gCubeSystem
/
oidc-library
18
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Added method to retrieve UMA token by using `clientId` and `clientSecret` in a specific `audience` (aka context, that must be in `URLEncoded` form) and Javadoc for all interesting methods

This commit is contained in:
Mauro Mugnaini 2021-05-06 17:15:10 +02:00
parent 527f04fb67
commit 17e503c786
1 changed files with 90 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

96
src/main/java/org/gcube/oidc/rest/OpenIdConnectRESTHelper.java
View File

@ -13,6 +13,7 @@ import java.net.ProtocolException;
import java.net.URL;
import java.net.URLEncoder;
import java.util.Arrays;
import java.util.Base64;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@ -58,6 +59,15 @@ public class OpenIdConnectRESTHelper {
return q;
}
/**
* Queries from the OIDC server an OIDC access token, by using provided clientId and client secret.
*
* @param clientId the client id
* @param clientSecret the client secret
* @param tokenUrl the token endpoint {@link URL} of the OIDC server
* @return the issued token
* @throws OpenIdConnectRESTHelperException if an error occurs (also an unauthorized call), inspect the exception for details
*/
public static JWTToken queryClientToken(String clientId, String clientSecret, URL tokenURL)
throws OpenIdConnectRESTHelperException {
@ -88,7 +98,7 @@ public class OpenIdConnectRESTHelper {
return performQueryTokenWithPOST(tokenURL, null, params);
}
public static JWTToken performQueryTokenWithPOST(URL tokenURL, String authorization,
protected static JWTToken performQueryTokenWithPOST(URL tokenURL, String authorization,
Map<String, List<String>> params) throws OpenIdConnectRESTHelperException {
logger.debug("Querying access token from OIDC server with URL: {}", tokenURL);
@ -154,7 +164,37 @@ public class OpenIdConnectRESTHelper {
return con;
}
public static JWTToken queryUMAToken(URL tokenUrl, String authorizationToken, String audience,
/**
* Queries from the OIDC server an UMA token, by using provided clientId and client secret for the given audience
* (context) in URLEncoded form and optionally a list of permissions.
*
* @param tokenUrl the token endpoint {@link URL} of the OIDC server
* @param clientId the client id
* @param clientSecret the client secret
* @param audience the audience (context) where to request the issuing of the ticket
* @param permissions a list of permissions, can be <code>null</code>
* @return the issued token
* @throws OpenIdConnectRESTHelperException if an error occurs (also an unauthorized call), inspect the exception for details
*/
public static JWTToken queryUMAToken(URL tokenUrl, String clientId, String clientSecret, String audience,
List<String> permissions) throws OpenIdConnectRESTHelperException {
return queryUMAToken(tokenUrl, "Basic " + Base64.getEncoder().encodeToString((clientId + ":" + clientSecret).getBytes()),
audience, permissions);
}
/**
* Queries from the OIDC server an UMA token, by using provided access token, for the given audience (context)
* in URLEncoded form and optionally a list of permissions.
*
* @param tokenUrl the token endpoint {@link URL} of the OIDC server
* @param authorization the auth token (the access token URLEncoded by the "Bearer " string)
* @param audience the audience (context) where to request the issuing of the ticket (URLEncoded)
* @param permissions a list of permissions, can be <code>null</code>
* @return the issued token
* @throws OpenIdConnectRESTHelperException if an error occurs (also an unauthorized call), inspect the exception for details
*/
public static JWTToken queryUMAToken(URL tokenUrl, String authorization, String audience,
List<String> permissions) throws OpenIdConnectRESTHelperException {
Map<String, List<String>> params = new HashMap<>();
@ -174,18 +214,45 @@ public class OpenIdConnectRESTHelper {
}
}).collect(Collectors.toList()));
}
return performQueryTokenWithPOST(tokenUrl, authorizationToken, params);
return performQueryTokenWithPOST(tokenUrl, authorization, params);
}
/**
* Refreshes the token from the OIDC server.
*
* @param tokenUrl the token endpoint {@link URL} of the OIDC server
* @param token the token to be refreshed
* @return a new token refreshed from the previous one
* @throws OpenIdConnectRESTHelperException if an error occurs (also an unauthorized call), inspect the exception for details
*/
public static JWTToken refreshToken(URL tokenURL, JWTToken token) throws OpenIdConnectRESTHelperException {
return refreshToken(tokenURL, null, null, token);
}
/**
* Refreshes the token from the OIDC server for a specific client represented by the client id.
*
* @param tokenUrl the token endpoint {@link URL} of the OIDC server
* @param clientId the client id
* @param token the token to be refreshed
* @return a new token refreshed from the previous one
* @throws OpenIdConnectRESTHelperException if an error occurs (also an unauthorized call), inspect the exception for details
*/
public static JWTToken refreshToken(URL tokenURL, String clientId, JWTToken token)
throws OpenIdConnectRESTHelperException {
return refreshToken(tokenURL, clientId, null, token);
}
/**
* Refreshes the token from the OIDC server for a specific client represented by the client id.
*
* @param tokenUrl the token endpoint {@link URL} of the OIDC server
* @param clientId the client id
* @param clientSecret the client secret
* @param token the token to be refreshed
* @return a new token refreshed from the previous one
* @throws OpenIdConnectRESTHelperException if an error occurs (also an unauthorized call), inspect the exception for details
*/
public static JWTToken refreshToken(URL tokenURL, String clientId, String clientSecret, JWTToken token)
throws OpenIdConnectRESTHelperException {
@ -233,10 +300,27 @@ public class OpenIdConnectRESTHelper {
}
}
/**
* Performs the logout (SSOut) from all the sessions opened in the OIDC server.
*
* @param logoutUrl the logut endpoint {@link URL} of the OIDC server
* @param token the token used to take info from
* @return <code>true</code> if the logout is performed correctly, <code>false</code> otherwise
* @throws IOException if an I/O error occurs during the communication with the server
*/
public static boolean logout(URL logoutUrl, JWTToken token) throws IOException {
return logout(logoutUrl, null, token);
}
/**
* Performs the logout from the session related to the provided client id in the OIDC server.
*
* @param logoutUrl the logut endpoint {@link URL} of the OIDC server
* @param clientId the client id
* @param token the token used to take info from
* @return <code>true</code> if the logout is performed correctly, <code>false</code> otherwise
* @throws IOException if an I/O error occurs during the communication with the server
*/
public static boolean logout(URL logoutUrl, String clientId, JWTToken token) throws IOException {
Map<String, List<String>> params = new HashMap<>();
if (clientId == null) {
@ -276,9 +360,9 @@ public class OpenIdConnectRESTHelper {
}
if (conn.getResponseCode() == 200) {
String contentType = conn.getContentType();
logger.debug("Getting the stream to the avatar resource with MIME: {}", contentType);
InputStream is = conn.getInputStream();
buffer = new ByteArrayOutputStream();
int nRead;
@ -286,7 +370,7 @@ public class OpenIdConnectRESTHelper {
while ((nRead = is.read(data, 0, data.length)) != -1) {
buffer.write(data, 0, nRead);
}
buffer.flush();
return buffer.toByteArray();
} else {