Package org.oa4mp.delegation.server.client

Class RFC7523Utils

    • Constructor Detail

      • RFC7523Utils

        public RFC7523Utils()

    • Method Detail

      • doPost

        public static String doPost​(edu.uiuc.ncsa.security.servlet.ServiceClient serviceClient,
                            BaseClient baseClient,
                            URI accessTokenEndpoint,
                            String keyID,
                            Map parameters)
        Does a POST to the endpoint using the client's key. This fulfills RFC 7523's section 2.2, authentication using a JWT. This returns a string (a JSON object) since there are various checks that can/should be done on the response, but not necessarily immediately. I.e. this sets the RFC7523Constants.CLIENT_ASSERTION and POSTS to the token endpoint.
        Parameters:
        serviceClient - - the service client
        baseClient - - the client making the call.
        accessTokenEndpoint - -- the token endpoint for the service client
        keyID - - the id of the baseClient's keys to use for signing
        parameters - - additional parameters
        Returns:

      • doPost

        public static String doPost​(edu.uiuc.ncsa.security.servlet.ServiceClient serviceClient,
                            BaseClient baseClient,
                            URI accessTokenEndpoint,
                            edu.uiuc.ncsa.security.util.jwk.JSONWebKey key,
                            Map parameters)
        This creates the authorization request See doPost(ServiceClient, BaseClient, URI, String, Map)
        Parameters:
        serviceClient -
        baseClient -
        accessTokenEndpoint -
        key -
        parameters -
        Returns:

      • createBasicJWT

        protected static net.sf.json.JSONObject createBasicJWT​(BaseClient client)
        Every basic JWT for the assertion and client_assertion (i.e., auth grant and authorization) has the same structure. Create it here.
        Parameters:
        client -
        Returns:

      • findKey

        protected static edu.uiuc.ncsa.security.util.jwk.JSONWebKey findKey​(BaseClient client,
                                                                    String kid)
        Finds the key for signing from the given client using the given key id (kid).
        Parameters:
        client -
        kid -
        Returns:
        Throws:
        IllegalStateException - if no such key

      • doTokenRequest

        public static String doTokenRequest​(edu.uiuc.ncsa.security.servlet.ServiceClient serviceClient,
                                    BaseClient client,
                                    URI tokenEndpoint,
                                    String kid,
                                    Map parameters)
        Creates an authorization grant for the client as per RFC 7523 section 2.1, and the authorization (section 2.2) . Note that clients must have a previous trust relationship to do this, or it will fail.
        Parameters:
        serviceClient -
        client -
        parameters -

      • doInitFlowTokenRequest

        public static String doInitFlowTokenRequest​(edu.uiuc.ncsa.security.servlet.ServiceClient serviceClient,
                                            BaseClient adminClient,
                                            edu.uiuc.ncsa.security.util.jwk.JSONWebKey adminKey,
                                            BaseClient client,
                                            URI tokenEndpoint,
                                            Map parameters)
        Do the token request via the admin client, using one of it's key for signing. Note that everything here is as a BaseClient because of Java package visibility issues. You have to keep straight which is which.
        Parameters:
        serviceClient -
        adminClient -
        client -
        tokenEndpoint -
        adminKey -
        parameters -
        Returns: