fi.evolver.azure.entraid.EntraIdJwtClientAuthenticationParametersConverter Maven / Gradle / Ivy
The newest version!
package fi.evolver.azure.entraid;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.convert.converter.Converter;
import org.springframework.security.oauth2.client.endpoint.AbstractOAuth2AuthorizationGrantRequest;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
import org.springframework.util.Assert;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;
public class EntraIdJwtClientAuthenticationParametersConverter implements Converter> {
private final static Logger LOGGER = LoggerFactory
.getLogger(EntraIdJwtClientAuthenticationParametersConverter.class);
private static final String CLIENT_ASSERTION_TYPE_VALUE = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer";
private final Map factories;
public EntraIdJwtClientAuthenticationParametersConverter(
Map factories) {
this.factories = factories;
}
@Override
public MultiValueMap convert(T authorizationGrantRequest) {
Assert.notNull(authorizationGrantRequest, "authorizationGrantRequest cannot be null");
ClientRegistration registration = authorizationGrantRequest.getClientRegistration();
ClientAuthenticationMethod method = registration.getClientAuthenticationMethod();
if (!ClientAuthenticationMethod.PRIVATE_KEY_JWT.equals(method)) {
return null;
}
try {
return createParameters(registration);
} catch (EntraIdAssertionException exception) {
LOGGER.error("Failed to create parameters.", exception);
}
return null;
}
private MultiValueMap createParameters(ClientRegistration registration)
throws EntraIdAssertionException {
MultiValueMap parameters = new LinkedMultiValueMap<>();
parameters.set(OAuth2ParameterNames.CLIENT_ASSERTION_TYPE, CLIENT_ASSERTION_TYPE_VALUE);
parameters.set(OAuth2ParameterNames.CLIENT_ASSERTION, createAssertion(registration));
return parameters;
}
private String createAssertion(ClientRegistration registration) throws EntraIdAssertionException {
return factories.get(registration.getRegistrationId()).createJwtAssertion();
}
}