Compare commits
No commits in common. "33a22f9448c810e6fd40c363ea46a69d90ceed58" and "fccbedb299804c0dd2f0bc1fbc6783735687ebc1" have entirely different histories.
33a22f9448
...
fccbedb299
|
@ -2,15 +2,6 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
|
||||||
|
|
||||||
# Changelog for "oidc-library"
|
# Changelog for "oidc-library"
|
||||||
|
|
||||||
## [v1.3.2-SNAPSHOT]
|
|
||||||
Token exchange (#27099)
|
|
||||||
Header X-D4Science-Context in query exchange and refresh
|
|
||||||
|
|
||||||
- performQueryTokenWithPOST accepts also optional headers
|
|
||||||
- performURLEncodedPOSTSendData accepts also optional headers
|
|
||||||
- implemented queryExchangeToken
|
|
||||||
|
|
||||||
|
|
||||||
## [v1.3.1]
|
## [v1.3.1]
|
||||||
Added `Catalogue-Manager` and `Catalogue-Moderator` roles to the enum (#23623)
|
Added `Catalogue-Manager` and `Catalogue-Moderator` roles to the enum (#23623)
|
||||||
|
|
||||||
|
|
2
pom.xml
2
pom.xml
|
@ -13,7 +13,7 @@
|
||||||
|
|
||||||
<groupId>org.gcube.common</groupId>
|
<groupId>org.gcube.common</groupId>
|
||||||
<artifactId>oidc-library</artifactId>
|
<artifactId>oidc-library</artifactId>
|
||||||
<version>1.3.2-SNAPSHOT</version>
|
<version>1.3.1</version>
|
||||||
|
|
||||||
<dependencyManagement>
|
<dependencyManagement>
|
||||||
<dependencies>
|
<dependencies>
|
||||||
|
|
|
@ -98,19 +98,13 @@ public class OpenIdConnectRESTHelper {
|
||||||
return performQueryTokenWithPOST(tokenURL, null, params);
|
return performQueryTokenWithPOST(tokenURL, null, params);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
protected static JWTToken performQueryTokenWithPOST(URL tokenURL, String authorization,
|
protected static JWTToken performQueryTokenWithPOST(URL tokenURL, String authorization,
|
||||||
Map<String, List<String>> params) throws OpenIdConnectRESTHelperException {
|
Map<String, List<String>> params) throws OpenIdConnectRESTHelperException {
|
||||||
return performQueryTokenWithPOST(tokenURL, authorization, params, null);
|
|
||||||
}
|
|
||||||
|
|
||||||
protected static JWTToken performQueryTokenWithPOST(URL tokenURL, String authorization,
|
|
||||||
Map<String, List<String>> params, Map<String, String> headers) throws OpenIdConnectRESTHelperException {
|
|
||||||
|
|
||||||
logger.debug("Querying access token from OIDC server with URL: {}", tokenURL);
|
logger.debug("Querying access token from OIDC server with URL: {}", tokenURL);
|
||||||
StringBuilder sb;
|
StringBuilder sb;
|
||||||
try {
|
try {
|
||||||
HttpURLConnection httpURLConnection = performURLEncodedPOSTSendData(tokenURL, params, authorization, headers);
|
HttpURLConnection httpURLConnection = performURLEncodedPOSTSendData(tokenURL, params, authorization);
|
||||||
|
|
||||||
sb = new StringBuilder();
|
sb = new StringBuilder();
|
||||||
int httpResultCode = httpURLConnection.getResponseCode();
|
int httpResultCode = httpURLConnection.getResponseCode();
|
||||||
|
@ -150,11 +144,6 @@ public class OpenIdConnectRESTHelper {
|
||||||
|
|
||||||
protected static HttpURLConnection performURLEncodedPOSTSendData(URL url, Map<String, List<String>> params,
|
protected static HttpURLConnection performURLEncodedPOSTSendData(URL url, Map<String, List<String>> params,
|
||||||
String authorization) throws IOException, ProtocolException, UnsupportedEncodingException {
|
String authorization) throws IOException, ProtocolException, UnsupportedEncodingException {
|
||||||
return performURLEncodedPOSTSendData(url, params, authorization, null);
|
|
||||||
}
|
|
||||||
|
|
||||||
protected static HttpURLConnection performURLEncodedPOSTSendData(URL url, Map<String, List<String>> params,
|
|
||||||
String authorization, Map<String, String> headers) throws IOException, ProtocolException, UnsupportedEncodingException {
|
|
||||||
|
|
||||||
HttpURLConnection con = (HttpURLConnection) url.openConnection();
|
HttpURLConnection con = (HttpURLConnection) url.openConnection();
|
||||||
con.setRequestMethod("POST");
|
con.setRequestMethod("POST");
|
||||||
|
@ -166,12 +155,6 @@ public class OpenIdConnectRESTHelper {
|
||||||
logger.debug("Adding authorization header as: {}", authorization);
|
logger.debug("Adding authorization header as: {}", authorization);
|
||||||
con.setRequestProperty("Authorization", authorization);
|
con.setRequestProperty("Authorization", authorization);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (headers != null) {
|
|
||||||
for (String key : headers.keySet()) {
|
|
||||||
con.setRequestProperty(key, headers.get(key));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
OutputStream os = con.getOutputStream();
|
OutputStream os = con.getOutputStream();
|
||||||
|
|
||||||
String queryString = mapToQueryString(params);
|
String queryString = mapToQueryString(params);
|
||||||
|
@ -201,62 +184,6 @@ public class OpenIdConnectRESTHelper {
|
||||||
audience, permissions);
|
audience, permissions);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Queries from the OIDC server an exchanged token by using provided access token, for the given audience (context),
|
|
||||||
* in URLEncoded form or not, and optionally a list of permissions.
|
|
||||||
*
|
|
||||||
* @param tokenUrl the token endpoint {@link URL} of the OIDC server
|
|
||||||
* @param authorization the auth token (the access token URLEncoded by the "Bearer " string)
|
|
||||||
* @param audience the audience (context) where to request the issuing of the ticket (URLEncoded)
|
|
||||||
* @param permissions a list of permissions, can be <code>null</code>
|
|
||||||
* @return the issued token
|
|
||||||
* @throws OpenIdConnectRESTHelperException if an error occurs (also an unauthorized call), inspect the exception for details
|
|
||||||
*/
|
|
||||||
public static JWTToken queryExchangeToken(URL tokenUrl, String authorization, String audience, String client_id, String client_secret,
|
|
||||||
List<String> permissions) throws OpenIdConnectRESTHelperException {
|
|
||||||
|
|
||||||
logger.info("Queried exchangeToken for context " + audience);
|
|
||||||
|
|
||||||
Map<String, List<String>> params = new HashMap<>();
|
|
||||||
|
|
||||||
params.put("subject_token", Arrays.asList(authorization));
|
|
||||||
params.put("client_id", Arrays.asList(client_id));
|
|
||||||
params.put("client_secret", Arrays.asList(client_secret));
|
|
||||||
params.put("grant_type", Arrays.asList("urn:ietf:params:oauth:grant-type:token-exchange"));
|
|
||||||
params.put("subject_token_type", Arrays.asList("urn:ietf:params:oauth:token-type:access_token"));
|
|
||||||
params.put("requested_token_type", Arrays.asList("urn:ietf:params:oauth:token-type:access_token"));
|
|
||||||
|
|
||||||
if (audience.startsWith("/")) {
|
|
||||||
try {
|
|
||||||
logger.trace("Audience was provided in non URL encoded form, encoding it");
|
|
||||||
audience = URLEncoder.encode(audience, "UTF-8");
|
|
||||||
} catch (UnsupportedEncodingException e) {
|
|
||||||
logger.error("Cannot URL encode 'audience'", e);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
try {
|
|
||||||
params.put("audience", Arrays.asList(URLEncoder.encode(audience, "UTF-8")));
|
|
||||||
} catch (UnsupportedEncodingException e) {
|
|
||||||
logger.error("Cannot URL encode 'audience'", e);
|
|
||||||
}
|
|
||||||
if (permissions != null && !permissions.isEmpty()) {
|
|
||||||
params.put(
|
|
||||||
"permission", permissions.stream().map(s -> {
|
|
||||||
try {
|
|
||||||
return URLEncoder.encode(s, "UTF-8");
|
|
||||||
} catch (UnsupportedEncodingException e) {
|
|
||||||
return "";
|
|
||||||
}
|
|
||||||
}).collect(Collectors.toList()));
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// Map<String, String> headers = new HashMap<>();
|
|
||||||
// headers.put("X-D4Science-Context", audience);
|
|
||||||
|
|
||||||
return performQueryTokenWithPOST(tokenUrl, null, params/*, headers*/);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Queries from the OIDC server an UMA token, by using provided access token, for the given audience (context),
|
* Queries from the OIDC server an UMA token, by using provided access token, for the given audience (context),
|
||||||
* in URLEncoded form or not, and optionally a list of permissions.
|
* in URLEncoded form or not, and optionally a list of permissions.
|
||||||
|
|
Loading…
Reference in New Issue