All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.nimbusds.oauth2.sdk.auth.ClientSecretBasic Maven / Gradle / Ivy

Go to download

OAuth 2.0 SDK with OpenID Connection extensions for developing client and server applications.

There is a newer version: 11.20.1
Show newest version
/*
 * oauth2-oidc-sdk
 *
 * Copyright 2012-2016, Connect2id Ltd and contributors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use
 * this file except in compliance with the License. You may obtain a copy of the
 * License at
 *
 *    http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software distributed
 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
 * CONDITIONS OF ANY KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations under the License.
 */

package com.nimbusds.oauth2.sdk.auth;


import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.util.Collections;
import java.util.Set;

import net.jcip.annotations.Immutable;

import com.nimbusds.jose.util.Base64;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.http.HTTPRequest;
import com.nimbusds.oauth2.sdk.id.ClientID;


/**
 * Client secret basic authentication at the Token endpoint. Implements
 * {@link ClientAuthenticationMethod#CLIENT_SECRET_BASIC}.
 *
 * 

Example HTTP Authorization header (for client identifier "s6BhdRkqt3" and * secret "7Fjfp0ZBr1KtDRbnfVdmIw"): * *

 * Authorization: Basic czZCaGRSa3F0Mzo3RmpmcDBaQnIxS3REUmJuZlZkbUl3
 * 
* *

Related specifications: * *

    *
  • OAuth 2.0 (RFC 6749), sections 2.3.1 and 3.2.1. *
  • OpenID Connect Core 1.0, section 9. *
  • HTTP Authentication: Basic and Digest Access Authentication * (RFC 2617). *
*/ @Immutable public final class ClientSecretBasic extends PlainClientSecret { /** * The default character set for the client ID and secret encoding. */ private static final Charset UTF8_CHARSET = StandardCharsets.UTF_8; /** * Creates a new client secret basic authentication. * * @param clientID The client identifier. Must not be {@code null}. * @param secret The client secret. Must not be {@code null}. */ public ClientSecretBasic(final ClientID clientID, final Secret secret) { super(ClientAuthenticationMethod.CLIENT_SECRET_BASIC, clientID, secret); } @Override public Set getFormParameterNames() { return Collections.emptySet(); } /** * Returns the HTTP Authorization header representation of this client * secret basic authentication. * *

Note that OAuth 2.0 (RFC 6749, section 2.3.1) requires the client * ID and secret to be {@code application/x-www-form-urlencoded} before * passing them to the HTTP basic authentication algorithm. This * behaviour differs from the original HTTP Basic Authentication * specification (RFC 2617). * *

Example HTTP Authorization header (for client identifier * "Aladdin" and password "open sesame"): * *

	 *
	 * Authorization: Basic QWxhZGRpbjpvcGVuK3Nlc2FtZQ==
	 * 
* *

See RFC 2617, section 2. * * @return The HTTP Authorization header. */ public String toHTTPAuthorizationHeader() { StringBuilder sb = new StringBuilder(); try { sb.append(URLEncoder.encode(getClientID().getValue(), UTF8_CHARSET.name())); sb.append(':'); sb.append(URLEncoder.encode(getClientSecret().getValue(), UTF8_CHARSET.name())); } catch (UnsupportedEncodingException e) { // UTF-8 should always be supported } return "Basic " + Base64.encode(sb.toString().getBytes(UTF8_CHARSET)); } @Override public void applyTo(final HTTPRequest httpRequest) { httpRequest.setAuthorization(toHTTPAuthorizationHeader()); } /** * Parses a client secret basic authentication from the specified HTTP * Authorization header. * * @param header The HTTP Authorization header to parse. Must not be * {@code null}. * * @return The client secret basic authentication. * * @throws ParseException If the header couldn't be parsed to a client * secret basic authentication. */ public static ClientSecretBasic parse(final String header) throws ParseException { String[] parts = header.split("\\s"); if (parts.length != 2) throw new ParseException("Malformed client secret basic authentication (see RFC 6749, section 2.3.1): Unexpected number of HTTP Authorization header value parts: " + parts.length); if (! parts[0].equalsIgnoreCase("Basic")) throw new ParseException("HTTP authentication must be Basic"); String credentialsString = new String(new Base64(parts[1]).decode(), UTF8_CHARSET); String[] credentials = credentialsString.split(":", 2); if (credentials.length != 2) throw new ParseException("Malformed client secret basic authentication (see RFC 6749, section 2.3.1): Missing credentials delimiter (:)"); try { String decodedClientID = URLDecoder.decode(credentials[0], UTF8_CHARSET.name()); String decodedSecret = URLDecoder.decode(credentials[1], UTF8_CHARSET.name()); return new ClientSecretBasic(new ClientID(decodedClientID), new Secret(decodedSecret)); } catch (IllegalArgumentException | UnsupportedEncodingException e) { throw new ParseException("Malformed client secret basic authentication (see RFC 6749, section 2.3.1): Invalid URL encoding", e); } } /** * Parses a client secret basic authentication from the specified HTTP * request. * * @param httpRequest The HTTP request to parse. Must not be * {@code null} and must contain a valid * Authorization header. * * @return The client secret basic authentication. * * @throws ParseException If the HTTP Authorization header couldn't be * parsed to a client secret basic * authentication. */ public static ClientSecretBasic parse(final HTTPRequest httpRequest) throws ParseException { String header = httpRequest.getAuthorization(); if (header == null) throw new ParseException("Missing HTTP Authorization header"); return parse(header); } }





© 2015 - 2024 Weber Informatics LLC | Privacy Policy