Examples of JWTClaimsSet

Examples of com.nimbusds.jwt.JWTClaimsSet

97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
      signingAlg = client.getIdTokenSignedResponseAlg();
    }


    OAuth2AccessTokenEntity idTokenEntity = new OAuth2AccessTokenEntity();
    JWTClaimsSet idClaims = new JWTClaimsSet();

    // if the auth time claim was explicitly requested OR if the client always wants the auth time, put it in
    if (request.getExtensions().containsKey("max_age")
        || (request.getExtensions().containsKey("idtoken")) // TODO: parse the ID Token claims (#473) -- for now assume it could be in there
        || (client.getRequireAuthTime() != null && client.getRequireAuthTime())) {

      Date authTime = (Date) request.getExtensions().get(AuthenticationTimeStamper.AUTH_TIMESTAMP);
      if (authTime != null) {
        idClaims.setClaim("auth_time", authTime.getTime() / 1000);
      }
    }

    idClaims.setIssueTime(issueTime);

    if (client.getIdTokenValiditySeconds() != null) {
      Date expiration = new Date(System.currentTimeMillis() + (client.getIdTokenValiditySeconds() * 1000L));
      idClaims.setExpirationTime(expiration);
      idTokenEntity.setExpiration(expiration);
    }

    idClaims.setIssuer(configBean.getIssuer());
    idClaims.setSubject(sub);
    idClaims.setAudience(Lists.newArrayList(client.getClientId()));

    String nonce = (String)request.getExtensions().get("nonce");
    if (!Strings.isNullOrEmpty(nonce)) {
      idClaims.setCustomClaim("nonce", nonce);
    }

    Set<String> responseTypes = request.getResponseTypes();

    if (responseTypes.contains("token")) {
      // calculate the token hash
      Base64URL at_hash = IdTokenHashUtils.getAccessTokenHash(signingAlg, accessToken);
      idClaims.setClaim("at_hash", at_hash);
    }

    if (client.getIdTokenEncryptedResponseAlg() != null && !client.getIdTokenEncryptedResponseAlg().equals(Algorithm.NONE)
        && client.getIdTokenEncryptedResponseEnc() != null && !client.getIdTokenEncryptedResponseEnc().equals(Algorithm.NONE)
        && !Strings.isNullOrEmpty(client.getJwksUri())) {
View Full Code Here

Examples of com.nimbusds.jwt.JWTClaimsSet

258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
    AuthenticationHolderEntity authHolder = new AuthenticationHolderEntity();
    authHolder.setAuthentication(authentication);
    authHolder = authenticationHolderRepository.save(authHolder);
    token.setAuthenticationHolder(authHolder);

    JWTClaimsSet claims = new JWTClaimsSet();

    claims.setAudience(Lists.newArrayList(client.getClientId()));
    claims.setIssuer(configBean.getIssuer());
    claims.setIssueTime(new Date());
    claims.setExpirationTime(token.getExpiration());
    claims.setJWTID(UUID.randomUUID().toString()); // set a random NONCE in the middle of it

    JWSAlgorithm signingAlg = jwtService.getDefaultSigningAlgorithm();
    SignedJWT signed = new SignedJWT(new JWSHeader(signingAlg), claims);

    jwtService.signJwt(signed);
View Full Code Here

Examples of com.nimbusds.jwt.JWTClaimsSet

55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
   */
  @Override
  public String buildAuthRequestUrl(ServerConfiguration serverConfig, RegisteredClient clientConfig, String redirectUri, String nonce, String state, Map<String, String> options) {

    // create our signed JWT for the request object
    JWTClaimsSet claims = new JWTClaimsSet();

    //set parameters to JwtClaims
    claims.setClaim("response_type", "code");
    claims.setClaim("client_id", clientConfig.getClientId());
    claims.setClaim("scope", Joiner.on(" ").join(clientConfig.getScope()));

    // build our redirect URI
    claims.setClaim("redirect_uri", redirectUri);

    // this comes back in the id token
    claims.setClaim("nonce", nonce);

    // this comes back in the auth request return
    claims.setClaim("state", state);

    // Optional parameters
    for (Entry<String, String> option : options.entrySet()) {
      claims.setClaim(option.getKey(), option.getValue());
    }

    EncryptedJWT jwt = new EncryptedJWT(new JWEHeader(alg, enc), claims);

    JwtEncryptionAndDecryptionService encryptor = encrypterService.getEncrypter(serverConfig.getJwksUri());
View Full Code Here

Examples of com.nimbusds.jwt.JWTClaimsSet

48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
   */
  @Override
  public String buildAuthRequestUrl(ServerConfiguration serverConfig, RegisteredClient clientConfig, String redirectUri, String nonce, String state, Map<String, String> options) {

    // create our signed JWT for the request object
    JWTClaimsSet claims = new JWTClaimsSet();

    //set parameters to JwtClaims
    claims.setClaim("response_type", "code");
    claims.setClaim("client_id", clientConfig.getClientId());
    claims.setClaim("scope", Joiner.on(" ").join(clientConfig.getScope()));

    // build our redirect URI
    claims.setClaim("redirect_uri", redirectUri);

    // this comes back in the id token
    claims.setClaim("nonce", nonce);

    // this comes back in the auth request return
    claims.setClaim("state", state);

    // Optional parameters
    for (Entry<String, String> option : options.entrySet()) {
      claims.setClaim(option.getKey(), option.getValue());
    }



    SignedJWT jwt = new SignedJWT(new JWSHeader(signingAndValidationService.getDefaultSigningAlgorithm()), claims);
View Full Code Here

Examples of com.nimbusds.jwt.JWTClaimsSet

100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
          //OAuth2AccessTokenEntity newIdToken = tokenServices.get

          OAuth2AccessTokenEntity newIdTokenEntity = new OAuth2AccessTokenEntity();

          // copy over all existing claims
          JWTClaimsSet claims = new JWTClaimsSet(idToken.getJWTClaimsSet());

          if (client instanceof ClientDetailsEntity) {

            ClientDetailsEntity clientEntity = (ClientDetailsEntity) client;

            // update expiration and issued-at claims
            if (clientEntity.getIdTokenValiditySeconds() != null) {
              Date expiration = new Date(System.currentTimeMillis() + (clientEntity.getIdTokenValiditySeconds() * 1000L));
              claims.setExpirationTime(expiration);
              newIdTokenEntity.setExpiration(expiration);
            }

          } else {
            //This should never happen
            logger.fatal("SEVERE: Client is not an instance of OAuth2AccessTokenEntity.");
            throw new BadCredentialsException("SEVERE: Client is not an instance of ClientDetailsEntity; JwtAssertionTokenGranter cannot process this request.");
          }

          claims.setIssueTime(new Date());


          SignedJWT newIdToken = new SignedJWT((JWSHeader) idToken.getHeader(), claims);
          jwtService.signJwt(newIdToken);

View Full Code Here

Examples of com.nimbusds.jwt.JWTClaimsSet

86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
      StringWriter writer = new StringWriter();
      gson.toJson(json, writer);

      response.setContentType("application/jwt");
     
      JWTClaimsSet claims = JWTClaimsSet.parse(writer.toString());

      claims.setAudience(Lists.newArrayList(client.getClientId()));

      claims.setIssuer(config.getIssuer());

      claims.setIssueTime(new Date());

      claims.setJWTID(UUID.randomUUID().toString()); // set a random NONCE in the middle of it


      if (client.getIdTokenEncryptedResponseAlg() != null && !client.getIdTokenEncryptedResponseAlg().equals(Algorithm.NONE)
          && client.getIdTokenEncryptedResponseEnc() != null && !client.getIdTokenEncryptedResponseEnc().equals(Algorithm.NONE)
          && !Strings.isNullOrEmpty(client.getJwksUri())) {
View Full Code Here

Examples of com.nimbusds.jwt.JWTClaimsSet

350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
        if (signer == null) {
          throw new AuthenticationServiceException("Couldn't find required signer service for use with private key auth.");
        }

        JWTClaimsSet claimsSet = new JWTClaimsSet();

        claimsSet.setIssuer(clientConfig.getClientId());
        claimsSet.setSubject(clientConfig.getClientId());
        claimsSet.setAudience(Lists.newArrayList(serverConfig.getTokenEndpointUri()));

        // TODO: make this configurable
        Date exp = new Date(System.currentTimeMillis() + (60 * 1000)); // auth good for 60 seconds
        claimsSet.setExpirationTime(exp);

        Date now = new Date(System.currentTimeMillis());
        claimsSet.setIssueTime(now);
        claimsSet.setNotBeforeTime(now);

        SignedJWT jwt = new SignedJWT(new JWSHeader(alg), claimsSet);

        signer.signJwt(jwt, alg);

View Full Code Here

Examples of com.nimbusds.jwt.JWTClaimsSet

82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
    OAuth2Request originalAuthRequest = authentication.getOAuth2Request();

    String clientId = originalAuthRequest.getClientId();
    ClientDetailsEntity client = clientService.loadClientByClientId(clientId);

    JWTClaimsSet claims = new JWTClaimsSet();

    claims.setAudience(Lists.newArrayList(clientId));

    claims.setIssuer(configBean.getIssuer());

    claims.setIssueTime(new Date());

    claims.setExpirationTime(token.getExpiration());

    claims.setJWTID(UUID.randomUUID().toString()); // set a random NONCE in the middle of it

    JWSAlgorithm signingAlg = jwtService.getDefaultSigningAlgorithm();

    SignedJWT signed = new SignedJWT(new JWSHeader(signingAlg), claims);

    jwtService.signJwt(signed);

    token.setJwt(signed);

    /**
     * Authorization request scope MUST include "openid" in OIDC, but access token request
     * may or may not include the scope parameter. As long as the AuthorizationRequest
     * has the proper scope, we can consider this a valid OpenID Connect request. Otherwise,
     * we consider it to be a vanilla OAuth2 request.
     *
     * Also, there must be a user authentication involved in the request for it to be considered
     * OIDC and not OAuth, so we check for that as well.
     */
    if (originalAuthRequest.getScope().contains("openid")
        && !authentication.isClientOnly()) {

      String username = authentication.getName();
      UserInfo userInfo = userInfoService.getByUsernameAndClientId(username, clientId);

      if (userInfo != null) {

        OAuth2AccessTokenEntity idTokenEntity = connectTokenService.createIdToken(client,
            originalAuthRequest, claims.getIssueTime(),
            userInfo.getSub(), token);

        // attach the id token to the parent access token
        token.setIdToken(idTokenEntity);
      } else {
View Full Code Here

Examples of com.nimbusds.jwt.JWTClaimsSet

163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
      token.setAuthenticationHolder(authHolder);

      // attach a refresh token, if this client is allowed to request them and the user gets the offline scope
      if (client.isAllowRefresh() && scopes.contains(SystemScopeService.OFFLINE_ACCESS)) {
        OAuth2RefreshTokenEntity refreshToken = new OAuth2RefreshTokenEntity(); //refreshTokenFactory.createNewRefreshToken();
        JWTClaimsSet refreshClaims = new JWTClaimsSet();


        // make it expire if necessary
        if (client.getRefreshTokenValiditySeconds() != null) {
          Date expiration = new Date(System.currentTimeMillis() + (client.getRefreshTokenValiditySeconds() * 1000L));
          refreshToken.setExpiration(expiration);
          refreshClaims.setExpirationTime(expiration);
        }

        // set a random identifier
        refreshClaims.setJWTID(UUID.randomUUID().toString());

        // TODO: add issuer fields, signature to JWT

        PlainJWT refreshJwt = new PlainJWT(refreshClaims);
        refreshToken.setJwt(refreshJwt);
View Full Code Here

Examples of com.nimbusds.jwt.JWTClaimsSet

38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
  protected void service(HttpServletRequest request, HttpServletResponse response)
    throws IOException, ServletException {

    // Given a user instance
    // Compose the JWT claims set
    JWTClaimsSet jwtClaims = new JWTClaimsSet();
    jwtClaims.setIssueTime(new Date());
    jwtClaims.setJWTID(UUID.randomUUID().toString());
    // jwtClaims.setCustomClaim("name", user.name);
    // jwtClaims.setCustomClaim("email", user.email);

    // Create JWS header with HS256 algorithm
    JWSHeader header = new JWSHeader(JWSAlgorithm.HS256);
    header.setContentType("text/plain");

    // Create JWS object
    JWSObject jwsObject = new JWSObject(header, new Payload(jwtClaims.toJSONObject()));

    // Create HMAC signer
    JWSSigner signer = new MACSigner(SHARED_KEY.getBytes());

    try {
View Full Code Here
TOP
Copyright © 2018 www.massapi.com. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.