Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Playframework oauth small upgrade #12332

Merged
merged 20 commits into from May 11, 2022
Merged

Playframework oauth small upgrade #12332

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
7b42777
Merge pull request #1 from OpenAPITools/master
bflamand Nov 30, 2020
ea5a5eb
Merge pull request #3 from OpenAPITools/master
bflamand Dec 10, 2020
47e06dd
Merge pull request #4 from OpenAPITools/master
bflamand Jan 27, 2021
1fb2e4f
Merge pull request #5 from OpenAPITools/master
bflamand Feb 8, 2021
b2bfad9
Merge pull request #6 from OpenAPITools/master
bflamand Apr 20, 2021
d593421
Merge pull request #23 from OpenAPITools/master
bflamand Sep 17, 2021
dbfd307
Merge pull request #24 from OpenAPITools/master
bflamand Sep 20, 2021
135fdd6
Merge pull request #25 from OpenAPITools/master
bflamand Sep 21, 2021
e5c43ec
update surefire to newer version
wing328 Sep 25, 2021
3db8f8a
Merge pull request #26 from OpenAPITools/surefire-fix
bflamand Sep 27, 2021
fbf9368
Merge pull request #28 from OpenAPITools/master
bflamand Oct 5, 2021
e32ef68
Merge pull request #29 from OpenAPITools/master
bflamand Nov 19, 2021
b72ec9a
Merge pull request #34 from OpenAPITools/master
bflamand Dec 24, 2021
9a672a2
Merge pull request #35 from OpenAPITools/master
bflamand Jan 31, 2022
0581127
Merge pull request #36 from OpenAPITools/master
bflamand Feb 23, 2022
a2899ec
Merge pull request #37 from OpenAPITools/master
bflamand Feb 24, 2022
4517870
Merge pull request #40 from OpenAPITools/master
bflamand Mar 1, 2022
8ebf293
Merge pull request #49 from OpenAPITools/master
bflamand Apr 22, 2022
82e79fe
Merge pull request #50 from OpenAPITools/master
bflamand May 10, 2022
bee1f5d
small tweak to add support for "leeway" when verifying oauth tokens.
bflamand-work May 10, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
3 changes: 3 additions & 0 deletions modules/openapi-generator/src/main/resources/JavaPlayFramework/securityApiUtils.mustache
View file
Open in desktop
Expand Up @@ -42,6 +42,7 @@ public class SecurityAPIUtils {
private final HashMap<String, String> tokenIntrospectEndpoints = new HashMap<>();
private final String clientId;
private final String clientSecret;
private final long leeway;

// Offline validation
private final HashMap<String, String> jwksEndpoints = new HashMap<>();
Expand All @@ -54,6 +55,7 @@ public class SecurityAPIUtils {

clientId = configuration.hasPath("oauth.clientId") ? configuration.getString("oauth.clientId") : "";
clientSecret = configuration.hasPath("oauth.clientSecret") ? configuration.getString("oauth.clientSecret") : "";
leeway = configuration.hasPath("oauth.leeway") ? configuration.getLong("oauth.leeway") : 3;

{{#hasOAuthMethods}}
{{#oauthMethods}}
Expand Down Expand Up @@ -135,6 +137,7 @@ public class SecurityAPIUtils {
Algorithm algorithm = Algorithm.RSA256((RSAPublicKey) publicKey, null);
tokenVerifier = JWT.require(algorithm)
.withIssuer(issuer)
.acceptLeeway(leeway)
Copy link
Contributor Author

@bflamand bflamand May 10, 2022
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is required in some circumstances to tolerate some clock synchronization issues between backends and oauth authentification server. Configurable by the application to the desired value, default 3 sec.
This is the only thing that is changed by this pull request.

.build();
tokenKeyId = keyId;
}
Expand Down
3 changes: 3 additions & 0 deletions .../petstore/java-play-framework-api-package-override/app/openapitools/SecurityAPIUtils.java
View file
Open in desktop
Expand Up @@ -42,6 +42,7 @@ public class SecurityAPIUtils {
private final HashMap<String, String> tokenIntrospectEndpoints = new HashMap<>();
private final String clientId;
private final String clientSecret;
private final long leeway;

// Offline validation
private final HashMap<String, String> jwksEndpoints = new HashMap<>();
Expand All @@ -54,6 +55,7 @@ public class SecurityAPIUtils {

clientId = configuration.hasPath("oauth.clientId") ? configuration.getString("oauth.clientId") : "";
clientSecret = configuration.hasPath("oauth.clientSecret") ? configuration.getString("oauth.clientSecret") : "";
leeway = configuration.hasPath("oauth.leeway") ? configuration.getLong("oauth.leeway") : 3;

tokenIntrospectEndpoints.put("petstore_auth", "");

Expand Down Expand Up @@ -127,6 +129,7 @@ public boolean isTokenValidByOfflineCheck(String bearerToken, String securityMet
Algorithm algorithm = Algorithm.RSA256((RSAPublicKey) publicKey, null);
tokenVerifier = JWT.require(algorithm)
.withIssuer(issuer)
.acceptLeeway(leeway)
.build();
tokenKeyId = keyId;
}
Expand Down
3 changes: 3 additions & 0 deletions samples/server/petstore/java-play-framework-async/app/openapitools/SecurityAPIUtils.java
View file
Open in desktop
Expand Up @@ -42,6 +42,7 @@ public class SecurityAPIUtils {
private final HashMap<String, String> tokenIntrospectEndpoints = new HashMap<>();
private final String clientId;
private final String clientSecret;
private final long leeway;

// Offline validation
private final HashMap<String, String> jwksEndpoints = new HashMap<>();
Expand All @@ -54,6 +55,7 @@ public class SecurityAPIUtils {

clientId = configuration.hasPath("oauth.clientId") ? configuration.getString("oauth.clientId") : "";
clientSecret = configuration.hasPath("oauth.clientSecret") ? configuration.getString("oauth.clientSecret") : "";
leeway = configuration.hasPath("oauth.leeway") ? configuration.getLong("oauth.leeway") : 3;

tokenIntrospectEndpoints.put("petstore_auth", "");

Expand Down Expand Up @@ -127,6 +129,7 @@ public boolean isTokenValidByOfflineCheck(String bearerToken, String securityMet
Algorithm algorithm = Algorithm.RSA256((RSAPublicKey) publicKey, null);
tokenVerifier = JWT.require(algorithm)
.withIssuer(issuer)
.acceptLeeway(leeway)
.build();
tokenKeyId = keyId;
}
Expand Down
3 changes: 3 additions & 0 deletions ...erver/petstore/java-play-framework-controller-only/app/openapitools/SecurityAPIUtils.java
View file
Open in desktop
Expand Up @@ -42,6 +42,7 @@ public class SecurityAPIUtils {
private final HashMap<String, String> tokenIntrospectEndpoints = new HashMap<>();
private final String clientId;
private final String clientSecret;
private final long leeway;

// Offline validation
private final HashMap<String, String> jwksEndpoints = new HashMap<>();
Expand All @@ -54,6 +55,7 @@ public class SecurityAPIUtils {

clientId = configuration.hasPath("oauth.clientId") ? configuration.getString("oauth.clientId") : "";
clientSecret = configuration.hasPath("oauth.clientSecret") ? configuration.getString("oauth.clientSecret") : "";
leeway = configuration.hasPath("oauth.leeway") ? configuration.getLong("oauth.leeway") : 3;

tokenIntrospectEndpoints.put("petstore_auth", "");

Expand Down Expand Up @@ -127,6 +129,7 @@ public boolean isTokenValidByOfflineCheck(String bearerToken, String securityMet
Algorithm algorithm = Algorithm.RSA256((RSAPublicKey) publicKey, null);
tokenVerifier = JWT.require(algorithm)
.withIssuer(issuer)
.acceptLeeway(leeway)
.build();
tokenKeyId = keyId;
}
Expand Down
3 changes: 3 additions & 0 deletions ...e/java-play-framework-fake-endpoints-with-security/app/openapitools/SecurityAPIUtils.java
View file
Open in desktop
Expand Up @@ -42,6 +42,7 @@ public class SecurityAPIUtils {
private final HashMap<String, String> tokenIntrospectEndpoints = new HashMap<>();
private final String clientId;
private final String clientSecret;
private final long leeway;

// Offline validation
private final HashMap<String, String> jwksEndpoints = new HashMap<>();
Expand All @@ -54,6 +55,7 @@ public class SecurityAPIUtils {

clientId = configuration.hasPath("oauth.clientId") ? configuration.getString("oauth.clientId") : "";
clientSecret = configuration.hasPath("oauth.clientSecret") ? configuration.getString("oauth.clientSecret") : "";
leeway = configuration.hasPath("oauth.leeway") ? configuration.getLong("oauth.leeway") : 3;

tokenIntrospectEndpoints.put("petstore_token", "https://keycloak-dev.business.stingray.com/auth/realms/CSLocal/protocol/openid-connect/token/introspect");

Expand Down Expand Up @@ -127,6 +129,7 @@ public boolean isTokenValidByOfflineCheck(String bearerToken, String securityMet
Algorithm algorithm = Algorithm.RSA256((RSAPublicKey) publicKey, null);
tokenVerifier = JWT.require(algorithm)
.withIssuer(issuer)
.acceptLeeway(leeway)
.build();
tokenKeyId = keyId;
}
Expand Down
3 changes: 3 additions & 0 deletions ...server/petstore/java-play-framework-fake-endpoints/app/openapitools/SecurityAPIUtils.java
View file
Open in desktop
Expand Up @@ -42,6 +42,7 @@ public class SecurityAPIUtils {
private final HashMap<String, String> tokenIntrospectEndpoints = new HashMap<>();
private final String clientId;
private final String clientSecret;
private final long leeway;

// Offline validation
private final HashMap<String, String> jwksEndpoints = new HashMap<>();
Expand All @@ -54,6 +55,7 @@ public class SecurityAPIUtils {

clientId = configuration.hasPath("oauth.clientId") ? configuration.getString("oauth.clientId") : "";
clientSecret = configuration.hasPath("oauth.clientSecret") ? configuration.getString("oauth.clientSecret") : "";
leeway = configuration.hasPath("oauth.leeway") ? configuration.getLong("oauth.leeway") : 3;

tokenIntrospectEndpoints.put("petstore_auth", "");

Expand Down Expand Up @@ -127,6 +129,7 @@ public boolean isTokenValidByOfflineCheck(String bearerToken, String securityMet
Algorithm algorithm = Algorithm.RSA256((RSAPublicKey) publicKey, null);
tokenVerifier = JWT.require(algorithm)
.withIssuer(issuer)
.acceptLeeway(leeway)
.build();
tokenKeyId = keyId;
}
Expand Down
3 changes: 3 additions & 0 deletions ...er/petstore/java-play-framework-no-bean-validation/app/openapitools/SecurityAPIUtils.java
View file
Open in desktop
Expand Up @@ -42,6 +42,7 @@ public class SecurityAPIUtils {
private final HashMap<String, String> tokenIntrospectEndpoints = new HashMap<>();
private final String clientId;
private final String clientSecret;
private final long leeway;

// Offline validation
private final HashMap<String, String> jwksEndpoints = new HashMap<>();
Expand All @@ -54,6 +55,7 @@ public class SecurityAPIUtils {

clientId = configuration.hasPath("oauth.clientId") ? configuration.getString("oauth.clientId") : "";
clientSecret = configuration.hasPath("oauth.clientSecret") ? configuration.getString("oauth.clientSecret") : "";
leeway = configuration.hasPath("oauth.leeway") ? configuration.getLong("oauth.leeway") : 3;

tokenIntrospectEndpoints.put("petstore_auth", "");

Expand Down Expand Up @@ -127,6 +129,7 @@ public boolean isTokenValidByOfflineCheck(String bearerToken, String securityMet
Algorithm algorithm = Algorithm.RSA256((RSAPublicKey) publicKey, null);
tokenVerifier = JWT.require(algorithm)
.withIssuer(issuer)
.acceptLeeway(leeway)
.build();
tokenKeyId = keyId;
}
Expand Down
3 changes: 3 additions & 0 deletions ...petstore/java-play-framework-no-exception-handling/app/openapitools/SecurityAPIUtils.java
View file
Open in desktop
Expand Up @@ -42,6 +42,7 @@ public class SecurityAPIUtils {
private final HashMap<String, String> tokenIntrospectEndpoints = new HashMap<>();
private final String clientId;
private final String clientSecret;
private final long leeway;

// Offline validation
private final HashMap<String, String> jwksEndpoints = new HashMap<>();
Expand All @@ -54,6 +55,7 @@ public class SecurityAPIUtils {

clientId = configuration.hasPath("oauth.clientId") ? configuration.getString("oauth.clientId") : "";
clientSecret = configuration.hasPath("oauth.clientSecret") ? configuration.getString("oauth.clientSecret") : "";
leeway = configuration.hasPath("oauth.leeway") ? configuration.getLong("oauth.leeway") : 3;

tokenIntrospectEndpoints.put("petstore_auth", "");

Expand Down Expand Up @@ -127,6 +129,7 @@ public boolean isTokenValidByOfflineCheck(String bearerToken, String securityMet
Algorithm algorithm = Algorithm.RSA256((RSAPublicKey) publicKey, null);
tokenVerifier = JWT.require(algorithm)
.withIssuer(issuer)
.acceptLeeway(leeway)
.build();
tokenKeyId = keyId;
}
Expand Down
3 changes: 3 additions & 0 deletions ...s/server/petstore/java-play-framework-no-interface/app/openapitools/SecurityAPIUtils.java
View file
Open in desktop
Expand Up @@ -42,6 +42,7 @@ public class SecurityAPIUtils {
private final HashMap<String, String> tokenIntrospectEndpoints = new HashMap<>();
private final String clientId;
private final String clientSecret;
private final long leeway;

// Offline validation
private final HashMap<String, String> jwksEndpoints = new HashMap<>();
Expand All @@ -54,6 +55,7 @@ public class SecurityAPIUtils {

clientId = configuration.hasPath("oauth.clientId") ? configuration.getString("oauth.clientId") : "";
clientSecret = configuration.hasPath("oauth.clientSecret") ? configuration.getString("oauth.clientSecret") : "";
leeway = configuration.hasPath("oauth.leeway") ? configuration.getLong("oauth.leeway") : 3;

tokenIntrospectEndpoints.put("petstore_auth", "");

Expand Down Expand Up @@ -127,6 +129,7 @@ public boolean isTokenValidByOfflineCheck(String bearerToken, String securityMet
Algorithm algorithm = Algorithm.RSA256((RSAPublicKey) publicKey, null);
tokenVerifier = JWT.require(algorithm)
.withIssuer(issuer)
.acceptLeeway(leeway)
.build();
tokenKeyId = keyId;
}
Expand Down
3 changes: 3 additions & 0 deletions ...es/server/petstore/java-play-framework-no-nullable/app/openapitools/SecurityAPIUtils.java
View file
Open in desktop
Expand Up @@ -42,6 +42,7 @@ public class SecurityAPIUtils {
private final HashMap<String, String> tokenIntrospectEndpoints = new HashMap<>();
private final String clientId;
private final String clientSecret;
private final long leeway;

// Offline validation
private final HashMap<String, String> jwksEndpoints = new HashMap<>();
Expand All @@ -54,6 +55,7 @@ public class SecurityAPIUtils {

clientId = configuration.hasPath("oauth.clientId") ? configuration.getString("oauth.clientId") : "";
clientSecret = configuration.hasPath("oauth.clientSecret") ? configuration.getString("oauth.clientSecret") : "";
leeway = configuration.hasPath("oauth.leeway") ? configuration.getLong("oauth.leeway") : 3;

tokenIntrospectEndpoints.put("petstore_auth", "");

Expand Down Expand Up @@ -127,6 +129,7 @@ public boolean isTokenValidByOfflineCheck(String bearerToken, String securityMet
Algorithm algorithm = Algorithm.RSA256((RSAPublicKey) publicKey, null);
tokenVerifier = JWT.require(algorithm)
.withIssuer(issuer)
.acceptLeeway(leeway)
.build();
tokenKeyId = keyId;
}
Expand Down
3 changes: 3 additions & 0 deletions .../server/petstore/java-play-framework-no-swagger-ui/app/openapitools/SecurityAPIUtils.java
View file
Open in desktop
Expand Up @@ -42,6 +42,7 @@ public class SecurityAPIUtils {
private final HashMap<String, String> tokenIntrospectEndpoints = new HashMap<>();
private final String clientId;
private final String clientSecret;
private final long leeway;

// Offline validation
private final HashMap<String, String> jwksEndpoints = new HashMap<>();
Expand All @@ -54,6 +55,7 @@ public class SecurityAPIUtils {

clientId = configuration.hasPath("oauth.clientId") ? configuration.getString("oauth.clientId") : "";
clientSecret = configuration.hasPath("oauth.clientSecret") ? configuration.getString("oauth.clientSecret") : "";
leeway = configuration.hasPath("oauth.leeway") ? configuration.getLong("oauth.leeway") : 3;

tokenIntrospectEndpoints.put("petstore_auth", "");

Expand Down Expand Up @@ -127,6 +129,7 @@ public boolean isTokenValidByOfflineCheck(String bearerToken, String securityMet
Algorithm algorithm = Algorithm.RSA256((RSAPublicKey) publicKey, null);
tokenVerifier = JWT.require(algorithm)
.withIssuer(issuer)
.acceptLeeway(leeway)
.build();
tokenKeyId = keyId;
}
Expand Down
3 changes: 3 additions & 0 deletions .../server/petstore/java-play-framework-no-wrap-calls/app/openapitools/SecurityAPIUtils.java
View file
Open in desktop
Expand Up @@ -42,6 +42,7 @@ public class SecurityAPIUtils {
private final HashMap<String, String> tokenIntrospectEndpoints = new HashMap<>();
private final String clientId;
private final String clientSecret;
private final long leeway;

// Offline validation
private final HashMap<String, String> jwksEndpoints = new HashMap<>();
Expand All @@ -54,6 +55,7 @@ public class SecurityAPIUtils {

clientId = configuration.hasPath("oauth.clientId") ? configuration.getString("oauth.clientId") : "";
clientSecret = configuration.hasPath("oauth.clientSecret") ? configuration.getString("oauth.clientSecret") : "";
leeway = configuration.hasPath("oauth.leeway") ? configuration.getLong("oauth.leeway") : 3;

tokenIntrospectEndpoints.put("petstore_auth", "");

Expand Down Expand Up @@ -127,6 +129,7 @@ public boolean isTokenValidByOfflineCheck(String bearerToken, String securityMet
Algorithm algorithm = Algorithm.RSA256((RSAPublicKey) publicKey, null);
tokenVerifier = JWT.require(algorithm)
.withIssuer(issuer)
.acceptLeeway(leeway)
.build();
tokenKeyId = keyId;
}
Expand Down
3 changes: 3 additions & 0 deletions samples/server/petstore/java-play-framework/app/openapitools/SecurityAPIUtils.java
View file
Open in desktop
Expand Up @@ -42,6 +42,7 @@ public class SecurityAPIUtils {
private final HashMap<String, String> tokenIntrospectEndpoints = new HashMap<>();
private final String clientId;
private final String clientSecret;
private final long leeway;

// Offline validation
private final HashMap<String, String> jwksEndpoints = new HashMap<>();
Expand All @@ -54,6 +55,7 @@ public class SecurityAPIUtils {

clientId = configuration.hasPath("oauth.clientId") ? configuration.getString("oauth.clientId") : "";
clientSecret = configuration.hasPath("oauth.clientSecret") ? configuration.getString("oauth.clientSecret") : "";
leeway = configuration.hasPath("oauth.leeway") ? configuration.getLong("oauth.leeway") : 3;

tokenIntrospectEndpoints.put("petstore_auth", "");

Expand Down Expand Up @@ -127,6 +129,7 @@ public boolean isTokenValidByOfflineCheck(String bearerToken, String securityMet
Algorithm algorithm = Algorithm.RSA256((RSAPublicKey) publicKey, null);
tokenVerifier = JWT.require(algorithm)
.withIssuer(issuer)
.acceptLeeway(leeway)
.build();
tokenKeyId = keyId;
}
Expand Down