@Override public OAuth2Request createOAuth2Request(ClientDetails client, TokenRequest tokenRequest, JWT assertion) { try { JWTClaimsSet claims = assertion.getJWTClaimsSet(); Set<String> scope = OAuth2Utils.parseParameterList(claims.getStringClaim("scope")); Set<String> resources = Sets.newHashSet(claims.getAudience()); return new OAuth2Request(tokenRequest.getRequestParameters(), client.getClientId(), client.getAuthorities(), true, scope, resources, null, null, null); } catch (ParseException e) { return null; } }
break; case INITIATE_LOGIN_URI: newClient.setInitiateLoginUri(claimSet.getStringClaim(claim)); break; case DEFAULT_ACR_VALUES: break; case TOKEN_ENDPOINT_AUTH_SIGNING_ALG: newClient.setTokenEndpointAuthSigningAlg(JWSAlgorithm.parse(claimSet.getStringClaim(claim))); break; case ID_TOKEN_ENCRYPTED_RESPONSE_ENC: newClient.setIdTokenEncryptedResponseEnc(EncryptionMethod.parse(claimSet.getStringClaim(claim))); break; case ID_TOKEN_ENCRYPTED_RESPONSE_ALG: newClient.setIdTokenEncryptedResponseAlg(JWEAlgorithm.parse(claimSet.getStringClaim(claim))); break; case ID_TOKEN_SIGNED_RESPONSE_ALG: newClient.setIdTokenSignedResponseAlg(JWSAlgorithm.parse(claimSet.getStringClaim(claim))); break; case USERINFO_ENCRYPTED_RESPONSE_ENC: newClient.setUserInfoEncryptedResponseEnc(EncryptionMethod.parse(claimSet.getStringClaim(claim))); break; case USERINFO_ENCRYPTED_RESPONSE_ALG: newClient.setUserInfoEncryptedResponseAlg(JWEAlgorithm.parse(claimSet.getStringClaim(claim))); break; case USERINFO_SIGNED_RESPONSE_ALG: newClient.setUserInfoSignedResponseAlg(JWSAlgorithm.parse(claimSet.getStringClaim(claim))); break; case REQUEST_OBJECT_SIGNING_ALG:
request.setClientId(signedJwt.getJWTClaimsSet().getStringClaim(CLIENT_ID)); request.setClientId(plainJwt.getJWTClaimsSet().getStringClaim(CLIENT_ID)); request.setClientId(encryptedJWT.getJWTClaimsSet().getStringClaim(CLIENT_ID)); Set<String> responseTypes = OAuth2Utils.parseParameterList(claims.getStringClaim(RESPONSE_TYPE)); if (!responseTypes.isEmpty()) { if (!responseTypes.equals(request.getResponseTypes())) { String redirectUri = claims.getStringClaim(REDIRECT_URI); if (redirectUri != null) { if (!redirectUri.equals(request.getRedirectUri())) { String state = claims.getStringClaim(STATE); if(state != null) { if (!state.equals(request.getState())) { String nonce = claims.getStringClaim(NONCE); if(nonce != null) { if (!nonce.equals(request.getExtensions().get(NONCE))) { String display = claims.getStringClaim(DISPLAY); if (display != null) { if (!display.equals(request.getExtensions().get(DISPLAY))) { String prompt = claims.getStringClaim(PROMPT); if (prompt != null) { if (!prompt.equals(request.getExtensions().get(PROMPT))) {
break; case INITIATE_LOGIN_URI: newClient.setInitiateLoginUri(claimSet.getStringClaim(claim)); break; case DEFAULT_ACR_VALUES: break; case TOKEN_ENDPOINT_AUTH_SIGNING_ALG: newClient.setTokenEndpointAuthSigningAlg(JWSAlgorithm.parse(claimSet.getStringClaim(claim))); break; case ID_TOKEN_ENCRYPTED_RESPONSE_ENC: newClient.setIdTokenEncryptedResponseEnc(EncryptionMethod.parse(claimSet.getStringClaim(claim))); break; case ID_TOKEN_ENCRYPTED_RESPONSE_ALG: newClient.setIdTokenEncryptedResponseAlg(JWEAlgorithm.parse(claimSet.getStringClaim(claim))); break; case ID_TOKEN_SIGNED_RESPONSE_ALG: newClient.setIdTokenSignedResponseAlg(JWSAlgorithm.parse(claimSet.getStringClaim(claim))); break; case USERINFO_ENCRYPTED_RESPONSE_ENC: newClient.setUserInfoEncryptedResponseEnc(EncryptionMethod.parse(claimSet.getStringClaim(claim))); break; case USERINFO_ENCRYPTED_RESPONSE_ALG: newClient.setUserInfoEncryptedResponseAlg(JWEAlgorithm.parse(claimSet.getStringClaim(claim))); break; case USERINFO_SIGNED_RESPONSE_ALG: newClient.setUserInfoSignedResponseAlg(JWSAlgorithm.parse(claimSet.getStringClaim(claim))); break; case REQUEST_OBJECT_SIGNING_ALG:
final String email = claimsSet.getStringClaim(EMAIL_CLAIM_NAME);
String nonce = idClaims.getStringClaim("nonce"); if (Strings.isNullOrEmpty(nonce)) {
/** * Gets the issuer ({@code iss}) claim. * * @return The issuer claim, {@code null} if not specified. */ public String getIssuer() { try { return getStringClaim(ISSUER_CLAIM); } catch (ParseException e) { return null; } }
/** * Gets the JWT ID ({@code jti}) claim. * * @return The JWT ID claim, {@code null} if not specified. */ public String getJWTID() { try { return getStringClaim(JWT_ID_CLAIM); } catch (ParseException e) { return null; } }
/** * Gets the subject ({@code sub}) claim. * * @return The subject claim, {@code null} if not specified. */ public String getSubject() { try { return getStringClaim(SUBJECT_CLAIM); } catch (ParseException e) { return null; } }
/** * Return the String claim value which matches the given claimName, from jwtClaimset * return null if not found, or unable to parse * * @param claimName * @return string value of the claim */ public String getClaimValue(String claimName) { try { return claimsSet.getStringClaim(claimName); } catch (ParseException e) { return StringUtils.EMPTY; } }
/** * Gets the specified claim (registered or custom) as a * {@link java.net.URI}. * * @param name The name of the claim. Must not be {@code null}. * * @return The value of the claim, {@code null} if not specified. * * @throws ParseException If the claim couldn't be parsed to a URI. */ public URI getURIClaim(final String name) throws ParseException { String uriString = getStringClaim(name); if (uriString == null) { return null; } try { return new URI(uriString); } catch (URISyntaxException e) { throw new ParseException("The \"" + name + "\" claim is not a URI: " + e.getMessage(), 0); } }
.getStringClaim(AuthenticationConstants.ID_TOKEN_OBJECT_ID))) { uniqueId = claims .getStringClaim(AuthenticationConstants.ID_TOKEN_OBJECT_ID); .getStringClaim(AuthenticationConstants.ID_TOKEN_SUBJECT))) { uniqueId = claims .getStringClaim(AuthenticationConstants.ID_TOKEN_SUBJECT); .getStringClaim(AuthenticationConstants.ID_TOKEN_UPN))) { displayableId = claims .getStringClaim(AuthenticationConstants.ID_TOKEN_UPN); .getStringClaim(AuthenticationConstants.ID_TOKEN_EMAIL))) { displayableId = claims .getStringClaim(AuthenticationConstants.ID_TOKEN_EMAIL); userInfo.displayableId = displayableId; userInfo.familyName = claims .getStringClaim(AuthenticationConstants.ID_TOKEN_FAMILY_NAME); userInfo.givenName = claims .getStringClaim(AuthenticationConstants.ID_TOKEN_GIVEN_NAME); userInfo.identityProvider = claims .getStringClaim(AuthenticationConstants.ID_TOKEN_IDENTITY_PROVIDER); userInfo.tenantId = claims .getStringClaim(AuthenticationConstants.ID_TOKEN_TENANTID); .getStringClaim(AuthenticationConstants.ID_TOKEN_PASSWORD_CHANGE_URL))) { userInfo.passwordChangeUrl = claims .getStringClaim(AuthenticationConstants.ID_TOKEN_PASSWORD_CHANGE_URL);
@Override public String getClaim(String claimName) { String claim = null; try { claim = jwt.getJWTClaimsSet().getStringClaim(claimName); } catch (ParseException e) { log.unableToParseToken(e); } return claim; }
.getStringClaim(AuthenticationConstants.ID_TOKEN_OBJECT_ID))) { uniqueId = claims .getStringClaim(AuthenticationConstants.ID_TOKEN_OBJECT_ID); .getStringClaim(AuthenticationConstants.ID_TOKEN_SUBJECT))) { uniqueId = claims .getStringClaim(AuthenticationConstants.ID_TOKEN_SUBJECT); .getStringClaim(AuthenticationConstants.ID_TOKEN_UPN))) { displayableId = claims .getStringClaim(AuthenticationConstants.ID_TOKEN_UPN); .getStringClaim(AuthenticationConstants.ID_TOKEN_EMAIL))) { displayableId = claims .getStringClaim(AuthenticationConstants.ID_TOKEN_EMAIL); userInfo.displayableId = displayableId; userInfo.familyName = claims .getStringClaim(AuthenticationConstants.ID_TOKEN_FAMILY_NAME); userInfo.givenName = claims .getStringClaim(AuthenticationConstants.ID_TOKEN_GIVEN_NAME); userInfo.identityProvider = claims .getStringClaim(AuthenticationConstants.ID_TOKEN_IDENTITY_PROVIDER); userInfo.tenantId = claims .getStringClaim(AuthenticationConstants.ID_TOKEN_TENANTID); .getStringClaim(AuthenticationConstants.ID_TOKEN_PASSWORD_CHANGE_URL))) { userInfo.passwordChangeUrl = claims .getStringClaim(AuthenticationConstants.ID_TOKEN_PASSWORD_CHANGE_URL);
@Override public String getClaim(String claimName) { String claim = null; try { claim = jwt.getJWTClaimsSet().getStringClaim(claimName); } catch (ParseException e) { log.unableToParseToken(e); } return claim; }
String jwk = jwt.getStringClaim("jwk"); if (jwk != null) { Optional<RSAPublicKey> jwkRsa = AuthUtils.toPublicKeyFromJson(jwk);
public static LoginSessionToken getLoginSession(String token) { JWTClaimsSet claimSet = EncryptedTokenSerializer.deserialize(token, getSecretKey()); try { return new LoginSessionToken(claimSet.getStringClaim("loginSession")); } catch (ParseException e) { throw new OAuthException("expected valid loginSession in cookie", null); } }
@Override public OAuth2Request createOAuth2Request(ClientDetails client, TokenRequest tokenRequest, JWT assertion) { try { JWTClaimsSet claims = assertion.getJWTClaimsSet(); Set<String> scope = OAuth2Utils.parseParameterList(claims.getStringClaim("scope")); Set<String> resources = Sets.newHashSet(claims.getAudience()); return new OAuth2Request(tokenRequest.getRequestParameters(), client.getClientId(), client.getAuthorities(), true, scope, resources, null, null, null); } catch (ParseException e) { return null; } }
public static Collection<Principal> deserialize(String token) { JWTClaimsSet claimSet = EncryptedTokenSerializer.deserialize(token, getSecretKey()); try { Collection<Principal> preparedPrincipals = new ArrayList<>(); SimplePrincipal principal = new SimplePrincipal(claimSet.getStringClaim("principal")); preparedPrincipals.add(principal); Group callerGroup = new SimpleGroup("CallerPrincipal"); preparedPrincipals.add(callerGroup); callerGroup.addMember(principal); Group rolesGroup = new SimpleGroup("Roles"); preparedPrincipals.add(rolesGroup); for (Object object : claimSet.getStringArrayClaim("roles")) { if (object instanceof String) { rolesGroup.addMember(new SimplePrincipal((String) object)); } } return preparedPrincipals; } catch (ParseException e) { throw new OAuthException("expected valid roles and principal in cookie", null); } }
final String email = claimsSet.getStringClaim(EMAIL_CLAIM_NAME);