예제 #1
0
  @Post
  public Representation token(final Representation entity) throws OAuth2RestletException {

    final OAuth2Request request = requestFactory.create(getRequest());

    try {
      final AccessToken accessToken = accessTokenService.requestAccessToken(request);
      return new JacksonRepresentation<Map<String, Object>>(accessToken.toMap());
    } catch (InvalidGrantException e) {
      throw new OAuth2RestletException(
          e.getStatusCode(),
          e.getError(),
          "Assertion is invalid.",
          request.<String>getParameter("redirect_uri"),
          request.<String>getParameter("state"));
    } catch (ClientAuthenticationFailedException e) {
      getResponse()
          .setChallengeRequests(
              singletonList(
                  new ChallengeRequest(
                      ChallengeScheme.valueOf(
                          SUPPORTED_RESTLET_CHALLENGE_SCHEMES.get(e.getChallengeScheme())),
                      e.getChallengeRealm())));
      throw new OAuth2RestletException(
          e.getStatusCode(), e.getError(), e.getMessage(), request.<String>getParameter("state"));
    } catch (OAuth2Exception e) {
      throw new OAuth2RestletException(
          e.getStatusCode(),
          e.getError(),
          e.getMessage(),
          request.<String>getParameter("redirect_uri"),
          request.<String>getParameter("state"));
    }
  }
  // See spec section 5.5. - add claims to id_token based on 'claims' parameter in the access token
  private void appendRequestedIdTokenClaims(
      OAuth2Request request,
      OAuth2ProviderSettings providerSettings,
      OpenAMOpenIdConnectToken oidcToken)
      throws ServerException, NotFoundException, InvalidClientException {

    AccessToken accessToken = request.getToken(AccessToken.class);
    String claims;
    if (accessToken != null) {
      claims = (String) accessToken.toMap().get(OAuth2Constants.Custom.CLAIMS);
    } else {
      claims = request.getParameter(OAuth2Constants.Custom.CLAIMS);
    }

    if (claims != null) {
      try {
        JSONObject claimsObject = new JSONObject(claims);
        JSONObject idTokenClaimsRequest =
            claimsObject.getJSONObject(OAuth2Constants.JWTTokenParams.ID_TOKEN);
        Map<String, Object> userInfo =
            providerSettings.getUserInfo(accessToken, request).getValues();

        Iterator<String> it = idTokenClaimsRequest.keys();
        while (it.hasNext()) {
          String keyName = it.next();

          if (userInfo.containsKey(keyName)) {
            oidcToken.put(keyName, userInfo.get(keyName));
          }
        }
      } catch (UnauthorizedClientException e) {
        throw new InvalidClientException(e.getMessage());
      } catch (JSONException e) {
        // if claims object not found, fall through
      }
    }
  }