From e1ea8052bf1540f8d0427f810ca0a287997933c9 Mon Sep 17 00:00:00 2001 From: Emre Date: Wed, 3 Aug 2022 09:58:35 +0300 Subject: [PATCH 1/2] update 2fa m2m scopes --- buildtokenproperties.sh | 14 +-- .../identity/resource/UserResource.java | 6 +- .../util/m2mscope/User2faFactory.java | 110 +++++++----------- src/main/resources/config.yml | 7 +- src/main/resources/config.yml.localdev | 7 +- token.properties.localdev | 7 +- token.properties.template | 7 +- 7 files changed, 60 insertions(+), 98 deletions(-) diff --git a/buildtokenproperties.sh b/buildtokenproperties.sh index 8bd6839..67d9e0c 100755 --- a/buildtokenproperties.sh +++ b/buildtokenproperties.sh @@ -43,10 +43,9 @@ M2MAUTHCONFIG_USERPROFILES_CREATE=$(eval "echo \$${ENV}_M2MAUTHCONFIG_USERPROFIL M2MAUTHCONFIG_USERPROFILES_UPDATE=$(eval "echo \$${ENV}_M2MAUTHCONFIG_USERPROFILES_UPDATE") M2MAUTHCONFIG_USERPROFILES_READ=$(eval "echo \$${ENV}_M2MAUTHCONFIG_USERPROFILES_READ") M2MAUTHCONFIG_USERPROFILES_DELETE=$(eval "echo \$${ENV}_M2MAUTHCONFIG_USERPROFILES_DELETE") -M2MAUTHCONFIG_USER2FA_CREATE=$(eval "echo \$${ENV}_M2MAUTHCONFIG_USER2FA_CREATE") -M2MAUTHCONFIG_USER2FA_UPDATE=$(eval "echo \$${ENV}_M2MAUTHCONFIG_USER2FA_UPDATE") -M2MAUTHCONFIG_USER2FA_READ=$(eval "echo \$${ENV}_M2MAUTHCONFIG_USER2FA_READ") -M2MAUTHCONFIG_USER2FA_DELETE=$(eval "echo \$${ENV}_M2MAUTHCONFIG_USER2FA_DELETE") +M2MAUTHCONFIG_USER2FA_ENABLE=$(eval "echo \$${ENV}_M2MAUTHCONFIG_USER2FA_ENABLE") +M2MAUTHCONFIG_USER2FA_VERIFY=$(eval "echo \$${ENV}_M2MAUTHCONFIG_USER2FA_VERIFY") +M2MAUTHCONFIG_USER2FA_CREDENTIAL=$(eval "echo \$${ENV}_M2MAUTHCONFIG_USER2FA_CREDENTIAL") DOMAIN=$(eval "echo \$${ENV}_DOMAIN") SMTP=$(eval "echo \$${ENV}_SMTP") @@ -135,10 +134,9 @@ perl -pi -e "s|\{\{M2MAUTHCONFIG_USERPROFILES_CREATE\}\}|$M2MAUTHCONFIG_USERPROF perl -pi -e "s|\{\{M2MAUTHCONFIG_USERPROFILES_UPDATE\}\}|$M2MAUTHCONFIG_USERPROFILES_UPDATE|g" $CONFFILENAME perl -pi -e "s|\{\{M2MAUTHCONFIG_USERPROFILES_READ\}\}|$M2MAUTHCONFIG_USERPROFILES_READ|g" $CONFFILENAME perl -pi -e "s|\{\{M2MAUTHCONFIG_USERPROFILES_DELETE\}\}|$M2MAUTHCONFIG_USERPROFILES_DELETE|g" $CONFFILENAME -perl -pi -e "s|\{\{M2MAUTHCONFIG_USER2FA_CREATE\}\}|$M2MAUTHCONFIG_USER2FA_CREATE|g" $CONFFILENAME -perl -pi -e "s|\{\{M2MAUTHCONFIG_USER2FA_UPDATE\}\}|$M2MAUTHCONFIG_USER2FA_UPDATE|g" $CONFFILENAME -perl -pi -e "s|\{\{M2MAUTHCONFIG_USER2FA_READ\}\}|$M2MAUTHCONFIG_USER2FA_READ|g" $CONFFILENAME -perl -pi -e "s|\{\{M2MAUTHCONFIG_USER2FA_DELETE\}\}|$M2MAUTHCONFIG_USER2FA_DELETE|g" $CONFFILENAME +perl -pi -e "s|\{\{M2MAUTHCONFIG_USER2FA_ENABLE\}\}|$M2MAUTHCONFIG_USER2FA_ENABLE|g" $CONFFILENAME +perl -pi -e "s|\{\{M2MAUTHCONFIG_USER2FA_VERIFY\}\}|$M2MAUTHCONFIG_USER2FA_VERIFY|g" $CONFFILENAME +perl -pi -e "s|\{\{M2MAUTHCONFIG_USER2FA_CREDENTIAL\}\}|$M2MAUTHCONFIG_USER2FA_CREDENTIAL|g" $CONFFILENAME perl -pi -e "s/\{\{AUTH0_NEW_DOMAIN\}\}/$AUTH0_NEW_DOMAIN/g" $CONFFILENAME perl -pi -e "s/\{\{AUTH0_DOMAIN\}\}/$AUTH0_DOMAIN/g" $CONFFILENAME perl -pi -e "s/\{\{SENDGRID_RESEND_ACTIVATION_EMAIL_TEMPLATE_ID\}\}/$SENDGRID_RESEND_ACTIVATION_EMAIL_TEMPLATE_ID/g" $CONFFILENAME diff --git a/src/main/java/com/appirio/tech/core/service/identity/resource/UserResource.java b/src/main/java/com/appirio/tech/core/service/identity/resource/UserResource.java index 318b8b3..76fce09 100644 --- a/src/main/java/com/appirio/tech/core/service/identity/resource/UserResource.java +++ b/src/main/java/com/appirio/tech/core/service/identity/resource/UserResource.java @@ -1518,7 +1518,7 @@ public ApiResponse updateUser2fa( @Context HttpServletRequest request) { TCID id = new TCID(resourceId); - validateResourceIdAndCheckPermission(authUser, id, user2faFactory.getUpdateScopes()); + validateResourceIdAndCheckPermission(authUser, id, user2faFactory.getEnableScopes()); // checking param checkParam(postRequest); @@ -1576,7 +1576,7 @@ public ApiResponse issueCredentials( @Auth AuthUser authUser, @Valid PostPutRequest postRequest, @Context HttpServletRequest request) { - Utils.checkAccess(authUser, user2faFactory.getCreateScopes(), Utils.AdminRoles); + Utils.checkAccess(authUser, user2faFactory.getCredentialIssuerScopes(), Utils.AdminRoles); checkParam(postRequest); CredentialRequest credential = postRequest.getParam(); @@ -1654,7 +1654,7 @@ public ApiResponse update2faVerification( @Valid PostPutRequest putRequest, @Context HttpServletRequest request) { - Utils.checkAccess(authUser, user2faFactory.getUpdateScopes(), Utils.AdminRoles); + Utils.checkAccess(authUser, user2faFactory.getVerifyScopes(), Utils.AdminRoles); checkParam(putRequest); User2fa credential = putRequest.getParam(); diff --git a/src/main/java/com/appirio/tech/core/service/identity/util/m2mscope/User2faFactory.java b/src/main/java/com/appirio/tech/core/service/identity/util/m2mscope/User2faFactory.java index 4ce6eb7..ff8bf37 100644 --- a/src/main/java/com/appirio/tech/core/service/identity/util/m2mscope/User2faFactory.java +++ b/src/main/java/com/appirio/tech/core/service/identity/util/m2mscope/User2faFactory.java @@ -12,131 +12,99 @@ public class User2faFactory { /** * Represents the create scopes for machine token validation. */ - public static final String[] ReadScopes = { "all:user_2fa" }; + public static final String[] EnableScopes = { "enable:user_2fa", "all:user_2fa" }; /** * Represents the create scopes for machine token validation. */ - public static final String[] CreateScopes = { "all:user_2fa" }; - - /** - * Represents the delete scopes for machine token validation. - */ - public static final String[] DeleteScopes = { "all:user_2fa" }; + public static final String[] VerifyScopes = { "verify:user_2fa", "all:user_2fa" }; /** * Represents the update scopes for machine token validation. */ - public static final String[] UpdateScopes = { "all:user_2fa" }; + public static final String[] CredentialIssuerScopes = { "cred:user_2fa", "all:user_2fa" }; /** - * Represents the read attribute + * Represents the enable attribute */ @JsonProperty - private String read; + private String enable; /** - * Represents the create attribute + * Represents the verify attribute */ @JsonProperty - private String create; + private String verify; /** - * Represents the update attribute + * Represents the credential attribute */ @JsonProperty - private String update; - - /** - * Represents the delete attribute - */ - @JsonProperty - private String delete; + private String credential; public User2faFactory() { } - public String getRead() { - return read; - } - - public void setRead(String read) { - this.read = read; + public String getEnable() { + return enable; } - public String getCreate() { - return create; + public void setEnable(String enable) { + this.enable = enable; } - public void setCreate(String create) { - this.create = create; + public String getVerify() { + return verify; } - public String getUpdate() { - return update; + public void SetVerify(String verify) { + this.verify = verify; } - public void setUpdate(String update) { - this.update = update; + public String getCredential() { + return credential; } - public String getDelete() { - return delete; - } - - public void setDelete(String delete) { - this.delete = delete; - } - - /** - * Gets the read scopes. - * - * @return the read scopes. - */ - public String[] getReadScopes() { - if (read != null && read.trim().length() != 0) { - return read.split(SCOPE_DELIMITER); - } - - return ReadScopes; + public void setCredential(String credential) { + this.credential = credential; } /** - * Gets the create scopes. + * Gets the enable scopes. * - * @return the create scopes. + * @return the enable scopes. */ - public String[] getCreateScopes() { - if (create != null && create.trim().length() != 0) { - return create.split(SCOPE_DELIMITER); + public String[] getEnableScopes() { + if (enable != null && enable.trim().length() != 0) { + return enable.split(SCOPE_DELIMITER); } - return CreateScopes; + return EnableScopes; } /** - * Gets the update scopes. + * Gets the verify scopes. * - * @return the update scopes. + * @return the verify scopes. */ - public String[] getUpdateScopes() { - if (update != null && update.trim().length() != 0) { - return update.split(SCOPE_DELIMITER); + public String[] getVerifyScopes() { + if (verify != null && verify.trim().length() != 0) { + return verify.split(SCOPE_DELIMITER); } - return UpdateScopes; + return VerifyScopes; } /** - * Gets the delete scopes. + * Gets the credential issuer scopes. * - * @return the delete scopes. + * @return the credential issuer scopes. */ - public String[] getDeleteScopes() { - if (delete != null && delete.trim().length() != 0) { - return delete.split(SCOPE_DELIMITER); + public String[] getCredentialIssuerScopes() { + if (credential != null && credential.trim().length() != 0) { + return credential.split(SCOPE_DELIMITER); } - return DeleteScopes; + return CredentialIssuerScopes; } } diff --git a/src/main/resources/config.yml b/src/main/resources/config.yml index a27f9ec..dfb31c7 100644 --- a/src/main/resources/config.yml +++ b/src/main/resources/config.yml @@ -170,10 +170,9 @@ m2mAuthConfig: update: @m2mAuthConfig.userProfiles.update@ delete: @m2mAuthConfig.userProfiles.delete@ user2fa: - create: @m2mAuthConfig.user2fa.create@ - read: @m2mAuthConfig.user2fa.read@ - update: @m2mAuthConfig.user2fa.update@ - delete: @m2mAuthConfig.user2fa.delete@ + enable: @m2mAuthConfig.user2fa.enable@ + verify: @m2mAuthConfig.user2fa.verify@ + credential: @m2mAuthConfig.user2fa.credential@ # Server settings server: diff --git a/src/main/resources/config.yml.localdev b/src/main/resources/config.yml.localdev index 3ac7140..e51ee8b 100644 --- a/src/main/resources/config.yml.localdev +++ b/src/main/resources/config.yml.localdev @@ -169,10 +169,9 @@ m2mAuthConfig: update: update:user_profiles,all:user_profiles delete: delete:user_profiles,all:user_profiles user2fa: - create: all:user-2fa - read: all:user-2fa - update: all:user-2fa - delete: all:user-2fa + enable: enable:user-2fa,all:user-2fa + verify: verify:user-2fa,all:user-2fa + credential: cred:user-2fa,all:user-2fa # Server settings server: diff --git a/token.properties.localdev b/token.properties.localdev index 5877068..fd7a7f0 100644 --- a/token.properties.localdev +++ b/token.properties.localdev @@ -77,7 +77,6 @@ @m2mAuthConfig.userProfiles.read@=read:user_profiles,all:user_profiles @m2mAuthConfig.userProfiles.update@=update:user_profiles,all:user_profiles @m2mAuthConfig.userProfiles.delete@=delete:user_profiles,all:user_profiles -@m2mAuthConfig.user2fa.create@=create:user_2fa,all:user_2fa -@m2mAuthConfig.user2fa.read@=read:user_2fa,all:user_2fa -@m2mAuthConfig.user2fa.update@=update:user_2fa,all:user_2fa -@m2mAuthConfig.user2fa.delete@=delete:user_2fa,all:user_2fa \ No newline at end of file +@m2mAuthConfig.user2fa.enable@=enable:user_2fa,all:user_2fa +@m2mAuthConfig.user2fa.verify@=verify:user_2fa,all:user_2fa +@m2mAuthConfig.user2fa.credential@=cred:user_2fa,all:user_2fa \ No newline at end of file diff --git a/token.properties.template b/token.properties.template index 1c26af1..7f519e3 100644 --- a/token.properties.template +++ b/token.properties.template @@ -99,7 +99,6 @@ @m2mAuthConfig.userProfiles.read@={{M2MAUTHCONFIG_USERPROFILES_READ}} @m2mAuthConfig.userProfiles.update@={{M2MAUTHCONFIG_USERPROFILES_UPDATE}} @m2mAuthConfig.userProfiles.delete@={{M2MAUTHCONFIG_USERPROFILES_DELETE}} -@m2mAuthConfig.user2fa.create@={{M2MAUTHCONFIG_USER2FA_CREATE}} -@m2mAuthConfig.user2fa.read@={{M2MAUTHCONFIG_USER2FA_READ}} -@m2mAuthConfig.user2fa.update@={{M2MAUTHCONFIG_USER2FA_UPDATE}} -@m2mAuthConfig.user2fa.delete@={{M2MAUTHCONFIG_USER2FA_DELETE}} +@m2mAuthConfig.user2fa.enable@={{M2MAUTHCONFIG_USER2FA_ENABLE}} +@m2mAuthConfig.user2fa.verify@={{M2MAUTHCONFIG_USER2FA_VERIFY}} +@m2mAuthConfig.user2fa.credential@={{M2MAUTHCONFIG_USER2FA_CREDENTIAL}} From f6aa138ecec4c98f78202a7e927f2ad950fc4073 Mon Sep 17 00:00:00 2001 From: Emre Date: Wed, 3 Aug 2022 10:25:26 +0300 Subject: [PATCH 2/2] update dice endpoints --- buildtokenproperties.sh | 14 +- .../identity/resource/UserResource.java | 4 +- .../service/identity/util/auth/DICEAuth.java | 144 +----------------- src/main/resources/config.yml | 7 +- src/main/resources/config.yml.localdev | 7 +- token.properties.localdev | 7 +- token.properties.template | 7 +- 7 files changed, 15 insertions(+), 175 deletions(-) diff --git a/buildtokenproperties.sh b/buildtokenproperties.sh index 67d9e0c..38dcb0c 100755 --- a/buildtokenproperties.sh +++ b/buildtokenproperties.sh @@ -18,12 +18,7 @@ AUTH0_NEW_NONINTERACTIVE_ID_SECRET=$(eval "echo \$${ENV}_AUTH0_NEW_NONINTERACTIV DICEAUTH_DICE_URL=$(eval "echo \$${ENV}_DICEAUTH_DICE_URL") DICEAUTH_DICE_API_URL=$(eval "echo \$${ENV}_DICEAUTH_DICE_API_URL") DICEAUTH_DICE_VERIFIER=$(eval "echo \$${ENV}_DICEAUTH_DICE_VERIFIER") -DICEAUTH_ID=$(eval "echo \$${ENV}_DICEAUTH_ID") -DICEAUTH_ID_SECRET=$(eval "echo \$${ENV}_DICEAUTH_ID_SECRET") -DICEAUTH_PASSWORD=$(eval "echo \$${ENV}_DICEAUTH_PASSWORD") -DICEAUTH_SCOPE=$(eval "echo \$${ENV}_DICEAUTH_SCOPE") -DICEAUTH_TENANT=$(eval "echo \$${ENV}_DICEAUTH_TENANT") -DICEAUTH_USERNAME=$(eval "echo \$${ENV}_DICEAUTH_USERNAME") +DICEAUTH_DICE_API_KEY=$(eval "echo \$${ENV}_DICEAUTH_DICE_API_KEY") DICEAUTH_CREDDEFID=$(eval "echo \$${ENV}_DICEAUTH_CREDDEFID") ZENDESK_ID=$(eval "echo \$${ENV}_ZENDESK_ID") SERVICEACC02_UID=$(eval "echo \$${ENV}_SERVICEACC02_UID") @@ -97,12 +92,7 @@ perl -pi -e "s/\{\{AUTH0_NEW_NONINTERACTIVE_ID_SECRET\}\}/$AUTH0_NEW_NONINTERACT perl -pi -e "s|\{\{DICEAUTH_DICE_URL\}\}|$DICEAUTH_DICE_URL|g" $CONFFILENAME perl -pi -e "s|\{\{DICEAUTH_DICE_API_URL\}\}|$DICEAUTH_DICE_API_URL|g" $CONFFILENAME perl -pi -e "s|\{\{DICEAUTH_DICE_VERIFIER\}\}|$DICEAUTH_DICE_VERIFIER|g" $CONFFILENAME -perl -pi -e "s/\{\{DICEAUTH_ID\}\}/$DICEAUTH_ID/g" $CONFFILENAME -perl -pi -e "s/\{\{DICEAUTH_ID_SECRET\}\}/$DICEAUTH_ID_SECRET/g" $CONFFILENAME -perl -pi -e "s|\{\{DICEAUTH_PASSWORD\}\}|$DICEAUTH_PASSWORD|g" $CONFFILENAME -perl -pi -e "s/\{\{DICEAUTH_SCOPE\}\}/$DICEAUTH_SCOPE/g" $CONFFILENAME -perl -pi -e "s/\{\{DICEAUTH_TENANT\}\}/$DICEAUTH_TENANT/g" $CONFFILENAME -perl -pi -e "s/\{\{DICEAUTH_USERNAME\}\}/$DICEAUTH_USERNAME/g" $CONFFILENAME +perl -pi -e "s|\{\{DICEAUTH_DICE_API_KEY\}\}|$DICEAUTH_DICE_API_KEY|g" $CONFFILENAME perl -pi -e "s/\{\{DICEAUTH_CREDDEFID\}\}/$DICEAUTH_CREDDEFID/g" $CONFFILENAME perl -pi -e "s/\{\{ZENDESK_KEY\}\}/$ZENDESK_KEY/g" $CONFFILENAME perl -pi -e "s/\{\{ZENDESK_ID\}\}/$ZENDESK_ID/g" $CONFFILENAME diff --git a/src/main/java/com/appirio/tech/core/service/identity/resource/UserResource.java b/src/main/java/com/appirio/tech/core/service/identity/resource/UserResource.java index 76fce09..afc57bd 100644 --- a/src/main/java/com/appirio/tech/core/service/identity/resource/UserResource.java +++ b/src/main/java/com/appirio/tech/core/service/identity/resource/UserResource.java @@ -1549,7 +1549,7 @@ public ApiResponse updateUser2fa( try { response = new Request(diceAuth.getDiceApiUrl() + "/connection/invitation", "POST") .param("emailId", user2faInDb.getEmail()) - .header("Authorization", "Bearer " + diceAuth.getToken()) + .header("x-api-key", diceAuth.getDiceApiKey()) .execute(); } catch (Exception e) { logger.error("Error when calling 2fa submit api", e); @@ -1625,7 +1625,7 @@ public ApiResponse issueCredentials( Response response; try { response = new Request(diceAuth.getDiceApiUrl() + "/cred/issuance/offer", "POST") - .header("Authorization", "Bearer " + diceAuth.getToken()) + .header("x-api-key", diceAuth.getDiceApiKey()) .json(mapper.writeValueAsString(body)) .execute(); } catch (JsonProcessingException e) { diff --git a/src/main/java/com/appirio/tech/core/service/identity/util/auth/DICEAuth.java b/src/main/java/com/appirio/tech/core/service/identity/util/auth/DICEAuth.java index ee69ada..402c07d 100644 --- a/src/main/java/com/appirio/tech/core/service/identity/util/auth/DICEAuth.java +++ b/src/main/java/com/appirio/tech/core/service/identity/util/auth/DICEAuth.java @@ -1,23 +1,8 @@ package com.appirio.tech.core.service.identity.util.auth; -import java.net.HttpURLConnection; -import java.util.Date; - import javax.validation.constraints.NotNull; -import org.apache.log4j.Logger; - -import com.appirio.tech.core.api.v3.exception.APIRuntimeException; -import com.appirio.tech.core.api.v3.util.jwt.InvalidTokenException; -import com.appirio.tech.core.service.identity.util.HttpUtil.Request; -import com.appirio.tech.core.service.identity.util.HttpUtil.Response; -import com.auth0.jwt.JWT; -import com.auth0.jwt.exceptions.JWTDecodeException; -import com.auth0.jwt.interfaces.DecodedJWT; -import com.fasterxml.jackson.databind.ObjectMapper; - public class DICEAuth { - private static final Logger logger = Logger.getLogger(Auth0Client.class); @NotNull private String diceUrl; @@ -29,44 +14,21 @@ public class DICEAuth { private String diceVerifier; @NotNull - private String tenant; - - @NotNull - private String username; - - @NotNull - private String password; - - @NotNull - private String scope; - - @NotNull - private String clientId; - - @NotNull - private String clientSecret; + private String diceApiKey; @NotNull private String credDefId; private String credPreview = "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/issue-credential/1.0/credential-preview"; - private String cachedToken; - public DICEAuth() { } - public DICEAuth(String diceUrl, String diceApiUrl, String diceVerifier, String tenant, String username, - String password, String scope, String clientId, String clientSecret, String credDefId) { + public DICEAuth(String diceUrl, String diceApiUrl, String diceVerifier, String diceApiKey, String credDefId) { this.diceUrl = diceUrl; this.diceApiUrl = diceApiUrl; this.diceVerifier = diceVerifier; - this.tenant = tenant; - this.username = username; - this.password = password; - this.scope = scope; - this.clientId = clientId; - this.clientSecret = clientSecret; + this.diceApiKey = diceApiKey; this.credDefId = credDefId; } @@ -94,52 +56,12 @@ public void setDiceVerifier(String diceVerifier) { this.diceVerifier = diceVerifier; } - public String getTenant() { - return tenant; - } - - public void setTenant(String tenant) { - this.tenant = tenant; - } - - public String getUsername() { - return username; - } - - public void setUsername(String username) { - this.username = username; - } - - public String getPassword() { - return password; - } - - public void setPassword(String password) { - this.password = password; + public String getDiceApiKey() { + return diceApiKey; } - public String getScope() { - return scope; - } - - public void setScope(String scope) { - this.scope = scope; - } - - public String getClientId() { - return clientId; - } - - public void setClientId(String clientId) { - this.clientId = clientId; - } - - public String getClientSecret() { - return clientSecret; - } - - public void setClientSecret(String clientSecret) { - this.clientSecret = clientSecret; + public void setDiceApiKey(String diceApiKey) { + this.diceApiKey = diceApiKey; } public String getCredDefId() { @@ -157,56 +79,4 @@ public String getCredPreview() { public void setCredPreview(String credPreview) { this.credPreview = credPreview; } - - public String getToken() throws Exception { - Boolean isCachedTokenExpired = false; - if (cachedToken != null) { - if (getTokenExpiryTime(cachedToken) <= 0) { - isCachedTokenExpired = true; - logger.info("Application cached token expired"); - } - } - if (cachedToken == null || isCachedTokenExpired) { - String url = "https://login.microsoftonline.com/" + getTenant() + "/oauth2/v2.0/token"; - Response response = new Request(url, "POST") - .param("grant_type", "password") - .param("username", getUsername()) - .param("password", getPassword()) - .param("scope", getScope()) - .param("client_id", getClientId()) - .param("client_secret", getClientSecret()).execute(); - if (response.getStatusCode() != HttpURLConnection.HTTP_OK) { - throw new APIRuntimeException(HttpURLConnection.HTTP_INTERNAL_ERROR, - String.format("Got unexpected response from remote service. %d %s", response.getStatusCode(), - response.getText())); - } - cachedToken = new ObjectMapper().readValue(response.getText(), Auth0Credential.class).getIdToken(); - logger.info("Fetched token from URL: " + url); - } - return cachedToken; - } - - /** - * Get token expiry time in seconds - * - * @param token JWT token - * throws Exception if any error occurs - * @return the Integer result - */ - private Integer getTokenExpiryTime(String token) throws Exception { - DecodedJWT decodedJWT = null; - Integer tokenExpiryTime = 0; - if (token != null) { - try { - decodedJWT = JWT.decode(token); - } catch (JWTDecodeException e) { - throw new InvalidTokenException(token, "Error occurred in decoding token. " + e.getLocalizedMessage(), - e); - } - Date tokenExpiryDate = decodedJWT.getExpiresAt(); - Long tokenExpiryTimeInMilliSeconds = tokenExpiryDate.getTime() - (new Date().getTime()) - 60 * 1000; - tokenExpiryTime = (int) Math.floor(tokenExpiryTimeInMilliSeconds / 1000); - } - return tokenExpiryTime; - } } diff --git a/src/main/resources/config.yml b/src/main/resources/config.yml index dfb31c7..15af415 100644 --- a/src/main/resources/config.yml +++ b/src/main/resources/config.yml @@ -97,12 +97,7 @@ diceAuth: diceUrl: @diceAuth.diceUrl@ diceApiUrl: @diceAuth.diceApiUrl@ diceVerifier: @diceAuth.diceVerifier@ - clientId: @diceAuth.clientId@ - clientSecret: @diceAuth.clientSecret@ - password: @diceAuth.password@ - scope: @diceAuth.scope@ - tenant: @diceAuth.tenant@ - username: @diceAuth.username@ + diceApiKey: @diceAuth.diceApiKey@ credDefId: @diceAuth.credDefId@ # Authorized accounts diff --git a/src/main/resources/config.yml.localdev b/src/main/resources/config.yml.localdev index e51ee8b..26cb2ab 100644 --- a/src/main/resources/config.yml.localdev +++ b/src/main/resources/config.yml.localdev @@ -89,12 +89,7 @@ diceAuth: diceUrl: dummy diceApiUrl: dummy diceVerifier: dummy - clientId: dummy - clientSecret: dummy - password: dummy - scope: dummy - tenant: dummy - username: dummy + diceApiKey: dummy credDefId: dummy # LDAP Settings diff --git a/token.properties.localdev b/token.properties.localdev index fd7a7f0..fcca202 100644 --- a/token.properties.localdev +++ b/token.properties.localdev @@ -34,12 +34,7 @@ @diceAuth.diceUrl@=dummy @diceAuth.diceApiUrl@=dummy @diceAuth.diceVerifier@=dummy -@diceAuth.clientId@=dummy -@diceAuth.clientSecret@=dummy -@diceAuth.password@=dummy -@diceAuth.scope@=dummy -@diceAuth.tenant@=dummy -@diceAuth.username@=dummy +@diceAuth.diceApiKey@=dummy @diceAuth.credDefId@=dummy @zendesk.secret@=ZENDESK_SECRET diff --git a/token.properties.template b/token.properties.template index 7f519e3..172a6ed 100644 --- a/token.properties.template +++ b/token.properties.template @@ -54,12 +54,7 @@ @diceAuth.diceUrl@={{DICEAUTH_DICE_URL}} @diceAuth.diceApiUrl@={{DICEAUTH_DICE_API_URL}} @diceAuth.diceVerifier@={{DICEAUTH_DICE_VERIFIER}} -@diceAuth.clientId@={{DICEAUTH_ID}} -@diceAuth.clientSecret@={{DICEAUTH_ID_SECRET}} -@diceAuth.password@={{DICEAUTH_PASSWORD}} -@diceAuth.scope@={{DICEAUTH_SCOPE}} -@diceAuth.tenant@={{DICEAUTH_TENANT}} -@diceAuth.username@={{DICEAUTH_USERNAME}} +@diceAuth.diceApiKey@={{DICEAUTH_DICE_API_KEY}} @diceAuth.credDefId@={{DICEAUTH_CREDDEFID}} @zendesk.secret@={{ZENDESK_KEY}}