Package org.gcube.oidc.rest

Class OpenIdConnectRESTHelper

  • public class OpenIdConnectRESTHelper
extends Object
    OpenID Connect REST helper.
    Author:
    Mauro Mugnaini

    • Field Detail

      • logger

        protected static final org.slf4j.Logger logger
        Logger.

    • Constructor Detail

      • OpenIdConnectRESTHelper

        public OpenIdConnectRESTHelper()

    • Method Detail

      • mapToQueryString

        public static String mapToQueryString​(Map<String,​List<String>> params)
        Maps the parameters to a query string.
        Parameters:
        params - the parameters.
        Returns:
        the query string.

      • queryClientToken

        public static JWTToken queryClientToken​(String clientId,
                                        String clientSecret,
                                        URL tokenURL)
                                 throws OpenIdConnectRESTHelperException
        Queries from the OIDC server an OIDC access token, by using provided clientId and client secret.
        Parameters:
        clientId - the client id
        clientSecret - the client secret
        tokenURL - the token endpoint URL of the OIDC server
        Returns:
        the issued token
        Throws:
        OpenIdConnectRESTHelperException - if an error occurs (also an unauthorized call), inspect the exception for details

      • queryClientToken

        public static JWTToken queryClientToken​(String clientId,
                                        String clientSecret,
                                        URL tokenURL,
                                        Map<String,​String> extraHeaders)
                                 throws OpenIdConnectRESTHelperException
        Queries from the OIDC server an OIDC access token, by using provided clientId and client secret.
        Parameters:
        clientId - the client id
        clientSecret - the client secret
        tokenURL - the token endpoint URL of the OIDC server
        extraHeaders - extra HTTP headers to add to the request (e.g. X-D4Science-Context custom header), may be null
        Returns:
        the issued token
        Throws:
        OpenIdConnectRESTHelperException - if an error occurs (also an unauthorized call), inspect the exception for details

      • queryToken

        public static JWTToken queryToken​(String clientId,
                                  URL tokenURL,
                                  String code,
                                  String scope,
                                  String redirectURI)
                           throws Exception
        Queries from the OIDC server an OIDC access token, by using provided clientId, code, scope and redirect URI.
        Parameters:
        clientId - the client id.
        tokenURL - the token URL.
        code - the code.
        scope - the scope.
        redirectURI - the redirect URI.
        Returns:
        the issued token.
        Throws:
        Exception - if an error occurs.

      • queryToken

        public static JWTToken queryToken​(String clientId,
                                  URL tokenURL,
                                  String code,
                                  String scope,
                                  String redirectURI,
                                  Map<String,​String> extraHeaders)
                           throws Exception
        Queries from the OIDC server an OIDC access token, by using provided clientId, code, scope, redirect URI and extra headers.
        Parameters:
        clientId - the client id.
        tokenURL - the token URL.
        code - the code.
        scope - the scope.
        redirectURI - the redirect URI.
        extraHeaders - the extra headers.
        Returns:
        the issued token.
        Throws:
        Exception - if an error occurs.

      • queryUMAToken

        public static JWTToken queryUMAToken​(URL tokenUrl,
                                     String clientId,
                                     String clientSecret,
                                     String audience,
                                     List<String> permissions)
                              throws OpenIdConnectRESTHelperException
        Queries from the OIDC server an UMA token, by using provided clientId and client secret for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
        Parameters:
        tokenUrl - the token endpoint URL of the OIDC server
        clientId - the client id
        clientSecret - the client secret
        audience - the audience (context) where to request the issuing of the token (URLEncoded or not)
        permissions - a list of permissions, can be null
        Returns:
        the issued token
        Throws:
        OpenIdConnectRESTHelperException - if an error occurs (also an unauthorized call), inspect the exception for details

      • queryUMAToken

        public static JWTToken queryUMAToken​(URL tokenUrl,
                                     String clientId,
                                     String clientSecret,
                                     String audience,
                                     List<String> permissions,
                                     Map<String,​String> extraHeaders)
                              throws OpenIdConnectRESTHelperException
        Queries from the OIDC server an UMA token, by using provided clientId and client secret for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
        Parameters:
        tokenUrl - the token endpoint URL of the OIDC server
        clientId - the client id
        clientSecret - the client secret
        audience - the audience (context) where to request the issuing of the token (URLEncoded or not)
        permissions - a list of permissions, can be null
        extraHeaders - extra HTTP headers to add to the request (e.g. X-D4Science-Context custom header), may be null
        Returns:
        the issued token
        Throws:
        OpenIdConnectRESTHelperException - if an error occurs (also an unauthorized call), inspect the exception for details

      • queryUMAToken

        public static JWTToken queryUMAToken​(URL tokenUrl,
                                     String authorization,
                                     String audience,
                                     List<String> permissions)
                              throws OpenIdConnectRESTHelperException
        Queries from the OIDC server an UMA token, by using provided access token, for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
        Parameters:
        tokenUrl - the token endpoint URL of the OIDC server
        authorization - the auth token (the access token URLEncoded by the "Bearer " string)
        audience - the audience (context) where to request the issuing of the token (URLEncoded or not)
        permissions - a list of permissions, can be null
        Returns:
        the issued token
        Throws:
        OpenIdConnectRESTHelperException - if an error occurs (also an unauthorized call), inspect the exception for details

      • queryUMAToken

        public static JWTToken queryUMAToken​(URL tokenUrl,
                                     String authorization,
                                     String audience,
                                     List<String> permissions,
                                     Map<String,​String> extraHeaders)
                              throws OpenIdConnectRESTHelperException
        Queries from the OIDC server an UMA token, by using provided access token, for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
        Parameters:
        tokenUrl - the token endpoint URL of the OIDC server
        authorization - the auth token (the access token URLEncoded by the "Bearer " string)
        audience - the audience (context) where to request the issuing of the token (URLEncoded or not)
        permissions - a list of permissions, can be null
        extraHeaders - extra HTTP headers to add to the request (e.g. X-D4Science-Context custom header), may be null
        Returns:
        the issued token
        Throws:
        OpenIdConnectRESTHelperException - if an error occurs (also an unauthorized call), inspect the exception for details

      • queryExchangeToken

        public static JWTToken queryExchangeToken​(URL tokenUrl,
                                          String authorization,
                                          String audience,
                                          String clientId,
                                          String clientSecret,
                                          Map<String,​String> extraHeaders)
                                   throws OpenIdConnectRESTHelperException
        Queries from the OIDC server an exchanged token by using provided access token, optionally for the given audience (context) in URLEncoded form or not.
        Parameters:
        tokenUrl - the token endpoint URL of the OIDC server
        authorization - the auth token (the access token URLEncoded by the "Bearer " string)
        audience - the audience (context) where to request the issuing of the token (URLEncoded or not), may be null
        clientId - the client id
        clientSecret - the client secret
        extraHeaders - extra HTTP headers to add to the request (e.g. X-D4Science-Context custom header), may be null
        Returns:
        the issued token
        Throws:
        OpenIdConnectRESTHelperException - if an error occurs (also an unauthorized call), inspect the exception for details

      • queryExchangeToken

        public static JWTToken queryExchangeToken​(URL tokenUrl,
                                          String authorization,
                                          String audience,
                                          String clientId,
                                          String clientSecret,
                                          boolean withRefreshToken,
                                          boolean offline,
                                          Map<String,​String> extraHeaders)
                                   throws OpenIdConnectRESTHelperException
        Queries from the OIDC server an exchanged token by using provided access token, optionally for the given audience (context) in URLEncoded form or not.
        Parameters:
        tokenUrl - the token endpoint URL of the OIDC server
        authorization - the auth token (the access token URLEncoded by the "Bearer " string)
        audience - the audience (context) where to request the issuing of the token (URLEncoded or not), may be null
        clientId - the client id
        clientSecret - the client secret
        withRefreshToken - request also the refresh token (forced to true for offline requests)
        offline - request a refresh token of offline type (TYP claim)
        extraHeaders - extra HTTP headers to add to the request (e.g. X-D4Science-Context custom header), may be null
        Returns:
        the issued token
        Throws:
        OpenIdConnectRESTHelperException - if an error occurs (also an unauthorized call), inspect the exception for details

      • queryExchangeToken

        public static JWTToken queryExchangeToken​(URL tokenUrl,
                                          String authorization,
                                          String audience,
                                          String clientId,
                                          String clientSecret,
                                          String requestedTokenType,
                                          String scope,
                                          Map<String,​String> extraHeaders)
                                   throws OpenIdConnectRESTHelperException
        Queries from the OIDC server an exchanged token by using provided access token, optionally for the given audience (context) in URLEncoded form or not.
        Parameters:
        tokenUrl - the token endpoint URL of the OIDC server
        authorization - the auth token (the access token URLEncoded by the "Bearer " string)
        audience - the audience (context) where to request the issuing of the token (URLEncoded or not), may be null
        clientId - the client id
        clientSecret - the client secret
        requestedTokenType - the requested token type (e.g. urn:ietf:params:oauth:token-type:refresh_token for refresh token)
        scope - the optional scope to request (e.g. offline_access for an offline token)
        extraHeaders - extra HTTP headers to add to the request (e.g. X-D4Science-Context custom header), may be null
        Returns:
        the issued token
        Throws:
        OpenIdConnectRESTHelperException - if an error occurs (also an unauthorized call), inspect the exception for details

      • refreshToken

        public static JWTToken refreshToken​(URL tokenURL,
                                    JWTToken token)
                             throws OpenIdConnectRESTHelperException
        Refreshes the token from the OIDC server.
        Parameters:
        tokenURL - the token endpoint URL of the OIDC server
        token - the token to be refreshed
        Returns:
        a new token refreshed from the previous one
        Throws:
        OpenIdConnectRESTHelperException - if an error occurs (also an unauthorized call), inspect the exception for details

      • refreshToken

        public static JWTToken refreshToken​(URL tokenURL,
                                    String clientId,
                                    JWTToken token)
                             throws OpenIdConnectRESTHelperException
        Refreshes the token from the OIDC server for a specific client represented by the client id.
        Parameters:
        tokenURL - the token endpoint URL of the OIDC server
        clientId - the client id
        token - the token to be refreshed
        Returns:
        a new token refreshed from the previous one
        Throws:
        OpenIdConnectRESTHelperException - if an error occurs (also an unauthorized call), inspect the exception for details

      • refreshToken

        public static JWTToken refreshToken​(URL tokenURL,
                                    String clientId,
                                    String clientSecret,
                                    JWTToken token)
                             throws OpenIdConnectRESTHelperException
        Refreshes the token from the OIDC server for a specific client represented by the client id.
        Parameters:
        tokenURL - the token endpoint URL of the OIDC server
        clientId - the client id
        clientSecret - the client secret
        token - the token to be refreshed
        Returns:
        a new token refreshed from the previous one
        Throws:
        OpenIdConnectRESTHelperException - if an error occurs (also an unauthorized call), inspect the exception for details

      • getClientIdFromToken

        protected static String getClientIdFromToken​(JWTToken token)
        Returns the client id from the token.
        Parameters:
        token - the token.
        Returns:
        the client id.

      • logout

        public static boolean logout​(URL logoutUrl,
                             JWTToken token)
                      throws IOException
        Performs the logout (SSOut) from all the sessions opened in the OIDC server.
        Parameters:
        logoutUrl - the logut endpoint URL of the OIDC server
        token - the token used to take info from
        Returns:
        true if the logout is performed correctly, false otherwise
        Throws:
        IOException - if an I/O error occurs during the communication with the server

      • logout

        public static boolean logout​(URL logoutUrl,
                             String clientId,
                             JWTToken token)
                      throws IOException
        Performs the logout from the session related to the provided client id in the OIDC server.
        Parameters:
        logoutUrl - the logut endpoint URL of the OIDC server
        clientId - the client id
        token - the token used to take info from
        Returns:
        true if the logout is performed correctly, false otherwise
        Throws:
        IOException - if an I/O error occurs during the communication with the server

      • getUserAvatar

        public static byte[] getUserAvatar​(URL avatarURL,
                                   JWTToken token)
        Returns the user avatar.
        Parameters:
        avatarURL - the avatar URL.
        token - the token.
        Returns:
        the avatar.

      • getUserAvatar

        public static byte[] getUserAvatar​(URL avatarURL,
                                   String authorization)
        Returns the user avatar.
        Parameters:
        avatarURL - the avatar URL.
        authorization - the authorization.
        Returns:
        the avatar.

      • matchesErrorAndDescription

        protected static boolean matchesErrorAndDescription​(String jsonString,
                                                    String expectedError,
                                                    String exepectedErrorDescription)
        Checks if the error matches the expected error and description.
        Parameters:
        jsonString - the JSON string.
        expectedError - the expected error.
        exepectedErrorDescription - the expected error description.
        Returns:
        true if matches, false otherwise.

      • isTokenNotActiveError

        public static boolean isTokenNotActiveError​(String jsonString)
        Checks if the error is a token not active error.
        Parameters:
        jsonString - the JSON string.
        Returns:
        true if it is a token not active error, false otherwise.

      • isInvalidBearerTokenError

        public static boolean isInvalidBearerTokenError​(String jsonString)
        Checks if the error is an invalid bearer token error.
        Parameters:
        jsonString - the JSON string.
        Returns:
        true if it is an invalid bearer token error, false otherwise.

      • isAccessDeniedNotAuthorizedError

        public static boolean isAccessDeniedNotAuthorizedError​(String jsonString)
        Checks if the error is an access denied not authorized error.
        Parameters:
        jsonString - the JSON string.
        Returns:
        true if it is an access denied not authorized error, false otherwise.