKey: " + consumerKey, e); } }
private boolean isUserAuthorized(String clientId) throws DCRMServerException { OAuthConsumerAppDTO[] oAuthConsumerAppDTOS; try { // Get applications owned by the user oAuthConsumerAppDTOS = oAuthAdminService.getAllOAuthApplicationData(); for (OAuthConsumerAppDTO appDTO : oAuthConsumerAppDTOS) { if (clientId.equals(appDTO.getOauthConsumerKey())) { return true; } } } catch (IdentityOAuthAdminException e) { throw DCRMUtils.generateServerException( DCRMConstants.ErrorMessages.FAILED_TO_GET_APPLICATION_BY_ID, clientId, e); } return false; }
/** * Delete OAuth2/OIDC application with client_id * @param clientId * @throws DCRMException */ public void deleteApplication(String clientId) throws DCRMException { OAuthConsumerAppDTO appDTO = getApplicationById(clientId); String applicationOwner = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername(); String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain(); deleteServiceProvider(appDTO.getApplicationName(), tenantDomain, applicationOwner); }
/** * Get OAuth application data by the application name. * * @param appName OAuth application name * @return <code>OAuthConsumerAppDTO</code> with application information * @throws IdentityOAuthAdminException Error when reading application information from persistence store. */ public OAuthConsumerAppDTO getOAuthApplicationDataByAppName(String appName) throws IdentityOAuthAdminException { OAuthConsumerAppDTO dto; OAuthAppDAO dao = new OAuthAppDAO(); try { OAuthAppDO app = dao.getAppInformationByAppName(appName); if (app != null) { dto = buildConsumerAppDTO(app); } else { dto = new OAuthConsumerAppDTO(); } return dto; } catch (InvalidOAuthClientException | IdentityOAuth2Exception e) { throw handleError("Error while retrieving the app information by app name: " + appName, e); } }
OAuthConsumerAppDTO oAuthConsumerApp = new OAuthConsumerAppDTO(); oAuthConsumerApp.setApplicationName(applicationName); oAuthConsumerApp.setCallbackUrl(callbackUrl); oAuthConsumerApp.setGrantTypes(grantType); oAuthConsumerApp.setOAuthVersion(OAUTH_VERSION); if (log.isDebugEnabled()) { log.debug("Creating OAuth App " + applicationName); oAuthAdminService.getOAuthApplicationDataByAppName(oAuthConsumerApp.getApplicationName()); if (log.isDebugEnabled()) { log.debug("Retrieved Details for OAuth App " + createdApp.getApplicationName()); inboundAuthenticationRequestConfig.setInboundAuthKey(createdApp.getOauthConsumerKey()); inboundAuthenticationRequestConfig.setInboundAuthType(AUTH_TYPE_OAUTH_2); String oauthConsumerSecret = createdApp.getOauthConsumerSecret(); if (oauthConsumerSecret != null && !oauthConsumerSecret.isEmpty()) { Property property = new Property(); oAuthApplicationInfo.setClientId(createdApp.getOauthConsumerKey()); oAuthApplicationInfo.setCallBackURL(createdApp.getCallbackUrl()); oAuthApplicationInfo.setClientSecret(oauthConsumerSecret); oAuthApplicationInfo.setClientName(createdApp.getApplicationName()); DCRConstants.ClientMetadata.OAUTH_REDIRECT_URIS, createdApp.getCallbackUrl()); oAuthApplicationInfo.addParameter( DCRConstants.ClientMetadata.OAUTH_CLIENT_GRANT, createdApp.getGrantTypes());
/** * Get OAuth application data by the consumer key. * * @param consumerKey Consumer Key * @return <code>OAuthConsumerAppDTO</code> with application information * @throws Exception Error when reading application information from persistence store. */ public OAuthConsumerAppDTO getOAuthApplicationData(String consumerKey) throws IdentityOAuthAdminException { OAuthConsumerAppDTO dto = new OAuthConsumerAppDTO(); OAuthAppDAO dao = new OAuthAppDAO(); try { OAuthAppDO app = dao.getAppInformation(consumerKey); if (app != null) { dto.setApplicationName(app.getApplicationName()); dto.setCallbackUrl(app.getCallbackUrl()); dto.setOauthConsumerKey(app.getOauthConsumerKey()); dto.setOauthConsumerSecret(app.getOauthConsumerSecret()); dto.setOAuthVersion(app.getOauthVersion()); dto.setGrantTypes(app.getGrantTypes()); dto.setPkceMandatory(app.isPkceMandatory()); dto.setPkceSupportPlain(app.isPkceSupportPlain()); } return dto; } catch (InvalidOAuthClientException | IdentityOAuth2Exception e) { throw new IdentityOAuthAdminException("Error while retrieving the app information using consumer key", e); } }