gCubeSystem
/
oidc-library
18
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Using azp field (if present) also in logout

This commit is contained in:
Mauro Mugnaini 2020-06-30 13:57:41 +02:00
parent d6362f0cb5
commit 9aafc0d289
1 changed files with 21 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
src/main/java/org/gcube/oidc/rest/OpenIdConnectRESTHelper.java
View File

@ -115,10 +115,12 @@ public class OpenIdConnectRESTHelper {
con.setRequestProperty("Authorization", authorization); con.setRequestProperty("Authorization", authorization);
} }
OutputStream os = con.getOutputStream(); OutputStream os = con.getOutputStream();
String queryString = mapToQueryString(params);
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {
logger.debug("Sending parameters: " + params); logger.debug("Parameters query string is: " + queryString);
} }
os.write(mapToQueryString(params).getBytes("UTF-8")); os.write(queryString.getBytes("UTF-8"));
os.close(); os.close();
return con; return con;
} }
@ -156,16 +158,7 @@ public class OpenIdConnectRESTHelper {
Map<String, List<String>> params = new HashMap<>(); Map<String, List<String>> params = new HashMap<>();
params.put("grant_type", Arrays.asList("refresh_token")); params.put("grant_type", Arrays.asList("refresh_token"));
if (clientId == null) { if (clientId == null) {
if (logger.isDebugEnabled()) { clientId = getClientIdFromToken(token);
logger.debug("Client id not provided, using authorized party field (azp)");
}
clientId = token.getAzp();
if (clientId == null) {
if (logger.isDebugEnabled()) {
logger.debug("Authorized party field (azp) not present, getting one of the audience field (aud)");
}
clientId = getFirstAudienceNoAccount(token);
}
} }
params.put("client_id", Arrays.asList(URLEncoder.encode(clientId, "UTF-8"))); params.put("client_id", Arrays.asList(URLEncoder.encode(clientId, "UTF-8")));
if (clientSecret != null) { if (clientSecret != null) {
@ -175,6 +168,21 @@ public class OpenIdConnectRESTHelper {
return performQueryTokenWithPOST(tokenURL, null, params); return performQueryTokenWithPOST(tokenURL, null, params);
} }
protected static String getClientIdFromToken(JWTToken token) {
String clientId;
if (logger.isDebugEnabled()) {
logger.debug("Client id not provided, using authorized party field (azp)");
}
clientId = token.getAzp();
if (clientId == null) {
if (logger.isDebugEnabled()) {
logger.debug("Authorized party field (azp) not present, getting one of the audience field (aud)");
}
clientId = getFirstAudienceNoAccount(token);
}
return clientId;
}
private static String getFirstAudienceNoAccount(JWTToken token) { private static String getFirstAudienceNoAccount(JWTToken token) {
// Trying to get it from the token's audience ('aud' field), getting the first except the 'account' // Trying to get it from the token's audience ('aud' field), getting the first except the 'account'
List<String> tokenAud = token.getAud(); List<String> tokenAud = token.getAud();
@ -194,7 +202,7 @@ public class OpenIdConnectRESTHelper {
public static boolean logout(URL logoutUrl, String clientId, JWTToken token) throws IOException { public static boolean logout(URL logoutUrl, String clientId, JWTToken token) throws IOException {
Map<String, List<String>> params = new HashMap<>(); Map<String, List<String>> params = new HashMap<>();
if (clientId == null) { if (clientId == null) {
clientId = getFirstAudienceNoAccount(token); clientId = getClientIdFromToken(token);
} }
params.put("client_id", Arrays.asList(URLEncoder.encode(clientId, "UTF-8"))); params.put("client_id", Arrays.asList(URLEncoder.encode(clientId, "UTF-8")));
params.put("refresh_token", Arrays.asList(token.getRefreshTokenString())); params.put("refresh_token", Arrays.asList(token.getRefreshTokenString()));