• Home
• no.nav.common
• oidc-security
• 1.2019.05.06-16.41-4ec0c495e90a
• source code
• AzureADB2CProvider.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

no.nav.brukerdialog.security.oidc.provider.AzureADB2CProvider Maven / Gradle / Ivy

package no.nav.brukerdialog.security.oidc.provider;

import no.nav.brukerdialog.security.domain.IdentType;
import no.nav.brukerdialog.security.domain.OidcCredential;
import no.nav.brukerdialog.security.jaspic.TokenLocator;
import no.nav.brukerdialog.security.jwks.CacheMissAction;
import no.nav.brukerdialog.security.jwks.JsonWebKeyCache;
import no.nav.brukerdialog.security.jwks.JwtHeader;
import no.nav.sbl.rest.RestUtils;

import javax.servlet.http.HttpServletRequest;
import java.security.Key;
import java.util.Optional;

import static java.util.Optional.empty;

public class AzureADB2CProvider implements OidcProvider {

    public static final String AZUREADB2C_OIDC_COOKIE_NAME = "selvbetjening-idtoken";
    private static final TokenLocator TOKEN_LOCATOR = new TokenLocator(AZUREADB2C_OIDC_COOKIE_NAME, null);

    private final String expectedAudience;
    private final JsonWebKeyCache keyCache;
    private final String expectedIssuer;

    public AzureADB2CProvider(AzureADB2CConfig azureADB2CConfig) {
        this.expectedAudience = azureADB2CConfig.expectedAudience;
        IssuerMetaData issuerMetaData = RestUtils.withClient(client -> client.target(azureADB2CConfig.discoveryUrl).request().get(IssuerMetaData.class));
        this.expectedIssuer = issuerMetaData.issuer;
        this.keyCache = new JsonWebKeyCache(issuerMetaData.jwks_uri, false);
    }

    @Override
    public String getExpectedIssuer() {
        return expectedIssuer;
    }

    @Override
    public String getExpectedAudience(String token) {
        return expectedAudience;
    }

    @Override
    public Optional getVerificationKey(JwtHeader header, CacheMissAction cacheMissAction) {
        return keyCache.getVerificationKey(header,cacheMissAction);
    }

    @Override
    public Optional getToken(HttpServletRequest httpServletRequest) {
        return TOKEN_LOCATOR.getToken(httpServletRequest);
    }

    @Override
    public Optional getRefreshToken(HttpServletRequest httpServletRequest) {
        return empty(); // not supported
    }

    @Override
    public OidcCredential getFreshToken(String refreshToken, String openamClient) {
        throw new IllegalStateException("not supported");
    }

    @Override
    public IdentType getIdentType(String token) {
        return IdentType.EksternBruker;
    }

    @SuppressWarnings("unused")
    private static class IssuerMetaData {
        private String issuer;
        private String jwks_uri;
    }
}