Package org.gcube.oidc.rest

Class OpenIdConnectRESTHelper

java.lang.Object
org.gcube.oidc.rest.OpenIdConnectRESTHelper
public class OpenIdConnectRESTHelper extends Object
OpenID Connect REST helper.
Author:
Mauro Mugnaini

  • Field Details

    • logger

      protected static final org.slf4j.Logger logger
      Logger.

  • Constructor Details

    • OpenIdConnectRESTHelper

      public OpenIdConnectRESTHelper()

  • Method Details

    • buildLoginRequestURL

      public static String buildLoginRequestURL(URL loginURL, String clientId, String state, String redirectURI) throws UnsupportedEncodingException
      Builds the login request URL.
      Parameters:
      loginURL - the login URL.
      clientId - the client id.
      state - the state.
      redirectURI - the redirect URI.
      Returns:
      the login request URL.
      Throws:
      UnsupportedEncodingException - if an error occurs.

    • mapToQueryString

      public static String mapToQueryString(Map<String,List<String>> params)
      Maps the parameters to a query string.
      Parameters:
      params - the parameters.
      Returns:
      the query string.

    • queryClientToken

      public static JWTToken queryClientToken(String clientId, String clientSecret, URL tokenURL) throws OpenIdConnectRESTHelperException
      Queries from the OIDC server an OIDC access token, by using provided clientId and client secret.
      Parameters:
      clientId - the client id
      clientSecret - the client secret
      tokenURL - the token endpoint URL of the OIDC server
      Returns:
      the issued token
      Throws:
      OpenIdConnectRESTHelperException - if an error occurs (also an unauthorized call), inspect the exception for details

    • queryClientToken

      public static JWTToken queryClientToken(String clientId, String clientSecret, URL tokenURL, Map<String,String> extraHeaders) throws OpenIdConnectRESTHelperException
      Queries from the OIDC server an OIDC access token, by using provided clientId and client secret.
      Parameters:
      clientId - the client id
      clientSecret - the client secret
      tokenURL - the token endpoint URL of the OIDC server
      extraHeaders - extra HTTP headers to add to the request (e.g. X-D4Science-Context custom header), may be null
      Returns:
      the issued token
      Throws:
      OpenIdConnectRESTHelperException - if an error occurs (also an unauthorized call), inspect the exception for details

    • queryToken

      public static JWTToken queryToken(String clientId, URL tokenURL, String code, String scope, String redirectURI) throws Exception
      Queries from the OIDC server an OIDC access token, by using provided clientId, code, scope and redirect URI.
      Parameters:
      clientId - the client id.
      tokenURL - the token URL.
      code - the code.
      scope - the scope.
      redirectURI - the redirect URI.
      Returns:
      the issued token.
      Throws:
      Exception - if an error occurs.

    • queryToken

      public static JWTToken queryToken(String clientId, URL tokenURL, String code, String scope, String redirectURI, Map<String,String> extraHeaders) throws Exception
      Queries from the OIDC server an OIDC access token, by using provided clientId, code, scope, redirect URI and extra headers.
      Parameters:
      clientId - the client id.
      tokenURL - the token URL.
      code - the code.
      scope - the scope.
      redirectURI - the redirect URI.
      extraHeaders - the extra headers.
      Returns:
      the issued token.
      Throws:
      Exception - if an error occurs.

    • performQueryTokenWithPOST

      protected static JWTToken performQueryTokenWithPOST(URL tokenURL, String authorization, Map<String,List<String>> params) throws OpenIdConnectRESTHelperException
      Performs a query token with POST.
      Parameters:
      tokenURL - the token URL.
      authorization - the authorization.
      params - the parameters.
      Returns:
      the issued token.
      Throws:
      OpenIdConnectRESTHelperException - if an error occurs.

    • performQueryTokenWithPOST

      protected static JWTToken performQueryTokenWithPOST(URL tokenURL, String authorization, Map<String,List<String>> params, Map<String,String> headers) throws OpenIdConnectRESTHelperException
      Performs a query token with POST.
      Parameters:
      tokenURL - the token URL.
      authorization - the authorization.
      params - the parameters.
      headers - the headers.
      Returns:
      the issued token.
      Throws:
      OpenIdConnectRESTHelperException - if an error occurs.

    • performURLEncodedPOSTSendData

      protected static HttpURLConnection performURLEncodedPOSTSendData(URL url, Map<String,List<String>> params, String authorization) throws IOException, ProtocolException, UnsupportedEncodingException
      Performs a URL encoded POST send data.
      Parameters:
      url - the URL.
      params - the parameters.
      authorization - the authorization.
      Returns:
      the connection.
      Throws:
      IOException - if an error occurs.
      ProtocolException - if an error occurs.
      UnsupportedEncodingException - if an error occurs.

    • performURLEncodedPOSTSendData

      protected static HttpURLConnection performURLEncodedPOSTSendData(URL url, Map<String,List<String>> params, String authorization, Map<String,String> headers) throws IOException, ProtocolException, UnsupportedEncodingException
      Performs a URL encoded POST send data.
      Parameters:
      url - the URL.
      params - the parameters.
      authorization - the authorization.
      headers - the headers.
      Returns:
      the connection.
      Throws:
      IOException - if an error occurs.
      ProtocolException - if an error occurs.
      UnsupportedEncodingException - if an error occurs.

    • queryUMAToken

      public static JWTToken queryUMAToken(URL tokenUrl, String clientId, String clientSecret, String audience, List<String> permissions) throws OpenIdConnectRESTHelperException
      Queries from the OIDC server an UMA token, by using provided clientId and client secret for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
      Parameters:
      tokenUrl - the token endpoint URL of the OIDC server
      clientId - the client id
      clientSecret - the client secret
      audience - the audience (context) where to request the issuing of the token (URLEncoded or not)
      permissions - a list of permissions, can be null
      Returns:
      the issued token
      Throws:
      OpenIdConnectRESTHelperException - if an error occurs (also an unauthorized call), inspect the exception for details

    • queryUMAToken

      public static JWTToken queryUMAToken(URL tokenUrl, String clientId, String clientSecret, String audience, List<String> permissions, Map<String,String> extraHeaders) throws OpenIdConnectRESTHelperException
      Queries from the OIDC server an UMA token, by using provided clientId and client secret for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
      Parameters:
      tokenUrl - the token endpoint URL of the OIDC server
      clientId - the client id
      clientSecret - the client secret
      audience - the audience (context) where to request the issuing of the token (URLEncoded or not)
      permissions - a list of permissions, can be null
      extraHeaders - extra HTTP headers to add to the request (e.g. X-D4Science-Context custom header), may be null
      Returns:
      the issued token
      Throws:
      OpenIdConnectRESTHelperException - if an error occurs (also an unauthorized call), inspect the exception for details

    • queryUMAToken

      public static JWTToken queryUMAToken(URL tokenUrl, String authorization, String audience, List<String> permissions) throws OpenIdConnectRESTHelperException
      Queries from the OIDC server an UMA token, by using provided access token, for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
      Parameters:
      tokenUrl - the token endpoint URL of the OIDC server
      authorization - the auth token (the access token URLEncoded by the "Bearer " string)
      audience - the audience (context) where to request the issuing of the token (URLEncoded or not)
      permissions - a list of permissions, can be null
      Returns:
      the issued token
      Throws:
      OpenIdConnectRESTHelperException - if an error occurs (also an unauthorized call), inspect the exception for details

    • queryUMAToken

      public static JWTToken queryUMAToken(URL tokenUrl, String authorization, String audience, List<String> permissions, Map<String,String> extraHeaders) throws OpenIdConnectRESTHelperException
      Queries from the OIDC server an UMA token, by using provided access token, for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
      Parameters:
      tokenUrl - the token endpoint URL of the OIDC server
      authorization - the auth token (the access token URLEncoded by the "Bearer " string)
      audience - the audience (context) where to request the issuing of the token (URLEncoded or not)
      permissions - a list of permissions, can be null
      extraHeaders - extra HTTP headers to add to the request (e.g. X-D4Science-Context custom header), may be null
      Returns:
      the issued token
      Throws:
      OpenIdConnectRESTHelperException - if an error occurs (also an unauthorized call), inspect the exception for details

    • queryExchangeToken

      public static JWTToken queryExchangeToken(URL tokenUrl, String authorization, String audience, String clientId, String clientSecret, Map<String,String> extraHeaders) throws OpenIdConnectRESTHelperException
      Queries from the OIDC server an exchanged token by using provided access token, optionally for the given audience (context) in URLEncoded form or not.
      Parameters:
      tokenUrl - the token endpoint URL of the OIDC server
      authorization - the auth token (the access token URLEncoded by the "Bearer " string)
      audience - the audience (context) where to request the issuing of the token (URLEncoded or not), may be null
      clientId - the client id
      clientSecret - the client secret
      extraHeaders - extra HTTP headers to add to the request (e.g. X-D4Science-Context custom header), may be null
      Returns:
      the issued token
      Throws:
      OpenIdConnectRESTHelperException - if an error occurs (also an unauthorized call), inspect the exception for details

    • queryExchangeToken

      public static JWTToken queryExchangeToken(URL tokenUrl, String authorization, String audience, String clientId, String clientSecret, boolean withRefreshToken, boolean offline, Map<String,String> extraHeaders) throws OpenIdConnectRESTHelperException
      Queries from the OIDC server an exchanged token by using provided access token, optionally for the given audience (context) in URLEncoded form or not.
      Parameters:
      tokenUrl - the token endpoint URL of the OIDC server
      authorization - the auth token (the access token URLEncoded by the "Bearer " string)
      audience - the audience (context) where to request the issuing of the token (URLEncoded or not), may be null
      clientId - the client id
      clientSecret - the client secret
      withRefreshToken - request also the refresh token (forced to true for offline requests)
      offline - request a refresh token of offline type (TYP claim)
      extraHeaders - extra HTTP headers to add to the request (e.g. X-D4Science-Context custom header), may be null
      Returns:
      the issued token
      Throws:
      OpenIdConnectRESTHelperException - if an error occurs (also an unauthorized call), inspect the exception for details

    • queryExchangeToken

      public static JWTToken queryExchangeToken(URL tokenUrl, String authorization, String audience, String clientId, String clientSecret, String requestedTokenType, String scope, Map<String,String> extraHeaders) throws OpenIdConnectRESTHelperException
      Queries from the OIDC server an exchanged token by using provided access token, optionally for the given audience (context) in URLEncoded form or not.
      Parameters:
      tokenUrl - the token endpoint URL of the OIDC server
      authorization - the auth token (the access token URLEncoded by the "Bearer " string)
      audience - the audience (context) where to request the issuing of the token (URLEncoded or not), may be null
      clientId - the client id
      clientSecret - the client secret
      requestedTokenType - the requested token type (e.g. urn:ietf:params:oauth:token-type:refresh_token for refresh token)
      scope - the optional scope to request (e.g. offline_access for an offline token)
      extraHeaders - extra HTTP headers to add to the request (e.g. X-D4Science-Context custom header), may be null
      Returns:
      the issued token
      Throws:
      OpenIdConnectRESTHelperException - if an error occurs (also an unauthorized call), inspect the exception for details

    • refreshToken

      public static JWTToken refreshToken(URL tokenURL, JWTToken token) throws OpenIdConnectRESTHelperException
      Refreshes the token from the OIDC server.
      Parameters:
      tokenURL - the token endpoint URL of the OIDC server
      token - the token to be refreshed
      Returns:
      a new token refreshed from the previous one
      Throws:
      OpenIdConnectRESTHelperException - if an error occurs (also an unauthorized call), inspect the exception for details

    • refreshToken

      public static JWTToken refreshToken(URL tokenURL, String clientId, JWTToken token) throws OpenIdConnectRESTHelperException
      Refreshes the token from the OIDC server for a specific client represented by the client id.
      Parameters:
      tokenURL - the token endpoint URL of the OIDC server
      clientId - the client id
      token - the token to be refreshed
      Returns:
      a new token refreshed from the previous one
      Throws:
      OpenIdConnectRESTHelperException - if an error occurs (also an unauthorized call), inspect the exception for details

    • refreshToken

      public static JWTToken refreshToken(URL tokenURL, String clientId, String clientSecret, JWTToken token) throws OpenIdConnectRESTHelperException
      Refreshes the token from the OIDC server for a specific client represented by the client id.
      Parameters:
      tokenURL - the token endpoint URL of the OIDC server
      clientId - the client id
      clientSecret - the client secret
      token - the token to be refreshed
      Returns:
      a new token refreshed from the previous one
      Throws:
      OpenIdConnectRESTHelperException - if an error occurs (also an unauthorized call), inspect the exception for details

    • getClientIdFromToken

      protected static String getClientIdFromToken(JWTToken token)
      Returns the client id from the token.
      Parameters:
      token - the token.
      Returns:
      the client id.

    • logout

      public static boolean logout(URL logoutUrl, JWTToken token) throws IOException
      Performs the logout (SSOut) from all the sessions opened in the OIDC server.
      Parameters:
      logoutUrl - the logut endpoint URL of the OIDC server
      token - the token used to take info from
      Returns:
      true if the logout is performed correctly, false otherwise
      Throws:
      IOException - if an I/O error occurs during the communication with the server

    • logout

      public static boolean logout(URL logoutUrl, String clientId, JWTToken token) throws IOException
      Performs the logout from the session related to the provided client id in the OIDC server.
      Parameters:
      logoutUrl - the logut endpoint URL of the OIDC server
      clientId - the client id
      token - the token used to take info from
      Returns:
      true if the logout is performed correctly, false otherwise
      Throws:
      IOException - if an I/O error occurs during the communication with the server

    • getUserAvatar

      public static byte[] getUserAvatar(URL avatarURL, JWTToken token)
      Returns the user avatar.
      Parameters:
      avatarURL - the avatar URL.
      token - the token.
      Returns:
      the avatar.

    • getUserAvatar

      public static byte[] getUserAvatar(URL avatarURL, String authorization)
      Returns the user avatar.
      Parameters:
      avatarURL - the avatar URL.
      authorization - the authorization.
      Returns:
      the avatar.

    • matchesErrorAndDescription

      protected static boolean matchesErrorAndDescription(String jsonString, String expectedError, String exepectedErrorDescription)
      Checks if the error matches the expected error and description.
      Parameters:
      jsonString - the JSON string.
      expectedError - the expected error.
      exepectedErrorDescription - the expected error description.
      Returns:
      true if matches, false otherwise.

    • isTokenNotActiveError

      public static boolean isTokenNotActiveError(String jsonString)
      Checks if the error is a token not active error.
      Parameters:
      jsonString - the JSON string.
      Returns:
      true if it is a token not active error, false otherwise.

    • isInvalidBearerTokenError

      public static boolean isInvalidBearerTokenError(String jsonString)
      Checks if the error is an invalid bearer token error.
      Parameters:
      jsonString - the JSON string.
      Returns:
      true if it is an invalid bearer token error, false otherwise.

    • isAccessDeniedNotAuthorizedError

      public static boolean isAccessDeniedNotAuthorizedError(String jsonString)
      Checks if the error is an access denied not authorized error.
      Parameters:
      jsonString - the JSON string.
      Returns:
      true if it is an access denied not authorized error, false otherwise.