Package org.ametys.plugins.extrausermgt.oauth

Class DefaultOauthProvider

java.lang.Object

org.ametys.runtime.plugin.component.AbstractLogEnabled

org.ametys.plugins.extrausermgt.oauth.DefaultOauthProvider

All Implemented Interfaces:

OAuthProvider, LogEnabled, Configurable, Contextualizable, Serviceable

public class DefaultOauthProvider
extends AbstractLogEnabled
implements OAuthProvider, Configurable, Serviceable, Contextualizable

OAuth provider definition to interact with a Nextcloud server. This could be a default OAuth provider definition except for the configuration part and the handling of the user id provided by Nextcloud as a custom parameter in the token response.

Field Summary

Fields

Modifier and Type	Field	Description
protected com.nimbusds.oauth2.sdk.auth.ClientAuthentication	_auth	the authentication to use when requesting a token
protected URI	_authorizationEnpoint	the authorization endpoint URI
protected com.nimbusds.oauth2.sdk.id.ClientID	_clientID	the oauth client id
protected Set<String>	_customParameters	the list of custom parameters returned with the token that must be stored for later use
protected String	_id	The provider id
protected com.nimbusds.oauth2.sdk.Scope	_scope	the scope for the token
protected URI	_tokenEndpointURI	the token endpoint URI
static final String	OAUTH_ACCESS_TOKEN_EXPIRATION_DATE_SESSION_ATTRIBUTE	Oauth access token expiration date session attribute
static final String	OAUTH_ACCESS_TOKEN_SESSION_ATTRIBUTE	Oauth access token session attribute
static final String	OAUTH_CUSTOM_PARAMETER	Oauth custom parameter session attribute
static final String	OAUTH_REDIRECT_URI_SESSION_ATTRIBUTE	OAuth redirect URI to use after a successful token request
static final String	OAUTH_REFRESH_TOKEN_SESSION_ATTRIBUTE	Oauth refresh token session attribute
static final String	OAUTH_STATE_SESSION_ATTRIBUTE	OAuth state session attribute

Constructor Summary

Constructors

Constructor	Description
DefaultOauthProvider()

Method Summary

Modifier and Type	Method	Description
protected com.nimbusds.oauth2.sdk.id.State	_generateState()	Generate a state for the given provider.
protected com.nimbusds.oauth2.sdk.token.AccessToken	_getAccessTokenFromAuthorizationServerResponse(com.nimbusds.oauth2.sdk.http.HTTPResponse httpResponse, ZonedDateTime requestDate)	Parse the token response to get the token and store it before returning the newly acquired token
protected String	_getConfigValue(Configuration cfg)	Get the value of a configuration element either by retrieving the associated value in the application config or directly the configuration element value
protected com.nimbusds.oauth2.sdk.AuthorizationRequest	buildAuthorizationCodeRequest()	Build an authorization request based on the provide information.
void	configure(Configuration configuration)
void	contextualize(Context context)
Optional<com.nimbusds.oauth2.sdk.token.AccessToken>	getAccessToken(Redirector redirector)	Try to get the currently stored access token for the given provider.
URI	getAuthorizationEndpointURI()	Get the authorization endpoint for the provider
com.nimbusds.oauth2.sdk.auth.ClientAuthentication	getClientAuthentication()	Get the client authentication to use for new token request
com.nimbusds.oauth2.sdk.id.ClientID	getClientID()	Get the client id provided by the authorization server.
Set<String>	getCustomParametersName()	Get the list of custom parameters returned with the access token.
String	getId()	Get the extension id
com.nimbusds.oauth2.sdk.Scope	getScope()	Get the scope to request to the provider.
Optional<com.nimbusds.oauth2.sdk.token.AccessToken>	getStoredAccessToken()	Get the stored access token if it exist.
<T> Optional<T>	getStoredCustomParameter(String parameter)	Retrieve the stored value for a custom parameter
URI	getTokenEndpointURI()	Get the token endpoint for the provider
boolean	isKnownState(com.nimbusds.oauth2.sdk.id.State state)	Indicate that the provider is expecting an authorization response for the provided state.
com.nimbusds.oauth2.sdk.token.AccessToken	requestAccessToken(com.nimbusds.oauth2.sdk.AuthorizationGrant authorizationGrant)	Request a token to an authorization server using an authorization code previously provided by the authorization server.
void	service(ServiceManager manager)
protected com.nimbusds.oauth2.sdk.token.AccessToken	storeTokens(com.nimbusds.oauth2.sdk.AccessTokenResponse response, ZonedDateTime requestDate)	Store the tokens information for later uses.

Methods inherited from class org.ametys.runtime.plugin.component.AbstractLogEnabled

getLogger, setLogger

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

OAUTH_STATE_SESSION_ATTRIBUTE

public static final String OAUTH_STATE_SESSION_ATTRIBUTE

OAuth state session attribute

See Also:

• Constant Field Values

OAUTH_REDIRECT_URI_SESSION_ATTRIBUTE

public static final String OAUTH_REDIRECT_URI_SESSION_ATTRIBUTE

OAuth redirect URI to use after a successful token request

See Also:

• Constant Field Values

OAUTH_ACCESS_TOKEN_SESSION_ATTRIBUTE

public static final String OAUTH_ACCESS_TOKEN_SESSION_ATTRIBUTE

Oauth access token session attribute

See Also:

• Constant Field Values

OAUTH_ACCESS_TOKEN_EXPIRATION_DATE_SESSION_ATTRIBUTE

public static final String OAUTH_ACCESS_TOKEN_EXPIRATION_DATE_SESSION_ATTRIBUTE

Oauth access token expiration date session attribute

See Also:

• Constant Field Values

OAUTH_REFRESH_TOKEN_SESSION_ATTRIBUTE

public static final String OAUTH_REFRESH_TOKEN_SESSION_ATTRIBUTE

Oauth refresh token session attribute

See Also:

• Constant Field Values

OAUTH_CUSTOM_PARAMETER

public static final String OAUTH_CUSTOM_PARAMETER

Oauth custom parameter session attribute

See Also:

• Constant Field Values

_id

protected String _id

The provider id

_clientID

protected com.nimbusds.oauth2.sdk.id.ClientID _clientID

the oauth client id

_auth

protected com.nimbusds.oauth2.sdk.auth.ClientAuthentication _auth

the authentication to use when requesting a token

_authorizationEnpoint

protected URI _authorizationEnpoint

the authorization endpoint URI

_tokenEndpointURI

protected URI _tokenEndpointURI

the token endpoint URI

_scope

protected com.nimbusds.oauth2.sdk.Scope _scope

the scope for the token

_customParameters

protected Set<String> _customParameters

the list of custom parameters returned with the token that must be stored for later use

Constructor Details

DefaultOauthProvider

public DefaultOauthProvider()

Method Details

contextualize

public void contextualize(Context context)
                   throws ContextException

Specified by:

contextualize in interface Contextualizable

Throws:

ContextException

service

public void service(ServiceManager manager)
             throws ServiceException

Specified by:

service in interface Serviceable

Throws:

ServiceException

configure

public void configure(Configuration configuration)
               throws ConfigurationException

Specified by:

configure in interface Configurable

Throws:

ConfigurationException

_getConfigValue

protected String _getConfigValue(Configuration cfg)

Get the value of a configuration element either by retrieving the associated value in the application config or directly the configuration element value

Parameters:

cfg - a configuration element. Can not be null

Returns:

the value or null if the value is not present

getClientID

public com.nimbusds.oauth2.sdk.id.ClientID getClientID()

Description copied from interface: OAuthProvider

Get the client id provided by the authorization server.

Specified by:

getClientID in interface OAuthProvider

Returns:

the client id

getAuthorizationEndpointURI

public URI getAuthorizationEndpointURI()

Description copied from interface: OAuthProvider

Get the authorization endpoint for the provider

Specified by:

getAuthorizationEndpointURI in interface OAuthProvider

Returns:

the uri

getTokenEndpointURI

public URI getTokenEndpointURI()

Description copied from interface: OAuthProvider

Get the token endpoint for the provider

Specified by:

getTokenEndpointURI in interface OAuthProvider

Returns:

the uri

getId

public String getId()

Description copied from interface: OAuthProvider

Get the extension id

Specified by:

getId in interface OAuthProvider

Returns:

the id

getClientAuthentication

public com.nimbusds.oauth2.sdk.auth.ClientAuthentication getClientAuthentication()

Description copied from interface: OAuthProvider

Get the client authentication to use for new token request

Specified by:

getClientAuthentication in interface OAuthProvider

Returns:

the authentication

getScope

public com.nimbusds.oauth2.sdk.Scope getScope()

Description copied from interface: OAuthProvider

Get the scope to request to the provider. null if no scope should be use.

Specified by:

getScope in interface OAuthProvider

Returns:

the scope or null

getCustomParametersName

public Set<String> getCustomParametersName()

Description copied from interface: OAuthProvider

Get the list of custom parameters returned with the access token. The listed parameters are stored with the access token for later use.

Specified by:

getCustomParametersName in interface OAuthProvider

Returns:

the list of parameter names

isKnownState

public boolean isKnownState(com.nimbusds.oauth2.sdk.id.State state)

Description copied from interface: OAuthProvider

Indicate that the provider is expecting an authorization response for the provided state.

Specified by:

isKnownState in interface OAuthProvider

Parameters:

state - the state

Returns:

true if the provider has initiated a authorization process with this state and the process is not complete yet.

getStoredAccessToken

public Optional<com.nimbusds.oauth2.sdk.token.AccessToken> getStoredAccessToken()

Description copied from interface: OAuthProvider

Get the stored access token if it exist. If a token exists, but is expired, this method will silently try to refresh it.

Specified by:

getStoredAccessToken in interface OAuthProvider

Returns:

the access token or empty

getStoredCustomParameter

public <T> Optional<T> getStoredCustomParameter(String parameter)

Description copied from interface: OAuthProvider

Retrieve the stored value for a custom parameter

Specified by:

getStoredCustomParameter in interface OAuthProvider

Type Parameters:

T - the type of the value to retrieve. This must be a valid JSON type

Parameters:

parameter - the name of the parameter

Returns:

the value of the parameter if it exists

getAccessToken

public Optional<com.nimbusds.oauth2.sdk.token.AccessToken> getAccessToken(Redirector redirector)
                                                                   throws ProcessingException,
IOException

Description copied from interface: OAuthProvider

Try to get the currently stored access token for the given provider. If no valid token is available, the method should return Optional.empty() and try to redirect to the authorization protocol.

Specified by:

getAccessToken in interface OAuthProvider

Parameters:

redirector - the redirector to use if no token are available.

Returns:

the token or Optional.empty()

Throws:

ProcessingException - if an error occurred while redirecting

IOException - if an error occurred while redirecting

See Also:

• if you don't want to redirect

buildAuthorizationCodeRequest

protected com.nimbusds.oauth2.sdk.AuthorizationRequest buildAuthorizationCodeRequest()

Build an authorization request based on the provide information. The request will use a ResponseType#CODE for the response type.

Returns:

an authorization request

_generateState

protected com.nimbusds.oauth2.sdk.id.State _generateState()

Generate a state for the given provider. The state will be stored in the provider to be able to retrieve the provider responding to a authorize request being processed in OAuthCallbackAction. We also store the state in session to unsure that the response is linked to the current session.

Returns:

the newly generated state

requestAccessToken

public com.nimbusds.oauth2.sdk.token.AccessToken requestAccessToken(com.nimbusds.oauth2.sdk.AuthorizationGrant authorizationGrant)
                                                             throws IOException

Description copied from interface: OAuthProvider

Request a token to an authorization server using an authorization code previously provided by the authorization server. This method will store the result of the token request in session. See OAuthProvider.getStoredAccessToken() and OAuthProvider.getAccessToken(Redirector) for how to use the requested token.

Specified by:

requestAccessToken in interface OAuthProvider

Parameters:

authorizationGrant - the grant to use to request the token

Returns:

the new access token

Throws:

IOException - if an error occurred while communicating with the token endpoint

See Also:

• OAuthProvider.getStoredAccessToken()
• OAuthProvider.getAccessToken(Redirector)

_getAccessTokenFromAuthorizationServerResponse

protected com.nimbusds.oauth2.sdk.token.AccessToken _getAccessTokenFromAuthorizationServerResponse(com.nimbusds.oauth2.sdk.http.HTTPResponse httpResponse,
 ZonedDateTime requestDate)

Parse the token response to get the token and store it before returning the newly acquired token

Parameters:

httpResponse - the response

requestDate - the date of the request

Returns:

the new token

Throws:

AccessDeniedException - if the response doesn't indicate success

storeTokens

protected com.nimbusds.oauth2.sdk.token.AccessToken storeTokens(com.nimbusds.oauth2.sdk.AccessTokenResponse response,
 ZonedDateTime requestDate)

Store the tokens information for later uses.

Parameters:

response - the tokens returned by the successful token request

requestDate - the request date to compute the expiration date

Returns:

the access token