Package org.oa4mp.delegation.server.client

Class RFC7523Utils

    • Constructor Summary

      Constructors 
      Constructor Description
      RFC7523Utils()  

    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      protected static net.sf.json.JSONObject createBasicJWT​(org.oa4mp.delegation.common.storage.clients.BaseClient client)
      Every basic JWT for the assertion and client_assertion (i.e., auth grant and authorization) has the same structure.
      static String doInitFlowTokenRequest​(edu.uiuc.ncsa.security.servlet.ServiceClient serviceClient, org.oa4mp.delegation.common.storage.clients.BaseClient adminClient, edu.uiuc.ncsa.security.util.jwk.JSONWebKey adminKey, org.oa4mp.delegation.common.storage.clients.BaseClient client, URI tokenEndpoint, Map parameters)
      Do the token request via the admin client, using one of it's key for signing.
      static String doPost​(edu.uiuc.ncsa.security.servlet.ServiceClient serviceClient, org.oa4mp.delegation.common.storage.clients.BaseClient baseClient, URI accessTokenEndpoint, edu.uiuc.ncsa.security.util.jwk.JSONWebKey key, Map parameters)
      This creates the authorization request See doPost(ServiceClient, BaseClient, URI, String, Map)
      static String doPost​(edu.uiuc.ncsa.security.servlet.ServiceClient serviceClient, org.oa4mp.delegation.common.storage.clients.BaseClient baseClient, URI accessTokenEndpoint, String keyID, Map parameters)
      Does a POST to the endpoint using the client's key.
      static String doTokenRequest​(edu.uiuc.ncsa.security.servlet.ServiceClient serviceClient, org.oa4mp.delegation.common.storage.clients.BaseClient client, URI tokenEndpoint, String kid, Map parameters)
      Creates an authorization grant for the client as per RFC 7523 section 2.1, and the authorization (section 2.2) .
      protected static edu.uiuc.ncsa.security.util.jwk.JSONWebKey findKey​(org.oa4mp.delegation.common.storage.clients.BaseClient client, String kid)
      Finds the key for signing from the given client using the given key id (kid).

    • Constructor Detail

      • RFC7523Utils

        public RFC7523Utils()

    • Method Detail

      • doPost

        public static String doPost​(edu.uiuc.ncsa.security.servlet.ServiceClient serviceClient,
                            org.oa4mp.delegation.common.storage.clients.BaseClient baseClient,
                            URI accessTokenEndpoint,
                            String keyID,
                            Map parameters)
        Does a POST to the endpoint using the client's key. This fulfills RFC 7523's section 2.2, authentication using a JWT. This returns a string (a JSON object) since there are various checks that can/should be done on the response, but not necessarily immediately. I.e. this sets the RFC7523Constants.CLIENT_ASSERTION and POSTS to the token endpoint.
        Parameters:
        serviceClient - - the service client
        baseClient - - the client making the call.
        accessTokenEndpoint - -- the token endpoint for the service client
        keyID - - the id of the baseClient's keys to use for signing
        parameters - - additional parameters
        Returns:

      • doPost

        public static String doPost​(edu.uiuc.ncsa.security.servlet.ServiceClient serviceClient,
                            org.oa4mp.delegation.common.storage.clients.BaseClient baseClient,
                            URI accessTokenEndpoint,
                            edu.uiuc.ncsa.security.util.jwk.JSONWebKey key,
                            Map parameters)
        This creates the authorization request See doPost(ServiceClient, BaseClient, URI, String, Map)
        Parameters:
        serviceClient -
        baseClient -
        accessTokenEndpoint -
        key -
        parameters -
        Returns:

      • createBasicJWT

        protected static net.sf.json.JSONObject createBasicJWT​(org.oa4mp.delegation.common.storage.clients.BaseClient client)
        Every basic JWT for the assertion and client_assertion (i.e., auth grant and authorization) has the same structure. Create it here.
        Parameters:
        client -
        Returns:

      • findKey

        protected static edu.uiuc.ncsa.security.util.jwk.JSONWebKey findKey​(org.oa4mp.delegation.common.storage.clients.BaseClient client,
                                                                    String kid)
        Finds the key for signing from the given client using the given key id (kid).
        Parameters:
        client -
        kid -
        Returns:
        Throws:
        IllegalStateException - if no such key

      • doTokenRequest

        public static String doTokenRequest​(edu.uiuc.ncsa.security.servlet.ServiceClient serviceClient,
                                    org.oa4mp.delegation.common.storage.clients.BaseClient client,
                                    URI tokenEndpoint,
                                    String kid,
                                    Map parameters)
        Creates an authorization grant for the client as per RFC 7523 section 2.1, and the authorization (section 2.2) . Note that clients must have a previous trust relationship to do this, or it will fail.
        Parameters:
        serviceClient -
        client -
        parameters -

      • doInitFlowTokenRequest

        public static String doInitFlowTokenRequest​(edu.uiuc.ncsa.security.servlet.ServiceClient serviceClient,
                                            org.oa4mp.delegation.common.storage.clients.BaseClient adminClient,
                                            edu.uiuc.ncsa.security.util.jwk.JSONWebKey adminKey,
                                            org.oa4mp.delegation.common.storage.clients.BaseClient client,
                                            URI tokenEndpoint,
                                            Map parameters)
        Do the token request via the admin client, using one of it's key for signing. Note that everything here is as a BaseClient because of Java package visibility issues. You have to keep straight which is which.
        Parameters:
        serviceClient -
        adminClient -
        client -
        tokenEndpoint -
        adminKey -
        parameters -
        Returns: