• Home
• no.nav.common
• token-client
• 2.2023.01.10_13.49-81ddc732df3a
• source code
• AzureAdMachineToMachineTokenClient.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

no.nav.common.token_client.client.AzureAdMachineToMachineTokenClient Maven / Gradle / Ivy

package no.nav.common.token_client.client;

import com.nimbusds.oauth2.sdk.*;
import com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT;
import com.nimbusds.oauth2.sdk.token.AccessToken;
import lombok.SneakyThrows;
import lombok.extern.slf4j.Slf4j;
import no.nav.common.token_client.cache.TokenCache;

import java.util.HashMap;
import java.util.List;
import java.util.Map;

import static java.util.Optional.ofNullable;
import static no.nav.common.token_client.utils.TokenClientUtils.*;

@Slf4j
public class AzureAdMachineToMachineTokenClient extends AbstractTokenClient implements MachineToMachineTokenClient {

    public AzureAdMachineToMachineTokenClient(String clientId, String tokenEndpointUrl, String privateJwk, TokenCache tokenCache) {
        super(clientId, tokenEndpointUrl, privateJwk, tokenCache);
    }

    @Override
    public String createMachineToMachineToken(String tokenScope) {
        return ofNullable(tokenCache)
                .map(cache -> cache.getFromCacheOrTryProvider(tokenScope, () -> createToken(tokenScope)))
                .orElseGet(() -> createToken(tokenScope));
    }

    @SneakyThrows
    private String createToken(String tokenScope) {
        PrivateKeyJWT signedJwt = signedClientAssertion(
                clientAssertionHeader(privateJwkKeyId),
                clientAssertionClaims(clientId, tokenEndpoint.toString()),
                assertionSigner
        );

        TokenRequest request = new TokenRequest(
                tokenEndpoint,
                signedJwt,
                new ClientCredentialsGrant(),
                new Scope(tokenScope),
                null,
                additionalClaims(tokenScope)
        );

        TokenResponse response = TokenResponse.parse(request.toHTTPRequest().send());

        if (!response.indicatesSuccess()) {
            TokenErrorResponse tokenErrorResponse = response.toErrorResponse();
            log.error("Failed to fetch AzureAD M2M token for scope={}. Error: {}", tokenScope, tokenErrorResponse.toJSONObject().toString());
            throw new RuntimeException("Failed to fetch AzureAD M2M token for scope=" + tokenScope);
        }

        AccessTokenResponse successResponse = response.toSuccessResponse();

        AccessToken accessToken = successResponse.getTokens().getAccessToken();

        return accessToken.getValue();
    }

    private static Map> additionalClaims(String audience) {
        Map> customParams = new HashMap<>();
        customParams.put("audience", List.of(audience));

        return customParams;
    }

}