com.nimbusds.oauth2.sdk.AuthorizationSuccessResponse Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of oauth2-oidc-sdk Show documentation
Show all versions of oauth2-oidc-sdk Show documentation
OAuth 2.0 SDK with OpenID Connection extensions for developing client
and server applications.
/*
* oauth2-oidc-sdk
*
* Copyright 2012-2016, Connect2id Ltd and contributors.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed
* under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package com.nimbusds.oauth2.sdk;
import java.net.URI;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import net.jcip.annotations.Immutable;
import net.minidev.json.JSONObject;
import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.JWTParser;
import com.nimbusds.oauth2.sdk.http.HTTPRequest;
import com.nimbusds.oauth2.sdk.http.HTTPResponse;
import com.nimbusds.oauth2.sdk.id.Issuer;
import com.nimbusds.oauth2.sdk.id.State;
import com.nimbusds.oauth2.sdk.token.AccessToken;
import com.nimbusds.oauth2.sdk.util.MultivaluedMapUtils;
import com.nimbusds.oauth2.sdk.util.URIUtils;
/**
* Authorisation success response. Used to return an authorisation code or
* access token at the Authorisation endpoint.
*
* Example HTTP response with code (code flow):
*
*
* HTTP/1.1 302 Found
* Location: https://client.example.com/cb?code=SplxlOBeZQQYbYS6WxSbIA&state=xyz
*
*
* Example HTTP response with access token (implicit flow):
*
*
* HTTP/1.1 302 Found
* Location: http://example.com/cb#access_token=2YotnFZFEjr1zCsicMWpAA
* &state=xyz&token_type=Bearer&expires_in=3600
*
*
* Related specifications:
*
*
* - OAuth 2.0 (RFC 6749)
*
- OAuth 2.0 Multiple Response Type Encoding Practices 1.0
*
- OAuth 2.0 Form Post Response Mode 1.0
*
- Financial-grade API: JWT Secured Authorization Response Mode for
* OAuth 2.0 (JARM)
*
- OAuth 2.0 Authorization Server Issuer Identification (RFC 9207)
*
*/
@Immutable
public class AuthorizationSuccessResponse
extends AuthorizationResponse
implements SuccessResponse {
/**
* The authorisation code, if requested.
*/
private final AuthorizationCode code;
/**
* The access token, if requested.
*/
private final AccessToken accessToken;
/**
* Creates a new authorisation success response.
*
* @param redirectURI The base redirection URI. Must not be
* {@code null}.
* @param code The authorisation code, {@code null} if not
* requested.
* @param accessToken The access token, {@code null} if not requested.
* @param state The state, {@code null} if not specified.
* @param rm The response mode, {@code null} if not specified.
*/
public AuthorizationSuccessResponse(final URI redirectURI,
final AuthorizationCode code,
final AccessToken accessToken,
final State state,
final ResponseMode rm) {
this(redirectURI, code, accessToken, state, null, rm);
}
/**
* Creates a new authorisation success response.
*
* @param redirectURI The base redirection URI. Must not be
* {@code null}.
* @param code The authorisation code, {@code null} if not
* requested.
* @param accessToken The access token, {@code null} if not requested.
* @param state The state, {@code null} if not specified.
* @param issuer The issuer, {@code null} if not specified.
* @param rm The response mode, {@code null} if not specified.
*/
public AuthorizationSuccessResponse(final URI redirectURI,
final AuthorizationCode code,
final AccessToken accessToken,
final State state,
final Issuer issuer,
final ResponseMode rm) {
super(redirectURI, state, issuer, rm);
this.code = code;
this.accessToken = accessToken;
}
/**
* Creates a new JSON Web Token (JWT) secured authorisation success
* response.
*
* @param redirectURI The base redirection URI. Must not be
* {@code null}.
* @param jwtResponse The JWT-secured response. Must not be
* {@code null}.
* @param rm The response mode, {@code null} if not specified.
*/
public AuthorizationSuccessResponse(final URI redirectURI,
final JWT jwtResponse,
final ResponseMode rm) {
super(redirectURI, jwtResponse, rm);
code = null;
accessToken = null;
}
@Override
public boolean indicatesSuccess() {
return true;
}
/**
* Returns the implied response type.
*
* @return The implied response type.
*/
public ResponseType impliedResponseType() {
ResponseType rt = new ResponseType();
if (code != null)
rt.add(ResponseType.Value.CODE);
if (accessToken != null)
rt.add(ResponseType.Value.TOKEN);
return rt;
}
@Override
public ResponseMode impliedResponseMode() {
if (getResponseMode() != null) {
return getResponseMode();
} else {
if (getJWTResponse() != null) {
// JARM
return ResponseMode.JWT;
} else if (accessToken != null) {
return ResponseMode.FRAGMENT;
} else {
return ResponseMode.QUERY;
}
}
}
/**
* Gets the authorisation code.
*
* @return The authorisation code, {@code null} if not requested.
*/
public AuthorizationCode getAuthorizationCode() {
return code;
}
/**
* Gets the access token.
*
* @return The access token, {@code null} if not requested.
*/
public AccessToken getAccessToken() {
return accessToken;
}
@Override
public Map> toParameters() {
Map> params = new HashMap<>();
if (getJWTResponse() != null) {
// JARM, no other top-level parameters
params.put("response", Collections.singletonList(getJWTResponse().serialize()));
return params;
}
if (code != null)
params.put("code", Collections.singletonList(code.getValue()));
if (accessToken != null) {
for (Map.Entry entry: accessToken.toJSONObject().entrySet()) {
params.put(entry.getKey(), Collections.singletonList(entry.getValue().toString()));
}
}
if (getState() != null)
params.put("state", Collections.singletonList(getState().getValue()));
if (getIssuer() != null)
params.put("iss", Collections.singletonList(getIssuer().getValue()));
return params;
}
/**
* Parses an authorisation success response.
*
* @param redirectURI The base redirection URI. Must not be
* {@code null}.
* @param params The response parameters to parse. Must not be
* {@code null}.
*
* @return The authorisation success response.
*
* @throws ParseException If the parameters couldn't be parsed to an
* authorisation success response.
*/
public static AuthorizationSuccessResponse parse(final URI redirectURI,
final Map> params)
throws ParseException {
// JARM, ignore other top level params
String responseString = MultivaluedMapUtils.getFirstValue(params, "response");
if (responseString != null) {
JWT jwtResponse;
try {
jwtResponse = JWTParser.parse(responseString);
} catch (java.text.ParseException e) {
throw new ParseException("Invalid JWT response: " + e.getMessage(), e);
}
return new AuthorizationSuccessResponse(redirectURI, jwtResponse, ResponseMode.JWT);
}
// Parse code parameter
AuthorizationCode code = null;
if (params.get("code") != null) {
code = new AuthorizationCode(MultivaluedMapUtils.getFirstValue(params, "code"));
}
// Parse access_token parameters
AccessToken accessToken = null;
if (params.get("access_token") != null) {
JSONObject jsonObject = new JSONObject();
jsonObject.putAll(MultivaluedMapUtils.toSingleValuedMap(params));
accessToken = AccessToken.parse(jsonObject);
}
// Parse optional state parameter
State state = State.parse(MultivaluedMapUtils.getFirstValue(params, "state"));
// Parse optional issuer, OAuth 2.0 Authorization Server Issuer Identification (RFC 9207)
Issuer issuer = Issuer.parse(MultivaluedMapUtils.getFirstValue(params, "iss"));
return new AuthorizationSuccessResponse(redirectURI, code, accessToken, state, issuer,null);
}
/**
* Parses an authorisation success response.
*
* Use a relative URI if the host, port and path details are not
* known:
*
*
* URI relUrl = new URI("https:///?code=Qcb0Orv1...&state=af0ifjsldkj");
*
*
* Example URI:
*
*
* https://client.example.com/cb?code=SplxlOBeZQQYbYS6WxSbIA&state=xyz
*
*
* @param uri The URI to parse. Can be absolute or relative, with a
* fragment or query string containing the authorisation
* response parameters. Must not be {@code null}.
*
* @return The authorisation success response.
*
* @throws ParseException If the redirection URI couldn't be parsed to
* an authorisation success response.
*/
public static AuthorizationSuccessResponse parse(final URI uri)
throws ParseException {
return parse(URIUtils.getBaseURI(uri), parseResponseParameters(uri));
}
/**
* Parses an authorisation success response from the specified initial
* HTTP 302 redirect response generated at the authorisation endpoint.
*
* Example HTTP response:
*
*
* HTTP/1.1 302 Found
* Location: https://client.example.com/cb?code=SplxlOBeZQQYbYS6WxSbIA&state=xyz
*
*
* @see #parse(HTTPRequest)
*
* @param httpResponse The HTTP response to parse. Must not be
* {@code null}.
*
* @return The authorisation success response.
*
* @throws ParseException If the HTTP response couldn't be parsed to an
* authorisation success response.
*/
public static AuthorizationSuccessResponse parse(final HTTPResponse httpResponse)
throws ParseException {
URI location = httpResponse.getLocation();
if (location == null) {
throw new ParseException("Missing redirection URL / HTTP Location header");
}
return parse(location);
}
/**
* Parses an authorisation success response from the specified HTTP
* request at the client redirection (callback) URI. Applies to
* {@code query}, {@code fragment} and {@code form_post} response
* modes.
*
* Example HTTP request (authorisation success):
*
*
* GET /cb?code=SplxlOBeZQQYbYS6WxSbIA&state=xyz HTTP/1.1
* Host: client.example.com
*
*
* @see #parse(HTTPResponse)
*
* @param httpRequest The HTTP request to parse. Must not be
* {@code null}.
*
* @return The authorisation success response.
*
* @throws ParseException If the HTTP request couldn't be parsed to an
* authorisation success response.
*/
public static AuthorizationSuccessResponse parse(final HTTPRequest httpRequest)
throws ParseException {
return parse(httpRequest.getURI(), parseResponseParameters(httpRequest));
}
}