Commit 91e58277 authored by michael.simon's avatar michael.simon
Browse files

also save bearer access token and refresh token for oidc signins

parent bac4cb82
......@@ -5,8 +5,6 @@ import java.net.URI;
import java.net.URISyntaxException;
import java.time.Instant;
import java.util.Date;
import java.util.List;
import java.util.Map;
import javax.ejb.Stateless;
import javax.inject.Inject;
......@@ -34,7 +32,6 @@ import com.nimbusds.oauth2.sdk.auth.Secret;
import com.nimbusds.oauth2.sdk.http.HTTPResponse;
import com.nimbusds.oauth2.sdk.id.ClientID;
import com.nimbusds.oauth2.sdk.id.Issuer;
import com.nimbusds.oauth2.sdk.token.AccessToken;
import com.nimbusds.oauth2.sdk.token.BearerAccessToken;
import com.nimbusds.oauth2.sdk.token.RefreshToken;
import com.nimbusds.openid.connect.sdk.Nonce;
......@@ -44,8 +41,6 @@ import com.nimbusds.openid.connect.sdk.UserInfoRequest;
import com.nimbusds.openid.connect.sdk.UserInfoResponse;
import com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet;
import com.nimbusds.openid.connect.sdk.claims.UserInfo;
import com.nimbusds.openid.connect.sdk.op.OIDCProviderConfigurationRequest;
import com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata;
import com.nimbusds.openid.connect.sdk.validators.IDTokenValidator;
import edu.kit.scc.webreg.bootstrap.ApplicationConfig;
......@@ -54,7 +49,6 @@ import edu.kit.scc.webreg.dao.oidc.OidcRpConfigurationDao;
import edu.kit.scc.webreg.dao.oidc.OidcRpFlowStateDao;
import edu.kit.scc.webreg.dao.oidc.OidcUserDao;
import edu.kit.scc.webreg.drools.impl.KnowledgeSessionSingleton;
import edu.kit.scc.webreg.entity.SamlUserEntity;
import edu.kit.scc.webreg.entity.UserLoginInfoEntity;
import edu.kit.scc.webreg.entity.UserLoginInfoStatus;
import edu.kit.scc.webreg.entity.UserLoginMethod;
......@@ -63,7 +57,6 @@ import edu.kit.scc.webreg.entity.oidc.OidcRpFlowStateEntity;
import edu.kit.scc.webreg.entity.oidc.OidcUserEntity;
import edu.kit.scc.webreg.exc.UserUpdateException;
import edu.kit.scc.webreg.service.saml.exc.OidcAuthenticationException;
import edu.kit.scc.webreg.service.saml.exc.SamlAuthenticationException;
import edu.kit.scc.webreg.session.SessionManager;
@Stateless
......@@ -174,12 +167,11 @@ public class OidcClientCallbackServiceImpl implements OidcClientCallbackService
throw new OidcAuthenticationException("signature failed: " + e.getMessage());
}
AccessToken accessToken = oidcTokenResponse.getOIDCTokens().getAccessToken();
RefreshToken refreshToken = oidcTokenResponse.getOIDCTokens().getRefreshToken();
BearerAccessToken bearerAccessToken = oidcTokenResponse.getOIDCTokens().getBearerAccessToken();
BearerAccessToken bat = oidcTokenResponse.getOIDCTokens().getBearerAccessToken();
HTTPResponse httpResponse = new UserInfoRequest(
opMetadataBean.getUserInfoEndpointURI(rpConfig), bat)
opMetadataBean.getUserInfoEndpointURI(rpConfig), bearerAccessToken)
.toHTTPRequest()
.send();
......@@ -221,7 +213,7 @@ public class OidcClientCallbackServiceImpl implements OidcClientCallbackService
// Store OIDC Data temporarily in Session
logger.debug("Storing relevant Oidc data in session");
session.setSubjectId(claims.getSubject().getValue());
session.setAttributeMap(oidcTokenHelper.convertToAttributeMap(claims, userInfo));
session.setAttributeMap(oidcTokenHelper.convertToAttributeMap(claims, userInfo, refreshToken, bearerAccessToken));
httpServletResponse.sendRedirect("/user/connect-account-oidc.xhtml");
return;
......@@ -234,7 +226,7 @@ public class OidcClientCallbackServiceImpl implements OidcClientCallbackService
// Store OIDC Data temporarily in Session
logger.debug("Storing relevant Oidc data in session");
session.setSubjectId(claims.getSubject().getValue());
session.setAttributeMap(oidcTokenHelper.convertToAttributeMap(claims, userInfo));
session.setAttributeMap(oidcTokenHelper.convertToAttributeMap(claims, userInfo, refreshToken, bearerAccessToken));
httpServletResponse.sendRedirect("/register/register-oidc.xhtml");
return;
......@@ -243,7 +235,7 @@ public class OidcClientCallbackServiceImpl implements OidcClientCallbackService
logger.debug("Updating OIDC user {}", user.getSubjectId());
try {
user = userUpdater.updateUser(user, claims, userInfo, "web-sso");
user = userUpdater.updateUser(user, claims, userInfo, refreshToken, bearerAccessToken, "web-sso");
} catch (UserUpdateException e) {
logger.warn("Could not update user {}: {}", e.getMessage(), user.getEppn());
throw new OidcAuthenticationException(e.getMessage());
......
......@@ -7,13 +7,16 @@ import java.util.Map;
import javax.enterprise.context.ApplicationScoped;
import com.nimbusds.oauth2.sdk.token.AccessToken;
import com.nimbusds.oauth2.sdk.token.BearerAccessToken;
import com.nimbusds.oauth2.sdk.token.RefreshToken;
import com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet;
import com.nimbusds.openid.connect.sdk.claims.UserInfo;
@ApplicationScoped
public class OidcTokenHelper {
public Map<String, List<Object>> convertToAttributeMap(IDTokenClaimsSet claims, UserInfo userInfo) {
public Map<String, List<Object>> convertToAttributeMap(IDTokenClaimsSet claims, UserInfo userInfo, RefreshToken refreshToken, BearerAccessToken bat) {
Map<String, List<Object>> attributeMap = new HashMap<String, List<Object>>();
List<Object> tempList = new ArrayList<Object>();
......@@ -24,6 +27,14 @@ public class OidcTokenHelper {
tempList.add(userInfo);
attributeMap.put("userInfo", tempList);
tempList = new ArrayList<Object>();
tempList.add(refreshToken);
attributeMap.put("refreshToken", tempList);
tempList = new ArrayList<Object>();
tempList.add(bat);
attributeMap.put("bearerAccessToken", tempList);
return attributeMap;
}
......
......@@ -8,8 +8,8 @@ import java.util.Date;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Random;
import java.util.Map.Entry;
import java.util.Random;
import java.util.Set;
import javax.enterprise.context.ApplicationScoped;
......@@ -19,6 +19,8 @@ import org.apache.commons.beanutils.PropertyUtils;
import org.slf4j.Logger;
import org.slf4j.MDC;
import com.nimbusds.oauth2.sdk.token.BearerAccessToken;
import com.nimbusds.oauth2.sdk.token.RefreshToken;
import com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet;
import com.nimbusds.openid.connect.sdk.claims.UserInfo;
......@@ -258,10 +260,11 @@ public class OidcUserUpdater implements Serializable {
return user;
}
public OidcUserEntity updateUser(OidcUserEntity user, IDTokenClaimsSet claims, UserInfo userInfo, String executor, ServiceEntity service)
public OidcUserEntity updateUser(OidcUserEntity user, IDTokenClaimsSet claims, UserInfo userInfo,
RefreshToken refreshToken, BearerAccessToken bat, String executor, ServiceEntity service)
throws UserUpdateException {
Map<String, List<Object>> attributeMap = oidcTokenHelper.convertToAttributeMap(claims, userInfo);
Map<String, List<Object>> attributeMap = oidcTokenHelper.convertToAttributeMap(claims, userInfo, refreshToken, bat);
if (service != null)
return updateUser(user, attributeMap, executor, service);
......@@ -269,10 +272,11 @@ public class OidcUserUpdater implements Serializable {
return updateUser(user, attributeMap, executor);
}
public OidcUserEntity updateUser(OidcUserEntity user, IDTokenClaimsSet claims, UserInfo userInfo, String executor)
public OidcUserEntity updateUser(OidcUserEntity user, IDTokenClaimsSet claims, UserInfo userInfo,
RefreshToken refreshToken, BearerAccessToken bat, String executor)
throws UserUpdateException {
return updateUser(user, claims, userInfo, executor, null);
return updateUser(user, claims, userInfo, refreshToken, bat, executor, null);
}
protected void fireUserChangeEvent(UserEntity user, String executor, Auditor auditor) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment