org.seedstack.oauth.internal.DiscoveredOAuthProvider Maven / Gradle / Ivy
/*
* Copyright © 2013-2018, The SeedStack authors
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
package org.seedstack.oauth.internal;
import static com.google.common.base.Preconditions.checkNotNull;
import com.nimbusds.openid.connect.sdk.OIDCScopeValue;
import java.net.URI;
import java.util.List;
import java.util.Optional;
import org.seedstack.oauth.OAuthConfig;
import org.seedstack.oauth.OAuthProvider;
import org.seedstack.seed.SeedException;
class DiscoveredOAuthProvider implements OAuthProvider {
private final OAuthConfig oauthConfig;
private final DiscoveryDocument oidcDiscoveryDocument;
DiscoveredOAuthProvider(OAuthConfig oauthConfig, DiscoveryDocument oidcDiscoveryDocument) {
this.oauthConfig = oauthConfig;
this.oidcDiscoveryDocument = oidcDiscoveryDocument;
}
private static T or(T first, T second) {
return first != null ? first : second;
}
@Override
public boolean isOpenIdCapable() {
List scopesSupported = oidcDiscoveryDocument.getScopesSupported();
if (scopesSupported == null) {
// Base decision on configuration only as provider doesn't advertise its OpenID Connect capability
return oauthConfig.openIdConnect().isEnabled();
} else {
// Check if the server declares to support an openid scope
return oauthConfig.openIdConnect().isEnabled()
&& scopesSupported.contains(OIDCScopeValue.OPENID.getValue());
}
}
@Override
public Optional getIssuer() {
return Optional.ofNullable(
or(
oauthConfig.openIdConnect().getIssuer(),
oidcDiscoveryDocument.getIssuer()
)
);
}
@Override
public URI getAuthorizationEndpoint() {
return checkNotNull(
or(
oauthConfig.provider().getAuthorization(),
oidcDiscoveryDocument.getAuthorizationEndpoint()
),
"Authorization endpoint should not be null"
);
}
@Override
public URI getTokenEndpoint() {
return checkNotNull(
or(
oauthConfig.provider().getToken(),
oidcDiscoveryDocument.getTokenEndpoint()
),
"Token endpoint should not be null"
);
}
@Override
public Optional getUserInfoEndpoint() {
return Optional.ofNullable(
or(
oauthConfig.openIdConnect().getUserInfo(),
oidcDiscoveryDocument.getUserinfoEndpoint()
)
);
}
@Override
public Optional getRevocationEndpoint() {
return Optional.ofNullable(
or(
oauthConfig.provider().getRevocation(),
oidcDiscoveryDocument.getRevocationEndpoint()
)
);
}
@Override
public Optional getJwksEndpoint() {
return Optional.ofNullable(
or(
oauthConfig.openIdConnect().getJwks(),
oidcDiscoveryDocument.getJwksUri()
)
);
}
@Override
public String getSigningAlgorithm() {
List supportedAlgorithms = oidcDiscoveryDocument.getIdTokenSigningAlgValuesSupported();
String signingAlgorithm = checkNotNull(oauthConfig.openIdConnect().getSigningAlgorithm(),
"Expected algorithm not configured");
if (!supportedAlgorithms.contains(signingAlgorithm)) {
throw SeedException.createNew(OAuthErrorCode.SIGNING_ALGORITHM_NOT_SUPPORTED_BY_PROVIDER)
.put("requiredAlgorithm", signingAlgorithm)
.put("supportedAlgorithms", String.valueOf(supportedAlgorithms));
}
return signingAlgorithm;
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy