public Builder pat(String... scopeArray) { String scope = UmaScopeType.PROTECTION.getValue(); if (scopeArray != null && scopeArray.length > 0) { for (String s : scopeArray) { scope = scope + " " + s; } } return scope(scope); }
private void requestAuthorizationCode(final String authorizePath, final String userId, final String userSecret, final String umaClientId, final String umaRedirectUri, final UmaScopeType p_scopeType) throws Exception { requestAuthorizationCode(authorizePath, userId, userSecret, umaClientId, umaRedirectUri, p_scopeType.getValue()); }
public static Token request(final String tokenUrl, final String umaClientId, final String umaClientSecret, UmaScopeType scopeType, ClientExecutor clientExecutor, String... scopeArray) throws Exception { String scope = scopeType.getValue(); if (scopeArray != null && scopeArray.length > 0) { for (String s : scopeArray) { scope = scope + " " + s; } } TokenClient tokenClient = new TokenClient(tokenUrl); if (clientExecutor != null) { tokenClient.setExecutor(clientExecutor); } TokenResponse response = tokenClient.execClientCredentialsGrant(scope, umaClientId, umaClientSecret); if (response.getStatus() == 200) { final String patToken = response.getAccessToken(); final Integer expiresIn = response.getExpiresIn(); if (Util.allNotBlank(patToken)) { return new Token(null, null, patToken, scopeType.getValue(), expiresIn); } } return null; }
private AuthorizationGrant validateAuthorization(String authorization, UmaScopeType umaScopeType) { log.trace("Validate authorization: {}", authorization); if (StringHelper.isEmpty(authorization)) { errorResponseFactory.throwUmaWebApplicationException(UNAUTHORIZED, UNAUTHORIZED_CLIENT); } String token = tokenService.getTokenFromAuthorizationParameter(authorization); if (StringHelper.isEmpty(token)) { log.debug("Token is invalid"); errorResponseFactory.throwUmaWebApplicationException(UNAUTHORIZED, UNAUTHORIZED_CLIENT); } AuthorizationGrant authorizationGrant = authorizationGrantList.getAuthorizationGrantByAccessToken(token); if (authorizationGrant == null) { errorResponseFactory.throwUmaWebApplicationException(UNAUTHORIZED, ACCESS_DENIED); } if (!authorizationGrant.isValid()) { errorResponseFactory.throwUmaWebApplicationException(UNAUTHORIZED, INVALID_TOKEN); } Set<String> scopes = authorizationGrant.getScopes(); if (!scopes.contains(umaScopeType.getValue())) { errorResponseFactory.throwUmaWebApplicationException(Response.Status.NOT_ACCEPTABLE, INVALID_CLIENT_SCOPE); } return authorizationGrant; }
if (!authorizationGrant.getScopesAsString().contains(UmaScopeType.PROTECTION.getValue())) { log.trace("access_token used to access introspection endpoint does not have uma_protection scope, however in oxauth configuration `checkUmaProtectionScopePresenceDuringIntrospection` is true"); return Response.status(Response.Status.UNAUTHORIZED).entity(errorResponseFactory.getErrorAsJson(AuthorizeErrorResponseType.ACCESS_DENIED) + " access_token does not have uma_protection scope which is required by OP configuration.").build();
scopes.add(p_type.getValue()); if (scopeArray != null && scopeArray.length > 0) { scopes.addAll(Arrays.asList(scopeArray));
public static Token requestWithClientSecretJwt(final String tokenUrl, final String umaClientId, final String umaClientSecret, AuthenticationMethod authenticationMethod, SignatureAlgorithm signatureAlgorithm, String audience, UmaScopeType scopeType, String... scopeArray) throws Exception { String scope = scopeType.getValue(); if (scopeArray != null && scopeArray.length > 0) { for (String s : scopeArray) { scope = scope + " " + s; } } TokenRequest request = new TokenRequest(GrantType.CLIENT_CREDENTIALS); request.setAuthUsername(umaClientId); request.setAuthPassword(umaClientSecret); request.setScope(scope); request.setAuthenticationMethod(authenticationMethod); request.setAlgorithm(signatureAlgorithm); request.setAudience(audience); return request(tokenUrl, request); }