gCubeSystem
/
oidc-library
18
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

New checks for "invalid_grant" and "access_denied" error together with ""Token is not active"", "Invalid bearer token" and "not_authorized" descriptions

This commit is contained in:
Mauro Mugnaini 2021-01-11 16:04:18 +01:00
parent a8c38ee12e
commit 1fb2b2408e
3 changed files with 37 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG.md
View File

@ -2,6 +2,9 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
# Changelog for "oidc-library" # Changelog for "oidc-library"
## [v1.1.1]
- New checks for "invalid_grant" and "access_denied" error together with ""Token is not active"", "Invalid bearer token" and "not_authorized" descriptions (#20407)
## [v1.1.0] ## [v1.1.0]
- Added avatar configuration and retrieve helper methods (#19726) - Added avatar configuration and retrieve helper methods (#19726)

17
pom.xml
View File

@ -13,7 +13,8 @@
<groupId>org.gcube.common</groupId> <groupId>org.gcube.common</groupId>
<artifactId>oidc-library</artifactId> <artifactId>oidc-library</artifactId>
<version>1.1.0</version> <version>1.1.1</version>
<dependencyManagement> <dependencyManagement>
<dependencies> <dependencies>
<dependency> <dependency>
@ -25,11 +26,13 @@
</dependency> </dependency>
</dependencies> </dependencies>
</dependencyManagement> </dependencyManagement>
<scm>
<connection>scm:git:https://code-repo.d4science.org/gCubeSystem/${project.artifactId}.git</connection> <scm>
<developerConnection>scm:git:https://code-repo.d4science.org/gCubeSystem/${project.artifactId}.git</developerConnection> <connection>scm:git:https://code-repo.d4science.org/gCubeSystem/${project.artifactId}.git</connection>
<url>https://code-repo.d4science.org/gCubeSystem/${project.artifactId}</url> <developerConnection>scm:git:https://code-repo.d4science.org/gCubeSystem/${project.artifactId}.git</developerConnection>
</scm> <url>https://code-repo.d4science.org/gCubeSystem/${project.artifactId}</url>
</scm>
<dependencies> <dependencies>
<dependency> <dependency>
<groupId>org.slf4j</groupId> <groupId>org.slf4j</groupId>
@ -54,5 +57,7 @@
<scope>test</scope> <scope>test</scope>
</dependency> </dependency>
</dependencies> </dependencies>
<build /> <build />
</project> </project>

27
src/main/java/org/gcube/oidc/rest/OpenIdConnectRESTHelper.java
View File

@ -30,8 +30,11 @@ public class OpenIdConnectRESTHelper {
private static final String RESPONSE_ERROR_KEY = "error"; private static final String RESPONSE_ERROR_KEY = "error";
private static final String RESPONSE_ERROR_INVALID_GRANT = "invalid_grant"; private static final String RESPONSE_ERROR_INVALID_GRANT = "invalid_grant";
private static final String RESPONSE_ERROR_ACCESS_DENIED = "access_denied";
private static final String RESPONSE_ERROR_DESCRIPTION_KEY = "error_description"; private static final String RESPONSE_ERROR_DESCRIPTION_KEY = "error_description";
private static final String RESPONSE_ERROR_MESSAGE_TINA = "Token is not active"; private static final String RESPONSE_ERROR_DESCRIPTION_TINA = "Token is not active";
private static final String RESPONSE_ERROR_DESCRIPTION_IBT = "Invalid bearer token";
private static final String RESPONSE_ERROR_DESCRIPTION_NOT_AUTHORIZED = "not_authorized";
public static String buildLoginRequestURL(URL loginURL, String clientId, String state, String redirectURI) public static String buildLoginRequestURL(URL loginURL, String clientId, String state, String redirectURI)
throws UnsupportedEncodingException { throws UnsupportedEncodingException {
@ -294,14 +297,30 @@ public class OpenIdConnectRESTHelper {
return null; return null;
} }
public static boolean isTokenNotActiveError(String jsonString) { protected static boolean matchesErrorAndDescription(String jsonString, String expectedError,
String exepectedErrorDescription) {
try { try {
JSONObject json = (JSONObject) new JSONParser().parse(jsonString); JSONObject json = (JSONObject) new JSONParser().parse(jsonString);
return RESPONSE_ERROR_INVALID_GRANT.equals(json.get(RESPONSE_ERROR_KEY)) return expectedError.equals(json.get(RESPONSE_ERROR_KEY))
&& RESPONSE_ERROR_MESSAGE_TINA.equals(json.get(RESPONSE_ERROR_DESCRIPTION_KEY)); && (exepectedErrorDescription == null
|| exepectedErrorDescription.equals(json.get(RESPONSE_ERROR_DESCRIPTION_KEY)));
} catch (ParseException e) { } catch (ParseException e) {
// Is an unparseable JSON // Is an unparseable JSON
} }
return false; return false;
} }
public static boolean isTokenNotActiveError(String jsonString) {
return matchesErrorAndDescription(jsonString, RESPONSE_ERROR_INVALID_GRANT, RESPONSE_ERROR_DESCRIPTION_TINA);
}
public static boolean isInvalidBearerTokenError(String jsonString) {
return matchesErrorAndDescription(jsonString, RESPONSE_ERROR_INVALID_GRANT, RESPONSE_ERROR_DESCRIPTION_IBT);
}
public static boolean isAccessDeniedNotAuthorizedError(String jsonString) {
return matchesErrorAndDescription(jsonString, RESPONSE_ERROR_ACCESS_DENIED,
RESPONSE_ERROR_DESCRIPTION_NOT_AUTHORIZED);
}
} }