Skip to content

Commit

Permalink
added dpop to sample Authorization Challenge custom script #10380
Browse files Browse the repository at this point in the history
Signed-off-by: YuriyZ <[email protected]>
  • Loading branch information
yuriyz committed Dec 20, 2024
1 parent 4ebcc98 commit 0d522bc
Showing 1 changed file with 21 additions and 1 deletion.
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
import io.jans.as.common.model.common.User;
import io.jans.as.common.model.session.AuthorizationChallengeSession;
import io.jans.as.server.auth.DpopService;
import io.jans.as.server.authorize.ws.rs.AuthorizationChallengeSessionService;
import io.jans.as.server.service.UserService;
import io.jans.as.server.service.external.context.ExternalScriptContext;
Expand Down Expand Up @@ -128,9 +129,15 @@ private AuthorizationChallengeSession prepareAuthorizationChallengeSession(Exter
AuthorizationChallengeSessionService authorizationChallengeSessionService = CdiUtil.bean(AuthorizationChallengeSessionService.class);
boolean newSave = authorizationChallengeSessionObject == null;
if (newSave) {
// authorizationChallengeSessionObject = authorizationChallengeSessionService.newAuthorizationChallengeSession();
authorizationChallengeSessionObject = authorizationChallengeSessionService.newAuthorizationChallengeSession();
}

final String dpop = context.getHttpRequest().getHeader(DpopService.DPOP);
if (StringUtils.isNotBlank(dpop)) {
authorizationChallengeSessionObject.getAttributes().setJkt(getDpopJkt(dpop));
}


String username = context.getHttpRequest().getParameter(USERNAME_PARAMETER);
if (StringUtils.isNotBlank(username)) {
authorizationChallengeSessionObject.getAttributes().getAttributes().put(USERNAME_PARAMETER, username);
Expand Down Expand Up @@ -160,6 +167,19 @@ private AuthorizationChallengeSession prepareAuthorizationChallengeSession(Exter
return authorizationChallengeSessionObject;
}

public String getDpopJkt(String dpop) {
if (StringUtils.isBlank(dpop)) {
return null;
}

try {
return DpopService.getDpopJwkThumbprint(dpop);
} catch (Exception e) {
scriptLogger.error("Failed to get jkt from DPoP: " + dpop,e);
return null;
}
}

private String getParameterFromAuthorizationChallengeSession(ExternalScriptContext context, String parameterName) {
final AuthorizationChallengeSession sessionObject = context.getAuthzRequest().getAuthorizationChallengeSessionObject();
if (sessionObject != null) {
Expand Down

0 comments on commit 0d522bc

Please sign in to comment.