Permalink
Browse files

Add OAuth 2 endpoint validation

  • Loading branch information...
tsujiguchitky committed Dec 18, 2018
1 parent 1f19a36 commit 7a6df8ab8d2905d02de7290c3d67722cb6b8ccab
@@ -13,6 +13,7 @@
*
* Copyright 2012-2016 ForgeRock AS.
* Portions Copyrighted 2015 Nomura Research Institute, Ltd.
* Portions Copyrighted 2018 Open Source Solution Technology Corporation
*/

package org.forgerock.openam.oauth2;
@@ -31,7 +32,7 @@
* href="http://tools.ietf.org/html/draft-ietf-oauth-v2-24#section-3.1">3.1.
* Authorization Endpoint</a>
*/
AUTHORIZATION_ENDPOINT,
AUTHORIZATION_ENDPOINT("/authorize"),
/**
* Token endpoint - used to exchange an authorization grant for an
* access token, typically with client authentication.
@@ -40,15 +41,58 @@
* href="http://tools.ietf.org/html/draft-ietf-oauth-v2-24#section-3.2">3.2.
* Token Endpoint</a>
*/
TOKEN_ENDPOINT,
TOKEN_ENDPOINT("/access_token"),
/**
* Device Authorization Endpoint (OAuth 2.0 Device Flow)
* - The authorization server's endpoint capable of issuing device
* verification codes, user codes, and verification URLs.
*/
DEVICE_AUTHORIZATION_ENDPOINT("/device/code"),
/**
* End-user verification URI (OAuth 2.0 Device Flow)
* - The end-user verification URI on the authorization server.
*/
END_USER_VERIFICATION_URI("/device/user"),
/**
* Extension grant types MAY define additional endpoints as needed.
*
* @see <a
* href="http://tools.ietf.org/html/draft-ietf-oauth-v2-24#section-3">3.
* Protocol Endpoints</a>
*/
OTHER
OTHER("");

private final String path;

/**
* Constructor.
* @param path The resource path.
*/
private EndpointType(String path) {
this.path = path;
}

/**
* Get the resource path.
* @return The resource path.
*/
public String getPath() {
return path;
}

/**
* Get EndpointType from the resource path.
* @param path The resource path.
* @return EndpointType
*/
public static EndpointType get(String path) {
for (EndpointType type : values()) {
if (type.getPath().equals(path)) {
return type;
}
}
return null;
}
}

/*
@@ -12,6 +12,7 @@
* information: "Portions copyright [year] [name of copyright owner]".
*
* Copyright 2014-2016 ForgeRock AS.
* Portions Copyrighted 2018 Open Source Solution Technology Corporation
*/

package org.forgerock.oauth2.core;
@@ -28,6 +29,7 @@
import org.forgerock.oauth2.core.exceptions.ServerException;
import org.forgerock.oauth2.core.exceptions.UnsupportedResponseTypeException;
import org.forgerock.openam.oauth2.OAuth2Constants;
import org.forgerock.openam.oauth2.OAuth2Constants.EndpointType;
import org.forgerock.util.Reject;

/**
@@ -73,7 +75,7 @@ public void validateRequest(OAuth2Request request) throws InvalidClientException
final ClientRegistration clientRegistration = clientRegistrationStore.get(request.<String>getParameter("client_id"),
request);

if (request.getParameter(OAuth2Constants.DeviceCode.USER_CODE) == null) {
if (request.getEndpointType() != EndpointType.END_USER_VERIFICATION_URI) {
redirectUriValidator.validate(clientRegistration, request.<String>getParameter(REDIRECT_URI));
}

@@ -12,6 +12,7 @@
* information: "Portions copyright [year] [name of copyright owner]".
*
* Copyright 2014-2016 ForgeRock AS.
* Portions Copyrighted 2018 Open Source Solution Technology Corporation
*/

package org.forgerock.oauth2.core;
@@ -28,7 +29,9 @@
import org.forgerock.guava.common.collect.ClassToInstanceMap;
import org.forgerock.guava.common.collect.MutableClassToInstanceMap;
import org.forgerock.json.JsonValue;
import org.forgerock.openam.oauth2.OAuth2Constants.EndpointType;
import org.forgerock.openam.rest.representations.JacksonRepresentationFactory;
import org.forgerock.openam.rest.service.RestletRealmRouter;
import org.restlet.Request;
import org.restlet.data.Form;
import org.restlet.data.MediaType;
@@ -297,4 +300,18 @@ public JsonValue getBody() {
throw new UnsupportedOperationException();
}
}

/**
* Get EndpointType.
* @return EndpointType
*/
public EndpointType getEndpointType() {
String resourcePath = null;
String realmUrl = (String) request.getAttributes().get(RestletRealmRouter.REALM_URL);
String resourceUrl = request.getResourceRef().toString(false, false);
if (resourceUrl.startsWith(realmUrl)) {
resourcePath = resourceUrl.substring(realmUrl.length());
}
return EndpointType.get(resourcePath);
}
}

0 comments on commit 7a6df8a

Please sign in to comment.