@Override public boolean supports(final J2EContext context) { val responseType = context.getRequestParameter(OAuth20Constants.RESPONSE_TYPE); val clientId = context.getRequestParameter(OAuth20Constants.CLIENT_ID); return OAuth20Utils.isResponseType(responseType, OAuth20ResponseTypes.DEVICE_CODE) && StringUtils.isNotBlank(clientId); } }
/** * Is authorized grant type for service? * * @param context the context * @param registeredService the registered service * @return true/false */ public static boolean isAuthorizedGrantTypeForService(final J2EContext context, final OAuthRegisteredService registeredService) { return isAuthorizedGrantTypeForService( context.getRequestParameter(OAuth20Constants.GRANT_TYPE), registeredService); }
@Override public boolean supports(final J2EContext context) { val grantType = context.getRequestParameter(OAuth20Constants.GRANT_TYPE); return OAuth20Utils.isGrantType(grantType, OAuth20GrantTypes.CLIENT_CREDENTIALS); } }
@Override public boolean supports(final J2EContext context) { val responseType = context.getRequestParameter(OAuth20Constants.RESPONSE_TYPE); return StringUtils.equalsIgnoreCase(responseType, OAuth20ResponseTypes.TOKEN.getType()); } }
@Override public boolean supports(final J2EContext context) { val grantType = context.getRequestParameter(OAuth20Constants.GRANT_TYPE); return OAuth20Utils.isGrantType(grantType, OAuth20GrantTypes.PASSWORD); } }
@Override public boolean supports(final J2EContext context) { val responseType = context.getRequestParameter(OAuth20Constants.RESPONSE_TYPE); return StringUtils.equalsIgnoreCase(responseType, OAuth20ResponseTypes.CODE.getType()); }
@Override public boolean supports(final J2EContext context) { val challenge = context.getRequestParameter(OAuth20Constants.CODE_VERIFIER); return StringUtils.isNotBlank(challenge) && super.supports(context); } }
@Override public boolean supports(final J2EContext context) { return OAuth20Utils.isGrantType(context.getRequestParameter(OAuth20Constants.GRANT_TYPE), OAuth20GrantTypes.CLIENT_CREDENTIALS); }
/** * Gets response type. * * @param context the context * @return the response type */ public static OAuth20ResponseTypes getResponseType(final J2EContext context) { val responseType = context.getRequestParameter(OAuth20Constants.RESPONSE_TYPE); val type = Arrays.stream(OAuth20ResponseTypes.values()) .filter(t -> t.getType().equalsIgnoreCase(responseType)) .findFirst() .orElse(OAuth20ResponseTypes.CODE); LOGGER.debug("OAuth response type is [{}]", type); return type; }
@Override @SneakyThrows public View build(final J2EContext context, final String clientId, final AccessTokenRequestDataHolder holder) { val redirectUri = context.getRequestParameter(OAuth20Constants.REDIRECT_URI); LOGGER.debug("Authorize request verification successful for client [{}] with redirect uri [{}]", clientId, redirectUri); val result = accessTokenGenerator.generate(holder); val accessToken = result.getAccessToken().orElse(null); val refreshToken = result.getRefreshToken().orElse(null); LOGGER.debug("Generated OAuth access token: [{}]", accessToken); return buildCallbackUrlResponseType(holder, redirectUri, accessToken, new ArrayList<>(), refreshToken, context); }
@Override public boolean supports(final J2EContext context) { val grantType = context.getRequestParameter(OAuth20Constants.RESPONSE_TYPE); return OAuth20Utils.isResponseType(grantType, getResponseType()); }
@Override public boolean supports(final J2EContext context) { val grantType = context.getRequestParameter(OAuth20Constants.GRANT_TYPE); return OAuth20Utils.isGrantType(grantType, getGrantType()); } }
@RequestMapping("/forceLogin") @ResponseBody public void forceLogin() { final Client client = config.getClients().findClient(webContext.getRequestParameter(Pac4jConstants.DEFAULT_CLIENT_NAME_PARAMETER)); try { client.redirect(webContext); } catch (final HttpAction e) { } }
@Override public ModelAndView resolve(final J2EContext context, final OAuthRegisteredService service) { var bypassApprovalParameter = context.getRequestParameter(OAuth20Constants.BYPASS_APPROVAL_PROMPT); if (StringUtils.isBlank(bypassApprovalParameter)) { bypassApprovalParameter = (String) context.getSessionStore().get(context, OAuth20Constants.BYPASS_APPROVAL_PROMPT); } LOGGER.trace("Bypassing approval prompt for service [{}]: [{}]", service, bypassApprovalParameter); if (Boolean.TRUE.toString().equalsIgnoreCase(bypassApprovalParameter) || isConsentApprovalBypassed(context, service)) { context.getSessionStore().set(context, OAuth20Constants.BYPASS_APPROVAL_PROMPT, Boolean.TRUE.toString()); return new ModelAndView(); } return redirectToApproveView(context, service); }
private static View buildCallbackViewViaRedirectUri(final J2EContext context, final String clientId, final Authentication authentication, final OAuthCode code) { val attributes = authentication.getAttributes(); val state = attributes.get(OAuth20Constants.STATE).toString(); val nonce = attributes.get(OAuth20Constants.NONCE).toString(); val redirectUri = context.getRequestParameter(OAuth20Constants.REDIRECT_URI); LOGGER.debug("Authorize request verification successful for client [{}] with redirect uri [{}]", clientId, redirectUri); var callbackUrl = redirectUri; callbackUrl = CommonHelper.addParameter(callbackUrl, OAuth20Constants.CODE, code.getId()); if (StringUtils.isNotBlank(state)) { callbackUrl = CommonHelper.addParameter(callbackUrl, OAuth20Constants.STATE, state); } if (StringUtils.isNotBlank(nonce)) { callbackUrl = CommonHelper.addParameter(callbackUrl, OAuth20Constants.NONCE, nonce); } LOGGER.debug("Redirecting to URL [{}]", callbackUrl); return new RedirectView(callbackUrl); } }
/** * Is authorized response type for service? * * @param context the context * @param registeredService the registered service * @return the boolean */ public static boolean isAuthorizedResponseTypeForService(final J2EContext context, final OAuthRegisteredService registeredService) { val responseType = context.getRequestParameter(OAuth20Constants.RESPONSE_TYPE); if (registeredService.getSupportedResponseTypes() != null && !registeredService.getSupportedResponseTypes().isEmpty()) { LOGGER.debug("Checking response type [{}] against supported response types [{}]", responseType, registeredService.getSupportedResponseTypes()); return registeredService.getSupportedResponseTypes().stream().anyMatch(s -> s.equalsIgnoreCase(responseType)); } LOGGER.warn("Registered service [{}] does not define any authorized/supported response types. " + "It is STRONGLY recommended that you authorize and assign response types to the service definition. " + "While just a warning for now, this behavior will be enforced by CAS in future versions.", registeredService.getName()); return true; }
val scopes = CollectionUtils.toCollection(context.getRequest().getParameterValues(OAuth20Constants.SCOPE)); val state = StringUtils.defaultIfBlank(context.getRequestParameter(OAuth20Constants.STATE), StringUtils.EMPTY); val nonce = StringUtils.defaultIfBlank(context.getRequestParameter(OAuth20Constants.NONCE), StringUtils.EMPTY); LOGGER.debug("OAuth [{}] is [{}], and [{}] is [{}]", OAuth20Constants.STATE, state, OAuth20Constants.NONCE, nonce);
ticketGrantingTicketCookieGenerator, this.ticketRegistry, context.getRequest()); val grantType = StringUtils.defaultIfEmpty(context.getRequestParameter(OAuth20Constants.GRANT_TYPE), OAuth20GrantTypes.AUTHORIZATION_CODE.getType()).toUpperCase(); val scopes = OAuth20Utils.parseRequestScopes(context); val codeChallenge =context.getRequestParameter(OAuth20Constants.CODE_CHALLENGE); val codeChallengeMethod = StringUtils.defaultIfEmpty(context.getRequestParameter(OAuth20Constants.CODE_CHALLENGE_METHOD), OAuth20GrantTypes.AUTHORIZATION_CODE.getType()).toUpperCase(); val holder = AccessTokenRequestDataHolder.builder()
val clientId = context.getRequestParameter(OAuth20Constants.CLIENT_ID); val registeredService = getRegisteredServiceByClientId(clientId); try {
val code = context.getRequestParameter(OAuth20Constants.CODE); val token = ticketRegistry.getTicket(code, OAuthCode.class); if (token == null || token.isExpired()) {