From 0d522bc4edf32f48da0c2cc4ece6a014fcb42a6e Mon Sep 17 00:00:00 2001 From: YuriyZ Date: Fri, 20 Dec 2024 16:15:49 +0200 Subject: [PATCH] added dpop to sample Authorization Challenge custom script #10380 Signed-off-by: YuriyZ --- .../AuthorizationChallenge.java | 22 ++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/docs/script-catalog/authorization_challenge/AuthorizationChallenge.java b/docs/script-catalog/authorization_challenge/AuthorizationChallenge.java index b10303f78bf..c0554577fed 100644 --- a/docs/script-catalog/authorization_challenge/AuthorizationChallenge.java +++ b/docs/script-catalog/authorization_challenge/AuthorizationChallenge.java @@ -1,5 +1,6 @@ import io.jans.as.common.model.common.User; import io.jans.as.common.model.session.AuthorizationChallengeSession; +import io.jans.as.server.auth.DpopService; import io.jans.as.server.authorize.ws.rs.AuthorizationChallengeSessionService; import io.jans.as.server.service.UserService; import io.jans.as.server.service.external.context.ExternalScriptContext; @@ -128,9 +129,15 @@ private AuthorizationChallengeSession prepareAuthorizationChallengeSession(Exter AuthorizationChallengeSessionService authorizationChallengeSessionService = CdiUtil.bean(AuthorizationChallengeSessionService.class); boolean newSave = authorizationChallengeSessionObject == null; if (newSave) { -// authorizationChallengeSessionObject = authorizationChallengeSessionService.newAuthorizationChallengeSession(); + authorizationChallengeSessionObject = authorizationChallengeSessionService.newAuthorizationChallengeSession(); } + final String dpop = context.getHttpRequest().getHeader(DpopService.DPOP); + if (StringUtils.isNotBlank(dpop)) { + authorizationChallengeSessionObject.getAttributes().setJkt(getDpopJkt(dpop)); + } + + String username = context.getHttpRequest().getParameter(USERNAME_PARAMETER); if (StringUtils.isNotBlank(username)) { authorizationChallengeSessionObject.getAttributes().getAttributes().put(USERNAME_PARAMETER, username); @@ -160,6 +167,19 @@ private AuthorizationChallengeSession prepareAuthorizationChallengeSession(Exter return authorizationChallengeSessionObject; } + public String getDpopJkt(String dpop) { + if (StringUtils.isBlank(dpop)) { + return null; + } + + try { + return DpopService.getDpopJwkThumbprint(dpop); + } catch (Exception e) { + scriptLogger.error("Failed to get jkt from DPoP: " + dpop,e); + return null; + } + } + private String getParameterFromAuthorizationChallengeSession(ExternalScriptContext context, String parameterName) { final AuthorizationChallengeSession sessionObject = context.getAuthzRequest().getAuthorizationChallengeSessionObject(); if (sessionObject != null) {