me.zhyd.oauth.request.AuthOktaRequest Maven / Gradle / Ivy
Show all versions of JustAuth Show documentation
package me.zhyd.oauth.request;
import com.alibaba.fastjson.JSONObject;
import com.xkcoding.http.support.HttpHeader;
import me.zhyd.oauth.cache.AuthStateCache;
import me.zhyd.oauth.config.AuthConfig;
import me.zhyd.oauth.config.AuthDefaultSource;
import me.zhyd.oauth.enums.AuthResponseStatus;
import me.zhyd.oauth.enums.AuthUserGender;
import me.zhyd.oauth.enums.scope.AuthOktaScope;
import me.zhyd.oauth.exception.AuthException;
import me.zhyd.oauth.model.AuthCallback;
import me.zhyd.oauth.model.AuthResponse;
import me.zhyd.oauth.model.AuthToken;
import me.zhyd.oauth.model.AuthUser;
import me.zhyd.oauth.utils.AuthScopeUtils;
import me.zhyd.oauth.utils.Base64Utils;
import me.zhyd.oauth.utils.HttpUtils;
import me.zhyd.oauth.utils.UrlBuilder;
import java.util.HashMap;
import java.util.Map;
/**
* Okta 登录
*
* https://{domainPrefix}.okta.com/oauth2/default/.well-known/oauth-authorization-server
*
* @author yadong.zhang (yadong.zhang0415(a)gmail.com)
* @since 1.16.0
*/
public class AuthOktaRequest extends AuthDefaultRequest {
public AuthOktaRequest(AuthConfig config) {
super(config, AuthDefaultSource.OKTA);
}
public AuthOktaRequest(AuthConfig config, AuthStateCache authStateCache) {
super(config, AuthDefaultSource.OKTA, authStateCache);
}
@Override
public AuthToken getAccessToken(AuthCallback authCallback) {
String tokenUrl = accessTokenUrl(authCallback.getCode());
return getAuthToken(tokenUrl);
}
private AuthToken getAuthToken(String tokenUrl) {
HttpHeader header = new HttpHeader()
.add("accept", "application/json")
.add("content-type", "application/x-www-form-urlencoded")
.add("Authorization", "Basic " + Base64Utils.encode(config.getClientId().concat(":").concat(config.getClientSecret())));
String response = new HttpUtils(config.getHttpConfig()).post(tokenUrl, null, header, false).getBody();
JSONObject accessTokenObject = JSONObject.parseObject(response);
this.checkResponse(accessTokenObject);
return AuthToken.builder()
.accessToken(accessTokenObject.getString("access_token"))
.tokenType(accessTokenObject.getString("token_type"))
.expireIn(accessTokenObject.getIntValue("expires_in"))
.scope(accessTokenObject.getString("scope"))
.refreshToken(accessTokenObject.getString("refresh_token"))
.idToken(accessTokenObject.getString("id_token"))
.build();
}
@Override
public AuthResponse refresh(AuthToken authToken) {
if (null == authToken.getRefreshToken()) {
return AuthResponse.builder()
.code(AuthResponseStatus.ILLEGAL_TOKEN.getCode())
.msg(AuthResponseStatus.ILLEGAL_TOKEN.getMsg())
.build();
}
String refreshUrl = refreshTokenUrl(authToken.getRefreshToken());
return AuthResponse.builder()
.code(AuthResponseStatus.SUCCESS.getCode())
.data(this.getAuthToken(refreshUrl))
.build();
}
@Override
public AuthUser getUserInfo(AuthToken authToken) {
HttpHeader header = new HttpHeader()
.add("Authorization", "Bearer " + authToken.getAccessToken());
String response = new HttpUtils(config.getHttpConfig()).post(userInfoUrl(authToken), null, header, false).getBody();
JSONObject object = JSONObject.parseObject(response);
this.checkResponse(object);
JSONObject address = object.getJSONObject("address");
return AuthUser.builder()
.rawUserInfo(object)
.uuid(object.getString("sub"))
.username(object.getString("name"))
.nickname(object.getString("nickname"))
.email(object.getString("email"))
.location(null == address ? null : address.getString("street_address"))
.gender(AuthUserGender.getRealGender(object.getString("sex")))
.token(authToken)
.source(source.toString())
.build();
}
@Override
public AuthResponse revoke(AuthToken authToken) {
Map params = new HashMap<>(4);
params.put("token", authToken.getAccessToken());
params.put("token_type_hint", "access_token");
HttpHeader header = new HttpHeader()
.add("Authorization", "Basic " + Base64Utils.encode(config.getClientId().concat(":").concat(config.getClientSecret())));
new HttpUtils(config.getHttpConfig()).post(revokeUrl(authToken), params, header, false);
AuthResponseStatus status = AuthResponseStatus.SUCCESS;
return AuthResponse.builder().code(status.getCode()).msg(status.getMsg()).build();
}
private void checkResponse(JSONObject object) {
if (object.containsKey("error")) {
throw new AuthException(object.getString("error_description"));
}
}
@Override
public String authorize(String state) {
return UrlBuilder.fromBaseUrl(String.format(source.authorize(), config.getDomainPrefix(), config.getAuthServerId()))
.queryParam("response_type", "code")
.queryParam("prompt", "consent")
.queryParam("client_id", config.getClientId())
.queryParam("redirect_uri", config.getRedirectUri())
.queryParam("scope", this.getScopes(" ", true, AuthScopeUtils.getDefaultScopes(AuthOktaScope.values())))
.queryParam("state", getRealState(state))
.build();
}
@Override
public String accessTokenUrl(String code) {
return UrlBuilder.fromBaseUrl(String.format(source.accessToken(), config.getDomainPrefix(), config.getAuthServerId()))
.queryParam("code", code)
.queryParam("grant_type", "authorization_code")
.queryParam("redirect_uri", config.getRedirectUri())
.build();
}
@Override
protected String refreshTokenUrl(String refreshToken) {
return UrlBuilder.fromBaseUrl(String.format(source.refresh(), config.getDomainPrefix(), config.getAuthServerId()))
.queryParam("refresh_token", refreshToken)
.queryParam("grant_type", "refresh_token")
.build();
}
@Override
protected String revokeUrl(AuthToken authToken) {
return String.format(source.revoke(), config.getDomainPrefix(), config.getAuthServerId());
}
@Override
public String userInfoUrl(AuthToken authToken) {
return String.format(source.userInfo(), config.getDomainPrefix(), config.getAuthServerId());
}
}