Package org.gcube.oidc.rest

Class OpenIdConnectRESTHelper

  • public class OpenIdConnectRESTHelper
extends Object

    • Field Detail

      • logger

        protected static final org.slf4j.Logger logger

    • Constructor Detail

      • OpenIdConnectRESTHelper

        public OpenIdConnectRESTHelper()

    • Method Detail

      • queryClientToken

        public static JWTToken queryClientToken​(String clientId,
                                        String clientSecret,
                                        URL tokenURL)
                                 throws OpenIdConnectRESTHelperException
        Queries from the OIDC server an OIDC access token, by using provided clientId and client secret.
        Parameters:
        clientId - the client id
        clientSecret - the client secret
        tokenUrl - the token endpoint URL of the OIDC server
        Returns:
        the issued token
        Throws:
        OpenIdConnectRESTHelperException - if an error occurs (also an unauthorized call), inspect the exception for details

      • queryClientToken

        public static JWTToken queryClientToken​(String clientId,
                                        String clientSecret,
                                        URL tokenURL,
                                        Map<String,​String> extraHeaders)
                                 throws OpenIdConnectRESTHelperException
        Queries from the OIDC server an OIDC access token, by using provided clientId and client secret.
        Parameters:
        clientId - the client id
        clientSecret - the client secret
        tokenUrl - the token endpoint URL of the OIDC server
        extraHeaders - extra HTTP headers to add to the request (e.g. X-D4Science-Context custom header), may be null
        Returns:
        the issued token
        Throws:
        OpenIdConnectRESTHelperException - if an error occurs (also an unauthorized call), inspect the exception for details

      • queryUMAToken

        public static JWTToken queryUMAToken​(URL tokenUrl,
                                     String clientId,
                                     String clientSecret,
                                     String audience,
                                     List<String> permissions)
                              throws OpenIdConnectRESTHelperException
        Queries from the OIDC server an UMA token, by using provided clientId and client secret for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
        Parameters:
        tokenUrl - the token endpoint URL of the OIDC server
        clientId - the client id
        clientSecret - the client secret
        audience - the audience (context) where to request the issuing of the token (URLEncoded or not)
        permissions - a list of permissions, can be null
        Returns:
        the issued token
        Throws:
        OpenIdConnectRESTHelperException - if an error occurs (also an unauthorized call), inspect the exception for details

      • queryUMAToken

        public static JWTToken queryUMAToken​(URL tokenUrl,
                                     String clientId,
                                     String clientSecret,
                                     String audience,
                                     List<String> permissions,
                                     Map<String,​String> extraHeaders)
                              throws OpenIdConnectRESTHelperException
        Queries from the OIDC server an UMA token, by using provided clientId and client secret for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
        Parameters:
        tokenUrl - the token endpoint URL of the OIDC server
        clientId - the client id
        clientSecret - the client secret
        audience - the audience (context) where to request the issuing of the token (URLEncoded or not)
        permissions - a list of permissions, can be null
        extraHeaders - extra HTTP headers to add to the request (e.g. X-D4Science-Context custom header), may be null
        Returns:
        the issued token
        Throws:
        OpenIdConnectRESTHelperException - if an error occurs (also an unauthorized call), inspect the exception for details

      • queryUMAToken

        public static JWTToken queryUMAToken​(URL tokenUrl,
                                     String authorization,
                                     String audience,
                                     List<String> permissions)
                              throws OpenIdConnectRESTHelperException
        Queries from the OIDC server an UMA token, by using provided access token, for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
        Parameters:
        tokenUrl - the token endpoint URL of the OIDC server
        authorization - the auth token (the access token URLEncoded by the "Bearer " string)
        audience - the audience (context) where to request the issuing of the token (URLEncoded or not)
        permissions - a list of permissions, can be null
        Returns:
        the issued token
        Throws:
        OpenIdConnectRESTHelperException - if an error occurs (also an unauthorized call), inspect the exception for details

      • queryUMAToken

        public static JWTToken queryUMAToken​(URL tokenUrl,
                                     String authorization,
                                     String audience,
                                     List<String> permissions,
                                     Map<String,​String> extraHeaders)
                              throws OpenIdConnectRESTHelperException
        Queries from the OIDC server an UMA token, by using provided access token, for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
        Parameters:
        tokenUrl - the token endpoint URL of the OIDC server
        authorization - the auth token (the access token URLEncoded by the "Bearer " string)
        audience - the audience (context) where to request the issuing of the token (URLEncoded or not)
        permissions - a list of permissions, can be null
        extraHeaders - extra HTTP headers to add to the request (e.g. X-D4Science-Context custom header), may be null
        Returns:
        the issued token
        Throws:
        OpenIdConnectRESTHelperException - if an error occurs (also an unauthorized call), inspect the exception for details

      • queryExchangeToken

        public static JWTToken queryExchangeToken​(URL tokenUrl,
                                          String authorization,
                                          String audience,
                                          String client_id,
                                          String client_secret,
                                          Map<String,​String> extraHeaders)
                                   throws OpenIdConnectRESTHelperException
        Queries from the OIDC server an exchanged token by using provided access token, optionally for the given audience (context) in URLEncoded form or not.
        Parameters:
        tokenUrl - the token endpoint URL of the OIDC server
        authorization - the auth token (the access token URLEncoded by the "Bearer " string)
        audience - the audience (context) where to request the issuing of the token (URLEncoded or not), may be null
        clientId - the client id
        clientSecret - the client secret
        extraHeaders - extra HTTP headers to add to the request (e.g. X-D4Science-Context custom header), may be null
        Returns:
        the issued token
        Throws:
        OpenIdConnectRESTHelperException - if an error occurs (also an unauthorized call), inspect the exception for details

      • queryExchangeToken

        public static JWTToken queryExchangeToken​(URL tokenUrl,
                                          String authorization,
                                          String audience,
                                          String clientId,
                                          String clientSecret,
                                          boolean withRefreshToken,
                                          boolean offline,
                                          Map<String,​String> extraHeaders)
                                   throws OpenIdConnectRESTHelperException
        Queries from the OIDC server an exchanged token by using provided access token, optionally for the given audience (context) in URLEncoded form or not.
        Parameters:
        tokenUrl - the token endpoint URL of the OIDC server
        authorization - the auth token (the access token URLEncoded by the "Bearer " string)
        audience - the audience (context) where to request the issuing of the token (URLEncoded or not), may be null
        clientId - the client id
        clientSecret - the client secret
        withRefreshToken - request also the refresh token (forced to true for offline requests)
        offline - request a refresh token of offline type (TYP claim)
        extraHeaders - extra HTTP headers to add to the request (e.g. X-D4Science-Context custom header), may be null
        Returns:
        the issued token
        Throws:
        OpenIdConnectRESTHelperException - if an error occurs (also an unauthorized call), inspect the exception for details

      • queryExchangeToken

        public static JWTToken queryExchangeToken​(URL tokenUrl,
                                          String authorization,
                                          String audience,
                                          String clientId,
                                          String clientSecret,
                                          String requestedTokenType,
                                          String scope,
                                          Map<String,​String> extraHeaders)
                                   throws OpenIdConnectRESTHelperException
        Queries from the OIDC server an exchanged token by using provided access token, optionally for the given audience (context) in URLEncoded form or not.
        Parameters:
        tokenUrl - the token endpoint URL of the OIDC server
        authorization - the auth token (the access token URLEncoded by the "Bearer " string)
        audience - the audience (context) where to request the issuing of the token (URLEncoded or not), may be null
        clientId - the client id
        clientSecret - the client secret
        requestedTokenType - the requested token type (e.g. urn:ietf:params:oauth:token-type:refresh_token for refresh token)
        scope - the optional scope to request (e.g. offline_access for an offline token)
        extraHeaders - extra HTTP headers to add to the request (e.g. X-D4Science-Context custom header), may be null
        Returns:
        the issued token
        Throws:
        OpenIdConnectRESTHelperException - if an error occurs (also an unauthorized call), inspect the exception for details

      • refreshToken

        public static JWTToken refreshToken​(URL tokenURL,
                                    JWTToken token)
                             throws OpenIdConnectRESTHelperException
        Refreshes the token from the OIDC server.
        Parameters:
        tokenUrl - the token endpoint URL of the OIDC server
        token - the token to be refreshed
        Returns:
        a new token refreshed from the previous one
        Throws:
        OpenIdConnectRESTHelperException - if an error occurs (also an unauthorized call), inspect the exception for details

      • refreshToken

        public static JWTToken refreshToken​(URL tokenURL,
                                    String clientId,
                                    JWTToken token)
                             throws OpenIdConnectRESTHelperException
        Refreshes the token from the OIDC server for a specific client represented by the client id.
        Parameters:
        tokenUrl - the token endpoint URL of the OIDC server
        clientId - the client id
        token - the token to be refreshed
        Returns:
        a new token refreshed from the previous one
        Throws:
        OpenIdConnectRESTHelperException - if an error occurs (also an unauthorized call), inspect the exception for details

      • refreshToken

        public static JWTToken refreshToken​(URL tokenURL,
                                    String clientId,
                                    String clientSecret,
                                    JWTToken token)
                             throws OpenIdConnectRESTHelperException
        Refreshes the token from the OIDC server for a specific client represented by the client id.
        Parameters:
        tokenUrl - the token endpoint URL of the OIDC server
        clientId - the client id
        clientSecret - the client secret
        token - the token to be refreshed
        Returns:
        a new token refreshed from the previous one
        Throws:
        OpenIdConnectRESTHelperException - if an error occurs (also an unauthorized call), inspect the exception for details

      • getClientIdFromToken

        protected static String getClientIdFromToken​(JWTToken token)

      • logout

        public static boolean logout​(URL logoutUrl,
                             JWTToken token)
                      throws IOException
        Performs the logout (SSOut) from all the sessions opened in the OIDC server.
        Parameters:
        logoutUrl - the logut endpoint URL of the OIDC server
        token - the token used to take info from
        Returns:
        true if the logout is performed correctly, false otherwise
        Throws:
        IOException - if an I/O error occurs during the communication with the server

      • logout

        public static boolean logout​(URL logoutUrl,
                             String clientId,
                             JWTToken token)
                      throws IOException
        Performs the logout from the session related to the provided client id in the OIDC server.
        Parameters:
        logoutUrl - the logut endpoint URL of the OIDC server
        clientId - the client id
        token - the token used to take info from
        Returns:
        true if the logout is performed correctly, false otherwise
        Throws:
        IOException - if an I/O error occurs during the communication with the server

      • getUserAvatar

        public static byte[] getUserAvatar​(URL avatarURL,
                                   JWTToken token)

      • getUserAvatar

        public static byte[] getUserAvatar​(URL avatarURL,
                                   String authorization)

      • matchesErrorAndDescription

        protected static boolean matchesErrorAndDescription​(String jsonString,
                                                    String expectedError,
                                                    String exepectedErrorDescription)

      • isTokenNotActiveError

        public static boolean isTokenNotActiveError​(String jsonString)

      • isInvalidBearerTokenError

        public static boolean isInvalidBearerTokenError​(String jsonString)

      • isAccessDeniedNotAuthorizedError

        public static boolean isAccessDeniedNotAuthorizedError​(String jsonString)