added configurable support for different token presentation methods in user info fetcher, closes #632
Justin Richer
parent
1db4227ce5
commit
325a200f16
|
|
@ -16,14 +16,21 @@
|
|||
******************************************************************************/
|
||||
package org.mitre.openid.connect.client;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.net.URI;
|
||||
|
||||
import org.apache.http.client.HttpClient;
|
||||
import org.apache.http.client.utils.URIBuilder;
|
||||
import org.apache.http.impl.client.SystemDefaultHttpClient;
|
||||
import org.mitre.openid.connect.config.ServerConfiguration;
|
||||
import org.mitre.openid.connect.config.ServerConfiguration.UserInfoTokenMethod;
|
||||
import org.mitre.openid.connect.model.DefaultUserInfo;
|
||||
import org.mitre.openid.connect.model.OIDCAuthenticationToken;
|
||||
import org.mitre.openid.connect.model.UserInfo;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.http.HttpMethod;
|
||||
import org.springframework.http.client.ClientHttpRequest;
|
||||
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
|
||||
import org.springframework.util.LinkedMultiValueMap;
|
||||
import org.springframework.util.MultiValueMap;
|
||||
|
|
@ -42,7 +49,7 @@ public class UserInfoFetcher {
|
|||
|
||||
private Logger logger = LoggerFactory.getLogger(UserInfoFetcher.class);
|
||||
|
||||
public UserInfo loadUserInfo(OIDCAuthenticationToken token) {
|
||||
public UserInfo loadUserInfo(final OIDCAuthenticationToken token) {
|
||||
|
||||
ServerConfiguration serverConfiguration = token.getServerConfiguration();
|
||||
|
||||
|
|
@ -56,24 +63,54 @@ public class UserInfoFetcher {
|
|||
return null;
|
||||
}
|
||||
|
||||
// if we got this far, try to actually get the userinfo
|
||||
HttpClient httpClient = new SystemDefaultHttpClient();
|
||||
|
||||
HttpComponentsClientHttpRequestFactory factory = new HttpComponentsClientHttpRequestFactory(httpClient);
|
||||
|
||||
RestTemplate restTemplate = new RestTemplate(factory);
|
||||
|
||||
MultiValueMap<String, String> form = new LinkedMultiValueMap<String, String>();
|
||||
form.add("access_token", token.getAccessTokenValue());
|
||||
|
||||
try {
|
||||
String userInfoString = restTemplate.postForObject(serverConfiguration.getUserInfoUri(), form, String.class);
|
||||
|
||||
JsonObject userInfoJson = new JsonParser().parse(userInfoString).getAsJsonObject();
|
||||
// if we got this far, try to actually get the userinfo
|
||||
HttpClient httpClient = new SystemDefaultHttpClient();
|
||||
|
||||
UserInfo userInfo = DefaultUserInfo.fromJson(userInfoJson);
|
||||
HttpComponentsClientHttpRequestFactory factory = new HttpComponentsClientHttpRequestFactory(httpClient);
|
||||
|
||||
return userInfo;
|
||||
String userInfoString = null;
|
||||
|
||||
if (serverConfiguration.getUserInfoTokenMethod() == null || serverConfiguration.getUserInfoTokenMethod().equals(UserInfoTokenMethod.HEADER)) {
|
||||
RestTemplate restTemplate = new RestTemplate(factory) {
|
||||
|
||||
@Override
|
||||
protected ClientHttpRequest createRequest(URI url, HttpMethod method) throws IOException {
|
||||
ClientHttpRequest httpRequest = super.createRequest(url, method);
|
||||
httpRequest.getHeaders().add("Authorization", String.format("Bearer %s", token.getAccessTokenValue()));
|
||||
return httpRequest;
|
||||
}
|
||||
};
|
||||
|
||||
userInfoString = restTemplate.getForObject(serverConfiguration.getUserInfoUri(), String.class);
|
||||
|
||||
} else if (serverConfiguration.getUserInfoTokenMethod().equals(UserInfoTokenMethod.FORM)) {
|
||||
MultiValueMap<String, String> form = new LinkedMultiValueMap<String, String>();
|
||||
form.add("access_token", token.getAccessTokenValue());
|
||||
|
||||
RestTemplate restTemplate = new RestTemplate(factory);
|
||||
userInfoString = restTemplate.postForObject(serverConfiguration.getUserInfoUri(), form, String.class);
|
||||
} else if (serverConfiguration.getUserInfoTokenMethod().equals(UserInfoTokenMethod.QUERY)) {
|
||||
URIBuilder builder = new URIBuilder(serverConfiguration.getUserInfoUri());
|
||||
builder.setParameter("access_token", token.getAccessTokenValue());
|
||||
|
||||
RestTemplate restTemplate = new RestTemplate(factory);
|
||||
userInfoString = restTemplate.getForObject(builder.toString(), String.class);
|
||||
}
|
||||
|
||||
|
||||
if (!Strings.isNullOrEmpty(userInfoString)) {
|
||||
|
||||
JsonObject userInfoJson = new JsonParser().parse(userInfoString).getAsJsonObject();
|
||||
|
||||
UserInfo userInfo = DefaultUserInfo.fromJson(userInfoJson);
|
||||
|
||||
return userInfo;
|
||||
} else {
|
||||
// didn't get anything, return null
|
||||
return null;
|
||||
}
|
||||
} catch (Exception e) {
|
||||
logger.warn("Error fetching userinfo", e);
|
||||
return null;
|
||||
|
|
|
|||
|
|
@ -205,6 +205,14 @@ public class ServerConfiguration {
|
|||
private Boolean requireRequestUriRegistration;
|
||||
private String opPolicyUri;
|
||||
private String opTosUri;
|
||||
private UserInfoTokenMethod userInfoTokenMethod;
|
||||
|
||||
public enum UserInfoTokenMethod {
|
||||
HEADER,
|
||||
FORM,
|
||||
QUERY;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the authorizationEndpointUri
|
||||
*/
|
||||
|
|
@ -657,6 +665,12 @@ public class ServerConfiguration {
|
|||
this.revocationEndpointUri = revocationEndpointUri;
|
||||
}
|
||||
|
||||
public UserInfoTokenMethod getUserInfoTokenMethod() {
|
||||
return userInfoTokenMethod;
|
||||
}
|
||||
public void setUserInfoTokenMethod(UserInfoTokenMethod userInfoTokenMethod) {
|
||||
this.userInfoTokenMethod = userInfoTokenMethod;
|
||||
}
|
||||
@Override
|
||||
public int hashCode() {
|
||||
final int prime = 31;
|
||||
|
|
|
|||
Loading…
Reference in New Issue