• Home
• io.quarkus
• quarkus-oidc
• 1.0.0.Final
• source code
• OidcIdentityProvider.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

io.quarkus.oidc.runtime.OidcIdentityProvider Maven / Gradle / Ivy

package io.quarkus.oidc.runtime;

import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionStage;

import javax.enterprise.context.ApplicationScoped;

import org.eclipse.microprofile.jwt.JsonWebToken;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.jwt.consumer.InvalidJwtException;

import io.quarkus.security.AuthenticationFailedException;
import io.quarkus.security.identity.AuthenticationRequestContext;
import io.quarkus.security.identity.IdentityProvider;
import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.security.identity.request.TokenAuthenticationRequest;
import io.quarkus.security.runtime.QuarkusSecurityIdentity;
import io.vertx.core.AsyncResult;
import io.vertx.core.Handler;
import io.vertx.ext.auth.oauth2.AccessToken;
import io.vertx.ext.auth.oauth2.OAuth2Auth;

@ApplicationScoped
public class OidcIdentityProvider implements IdentityProvider {

    private volatile OAuth2Auth auth;
    private volatile OidcConfig config;

    public OAuth2Auth getAuth() {
        return auth;
    }

    public OidcIdentityProvider setAuth(OAuth2Auth auth) {
        this.auth = auth;
        return this;
    }

    public OidcIdentityProvider setConfig(OidcConfig config) {
        this.config = config;
        return this;
    }

    @Override
    public Class getRequestType() {
        return TokenAuthenticationRequest.class;
    }

    @SuppressWarnings("deprecation")
    @Override
    public CompletionStage authenticate(TokenAuthenticationRequest request,
            AuthenticationRequestContext context) {
        CompletableFuture result = new CompletableFuture<>();
        auth.decodeToken(request.getToken().getToken(), new Handler>() {
            @Override
            public void handle(AsyncResult event) {
                if (event.failed()) {
                    result.completeExceptionally(new AuthenticationFailedException());
                    return;
                }
                AccessToken token = event.result();
                QuarkusSecurityIdentity.Builder builder = QuarkusSecurityIdentity.builder();

                JsonWebToken jwtPrincipal;
                try {
                    jwtPrincipal = new OidcJwtCallerPrincipal(JwtClaims.parse(token.accessToken().encode()));
                } catch (InvalidJwtException e) {
                    result.completeExceptionally(e);
                    return;
                }
                builder.setPrincipal(jwtPrincipal);
                try {
                    String clientId = config.getClientId().isPresent() ? config.getClientId().get() : null;
                    for (String role : OidcUtils.findRoles(clientId, config.getRoles(), token.accessToken())) {
                        builder.addRole(role);
                    }
                } catch (Exception e) {
                    result.completeExceptionally(e);
                    return;
                }

                builder.addCredential(request.getToken());
                result.complete(builder.build());
            }
        });

        return result;
    }

}