├── docker-compose.yml ├── .gitignore ├── src └── main │ ├── resources │ ├── java-oauth-server.properties │ ├── logback.xml │ ├── resource_servers.json │ └── ekyc-ida │ │ └── examples │ │ └── response │ │ ├── document_800_63A.json │ │ └── document_UKTDIF.json │ ├── webapp │ ├── css │ │ ├── index.css │ │ ├── device │ │ │ ├── authorization.css │ │ │ └── verification.css │ │ └── authorization.css │ └── WEB-INF │ │ └── template │ │ └── device │ │ ├── authorization.jsp │ │ └── verification.jsp │ └── java │ └── com │ └── authlete │ └── jaxrs │ └── server │ ├── vc │ ├── OrderContext.java │ ├── OrderProcessor.java │ ├── VerifiableCredentialException.java │ ├── InvalidCredentialRequestException.java │ ├── UnsupportedCredentialTypeException.java │ ├── UnsupportedCredentialFormatException.java │ ├── OrderFormat.java │ └── VerifiableCredentialType.java │ ├── db │ ├── BaseDao.java │ ├── VerifiedClaimsDao.java │ └── ResourceServerDao.java │ ├── obb │ ├── database │ │ ├── ConsentStore.java │ │ └── ConsentDao.java │ └── model │ │ ├── LoggedUser.java │ │ ├── CreateConsent.java │ │ ├── BusinessEntity.java │ │ ├── Document.java │ │ ├── Error.java │ │ ├── Resource.java │ │ ├── ResponseAccountList.java │ │ ├── ResponseResourceList.java │ │ ├── ResponseError.java │ │ ├── Meta.java │ │ ├── Links.java │ │ ├── ResponseConsent.java │ │ ├── CreateConsentData.java │ │ ├── AccountData.java │ │ └── Consent.java │ ├── core │ ├── AppContextListener.java │ └── SessionTracker.java │ ├── ad │ ├── type │ │ ├── Mode.java │ │ ├── Result.java │ │ └── Status.java │ └── dto │ │ ├── PollAuthenticationRequest.java │ │ ├── SyncAuthenticationRequest.java │ │ ├── SyncAuthenticationResponse.java │ │ ├── PollAuthenticationResponse.java │ │ ├── AsyncAuthenticationResponse.java │ │ ├── AsyncAuthenticationRequest.java │ │ └── PollAuthenticationResultResponse.java │ ├── api │ ├── vci │ │ ├── CredentialOfferEndpoint.java │ │ ├── CredentialJwtIssuerEndpoint.java │ │ ├── CredentialJWKSetEndpoint.java │ │ ├── CredentialMetadataEndpoint.java │ │ └── CredentialOfferIssueEndpoint.java │ ├── backchannel │ │ ├── AuthenticationDeviceProcessor.java │ │ ├── AuthInfoHolder.java │ │ ├── AuthInfo.java │ │ ├── BackchannelAuthenticationEndpoint.java │ │ └── SyncAuthenticationDeviceProcessor.java │ ├── AppleAppSiteAssociation.java │ ├── GrantManagementEndpoint.java │ ├── JwksEndpoint.java │ ├── AuthzPageModel.java │ ├── FederationConfigurationEndpoint.java │ ├── device │ │ └── DeviceAuthorizationEndpoint.java │ ├── RevocationEndpoint.java │ ├── TestEndpoint.java │ ├── PushedAuthReqEndpoint.java │ ├── TokenRequestHandlerSpiImpl.java │ ├── obb │ │ └── ResourcesEndpoint.java │ ├── UserInfoRequestHandlerSpiImpl.java │ ├── FederationRegistrationEndpoint.java │ └── AuthorizationEndpoint.java │ ├── federation │ ├── FederationsConfig.java │ ├── ServerConfig.java │ ├── ConfigValidationHelper.java │ ├── FederationConfig.java │ ├── FederationsConfigLoader.java │ └── ClientConfig.java │ ├── nativesso │ └── DeviceSecretManager.java │ └── util │ ├── TypedSystemProperties.java │ ├── ServerProperties.java │ └── ProcessingUtil.java ├── Dockerfile ├── federations.json ├── Dockerfile.prod ├── certs ├── import-certificate.sh └── Open_Banking_Brasil_Sandbox_Root_G2.pem └── authlete.properties /docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3" 2 | services: 3 | app: 4 | build: . 5 | ports: 6 | - 8080:8080 7 | volumes: 8 | - .:/authlete/app 9 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .settings/ 2 | target/ 3 | .DS_Store 4 | .classpath 5 | .project 6 | local.authlete.properties 7 | local.federations.json 8 | nohup.out 9 | .idea/ 10 | java-oauth-server.iml 11 | *~ 12 | -------------------------------------------------------------------------------- /src/main/resources/java-oauth-server.properties: -------------------------------------------------------------------------------- 1 | # 2 | # Set server configurations here if necessary. The configuration properties you 3 | # can set here are defined in "com.authlete.jaxrs.server.ServerConfig". 4 | # -------------------------------------------------------------------------------- /src/main/resources/logback.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | %d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM maven:3.8.5-openjdk-8 2 | EXPOSE 8080 3 | 4 | RUN mkdir -p /authlete/app 5 | 6 | ADD . /authlete/app 7 | 8 | WORKDIR /authlete/app 9 | 10 | RUN mvn -s /usr/share/maven/ref/settings-docker.xml clean install && \ 11 | # Import the root certificate of Open Banking Brasil Sandbox 12 | certs/import-certificate.sh certs/Open_Banking_Brasil_Sandbox_Root_G2.pem 13 | 14 | CMD ["mvn", "-s", "/usr/share/maven/ref/settings-docker.xml", "clean", "jetty:run"] 15 | -------------------------------------------------------------------------------- /federations.json: -------------------------------------------------------------------------------- 1 | { 2 | "federations": [ 3 | { 4 | "id": "okta", 5 | "server": { 6 | "name": "Okta-hosted IdP", 7 | "issuer": "https://YOUR_COMPANY.okta.com" 8 | }, 9 | "client": { 10 | "clientId": "YOUR_CLIENT_ID", 11 | "clientSecret": "YOUR_CLIENT_SECRET", 12 | "redirectUri": "http://localhost:8080/api/federation/callback/okta", 13 | "idTokenSignedResponseAlg": "RS256" 14 | } 15 | } 16 | ] 17 | } -------------------------------------------------------------------------------- /Dockerfile.prod: -------------------------------------------------------------------------------- 1 | # Production-friendly Dockerfile with multi-stage build and decent layer caching 2 | 3 | FROM --platform=$BUILDPLATFORM maven:3.9.9-eclipse-temurin-21 AS builder 4 | 5 | WORKDIR /build 6 | COPY pom.xml . 7 | RUN mvn -Dmaven.test.skip=true -Dmaven.javadoc.skip=true dependency:go-offline 8 | COPY src/ /build/src/ 9 | RUN mvn -Dmaven.test.skip=true -Dmaven.javadoc.skip=true package 10 | 11 | 12 | FROM jetty:9.4.56-jre21-eclipse-temurin 13 | 14 | USER root 15 | COPY certs/ certs/ 16 | RUN certs/import-certificate.sh certs/Open_Banking_Brasil_Sandbox_Root_G2.pem 17 | USER jetty 18 | COPY --from=builder /build/target/*.war /var/lib/jetty/webapps/ROOT.war 19 | -------------------------------------------------------------------------------- /certs/import-certificate.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | 4 | KEYSTORE=$JAVA_HOME/jre/lib/security/cacerts 5 | if [[ ! -f $KEYSTORE ]]; then 6 | KEYSTORE=$JAVA_HOME/lib/security/cacerts 7 | fi 8 | 9 | __import_certificate() 10 | { 11 | local FILE="$1" 12 | local ALIAS=$(basename $FILE .pem) 13 | local COMMAND=(keytool -noprompt -storepass changeit -keystore $KEYSTORE -importcert -alias $ALIAS -file $FILE) 14 | 15 | echo "${COMMAND[@]}" 16 | "${COMMAND[@]}" 17 | } 18 | 19 | 20 | __main() 21 | { 22 | if [ "$1" = "" ]; then 23 | echo "USAGE: $(basename $0) certificate.pem" 2>&1 24 | exit 1 25 | fi 26 | 27 | __import_certificate "$1" 28 | } 29 | 30 | 31 | __main "$@" 32 | -------------------------------------------------------------------------------- /src/main/webapp/css/index.css: -------------------------------------------------------------------------------- 1 | body { 2 | margin: 0; 3 | text-shadow: none; 4 | } 5 | 6 | #page_title { 7 | background: #333; 8 | color: white; 9 | padding: 0.5em; 10 | margin: 0; 11 | font-size: 200%; 12 | } 13 | 14 | #content { 15 | padding: 20px; 16 | } 17 | 18 | table { 19 | border-collapse: collapse; 20 | } 21 | 22 | td { 23 | padding: 10px; 24 | } 25 | 26 | tr.label, td.label { 27 | background-color: #E0E0E0; 28 | } 29 | 30 | a { 31 | text-decoration: none; 32 | color: blue; 33 | } 34 | 35 | a:visited { 36 | color: blue; 37 | } 38 | 39 | a:hover { 40 | text-decoration: underline; 41 | } 42 | 43 | .font-default 44 | { 45 | font-family: 'Source Sans Pro', 'Helvetica Neue', 'Segoe UI', 'Arial', sans-serif; 46 | -webkit-font-smoothing: antialiased; 47 | } 48 | -------------------------------------------------------------------------------- /src/main/resources/resource_servers.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "id": "rs0", 4 | "secret": "rs0-secret", 5 | "uri": "https//rs0.example.com", 6 | "introspectionSignAlg": "ES256", 7 | "introspectionEncryptionAlg": "RSA_OAEP_256", 8 | "introspectionEncryptionEnc": "A128CBC_HS256", 9 | "publicKeyForIntrospectionResponseEncryption": "{\"kty\":\"RSA\", \"e\": \"AQAB\",\"use\": \"enc\",\"kid\": \"22BGA3qKjBG7a5Y5lmftcOYkeUCql_G12qPbjBn08rA\",\"alg\": \"RSA-OAEP-256\",\"n\": \"0bBna89O_reo8ttH1ITZ9sBc601OAOTHIdMQ3vwUYrrb-x2Zgp8BvueYKAeMy5kvv05zAGHqnF76v_z-XjT3Dr85xdY9ruNHA-Sg9hupa5NTUFbTOareh7MldjQNer9sejVeNmy7Wtk3CP7Y7p581VLSqj8r5DGsVh6Ha2mw5EiqtHLCPAMXMdb6pUMZ7TdKioHd-NMLwcL-p-OKGfF0znf-Fho-5KdoX855Digt2ud8LARe-qMA1DbSoHI1zowQeezRmcj_cbdv9RUaRmxg3Wqr_87WOninWA71qZFeLNEFitjQldf6FZhJ143lWnnMdzTBVvBBav0KHnsVcr982Q\"}" 10 | } 11 | ] 12 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/vc/OrderContext.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2023 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, 11 | * software distributed under the License is distributed on an 12 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 13 | * either express or implied. See the License for the specific 14 | * language governing permissions and limitations under the 15 | * License. 16 | */ 17 | package com.authlete.jaxrs.server.vc; 18 | 19 | 20 | public enum OrderContext 21 | { 22 | SINGLE, 23 | BATCH, 24 | DEFERRED, 25 | ; 26 | } 27 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/vc/OrderProcessor.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2023 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, 11 | * software distributed under the License is distributed on an 12 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 13 | * either express or implied. See the License for the specific 14 | * language governing permissions and limitations under the 15 | * License. 16 | */ 17 | package com.authlete.jaxrs.server.vc; 18 | 19 | 20 | import com.authlete.common.dto.CredentialIssuanceOrder; 21 | import com.authlete.common.dto.CredentialRequestInfo; 22 | import com.authlete.common.dto.IntrospectionResponse; 23 | 24 | 25 | public interface OrderProcessor 26 | { 27 | CredentialIssuanceOrder toOrder( 28 | OrderContext context, 29 | IntrospectionResponse introspection, 30 | CredentialRequestInfo info) throws VerifiableCredentialException; 31 | } 32 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/db/BaseDao.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2023 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, 11 | * software distributed under the License is distributed on an 12 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 13 | * either express or implied. See the License for the specific 14 | * language governing permissions and limitations under the 15 | * License. 16 | */ 17 | package com.authlete.jaxrs.server.db; 18 | 19 | 20 | import java.io.InputStreamReader; 21 | import java.io.Reader; 22 | import java.nio.charset.StandardCharsets; 23 | 24 | 25 | public class BaseDao 26 | { 27 | /** 28 | * Create a Reader instance that reads the specified resource. 29 | */ 30 | protected static Reader createReader(Class clazz, String resource) 31 | { 32 | return new InputStreamReader( 33 | clazz.getResourceAsStream(resource), StandardCharsets.UTF_8); 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/obb/database/ConsentStore.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2021 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package com.authlete.jaxrs.server.obb.database; 17 | 18 | 19 | import java.util.LinkedHashMap; 20 | import java.util.Map.Entry; 21 | import com.authlete.jaxrs.server.obb.model.Consent; 22 | 23 | 24 | /** 25 | * On-memory store for {@link Consent} with the replacement policy of 26 | * LRU (Least Recently Used). Of course, not suitable for production use. 27 | */ 28 | public class ConsentStore extends LinkedHashMap 29 | { 30 | private static final long serialVersionUID = 1L; 31 | 32 | 33 | @Override 34 | protected boolean removeEldestEntry(Entry eldest) 35 | { 36 | return size() > 100; 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/vc/VerifiableCredentialException.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2023 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, 11 | * software distributed under the License is distributed on an 12 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 13 | * either express or implied. See the License for the specific 14 | * language governing permissions and limitations under the 15 | * License. 16 | */ 17 | package com.authlete.jaxrs.server.vc; 18 | 19 | 20 | public class VerifiableCredentialException extends Exception 21 | { 22 | private static final long serialVersionUID = 1L; 23 | 24 | 25 | public VerifiableCredentialException() 26 | { 27 | } 28 | 29 | 30 | public VerifiableCredentialException(String message) 31 | { 32 | super(message); 33 | } 34 | 35 | 36 | public VerifiableCredentialException(Throwable cause) 37 | { 38 | super(cause); 39 | } 40 | 41 | 42 | public VerifiableCredentialException(String message, Throwable cause) 43 | { 44 | super(message, cause); 45 | } 46 | } 47 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/obb/model/LoggedUser.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2021 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package com.authlete.jaxrs.server.obb.model; 17 | 18 | 19 | import java.io.Serializable; 20 | 21 | 22 | /** 23 | * LoggedUser 24 | * 25 | * @see LoggedUser 27 | */ 28 | public class LoggedUser implements Serializable 29 | { 30 | private static final long serialVersionUID = 1L; 31 | 32 | 33 | private Document document; 34 | 35 | 36 | public Document getDocument() 37 | { 38 | return document; 39 | } 40 | 41 | 42 | public LoggedUser setDocument(Document document) 43 | { 44 | this.document = document; 45 | 46 | return this; 47 | } 48 | } 49 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/obb/model/CreateConsent.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2021 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package com.authlete.jaxrs.server.obb.model; 17 | 18 | 19 | import java.io.Serializable; 20 | 21 | 22 | /** 23 | * CreateConsent 24 | * 25 | * @see CreateConsent 27 | */ 28 | public class CreateConsent implements Serializable 29 | { 30 | private static final long serialVersionUID = 1L; 31 | 32 | 33 | private CreateConsentData data; 34 | 35 | 36 | public CreateConsentData getData() 37 | { 38 | return data; 39 | } 40 | 41 | 42 | public CreateConsent setData(CreateConsentData data) 43 | { 44 | this.data = data; 45 | 46 | return this; 47 | } 48 | } 49 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/obb/model/BusinessEntity.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2021 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package com.authlete.jaxrs.server.obb.model; 17 | 18 | 19 | import java.io.Serializable; 20 | 21 | 22 | /** 23 | * BusinessEntity 24 | * 25 | * @see BusinessEntity 27 | */ 28 | public class BusinessEntity implements Serializable 29 | { 30 | private static final long serialVersionUID = 1L; 31 | 32 | 33 | private Document document; 34 | 35 | 36 | public Document getDocument() 37 | { 38 | return document; 39 | } 40 | 41 | 42 | public BusinessEntity setDocument(Document document) 43 | { 44 | this.document = document; 45 | 46 | return this; 47 | } 48 | } 49 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/vc/InvalidCredentialRequestException.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2023 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, 11 | * software distributed under the License is distributed on an 12 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 13 | * either express or implied. See the License for the specific 14 | * language governing permissions and limitations under the 15 | * License. 16 | */ 17 | package com.authlete.jaxrs.server.vc; 18 | 19 | 20 | public class InvalidCredentialRequestException extends VerifiableCredentialException 21 | { 22 | private static final long serialVersionUID = 1L; 23 | 24 | 25 | public InvalidCredentialRequestException() 26 | { 27 | } 28 | 29 | 30 | public InvalidCredentialRequestException(String message) 31 | { 32 | super(message); 33 | } 34 | 35 | 36 | public InvalidCredentialRequestException(Throwable cause) 37 | { 38 | super(cause); 39 | } 40 | 41 | 42 | public InvalidCredentialRequestException(String message, Throwable cause) 43 | { 44 | super(message, cause); 45 | } 46 | } 47 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/vc/UnsupportedCredentialTypeException.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2023 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, 11 | * software distributed under the License is distributed on an 12 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 13 | * either express or implied. See the License for the specific 14 | * language governing permissions and limitations under the 15 | * License. 16 | */ 17 | package com.authlete.jaxrs.server.vc; 18 | 19 | 20 | public class UnsupportedCredentialTypeException extends VerifiableCredentialException 21 | { 22 | private static final long serialVersionUID = 1L; 23 | 24 | 25 | public UnsupportedCredentialTypeException() 26 | { 27 | } 28 | 29 | 30 | public UnsupportedCredentialTypeException(String message) 31 | { 32 | super(message); 33 | } 34 | 35 | 36 | public UnsupportedCredentialTypeException(Throwable cause) 37 | { 38 | super(cause); 39 | } 40 | 41 | 42 | public UnsupportedCredentialTypeException(String message, Throwable cause) 43 | { 44 | super(message, cause); 45 | } 46 | } 47 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/vc/UnsupportedCredentialFormatException.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2023 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, 11 | * software distributed under the License is distributed on an 12 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 13 | * either express or implied. See the License for the specific 14 | * language governing permissions and limitations under the 15 | * License. 16 | */ 17 | package com.authlete.jaxrs.server.vc; 18 | 19 | 20 | public class UnsupportedCredentialFormatException extends VerifiableCredentialException 21 | { 22 | private static final long serialVersionUID = 1L; 23 | 24 | 25 | public UnsupportedCredentialFormatException() 26 | { 27 | } 28 | 29 | 30 | public UnsupportedCredentialFormatException(String message) 31 | { 32 | super(message); 33 | } 34 | 35 | 36 | public UnsupportedCredentialFormatException(Throwable cause) 37 | { 38 | super(cause); 39 | } 40 | 41 | 42 | public UnsupportedCredentialFormatException(String message, Throwable cause) 43 | { 44 | super(message, cause); 45 | } 46 | } 47 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/core/AppContextListener.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2021 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, 11 | * software distributed under the License is distributed on an 12 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 13 | * either express or implied. See the License for the specific 14 | * language governing permissions and limitations under the 15 | * License. 16 | */ 17 | package com.authlete.jaxrs.server.core; 18 | 19 | 20 | import java.security.Provider; 21 | import java.security.Security; 22 | import javax.servlet.ServletContextEvent; 23 | import javax.servlet.ServletContextListener; 24 | import com.nimbusds.jose.crypto.bc.BouncyCastleProviderSingleton; 25 | 26 | 27 | public class AppContextListener implements ServletContextListener 28 | { 29 | @Override 30 | public void contextInitialized(ServletContextEvent context) 31 | { 32 | // Initialize BouncyCastle library. 33 | Provider bc = BouncyCastleProviderSingleton.getInstance(); 34 | Security.addProvider(bc); 35 | } 36 | 37 | 38 | @Override 39 | public void contextDestroyed(ServletContextEvent context) 40 | { 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/ad/type/Mode.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2019 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, 11 | * software distributed under the License is distributed on an 12 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 13 | * either express or implied. See the License for the specific 14 | * language governing permissions and limitations under the 15 | * License. 16 | */ 17 | package com.authlete.jaxrs.server.ad.type; 18 | 19 | 20 | /** 21 | * The communication mode of Authlete 22 | * CIBA authentication device simulator. 23 | * 24 | * @see Authlete CIBA authentication device 25 | * simulator 26 | * 27 | * @see Authlete 28 | * CIBA authentication device simulator API 29 | * 30 | * @author Hideki Ikeda 31 | */ 32 | public enum Mode 33 | { 34 | /** 35 | * The synchronous mode. 36 | */ 37 | SYNC, 38 | 39 | 40 | /** 41 | * The asynchronous mode. 42 | */ 43 | ASYNC, 44 | 45 | 46 | /** 47 | * The poll mode. 48 | */ 49 | POLL 50 | ; 51 | } 52 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/api/vci/CredentialOfferEndpoint.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2023 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, 11 | * software distributed under the License is distributed on an 12 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 13 | * either express or implied. See the License for the specific 14 | * language governing permissions and limitations under the 15 | * License. 16 | */ 17 | package com.authlete.jaxrs.server.api.vci; 18 | 19 | 20 | import javax.ws.rs.GET; 21 | import javax.ws.rs.Path; 22 | import javax.ws.rs.PathParam; 23 | import javax.ws.rs.core.Response; 24 | import com.authlete.common.api.AuthleteApiFactory; 25 | import com.authlete.common.dto.CredentialOfferInfoRequest; 26 | import com.authlete.jaxrs.BaseCredentialOfferUriEndpoint; 27 | 28 | 29 | @Path("/api/offer/{identifier}") 30 | public class CredentialOfferEndpoint extends BaseCredentialOfferUriEndpoint 31 | { 32 | @GET 33 | public Response get( 34 | @PathParam("identifier") String identifier) 35 | { 36 | return this.handle(AuthleteApiFactory.getDefaultApi(), 37 | new CredentialOfferInfoRequest().setIdentifier(identifier)); 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/obb/model/Document.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2021 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package com.authlete.jaxrs.server.obb.model; 17 | 18 | 19 | import java.io.Serializable; 20 | 21 | 22 | public class Document implements Serializable 23 | { 24 | private static final long serialVersionUID = 1L; 25 | 26 | 27 | private String identification; 28 | private String rel; 29 | 30 | 31 | public String getIdentification() 32 | { 33 | return identification; 34 | } 35 | 36 | 37 | public Document setIdentification(String identification) 38 | { 39 | this.identification = identification; 40 | 41 | return this; 42 | } 43 | 44 | 45 | public String getRel() 46 | { 47 | return rel; 48 | } 49 | 50 | 51 | public Document setRel(String rel) 52 | { 53 | this.rel = rel; 54 | 55 | return this; 56 | } 57 | } 58 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/federation/FederationsConfig.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2022 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package com.authlete.jaxrs.server.federation; 17 | 18 | 19 | import java.io.Serializable; 20 | 21 | 22 | /** 23 | * Configuration of ID federations. 24 | * 25 | * 
26 |  * {
27 |  *     "federations": [
28 |  *         (each element is mapped to {@link FederationConfig})
29 |  *     ]
30 |  * }
31 |  *
32 | * 33 | * @see FederationsConfigLoader 34 | */ 35 | public class FederationsConfig implements Serializable 36 | { 37 | private static final long serialVersionUID = 1L; 38 | 39 | 40 | private FederationConfig[] federations; 41 | 42 | 43 | public FederationConfig[] getFederations() 44 | { 45 | return federations; 46 | } 47 | 48 | 49 | public FederationsConfig setFederations(FederationConfig[] federations) 50 | { 51 | this.federations = federations; 52 | 53 | return this; 54 | } 55 | } 56 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/ad/dto/PollAuthenticationRequest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2019 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, 11 | * software distributed under the License is distributed on an 12 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 13 | * either express or implied. See the License for the specific 14 | * language governing permissions and limitations under the 15 | * License. 16 | */ 17 | package com.authlete.jaxrs.server.ad.dto; 18 | 19 | 20 | /** 21 | * A class representing a request to 22 | * /api/authenticate/poll API of 23 | * Authlete CIBA authentication device simulator. 24 | * 25 | * @see Authlete CIBA authentication 26 | * device simulator 27 | * 28 | * @see 29 | * /api/authenticate/poll API 30 | * 31 | * @author Hideki Ikeda 32 | */ 33 | public class PollAuthenticationRequest extends BaseAuthenticationRequest 34 | { 35 | private static final long serialVersionUID = 1L; 36 | } 37 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/ad/dto/SyncAuthenticationRequest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2019 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, 11 | * software distributed under the License is distributed on an 12 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 13 | * either express or implied. See the License for the specific 14 | * language governing permissions and limitations under the 15 | * License. 16 | */ 17 | package com.authlete.jaxrs.server.ad.dto; 18 | 19 | 20 | /** 21 | * A class representing a request to 22 | * /api/authenticate/sync API of 23 | * Authlete CIBA authentication device simulator. 24 | * 25 | * @see Authlete CIBA authentication 26 | * device simulator 27 | * 28 | * @see 29 | * /api/authenticate/sync API 30 | * 31 | * @author Hideki Ikeda 32 | */ 33 | public class SyncAuthenticationRequest extends BaseAuthenticationRequest 34 | { 35 | private static final long serialVersionUID = 1L; 36 | } 37 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/api/backchannel/AuthenticationDeviceProcessor.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2019 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, 11 | * software distributed under the License is distributed on an 12 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 13 | * either express or implied. See the License for the specific 14 | * language governing permissions and limitations under the 15 | * License. 16 | */ 17 | package com.authlete.jaxrs.server.api.backchannel; 18 | 19 | 20 | /** 21 | * An interface for processors that communicate with 22 | * Authlete CIBA authentication device simulator for end-user authentication 23 | * and authorization. 24 | * 25 | * @see Authlete CIBA authentication device 26 | * simulator 27 | * 28 | * @see Authlete 29 | * CIBA authentication device simulator API 30 | * 31 | * @author Hideki Ikeda 32 | */ 33 | public interface AuthenticationDeviceProcessor 34 | { 35 | /** 36 | * Process communication between the authorization server and the authentication 37 | * device for end-user authentication and authorization. 38 | */ 39 | void process(); 40 | } 41 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/nativesso/DeviceSecretManager.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2025 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, 11 | * software distributed under the License is distributed on an 12 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 13 | * either express or implied. See the License for the specific 14 | * language governing permissions and limitations under the 15 | * License. 16 | */ 17 | package com.authlete.jaxrs.server.nativesso; 18 | 19 | 20 | import java.util.Map; 21 | import java.util.concurrent.ConcurrentHashMap; 22 | 23 | 24 | public class DeviceSecretManager 25 | { 26 | private static final Map byValueMap = new ConcurrentHashMap<>(); 27 | 28 | 29 | private DeviceSecretManager() 30 | { 31 | } 32 | 33 | 34 | public static DeviceSecret getByValue(String deviceSecret) 35 | { 36 | if (deviceSecret == null) 37 | { 38 | return null; 39 | } 40 | 41 | return byValueMap.get(deviceSecret); 42 | } 43 | 44 | 45 | public static void register(DeviceSecret ds) 46 | { 47 | if (ds == null) 48 | { 49 | return; 50 | } 51 | 52 | if (ds.getValue() == null) 53 | { 54 | throw new IllegalArgumentException("The value of the specified DeviceSecret is null."); 55 | } 56 | 57 | byValueMap.put(ds.getValue(), ds); 58 | } 59 | } 60 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/ad/type/Result.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2019 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, 11 | * software distributed under the License is distributed on an 12 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 13 | * either express or implied. See the License for the specific 14 | * language governing permissions and limitations under the 15 | * License. 16 | */ 17 | package com.authlete.jaxrs.server.ad.type; 18 | 19 | 20 | /** 21 | * Result of end-user authentication and authorization returned from 22 | * Authlete CIBA authentication device simulator 23 | * 24 | * @see Authlete CIBA authentication device 25 | * simulator 26 | * 27 | * @see Authlete 28 | * CIBA authentication device simulator API 29 | * 30 | * @author Hideki Ikeda 31 | */ 32 | public enum Result 33 | { 34 | /** 35 | * The result showing that an end-user authorized a client application's request. 36 | */ 37 | allow, 38 | 39 | 40 | /** 41 | * The result showing that an end-user denied a client application's request. 42 | */ 43 | deny, 44 | 45 | 46 | /** 47 | * The result showing that timeout occurred during end-user authentication and 48 | * authorization process. 49 | */ 50 | timeout 51 | ; 52 | } 53 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/ad/type/Status.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2019 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, 11 | * software distributed under the License is distributed on an 12 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 13 | * either express or implied. See the License for the specific 14 | * language governing permissions and limitations under the 15 | * License. 16 | */ 17 | package com.authlete.jaxrs.server.ad.type; 18 | 19 | 20 | /** 21 | * Status of end-user authentication and authorization on 22 | * Authlete CIBA authentication device simulator 23 | * when it is used in poll mode. 24 | * 25 | * @see Authlete CIBA authentication device 26 | * simulator 27 | * 28 | * @see Authlete 29 | * CIBA authentication device simulator API 30 | * 31 | * @author Hideki Ikeda 32 | */ 33 | public enum Status 34 | { 35 | /** 36 | * The status showing that end-user authentication and authorization is being 37 | * processed. 38 | */ 39 | active, 40 | 41 | 42 | /** 43 | * The status showing that end-user authentication and authorization process 44 | * has completed. 45 | */ 46 | complete, 47 | 48 | 49 | /** 50 | * The status showing that timeout occurred during end-user authentication 51 | * and authorization process 52 | */ 53 | timeout 54 | ; 55 | } 56 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/obb/model/Error.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2021 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package com.authlete.jaxrs.server.obb.model; 17 | 18 | 19 | import java.io.Serializable; 20 | 21 | 22 | public class Error implements Serializable 23 | { 24 | private static final long serialVersionUID = 1L; 25 | 26 | 27 | private String code; 28 | private String title; 29 | private String detail; 30 | 31 | 32 | public Error() 33 | { 34 | } 35 | 36 | 37 | public Error(String code, String title, String detail) 38 | { 39 | this.code = code; 40 | this.title = title; 41 | this.detail = detail; 42 | } 43 | 44 | 45 | public String getCode() 46 | { 47 | return code; 48 | } 49 | 50 | 51 | public Error setCode(String code) 52 | { 53 | this.code = code; 54 | 55 | return this; 56 | } 57 | 58 | 59 | public String getTitle() 60 | { 61 | return title; 62 | } 63 | 64 | 65 | public Error setTitle(String title) 66 | { 67 | this.title = title; 68 | 69 | return this; 70 | } 71 | 72 | 73 | public String getDetail() 74 | { 75 | return detail; 76 | } 77 | 78 | 79 | public Error setDetail(String detail) 80 | { 81 | this.detail = detail; 82 | 83 | return this; 84 | } 85 | } 86 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/obb/model/Resource.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2021 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package com.authlete.jaxrs.server.obb.model; 17 | 18 | 19 | import java.io.Serializable; 20 | 21 | 22 | public class Resource implements Serializable 23 | { 24 | private static final long serialVersionUID = 1L; 25 | 26 | 27 | private String resourceId; 28 | private String type; 29 | private String status; 30 | 31 | 32 | public Resource() 33 | { 34 | } 35 | 36 | 37 | public Resource(String resourceId, String type, String status) 38 | { 39 | this.resourceId = resourceId; 40 | this.type = type; 41 | this.status = status; 42 | } 43 | 44 | 45 | public String getResourceId() 46 | { 47 | return resourceId; 48 | } 49 | 50 | 51 | public Resource setResourceId(String resourceId) 52 | { 53 | this.resourceId = resourceId; 54 | 55 | return this; 56 | } 57 | 58 | 59 | public String getType() 60 | { 61 | return type; 62 | } 63 | 64 | 65 | public Resource setType(String type) 66 | { 67 | this.type = type; 68 | 69 | return this; 70 | } 71 | 72 | 73 | public String getStatus() 74 | { 75 | return status; 76 | } 77 | 78 | 79 | public Resource setStatus(String status) 80 | { 81 | this.status = status; 82 | 83 | return this; 84 | } 85 | } 86 | -------------------------------------------------------------------------------- /certs/Open_Banking_Brasil_Sandbox_Root_G2.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFvDCCA6SgAwIBAgIUKhBUxL5Dt4w3xH1V3X1n+x/e3hcwDQYJKoZIhvcNAQEN 3 | BQAwdjELMAkGA1UEBhMCQlIxHDAaBgNVBAoTE09wZW4gRmluYW5jZSBCcmFzaWwx 4 | HTAbBgNVBAsTFE9wZW4gRmluYW5jZSBzYW5kYm94MSowKAYDVQQDEyFPcGVuIEZp 5 | bmFuY2Ugc2FuZGJveCBSb290IENBIC0gRzIwHhcNMjMwMzA5MTQzNjAwWhcNMzgw 6 | MzA1MTQzNjAwWjB2MQswCQYDVQQGEwJCUjEcMBoGA1UEChMTT3BlbiBGaW5hbmNl 7 | IEJyYXNpbDEdMBsGA1UECxMUT3BlbiBGaW5hbmNlIHNhbmRib3gxKjAoBgNVBAMT 8 | IU9wZW4gRmluYW5jZSBzYW5kYm94IFJvb3QgQ0EgLSBHMjCCAiIwDQYJKoZIhvcN 9 | AQEBBQADggIPADCCAgoCggIBALJFBgmKj3iDF3C8+8smNNQDxLFA9kCcca1iaxQf 10 | vMI/FKGW2ullHhH+W3EGEajn39QOlccGyrfCONHLqMW53+HAMtwiIvcrJgj72V7D 11 | nYflO3aaCFwoC31PL1+pMBo88F6jvezZ8BlRnheT7urCs6+onhz8pm0cVNc77U5X 12 | pi8IOJz1QFKecJnFLjG0NiLCzOzjLSo0A8Rue9K/H5fjq+PqKdXG94AoQyFUwlsU 13 | y4aXbylDz1kRiOSnOlRNPcY/su95pFKQbGgaZZ1fLf89i5PtHAUu92FbD7H7OyYX 14 | XpZ97La0d7cUH0A4nb+LpOd/f0c8lAN2Ya1B8aKvWiF23q3c8EoAJyhrdkHKe6yI 15 | YvLC5G5jkbJefeQcp34IgD8T+Tn3aBF7YgmlYUMbnsuokBG28Hr50EAklCclA0bb 16 | 4pmf8nE6y7VQ0CM/bNZd1F9AjxLukkyvkrOD6A6uv+c5KeC+da245dBzsyhiKe9R 17 | RX5Gkf7NSkDu9b9YkdDaWV6LXxpUA0SmdT9M16yK3XPDKOWBI4gVSB1KuwrOcal/ 18 | dMwFUlxvqdGugRbxDNNukxa0l3JztGg6XYLjEiiYrQ+7HChbUVNlM0l0VZAz4eON 19 | gYrq2ExUDWlQXiES389/Qz3R3yDk9ib1YsMHwAux2ulCssFVn4EgtnYFfgf3o01J 20 | 3CedAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0G 21 | A1UdDgQWBBQVb9vsej3AhKXXgbWRvfmoWNM++jANBgkqhkiG9w0BAQ0FAAOCAgEA 22 | VPrUd4UDjOhkxOzSN4bMr0cULZJwQPRV8aj99tzdv8Ef44CwLVkLmm7Z2d1uRA9l 23 | 7xbK6W8L1oL95iV4K4o2u4+ZFG7mrOfU2T2wgTfMlIxHDoAxS49flUYkBpQI1Wj4 24 | JBZ6fKGFVH6PyIio0I2Mx2u80ZX6lPYQ2q4DR6eBUoNt8T8XSWpD4TjroFbOVIp+ 25 | N84alBca/pvW2aF2HwPndrL/Y++HZp3TpdUeBUT757KOZ7hdwf30pxd8qNn8+peb 26 | bP2h6b9pjKAmS8ciBExJzchhQWJRP6LIdvexTsBQ1HLxlZNrlg66wYT0kuVVzRTa 27 | 0qRvIjQ0ntmhy2DtmE5VFT9O8ahcQL5Ddk8B4dhiy59vjALS6kIUXJ6GCobzRUsQ 28 | a7b7J7nu+PTY+qVo0LsTMO1rVTUXD63gVk8QmPUwnvduk9nxraNpVP+m17BuEcls 29 | EsoGAAQYcmzOlnZpqhhbTnbsEayW1bMyxkLjBjXpOfBgrvyv5fU/09lP6VB20FJr 30 | zVPZWr5PTzaaizDDecSKgZ1ANIwXIIwWirwzDqqQb922JtcH+Ca6JJWgrV7+kDCU 31 | cVzwKVYievjXMCsmRSzDKEgp4n1AgrxcoaH0smD+qA+wzfsMqvEA1iTNW7zdnF0o 32 | 6UJ9rkWxKr+JRZ5jFO+kpKQ1DxfDJZE554aO8AXzYEI= 33 | -----END CERTIFICATE----- -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/api/AppleAppSiteAssociation.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2016 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, 11 | * software distributed under the License is distributed on an 12 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 13 | * either express or implied. See the License for the specific 14 | * language governing permissions and limitations under the 15 | * License. 16 | */ 17 | package com.authlete.jaxrs.server.api; 18 | 19 | 20 | import javax.ws.rs.GET; 21 | import javax.ws.rs.Path; 22 | import javax.ws.rs.core.MediaType; 23 | import javax.ws.rs.core.Response; 24 | 25 | 26 | /** 27 | * Allow our mobile app to claim the authorization endpoint 28 | * 29 | * See: 30 | * 31 | * https://openid.net/2019/10/21/guest-blog-implementing-app-to-app-authorisation-in-oauth2-openid-connect/ 32 | * 33 | * https://developer.apple.com/documentation/uikit/inter-process_communication/allowing_apps_and_websites_to_link_to_your_content/enabling_universal_links 34 | */ 35 | @Path("/.well-known/apple-app-site-association") 36 | public class AppleAppSiteAssociation 37 | { 38 | /** 39 | * OpenID Provider configuration endpoint. 40 | */ 41 | @GET 42 | public Response get() 43 | { 44 | String json = 45 | "{\n" + 46 | " \"applinks\": {\n" + 47 | " \"apps\": [],\n" + 48 | " \"details\": [{\n" + 49 | " \"appID\": \"337ZW7BQW9.com.authlete.fapidev-app2app\",\n" + 50 | " \"paths\": [\"/api/authorization\"]\n" + 51 | " }]\n" + 52 | " }\n" + 53 | "}\n"; 54 | return Response 55 | .status(Response.Status.OK) 56 | .entity(json).type(MediaType.APPLICATION_JSON_TYPE) 57 | .build(); 58 | } 59 | } 60 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/util/TypedSystemProperties.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2019 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, 11 | * software distributed under the License is distributed on an 12 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 13 | * either express or implied. See the License for the specific 14 | * language governing permissions and limitations under the 15 | * License. 16 | */ 17 | package com.authlete.jaxrs.server.util; 18 | 19 | 20 | import java.util.Properties; 21 | import com.authlete.common.util.StringBasedTypedProperties; 22 | 23 | 24 | /** 25 | * A class for system properties. 26 | * 27 | * @author Hideki Ikeda 28 | */ 29 | public class TypedSystemProperties extends StringBasedTypedProperties 30 | { 31 | @Override 32 | public boolean contains(String key) 33 | { 34 | Properties properties = System.getProperties(); 35 | 36 | if (properties == null) 37 | { 38 | return false; 39 | } 40 | 41 | return properties.containsKey(key); 42 | } 43 | 44 | 45 | @Override 46 | public String getString(String key, String defaultValue) 47 | { 48 | if (key == null) 49 | { 50 | return defaultValue; 51 | } 52 | 53 | return System.getProperty(key, defaultValue); 54 | } 55 | 56 | 57 | @Override 58 | public void setString(String key, String value) 59 | { 60 | if (key == null) 61 | { 62 | return; 63 | } 64 | 65 | System.setProperty(key, value); 66 | } 67 | 68 | 69 | @Override 70 | public void remove(String key) 71 | { 72 | if (key == null) 73 | { 74 | return; 75 | } 76 | 77 | setString(key, null); 78 | } 79 | 80 | 81 | @Override 82 | public void clear() 83 | { 84 | throw new UnsupportedOperationException("clear() is not supported."); 85 | } 86 | } 87 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/obb/model/ResponseAccountList.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2021 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package com.authlete.jaxrs.server.obb.model; 17 | 18 | 19 | import java.io.Serializable; 20 | 21 | 22 | /** 23 | * ResponseAccountList 24 | * 25 | * @see ResponseAccountList 27 | */ 28 | public class ResponseAccountList implements Serializable 29 | { 30 | private static final long serialVersionUID = 1L; 31 | 32 | 33 | private AccountData[] data; 34 | private Links links; 35 | private Meta meta; 36 | 37 | 38 | public ResponseAccountList() 39 | { 40 | } 41 | 42 | 43 | public ResponseAccountList(AccountData[] data, Links links, Meta meta) 44 | { 45 | this.data = data; 46 | this.links = links; 47 | this.meta = meta; 48 | } 49 | 50 | 51 | public AccountData[] getData() 52 | { 53 | return data; 54 | } 55 | 56 | 57 | public ResponseAccountList setData(AccountData[] data) 58 | { 59 | this.data = data; 60 | 61 | return this; 62 | } 63 | 64 | 65 | public Links getLinks() 66 | { 67 | return links; 68 | } 69 | 70 | 71 | public ResponseAccountList setLinks(Links links) 72 | { 73 | this.links = links; 74 | 75 | return this; 76 | } 77 | 78 | 79 | public Meta getMeta() 80 | { 81 | return meta; 82 | } 83 | 84 | 85 | public ResponseAccountList setMeta(Meta meta) 86 | { 87 | this.meta = meta; 88 | 89 | return this; 90 | } 91 | } 92 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/obb/model/ResponseResourceList.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2021 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package com.authlete.jaxrs.server.obb.model; 17 | 18 | 19 | import java.io.Serializable; 20 | 21 | 22 | /** 23 | * ResponseResourceList. 24 | * 25 | * @see ResponseResourceList 27 | */ 28 | public class ResponseResourceList implements Serializable 29 | { 30 | private static final long serialVersionUID = 1L; 31 | 32 | 33 | private Resource[] data; 34 | private Links links; 35 | private Meta meta; 36 | 37 | 38 | public ResponseResourceList() 39 | { 40 | } 41 | 42 | 43 | public ResponseResourceList(Resource[] data, Links links, Meta meta) 44 | { 45 | this.data = data; 46 | this.links = links; 47 | this.meta = meta; 48 | } 49 | 50 | 51 | public Resource[] getData() 52 | { 53 | return data; 54 | } 55 | 56 | 57 | public ResponseResourceList setData(Resource[] data) 58 | { 59 | this.data = data; 60 | 61 | return this; 62 | } 63 | 64 | 65 | public Links getLinks() 66 | { 67 | return links; 68 | } 69 | 70 | 71 | public ResponseResourceList setLinks(Links links) 72 | { 73 | this.links = links; 74 | 75 | return this; 76 | } 77 | 78 | 79 | public Meta getMeta() 80 | { 81 | return meta; 82 | } 83 | 84 | 85 | public ResponseResourceList setMeta(Meta meta) 86 | { 87 | this.meta = meta; 88 | 89 | return this; 90 | } 91 | } 92 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/obb/model/ResponseError.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2021 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package com.authlete.jaxrs.server.obb.model; 17 | 18 | 19 | import java.io.Serializable; 20 | import com.authlete.jaxrs.server.obb.util.ObbUtils; 21 | 22 | 23 | /** 24 | * ResponseError 25 | * 26 | * @see ResponseError 28 | */ 29 | public class ResponseError implements Serializable 30 | { 31 | private static final long serialVersionUID = 1L; 32 | 33 | 34 | private Error[] errors; 35 | private Meta meta; 36 | 37 | 38 | public ResponseError() 39 | { 40 | } 41 | 42 | 43 | public ResponseError(Error[] errors, Meta meta) 44 | { 45 | this.errors = errors; 46 | this.meta = meta; 47 | } 48 | 49 | 50 | public Error[] getErrors() 51 | { 52 | return errors; 53 | } 54 | 55 | 56 | public ResponseError setErrors(Error[] errors) 57 | { 58 | this.errors = errors; 59 | 60 | return this; 61 | } 62 | 63 | 64 | public Meta getMeta() 65 | { 66 | return meta; 67 | } 68 | 69 | 70 | public ResponseError setMeta(Meta meta) 71 | { 72 | this.meta = meta; 73 | 74 | return this; 75 | } 76 | 77 | 78 | public static ResponseError create( 79 | String code, String title, String detail) 80 | { 81 | Error[] errors = new Error[] { new Error(code, title, detail) }; 82 | Meta meta = new Meta(1, 1, ObbUtils.formatNow()); 83 | 84 | return new ResponseError(errors, meta); 85 | } 86 | } 87 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/obb/model/Meta.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2021 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package com.authlete.jaxrs.server.obb.model; 17 | 18 | 19 | import java.io.Serializable; 20 | 21 | 22 | /** 23 | * Meta 24 | * 25 | * @see Meta 27 | */ 28 | public class Meta implements Serializable 29 | { 30 | private static final long serialVersionUID = 1L; 31 | 32 | 33 | private int totalRecords; 34 | private int totalPages; 35 | private String requestDateTime; 36 | 37 | 38 | public Meta() 39 | { 40 | } 41 | 42 | 43 | public Meta(int totalRecords, int totalPages, String requestDateTime) 44 | { 45 | this.totalRecords = totalRecords; 46 | this.totalPages = totalPages; 47 | this.requestDateTime = requestDateTime; 48 | } 49 | 50 | 51 | public int getTotalRecords() 52 | { 53 | return totalRecords; 54 | } 55 | 56 | 57 | public Meta setTotalRecords(int totalRecords) 58 | { 59 | this.totalRecords = totalRecords; 60 | 61 | return this; 62 | } 63 | 64 | 65 | public int getTotalPages() 66 | { 67 | return totalPages; 68 | } 69 | 70 | 71 | public Meta setTotalPages(int totalPages) 72 | { 73 | this.totalPages = totalPages; 74 | 75 | return this; 76 | } 77 | 78 | 79 | public String getRequestDateTime() 80 | { 81 | return requestDateTime; 82 | } 83 | 84 | 85 | public Meta setRequestDateTime(String datetime) 86 | { 87 | this.requestDateTime = datetime; 88 | 89 | return this; 90 | } 91 | } 92 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/api/GrantManagementEndpoint.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2021 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, 11 | * software distributed under the License is distributed on an 12 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 13 | * either express or implied. See the License for the specific 14 | * language governing permissions and limitations under the 15 | * License. 16 | */ 17 | package com.authlete.jaxrs.server.api; 18 | 19 | 20 | import javax.servlet.http.HttpServletRequest; 21 | import javax.ws.rs.DELETE; 22 | import javax.ws.rs.GET; 23 | import javax.ws.rs.Path; 24 | import javax.ws.rs.PathParam; 25 | import javax.ws.rs.core.Context; 26 | import javax.ws.rs.core.Response; 27 | import com.authlete.common.api.AuthleteApiFactory; 28 | import com.authlete.jaxrs.BaseGrantManagementEndpoint; 29 | 30 | 31 | /** 32 | * An implementation of Grant Management Endpoint. 33 | * 34 | * @see Grant Management for OAuth 2.0 36 | */ 37 | @Path("/api/gm") 38 | public class GrantManagementEndpoint extends BaseGrantManagementEndpoint 39 | { 40 | /** 41 | * The entry point for grant management 'query' requests. 42 | */ 43 | @GET 44 | @Path("{grantId}") 45 | public Response query( 46 | @Context HttpServletRequest req, 47 | @PathParam("grantId") String grantId) 48 | { 49 | // Handle the grant management 'query' request. 50 | return handle(AuthleteApiFactory.getDefaultApi(), req, grantId); 51 | } 52 | 53 | 54 | /** 55 | * The entry point for grant management 'revoke' requests. 56 | */ 57 | @DELETE 58 | @Path("{grantId}") 59 | public Response revoke( 60 | @Context HttpServletRequest req, 61 | @PathParam("grantId") String grantId) 62 | { 63 | // Handle the grant management 'revoke' request. 64 | return handle(AuthleteApiFactory.getDefaultApi(), req, grantId); 65 | } 66 | } 67 | -------------------------------------------------------------------------------- /src/main/resources/ekyc-ida/examples/response/document_800_63A.json: -------------------------------------------------------------------------------- 1 | { 2 | "verified_claims": { 3 | "verification": { 4 | "trust_framework": "nist_800_63A", 5 | "assurance_level": "ial2", 6 | "assurance_process": { 7 | "assurance_details": [ 8 | { 9 | "assurance_type": "evidence_validation", 10 | "assurance_classification": "strong", 11 | "evidence_ref": [ 12 | { 13 | "txn": "DL1-93h506th2f45hf" 14 | } 15 | ] 16 | }, 17 | { 18 | "assurance_type": "verification", 19 | "assurance_classification": "strong", 20 | "evidence_ref": [ 21 | { 22 | "txn": "v-93jfk284ugjfj2093" 23 | } 24 | ] 25 | } 26 | ] 27 | }, 28 | "time": "2021-06-06T05:32Z", 29 | "verification_process": "7675D80F-57E0-AB14-9543-26B41FC22", 30 | "evidence": [ 31 | { 32 | "type": "document", 33 | "check_details": [ 34 | { 35 | "check_method": "vpiruv", 36 | "organization": "doc_checker", 37 | "txn": "DL1-93h506th2f45hf" 38 | }, 39 | { 40 | "check_method": "pvp", 41 | "organization": "face_checker", 42 | "txn": "v-93jfk284ugjfj2093" 43 | } 44 | ], 45 | "time": "2021-06-06T05:33Z", 46 | "document_details": { 47 | "type": "driving_permit", 48 | "document_number": "I1234568", 49 | "date_of_issuance": "2019-09-05", 50 | "date_of_expiry": "2024-08-01", 51 | "issuer": { 52 | "name": "CA DMV", 53 | "country": "US", 54 | "country_code": "USA", 55 | "jurisdiction": "CA" 56 | } 57 | } 58 | } 59 | ] 60 | }, 61 | "claims": { 62 | "given_name": "Inga", 63 | "family_name": "Silverstone", 64 | "birthdate": "1991-11-06", 65 | "place_of_birth": { 66 | "country": "USA" 67 | }, 68 | "address": { 69 | "locality": "Shoshone", 70 | "postal_code": "CA 92384", 71 | "country": "USA", 72 | "street_address": "114 Old State Hwy 127" 73 | } 74 | } 75 | } 76 | } 77 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/ad/dto/SyncAuthenticationResponse.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2019 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, 11 | * software distributed under the License is distributed on an 12 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 13 | * either express or implied. See the License for the specific 14 | * language governing permissions and limitations under the 15 | * License. 16 | */ 17 | package com.authlete.jaxrs.server.ad.dto; 18 | 19 | 20 | import java.io.Serializable; 21 | import com.authlete.jaxrs.server.ad.type.Result; 22 | 23 | 24 | /** 25 | * A class representing a response from 26 | * /api/authenticate/sync API of 27 | * Authlete CIBA authentication device simulator. 28 | * 29 | * @see Authlete CIBA authentication 30 | * device simulator 31 | * 32 | * @see 33 | * /api/authenticate/sync API 34 | * 35 | * @author Hideki Ikeda 36 | */ 37 | public class SyncAuthenticationResponse implements Serializable 38 | { 39 | private static final long serialVersionUID = 1L; 40 | 41 | 42 | private Result result; 43 | 44 | 45 | /** 46 | * Get the result of end-user authentication and authorization. 47 | * 48 | * @return 49 | * The result of end-user authentication and authorization. 50 | */ 51 | public Result getResult() 52 | { 53 | return result; 54 | } 55 | 56 | 57 | /** 58 | * Set the result of end-user authentication and authorization. 59 | * 60 | * @param result 61 | * The result of end-user authentication and authorization. 62 | * 63 | * @return 64 | * {@code this} object. 65 | */ 66 | public SyncAuthenticationResponse setResult(Result result) 67 | { 68 | this.result = result; 69 | 70 | return this; 71 | } 72 | } 73 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/api/vci/CredentialJwtIssuerEndpoint.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2023 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, 11 | * software distributed under the License is distributed on an 12 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 13 | * either express or implied. See the License for the specific 14 | * language governing permissions and limitations under the 15 | * License. 16 | */ 17 | package com.authlete.jaxrs.server.api.vci; 18 | 19 | 20 | import javax.ws.rs.GET; 21 | import javax.ws.rs.Path; 22 | import javax.ws.rs.WebApplicationException; 23 | import javax.ws.rs.core.Response; 24 | import com.authlete.common.api.AuthleteApi; 25 | import com.authlete.common.api.AuthleteApiFactory; 26 | import com.authlete.common.dto.CredentialJwtIssuerMetadataRequest; 27 | import com.authlete.common.dto.CredentialJwtIssuerMetadataResponse; 28 | import com.authlete.jaxrs.server.util.ResponseUtil; 29 | 30 | 31 | @Path("/.well-known/{path : jwt-issuer|jwt-vc-issuer}") 32 | public class CredentialJwtIssuerEndpoint extends AbstractCredentialEndpoint 33 | { 34 | @GET 35 | public Response get() 36 | { 37 | final AuthleteApi api = AuthleteApiFactory.getDefaultApi(); 38 | 39 | return metadata(api); 40 | } 41 | 42 | 43 | private Response metadata(AuthleteApi api) throws WebApplicationException 44 | { 45 | CredentialJwtIssuerMetadataRequest request = 46 | new CredentialJwtIssuerMetadataRequest() 47 | .setPretty(true); 48 | 49 | CredentialJwtIssuerMetadataResponse response = 50 | api.credentialJwtIssuerMetadata(request); 51 | 52 | String content = response.getResponseContent(); 53 | 54 | switch (response.getAction()) 55 | { 56 | case NOT_FOUND: 57 | return ResponseUtil.notFoundJson(content); 58 | 59 | case OK: 60 | return ResponseUtil.okJson(content); 61 | 62 | case INTERNAL_SERVER_ERROR: 63 | default: 64 | return ResponseUtil.internalServerError(content); 65 | } 66 | } 67 | } 68 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/vc/OrderFormat.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2023-2025 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, 11 | * software distributed under the License is distributed on an 12 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 13 | * either express or implied. See the License for the specific 14 | * language governing permissions and limitations under the 15 | * License. 16 | */ 17 | package com.authlete.jaxrs.server.vc; 18 | 19 | 20 | import java.util.Arrays; 21 | 22 | 23 | /** 24 | * Order formats. 25 | * 26 | *

27 | * NOTE: The media type of SD-JWT VC has been changed from {@code vc+sd-jwt} to 28 | * {@code dc+sd-jwt} by OAuth-SD-JWT-VC PR 268: change media type from vc+sd-jwt to dc+sd-jwt. 30 | *

31 | * 32 | * @see OAuth-SD-JWT VC PR 268: change media type from vc+sd-jwt to dc+sd-jwt 34 | * 35 | * @see IETF 121 Dublin, SD-JWT/SD-JWT VC, Page 51 37 | */ 38 | public enum OrderFormat 39 | { 40 | DC_SD_JWT("dc+sd-jwt", new SdJwtOrderProcessor()), 41 | VC_SD_JWT("vc+sd-jwt", new SdJwtOrderProcessor()), 42 | MDOC("mso_mdoc", new MdocOrderProcessor()), 43 | ; 44 | 45 | 46 | private final String id; 47 | private final OrderProcessor processor; 48 | 49 | 50 | private OrderFormat(String id, OrderProcessor processor) 51 | { 52 | this.id = id; 53 | this.processor = processor; 54 | } 55 | 56 | 57 | public String getId() 58 | { 59 | return id; 60 | } 61 | 62 | 63 | public OrderProcessor getProcessor() 64 | { 65 | return processor; 66 | } 67 | 68 | 69 | public static OrderFormat byId(final String id) 70 | { 71 | return Arrays.stream(OrderFormat.values()) 72 | .filter(format -> format.getId().equals(id)) 73 | .findFirst() 74 | .orElse(null); 75 | } 76 | } 77 | -------------------------------------------------------------------------------- /src/main/webapp/css/device/authorization.css: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2019 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, 11 | * software distributed under the License is distributed on an 12 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 13 | * either express or implied. See the License for the specific 14 | * language governing permissions and limitations under the 15 | * License. 16 | */ 17 | 18 | .font-default 19 | { 20 | font-family: 'Source Sans Pro', 'Helvetica Neue', 'Segoe UI', 'Arial', sans-serif; 21 | -webkit-font-smoothing: antialiased; 22 | color: #666; 23 | } 24 | 25 | body { 26 | margin: 0; 27 | text-shadow: none; 28 | } 29 | 30 | p { 31 | margin-top: 0; 32 | } 33 | 34 | h3, h4 { 35 | color: steelblue; 36 | } 37 | 38 | .indent { 39 | margin-left: 15px; 40 | } 41 | 42 | #page_title { 43 | background: #F5F5F5; 44 | color: steelblue; 45 | padding: 0.5em; 46 | margin: 0; 47 | } 48 | 49 | #content { 50 | padding: 0 20px 20px; 51 | } 52 | 53 | #scope-list { 54 | margin-left: 20px; 55 | } 56 | 57 | #scope-list dt { 58 | font-weight: bold; 59 | } 60 | 61 | #scope-list dd { 62 | margin-bottom: 10px; 63 | } 64 | 65 | input { 66 | color: black; 67 | } 68 | 69 | #authorization-form-buttons { 70 | margin: 20px auto; 71 | } 72 | 73 | #authorize-button, #deny-button { 74 | display: inline-block; 75 | width: 150px; 76 | padding: 12px 0; 77 | margin: 13px; 78 | min-height: 26px; 79 | text-align: center; 80 | text-decoration: none; 81 | outline: 0; 82 | -webkit-transition: none; 83 | transition: none; 84 | } 85 | 86 | #authorize-button { 87 | background-color: #4285f4; 88 | color: white; 89 | } 90 | 91 | #authorize-button:hover { 92 | background-color: #1255f4; 93 | } 94 | 95 | #authorize-button:active { 96 | background-color: blue; 97 | } 98 | 99 | #deny-button { 100 | background-color: #f08080; 101 | color: white; 102 | } 103 | 104 | #deny-button:hover { 105 | background-color: #f05050; 106 | } 107 | 108 | #deny-button:active { 109 | background-color: red; 110 | } 111 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/api/JwksEndpoint.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2016 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, 11 | * software distributed under the License is distributed on an 12 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 13 | * either express or implied. See the License for the specific 14 | * language governing permissions and limitations under the 15 | * License. 16 | */ 17 | package com.authlete.jaxrs.server.api; 18 | 19 | 20 | import javax.ws.rs.GET; 21 | import javax.ws.rs.Path; 22 | import javax.ws.rs.core.Response; 23 | import com.authlete.common.api.AuthleteApiFactory; 24 | import com.authlete.jaxrs.BaseJwksEndpoint; 25 | 26 | 27 | /** 28 | * An implementation of an endpoint to expose a JSON Web Key Set document 29 | * (RFC 7517). 30 | * 31 | *

32 | * An OpenID Provider (OP) is required to expose its JSON Web Key Set document 33 | * (JWK Set) so that client applications can (1) verify signatures by the OP 34 | * and (2) encrypt their requests to the OP. The URI of a JWK Set endpoint can 35 | * be found as the value of {@code jwks_uri} in OpenID Provider Metadata if the OP supports OpenID 39 | * Connect Discovery 1.0. 40 | *

41 | * 42 | * @see RFC 7517, JSON Web Key (JWK) 44 | * 45 | * @see OpenID Connect Core 1.0 47 | * 48 | * @see OpenID Connect Discovery 1.0 50 | * 51 | * @author Takahiko Kawasaki 52 | */ 53 | @Path("/api/jwks") 54 | public class JwksEndpoint extends BaseJwksEndpoint 55 | { 56 | /** 57 | * JWK Set endpoint. 58 | */ 59 | @GET 60 | public Response get() 61 | { 62 | // Handle the JWK Set request. 63 | return handle(AuthleteApiFactory.getDefaultApi()); 64 | } 65 | } 66 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/ad/dto/PollAuthenticationResponse.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2019 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, 11 | * software distributed under the License is distributed on an 12 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 13 | * either express or implied. See the License for the specific 14 | * language governing permissions and limitations under the 15 | * License. 16 | */ 17 | package com.authlete.jaxrs.server.ad.dto; 18 | 19 | 20 | import java.io.Serializable; 21 | import javax.xml.bind.annotation.XmlElement; 22 | 23 | 24 | /** 25 | * A class representing a response from 26 | * /api/authenticate/poll API of 27 | * Authlete CIBA authentication device simulator. 28 | * 29 | * @see Authlete CIBA authentication 30 | * device simulator 31 | * 32 | * @see 33 | * /api/authenticate/poll API 34 | * 35 | * @author Hideki Ikeda 36 | */ 37 | public class PollAuthenticationResponse implements Serializable 38 | { 39 | private static final long serialVersionUID = 1L; 40 | 41 | 42 | @XmlElement(name = "request_id") 43 | private String requestId; 44 | 45 | 46 | /** 47 | * Get the ID of the request corresponding to this response. 48 | * 49 | * @return 50 | * The ID of the request corresponding to this response. 51 | */ 52 | public String getRequestId() 53 | { 54 | return requestId; 55 | } 56 | 57 | 58 | /** 59 | * Set the ID of the request corresponding to this response. 60 | * 61 | * @param requestId 62 | * The ID of the request corresponding to this response. 63 | * 64 | * @return 65 | * {@code this} object. 66 | */ 67 | public PollAuthenticationResponse setRequestId(String requestId) 68 | { 69 | this.requestId = requestId; 70 | 71 | return this; 72 | } 73 | } 74 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/obb/model/Links.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2021 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package com.authlete.jaxrs.server.obb.model; 17 | 18 | 19 | import java.io.Serializable; 20 | 21 | 22 | /** 23 | * Links 24 | * 25 | * @see Links 27 | */ 28 | public class Links implements Serializable 29 | { 30 | private static final long serialVersionUID = 1L; 31 | 32 | 33 | private String self; 34 | private String first; 35 | private String prev; 36 | private String next; 37 | private String last; 38 | 39 | 40 | public String getSelf() 41 | { 42 | return self; 43 | } 44 | 45 | 46 | public Links setSelf(String self) 47 | { 48 | this.self = self; 49 | 50 | return this; 51 | } 52 | 53 | 54 | public String getFirst() 55 | { 56 | return first; 57 | } 58 | 59 | 60 | public Links setFirst(String first) 61 | { 62 | this.first = first; 63 | 64 | return this; 65 | } 66 | 67 | 68 | public String getPrev() 69 | { 70 | return prev; 71 | } 72 | 73 | 74 | public Links setPrev(String prev) 75 | { 76 | this.prev = prev; 77 | 78 | return this; 79 | } 80 | 81 | 82 | public String getNext() 83 | { 84 | return next; 85 | } 86 | 87 | 88 | public Links setNext(String next) 89 | { 90 | this.next = next; 91 | 92 | return this; 93 | } 94 | 95 | 96 | public String getLast() 97 | { 98 | return last; 99 | } 100 | 101 | 102 | public Links setLast(String last) 103 | { 104 | this.last = last; 105 | 106 | return this; 107 | } 108 | } 109 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/obb/model/ResponseConsent.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2021 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package com.authlete.jaxrs.server.obb.model; 17 | 18 | 19 | import java.io.Serializable; 20 | import com.authlete.jaxrs.server.obb.util.ObbUtils; 21 | 22 | 23 | /** 24 | * ResponseConsent. 25 | * 26 | * @see ResponseConsent 28 | */ 29 | public class ResponseConsent implements Serializable 30 | { 31 | private static final long serialVersionUID = 1L; 32 | 33 | 34 | private ResponseConsentData data; 35 | 36 | 37 | public ResponseConsent() 38 | { 39 | } 40 | 41 | 42 | public ResponseConsent(Consent consent, Links links, Meta meta) 43 | { 44 | data = new ResponseConsentData() 45 | .setConsentId(consent.getConsentId()) 46 | .setCreationDateTime(consent.getCreationDateTime()) 47 | .setStatus(consent.getStatus()) 48 | .setStatusUpdateDateTime(consent.getStatusUpdateDateTime()) 49 | .setPermissions(consent.getPermissions()) 50 | .setExpirationDateTime(consent.getExpirationDateTime()) 51 | .setLinks(links) 52 | .setMeta(meta) 53 | ; 54 | } 55 | 56 | 57 | public ResponseConsentData getData() 58 | { 59 | return data; 60 | } 61 | 62 | 63 | public ResponseConsent setData(ResponseConsentData data) 64 | { 65 | this.data = data; 66 | 67 | return this; 68 | } 69 | 70 | 71 | public static ResponseConsent create(Consent consent) 72 | { 73 | Links links = new Links().setSelf("/"); 74 | Meta meta = new Meta(1, 1, ObbUtils.formatNow()); 75 | 76 | return new ResponseConsent(consent, links, meta); 77 | } 78 | } 79 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/ad/dto/AsyncAuthenticationResponse.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2019 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, 11 | * software distributed under the License is distributed on an 12 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 13 | * either express or implied. See the License for the specific 14 | * language governing permissions and limitations under the 15 | * License. 16 | */ 17 | package com.authlete.jaxrs.server.ad.dto; 18 | 19 | 20 | import java.io.Serializable; 21 | import javax.xml.bind.annotation.XmlElement; 22 | 23 | 24 | /** 25 | * A class representing a response from 26 | * /api/authenticate/async API of 27 | * Authlete CIBA authentication device simulator. 28 | * 29 | * @see Authlete CIBA authentication 30 | * device simulator 31 | * 32 | * @see 33 | * /api/authenticate/async API 34 | * 35 | * @author Hideki Ikeda 36 | */ 37 | public class AsyncAuthenticationResponse implements Serializable 38 | { 39 | private static final long serialVersionUID = 1L; 40 | 41 | 42 | @XmlElement(name = "request_id") 43 | private String requestId; 44 | 45 | 46 | /** 47 | * Get the ID of the request corresponding to this response. 48 | * 49 | * @return 50 | * The ID of the request corresponding to this response. 51 | */ 52 | public String getRequestId() 53 | { 54 | return requestId; 55 | } 56 | 57 | 58 | /** 59 | * Set the ID of the request corresponding to this response. 60 | * 61 | * @param requestId 62 | * The ID of the request corresponding to this response. 63 | * 64 | * @return 65 | * {@code this} object. 66 | */ 67 | public AsyncAuthenticationResponse setRequestId(String requestId) 68 | { 69 | this.requestId = requestId; 70 | 71 | return this; 72 | } 73 | } 74 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/api/vci/CredentialJWKSetEndpoint.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2023 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, 11 | * software distributed under the License is distributed on an 12 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 13 | * either express or implied. See the License for the specific 14 | * language governing permissions and limitations under the 15 | * License. 16 | */ 17 | package com.authlete.jaxrs.server.api.vci; 18 | 19 | 20 | import javax.ws.rs.GET; 21 | import javax.ws.rs.Path; 22 | import javax.ws.rs.WebApplicationException; 23 | import javax.ws.rs.core.Response; 24 | import com.authlete.common.api.AuthleteApi; 25 | import com.authlete.common.api.AuthleteApiFactory; 26 | import com.authlete.common.dto.CredentialIssuerJwksRequest; 27 | import com.authlete.common.dto.CredentialIssuerJwksResponse; 28 | import com.authlete.jaxrs.server.util.ExceptionUtil; 29 | import com.authlete.jaxrs.server.util.ResponseUtil; 30 | 31 | 32 | @Path("/api/vci/jwks") 33 | public class CredentialJWKSetEndpoint extends AbstractCredentialEndpoint 34 | { 35 | @GET 36 | public Response get() 37 | { 38 | final AuthleteApi api = AuthleteApiFactory.getDefaultApi(); 39 | 40 | return process(api); 41 | } 42 | 43 | 44 | private Response process(final AuthleteApi api) 45 | throws WebApplicationException 46 | { 47 | final CredentialIssuerJwksRequest request = 48 | new CredentialIssuerJwksRequest() 49 | .setPretty(false); 50 | 51 | final CredentialIssuerJwksResponse response = 52 | api.credentialIssuerJwks(request); 53 | final String content = response.getResponseContent(); 54 | 55 | switch (response.getAction()) 56 | { 57 | case NOT_FOUND: 58 | return ResponseUtil.notFoundJson(content); 59 | 60 | case OK: 61 | return ResponseUtil.okJson(response.getResponseContent()); 62 | 63 | case INTERNAL_SERVER_ERROR: 64 | default: 65 | throw ExceptionUtil.internalServerErrorExceptionJson(content); 66 | } 67 | } 68 | } 69 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/federation/ServerConfig.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2022 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package com.authlete.jaxrs.server.federation; 17 | 18 | 19 | import static com.authlete.jaxrs.server.federation.ConfigValidationHelper.ensureNotEmpty; 20 | import static com.authlete.jaxrs.server.federation.ConfigValidationHelper.ensureUri; 21 | import java.io.Serializable; 22 | 23 | 24 | /** 25 | * Server configuration for ID federation. 26 | * 27 | * 
28 |  * {
29 |  *     "name": "(display name of the OpenID Provider)",
30 |  *     "issuer": "(issuer identifier of the OpenID Provider)"
31 |  * }
32 |  *
33 | * 34 | *

35 | * The value of {@code "issuer"} must match the value of {@code "issuer"} 36 | * in the discovery document of the OpenID Provider. The OpenID Provider 37 | * must expose its discovery document at 38 | * {issuer}/.well-known/openid-configuration. 39 | *

40 | * 41 | * @see FederationConfig 42 | */ 43 | public class ServerConfig implements Serializable 44 | { 45 | private static final long serialVersionUID = 1L; 46 | 47 | 48 | private String name; 49 | private String issuer; 50 | 51 | 52 | public String getName() 53 | { 54 | return name; 55 | } 56 | 57 | 58 | public ServerConfig setName(String name) 59 | { 60 | this.name = name; 61 | 62 | return this; 63 | } 64 | 65 | 66 | public String getIssuer() 67 | { 68 | return issuer; 69 | } 70 | 71 | 72 | public ServerConfig setIssuer(String issuer) 73 | { 74 | this.issuer = issuer; 75 | 76 | return this; 77 | } 78 | 79 | 80 | public void validate() throws IllegalStateException 81 | { 82 | ensureNotEmpty("server/name", name); 83 | ensureNotEmpty("server/issuer", issuer); 84 | ensureUri("server/issuer", issuer); 85 | } 86 | } 87 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/api/vci/CredentialMetadataEndpoint.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2023 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, 11 | * software distributed under the License is distributed on an 12 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 13 | * either express or implied. See the License for the specific 14 | * language governing permissions and limitations under the 15 | * License. 16 | */ 17 | package com.authlete.jaxrs.server.api.vci; 18 | 19 | 20 | import javax.ws.rs.GET; 21 | import javax.ws.rs.Path; 22 | import javax.ws.rs.WebApplicationException; 23 | import javax.ws.rs.core.Response; 24 | import com.authlete.common.api.AuthleteApi; 25 | import com.authlete.common.api.AuthleteApiFactory; 26 | import com.authlete.common.dto.CredentialIssuerMetadataRequest; 27 | import com.authlete.common.dto.CredentialIssuerMetadataResponse; 28 | import com.authlete.jaxrs.server.util.ExceptionUtil; 29 | import com.authlete.jaxrs.server.util.ResponseUtil; 30 | 31 | 32 | @Path("/.well-known/openid-credential-issuer") 33 | public class CredentialMetadataEndpoint extends AbstractCredentialEndpoint 34 | { 35 | @GET 36 | public Response get() 37 | { 38 | final AuthleteApi api = AuthleteApiFactory.getDefaultApi(); 39 | 40 | return metadata(api); 41 | } 42 | 43 | 44 | private Response metadata(final AuthleteApi api) 45 | throws WebApplicationException 46 | { 47 | final CredentialIssuerMetadataRequest request = 48 | new CredentialIssuerMetadataRequest() 49 | .setPretty(true); 50 | 51 | final CredentialIssuerMetadataResponse response = 52 | api.credentialIssuerMetadata(request); 53 | final String content = response.getResponseContent(); 54 | 55 | switch (response.getAction()) 56 | { 57 | case NOT_FOUND: 58 | return ResponseUtil.notFoundJson(content); 59 | 60 | case OK: 61 | return ResponseUtil.okJson(response.getResponseContent()); 62 | 63 | case INTERNAL_SERVER_ERROR: 64 | default: 65 | throw ExceptionUtil.internalServerErrorExceptionJson(content); 66 | } 67 | } 68 | } 69 | -------------------------------------------------------------------------------- /src/main/webapp/css/device/verification.css: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2019 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, 11 | * software distributed under the License is distributed on an 12 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 13 | * either express or implied. See the License for the specific 14 | * language governing permissions and limitations under the 15 | * License. 16 | */ 17 | 18 | .font-default 19 | { 20 | font-family: 'Source Sans Pro', 'Helvetica Neue', 'Segoe UI', 'Arial', sans-serif; 21 | -webkit-font-smoothing: antialiased; 22 | color: #666; 23 | } 24 | 25 | body { 26 | margin: 0; 27 | text-shadow: none; 28 | } 29 | 30 | p { 31 | margin-top: 0; 32 | } 33 | 34 | h3, h4 { 35 | color: steelblue; 36 | } 37 | 38 | .indent { 39 | margin-left: 15px; 40 | } 41 | 42 | #page_title { 43 | background: #F5F5F5; 44 | color: steelblue; 45 | padding: 0.5em; 46 | margin: 0; 47 | } 48 | 49 | #content { 50 | padding: 0 20px 20px; 51 | } 52 | 53 | #notification { 54 | color: red; 55 | } 56 | 57 | input { 58 | color: black; 59 | } 60 | 61 | #login-fields, #usercode-field { 62 | margin-bottom: 20px; 63 | } 64 | 65 | #usercode-field { 66 | margin-top: 20px; 67 | } 68 | 69 | #login-prompt, #usercode-prompt { 70 | font-size: 85%; 71 | margin-bottom: 5px; 72 | } 73 | 74 | #loginId { 75 | display: block; 76 | border: 1px solid #666; 77 | border-bottom: none; 78 | padding: 0.3em 0.5em; 79 | width: 300px; 80 | } 81 | 82 | #password { 83 | display: block; 84 | border: 1px solid #666; 85 | padding: 0.3em 0.5em; 86 | width: 300px; 87 | } 88 | 89 | #verification-form-button { 90 | margin: 20px auto; 91 | } 92 | 93 | #send-button { 94 | display: inline-block; 95 | width: 150px; 96 | padding: 12px 0; 97 | margin: 13px; 98 | min-height: 26px; 99 | text-align: center; 100 | text-decoration: none; 101 | outline: 0; 102 | -webkit-transition: none; 103 | transition: none; 104 | background-color: #4285f4; 105 | color: white; 106 | } 107 | 108 | #send-button:hover { 109 | background-color: #1255f4; 110 | } 111 | 112 | #send-button:active { 113 | background-color: blue; 114 | } 115 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/federation/ConfigValidationHelper.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2022 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package com.authlete.jaxrs.server.federation; 17 | 18 | 19 | import java.net.URI; 20 | import java.net.URISyntaxException; 21 | import java.text.MessageFormat; 22 | 23 | 24 | /** 25 | * Helper class for validation on configuration of ID federations. 26 | */ 27 | class ConfigValidationHelper 28 | { 29 | public static IllegalStateException illegalState(String format, Object... arguments) 30 | { 31 | String message = MessageFormat.format(format, arguments); 32 | 33 | return new IllegalStateException(message); 34 | } 35 | 36 | 37 | public static IllegalStateException lack(String key) 38 | { 39 | return illegalState("The ID federation configuration lacks ''{0}'' or its value is empty.", key); 40 | } 41 | 42 | 43 | public static void ensureNotEmpty(String key, Object value) throws IllegalStateException 44 | { 45 | if (value == null) 46 | { 47 | throw lack(key); 48 | } 49 | } 50 | 51 | 52 | public static void ensureNotEmpty(String key, String value) throws IllegalStateException 53 | { 54 | if (value == null || value.isEmpty()) 55 | { 56 | throw lack(key); 57 | } 58 | } 59 | 60 | 61 | public static void ensureNotEmpty(String key, T[] array) throws IllegalStateException 62 | { 63 | if (array == null || array.length == 0) 64 | { 65 | throw lack(key); 66 | } 67 | } 68 | 69 | 70 | public static void ensureUri(String key, String value) throws IllegalStateException 71 | { 72 | try 73 | { 74 | new URI(value); 75 | } 76 | catch (URISyntaxException e) 77 | { 78 | throw illegalState("The value of ''{0}'' in the ID federation configuration is malformed: {1}", key, value); 79 | } 80 | } 81 | } 82 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/util/ServerProperties.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2019 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, 11 | * software distributed under the License is distributed on an 12 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 13 | * either express or implied. See the License for the specific 14 | * language governing permissions and limitations under the 15 | * License. 16 | */ 17 | package com.authlete.jaxrs.server.util; 18 | 19 | 20 | import java.util.MissingResourceException; 21 | import java.util.ResourceBundle; 22 | 23 | 24 | /** 25 | * A class to read properties from an external file or system properties. 26 | * 27 | * @author Hideki Ikeda 28 | */ 29 | public class ServerProperties extends TypedSystemProperties 30 | { 31 | private static final ResourceBundle RESOURCE_BUNDLE; 32 | 33 | 34 | static 35 | { 36 | ResourceBundle bundle = null; 37 | 38 | try 39 | { 40 | bundle = ResourceBundle.getBundle("java-oauth-server"); 41 | } 42 | catch (MissingResourceException mre) 43 | { 44 | // ignore 45 | mre.printStackTrace(); 46 | } 47 | 48 | RESOURCE_BUNDLE = bundle; 49 | } 50 | 51 | 52 | @Override 53 | public String getString(String key, String defaultValue) 54 | { 55 | if (key == null) 56 | { 57 | return defaultValue; 58 | } 59 | 60 | // If the parameter identified by the key exists in the system properties. 61 | if (super.contains(key)) 62 | { 63 | // Use the value of the system property. 64 | return super.getString(key, defaultValue); 65 | } 66 | 67 | // If "java-oauth-server.properties" is not available. 68 | if (RESOURCE_BUNDLE == null) 69 | { 70 | // Use the default value. 71 | return defaultValue; 72 | } 73 | 74 | try 75 | { 76 | // Search "java-oauth-server.properties" for the parameter. 77 | return RESOURCE_BUNDLE.getString(key); 78 | } 79 | catch (MissingResourceException e) 80 | { 81 | // Return the default value. 82 | return defaultValue; 83 | } 84 | } 85 | } 86 | -------------------------------------------------------------------------------- /authlete.properties: -------------------------------------------------------------------------------- 1 | #================================================================================ 2 | # Authlete Configuration File 3 | # 4 | # There are several ways to construct an AuthleteConfiguration instance 5 | # which represents "authlete configuration". AuthletePropertiesConfiguration 6 | # is one of implementations of the AuthleteConfiguration interface. This file 7 | # can be used as input for AuthletePropertiesConfiguration. See the JavaDoc 8 | # of authlete-java-common library for details. 9 | # 10 | # authlete-java-common library 11 | # Source: https://github.com/authlete/authlete-java-common 12 | # JavaDoc: http://authlete.github.io/authlete-java-common/ 13 | # 14 | #================================================================================ 15 | 16 | 17 | # base_url 18 | # 19 | # The base URL of the Authlete server. If you are using the shared server, 20 | # set "https://api.authlete.com" to this parameter. On the other hand, if 21 | # you are using a dedicated server, please contact "Authlete, Inc." 22 | # about the URL of your dedicated Authlete server. 23 | # 24 | base_url = https://api.authlete.com 25 | 26 | 27 | # service.api_key 28 | # service.api_secret 29 | # 30 | # API credentials of one of your services. You can find API credentials of 31 | # your services in Service Owner Console. The location of the management 32 | # console is "https://so.authlete.com/" if you are using the shared server. 33 | # On the other hand, if you are using a dedicated server, please contact 34 | # "Authlete, Inc." about the location of the 35 | # management console of your dedicated Authlete server. 36 | # 37 | # You can use "service.api_secret.encrypted" instead of "service.api_secret" 38 | # to avoid writing a plain secret key in this configuration file. See the 39 | # JavaDoc of AuthletePropertiesConfiguration for details. 40 | # 41 | service.api_key = 5593494639 42 | service.api_secret = AAw0rner_-y1A6J9s20wjRCpkBvez3GxEBoL9jOJVR0 43 | 44 | # For Authlete 3.0 45 | # 46 | # To use Authlete 3.0, you need to uncomment the block starting from the line "api_version = V3". 47 | # 48 | # The base_url should be selected based on your service's cluster region (for the Shared Cloud version): 49 | # https://us.authlete.com - 🇺🇸 US Cluster 50 | # https://jp.authlete.com - 🇯🇵 Japan Cluster 51 | # https://eu.authlete.com - 🇪🇺 Europe Cluster 52 | # https://br.authlete.com - 🇧🇷 Brazil Cluster 53 | # 54 | #api_version = V3 55 | #base_url = https://.authlete.com 56 | #service.api_key = 986126671 57 | #service.access_token = 58 | -------------------------------------------------------------------------------- /src/main/webapp/WEB-INF/template/device/authorization.jsp: -------------------------------------------------------------------------------- 1 | 2 | 20 | 26 | 27 | 28 | 29 | 30 | Device Flow | Authorization 31 | 32 | 33 | 34 | 35 | 36 | 37 |
Device Flow Authorization
38 | 39 |
40 |

${model.clientName}

41 | 42 | 43 |

Permissions

44 |
45 |

The application is requesting the following permissions.

46 | 47 |
48 | 49 |
${scope.name}
50 |
${scope.description}
51 | 52 |
53 |
54 | 55 | 56 |

Authorization

57 |
58 |

Do you grant authorization to the application?

59 | 60 |
61 |
62 | 63 | 64 |
65 |
66 |
67 |
68 | 69 | 70 | 71 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/ad/dto/AsyncAuthenticationRequest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2019 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, 11 | * software distributed under the License is distributed on an 12 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 13 | * either express or implied. See the License for the specific 14 | * language governing permissions and limitations under the 15 | * License. 16 | */ 17 | package com.authlete.jaxrs.server.ad.dto; 18 | 19 | 20 | /** 21 | * A class representing a request to 22 | * /api/authenticate/async API of 23 | * Authlete CIBA authentication device simulator. 24 | * 25 | * @see Authlete CIBA authentication 26 | * device simulator 27 | * 28 | * @see 29 | * /api/authenticate/async API 30 | * 31 | * @author Hideki Ikeda 32 | */ 33 | public class AsyncAuthenticationRequest extends BaseAuthenticationRequest 34 | { 35 | private static final long serialVersionUID = 1L; 36 | 37 | 38 | private String state; 39 | 40 | 41 | /** 42 | * Get the value of {@code state} request parameter. 43 | * 44 | * @return 45 | * The value of {@code state} request parameter 46 | */ 47 | public String getState() 48 | { 49 | return state; 50 | } 51 | 52 | 53 | /** 54 | * Set the value of {@code state} request parameter. 55 | * 56 | *

57 | * Arbitrary data can be set to this request parameter and the data will be 58 | * sent to the callback endpoint with the result of end-user authentication 59 | * and authorization. 60 | *

61 | * 62 | * @param state 63 | * Arbitrary data that will be sent to the callback endpoint with the 64 | * result of end-user authentication and authorization. 65 | * 66 | * @return 67 | * {@code this} object. 68 | */ 69 | public AsyncAuthenticationRequest setState(String state) 70 | { 71 | this.state = state; 72 | 73 | return this; 74 | } 75 | } 76 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/util/ProcessingUtil.java: -------------------------------------------------------------------------------- 1 | package com.authlete.jaxrs.server.util; 2 | 3 | 4 | import static com.authlete.jaxrs.server.util.ExceptionUtil.badRequestException; 5 | import java.util.Date; 6 | import java.util.Map; 7 | import java.util.stream.Collectors; 8 | import javax.servlet.http.HttpServletRequest; 9 | import javax.servlet.http.HttpSession; 10 | import javax.ws.rs.core.MultivaluedMap; 11 | import com.authlete.common.types.User; 12 | import com.authlete.jaxrs.server.db.UserDao; 13 | 14 | 15 | public class ProcessingUtil 16 | { 17 | 18 | @SuppressWarnings("unchecked") 19 | public static Map flattenMultivaluedMap(final MultivaluedMap multimap) 20 | { 21 | return multimap.entrySet().stream() 22 | .filter(e -> e.getValue() != null && !e.getValue().isEmpty()) 23 | .map(e -> new Object[]{e.getKey(), e.getValue().get(0)}) 24 | .collect(Collectors.toMap(e -> (K)e[0], e -> (V)e[1])); 25 | } 26 | 27 | 28 | public static boolean fromFormCheckbox(final Map map, final K key) 29 | { 30 | return "on".equals(map.getOrDefault(key, "off")); 31 | } 32 | 33 | 34 | /** 35 | * Get the existing session. 36 | */ 37 | public static HttpSession getSession(HttpServletRequest request) 38 | { 39 | // Get the existing session. 40 | HttpSession session = request.getSession(false); 41 | 42 | // If there exists a session. 43 | if (session != null) 44 | { 45 | // OK. 46 | return session; 47 | } 48 | 49 | // A session does not exist. Make a response of "400 Bad Request". 50 | throw badRequestException("A session does not exist."); 51 | } 52 | 53 | 54 | /** 55 | * Look up an end-user. 56 | */ 57 | public static User getUser(HttpSession session, MultivaluedMap parameters) 58 | { 59 | // Look up the user in the session to see if they're already logged in. 60 | User sessionUser = (User) session.getAttribute("user"); 61 | 62 | if (sessionUser != null) 63 | { 64 | return sessionUser; 65 | } 66 | 67 | // Look up an end-user who has the login credentials. 68 | User loginUser = UserDao.getByCredentials(parameters.getFirst("loginId"), 69 | parameters.getFirst("password")); 70 | 71 | if (loginUser != null) 72 | { 73 | session.setAttribute("user", loginUser); 74 | session.setAttribute("authTime", new Date()); 75 | } 76 | 77 | return loginUser; 78 | } 79 | 80 | } 81 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/api/AuthzPageModel.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2022 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package com.authlete.jaxrs.server.api; 17 | 18 | 19 | import com.authlete.common.dto.AuthorizationResponse; 20 | import com.authlete.common.types.User; 21 | import com.authlete.jaxrs.AuthorizationPageModel; 22 | import com.authlete.jaxrs.server.federation.FederationConfig; 23 | 24 | 25 | /** 26 | * Data used to render the authorization page. 27 | */ 28 | public class AuthzPageModel extends AuthorizationPageModel 29 | { 30 | private static final long serialVersionUID = 1L; 31 | 32 | 33 | private FederationConfig[] federations; 34 | private String federationMessage; 35 | 36 | 37 | public AuthzPageModel( 38 | AuthorizationResponse info, User user, FederationConfig[] federations) 39 | { 40 | super(info, user); 41 | 42 | this.federations = federations; 43 | } 44 | 45 | 46 | /** 47 | * Get the configurations of ID federations. 48 | * 49 | *

50 | * If this method returns a non-empty array, links for ID federation 51 | * will be displayed in the authorization page. 52 | *

53 | */ 54 | public FederationConfig[] getFederations() 55 | { 56 | return federations; 57 | } 58 | 59 | 60 | /** 61 | * Set the configurations of ID federations. 62 | */ 63 | public AuthzPageModel setFederations(FederationConfig[] federations) 64 | { 65 | this.federations = federations; 66 | 67 | return this; 68 | } 69 | 70 | 71 | /** 72 | * Get the feedback message from the process of ID federation. 73 | * 74 | *

75 | * If this method returns a non-null value, the message will be displayed 76 | * in the authorization page. 77 | *

78 | */ 79 | public String getFederationMessage() 80 | { 81 | return federationMessage; 82 | } 83 | 84 | 85 | /** 86 | * Set the feedback message from the process of ID federation. 87 | */ 88 | public AuthzPageModel setFederationMessage(String message) 89 | { 90 | this.federationMessage = message; 91 | 92 | return this; 93 | } 94 | } 95 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/federation/FederationConfig.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2022 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package com.authlete.jaxrs.server.federation; 17 | 18 | 19 | import static com.authlete.jaxrs.server.federation.ConfigValidationHelper.ensureNotEmpty; 20 | import java.io.Serializable; 21 | 22 | 23 | /** 24 | * Configuration of ID federation. 25 | * 26 | * 
 27 |  * {
 28 |  *     "id": "(unique identifier among the configurations)",
 29 |  *     "server": {
 30 |  *         (mapped to {@link ServerConfig})
 31 |  *     },
 32 |  *     "client": {
 33 |  *         (mapped to {@link ClientConfig})
 34 |  *     }
 35 |  * }
 36 |  *
37 | * 38 | *

39 | * The value of {@code "id"} is used as federationId 40 | * in the following API paths. 41 | *

42 | * 43 | *
    44 | *
  • /api/federation/initiation/federationId 45 | *
  • /api/federation/callback/federationId 46 | *
47 | * 48 | * @see FederationsConfig 49 | */ 50 | public class FederationConfig implements Serializable 51 | { 52 | private static final long serialVersionUID = 1L; 53 | 54 | 55 | private String id; 56 | private ServerConfig server; 57 | private ClientConfig client; 58 | 59 | 60 | public String getId() 61 | { 62 | return id; 63 | } 64 | 65 | 66 | public FederationConfig setId(String id) 67 | { 68 | this.id = id; 69 | 70 | return this; 71 | } 72 | 73 | 74 | public ServerConfig getServer() 75 | { 76 | return server; 77 | } 78 | 79 | 80 | public FederationConfig setServer(ServerConfig server) 81 | { 82 | this.server = server; 83 | 84 | return this; 85 | } 86 | 87 | 88 | public ClientConfig getClient() 89 | { 90 | return client; 91 | } 92 | 93 | 94 | public FederationConfig setClient(ClientConfig client) 95 | { 96 | this.client = client; 97 | 98 | return this; 99 | } 100 | 101 | 102 | public void validate() throws IllegalStateException 103 | { 104 | ensureNotEmpty("id", id); 105 | ensureNotEmpty("server", server); 106 | ensureNotEmpty("client", client); 107 | 108 | server.validate(); 109 | client.validate(); 110 | } 111 | } 112 | -------------------------------------------------------------------------------- /src/main/webapp/WEB-INF/template/device/verification.jsp: -------------------------------------------------------------------------------- 1 | 2 | 20 | 26 | 27 | 28 | 29 | 30 | Verification 31 | 32 | 33 | 34 | 35 | 36 | 37 |
Device Flow Verification
38 | 39 |
40 |

Verification

41 |
42 | 43 |

${model.notification}

44 | 45 |

Enter required information below.

46 | 47 |
48 | 49 |
50 |
Input Login ID and password.
51 | 53 | 55 |
56 | 57 | 58 | 59 |
Logged in as
60 | 61 | 62 |
63 |
Input User Code.
64 | 66 |
67 | 68 |
69 | 70 |
71 |
72 |
73 |
74 | 75 | 76 | 77 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/api/FederationConfigurationEndpoint.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2022-2023 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, 11 | * software distributed under the License is distributed on an 12 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 13 | * either express or implied. See the License for the specific 14 | * language governing permissions and limitations under the 15 | * License. 16 | */ 17 | package com.authlete.jaxrs.server.api; 18 | 19 | 20 | import javax.ws.rs.GET; 21 | import javax.ws.rs.Path; 22 | import javax.ws.rs.core.Response; 23 | import com.authlete.common.api.AuthleteApiFactory; 24 | import com.authlete.common.dto.FederationConfigurationRequest; 25 | import com.authlete.common.types.EntityType; 26 | import com.authlete.jaxrs.BaseFederationConfigurationEndpoint; 27 | 28 | 29 | /** 30 | * An implementation of the entity configuration endpoint. 31 | * 32 | *

33 | * An OpenID Provider that supports OpenID 35 | * Federation 1.0 must provide an endpoint that returns its entity 36 | * configuration in the JWT format. The URI of the endpoint is defined 37 | * as follows: 38 | *

39 | * 40 | *
    41 | *
  1. Entity ID + {@code /.well-known/openid-federation} 42 | *
  2. Host component of Entity ID + {@code /.well-known/openid-federation} 43 | * + Path component of Entity ID (The same rule in RFC 8414) 45 | *
46 | * 47 | *

48 | * Entity ID is a URL that identifies an OpenID Provider (and other 49 | * entities including Relying Parties, Trust Anchors and Intermediate 50 | * Authorities) in the context of OpenID Federation 1.0. 51 | *

52 | * 53 | *

54 | * Note that OpenID Federation 1.0 is supported since Authlete 2.3. 55 | *

56 | * 57 | * @see OpenID Federation 1.0 59 | */ 60 | @Path("/.well-known/openid-federation") 61 | public class FederationConfigurationEndpoint extends BaseFederationConfigurationEndpoint 62 | { 63 | /** 64 | * The request to Authlete's /federation/configuration API. 65 | */ 66 | private static final FederationConfigurationRequest REQUEST = 67 | new FederationConfigurationRequest() 68 | .setEntityTypes(new EntityType[] { 69 | EntityType.OPENID_PROVIDER, 70 | EntityType.OPENID_CREDENTIAL_ISSUER 71 | }); 72 | 73 | 74 | /** 75 | * Entity configuration endpoint. 76 | */ 77 | @GET 78 | public Response get() 79 | { 80 | // Handle the request to the endpoint. 81 | return handle(AuthleteApiFactory.getDefaultApi(), REQUEST); 82 | } 83 | } 84 | -------------------------------------------------------------------------------- /src/main/resources/ekyc-ida/examples/response/document_UKTDIF.json: -------------------------------------------------------------------------------- 1 | { 2 | "verified_claims": { 3 | "verification": { 4 | "trust_framework": "uk_tfida", 5 | "assurance_level": "medium", 6 | "assurance_process": { 7 | "policy": "gpg45", 8 | "procedure": "m1c", 9 | "assurance_details": [ 10 | { 11 | "assurance_type": "evidence_validation", 12 | "assurance_classification": "score_3", 13 | "evidence_ref": [ 14 | { 15 | "txn": "DL1-93h506th2f45hf", 16 | "evidence_metadata": { 17 | "evidence_classification": "score_3_strength" 18 | } 19 | } 20 | ] 21 | }, 22 | { 23 | "assurance_type": "verification", 24 | "assurance_classification": "score_3", 25 | "evidence_ref": [ 26 | { 27 | "txn": "v-93jfk284ugjfj2093" 28 | } 29 | ] 30 | } 31 | ] 32 | }, 33 | "time": "2021-06-06T05:32Z", 34 | "verification_process": "7675D80F-57E0-AB14-9543-26B41FC22", 35 | "evidence": [ 36 | { 37 | "type": "document", 38 | "check_details": [ 39 | { 40 | "check_method": "vpiruv", 41 | "organization": "doc_checker", 42 | "txn": "DL1-93h506th2f45hf", 43 | "time": "2021-06-08T11:41Z" 44 | }, 45 | { 46 | "check_method": "pvp", 47 | "organization": "face_checker", 48 | "txn": "v-93jfk284ugjfj2093", 49 | "time": "2021-06-08T11:42Z" 50 | } 51 | ], 52 | "time": "2021-06-06T05:33Z", 53 | "document_details": { 54 | "type": "driving_permit", 55 | "document_number": "I1234568", 56 | "date_of_issuance": "2019-09-05", 57 | "date_of_expiry": "2024-08-01", 58 | "issuer": { 59 | "name": "CA DMV", 60 | "country": "US", 61 | "country_code": "USA", 62 | "jurisdiction": "CA" 63 | } 64 | }, 65 | "attachments": [ 66 | { 67 | "desc": "scan of driving_permit", 68 | "content_type": "image/jpeg", 69 | "txn": "DL1-93h506th2f45hf", 70 | "content": "d16d2552e35582810e5a40e523716504525b6016ae96844ddc533163059b3067==" 71 | }, 72 | { 73 | "desc": "captured face", 74 | "content_type": "image/jpeg", 75 | "txn": "v-93jfk284ugjfj2093", 76 | "content": "6954697405687029456098270457602984756098274509687204576==" 77 | } 78 | ] 79 | } 80 | ] 81 | }, 82 | "claims": { 83 | "given_name": "Inga", 84 | "family_name": "Silverstone", 85 | "birthdate": "1991-11-06", 86 | "place_of_birth": { 87 | "country": "USA" 88 | }, 89 | "address": { 90 | "locality": "Shoshone", 91 | "postal_code": "CA 92384", 92 | "country": "USA", 93 | "street_address": "114 Old State Hwy 127" 94 | } 95 | } 96 | } 97 | } 98 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/api/backchannel/AuthInfoHolder.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2019 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, 11 | * software distributed under the License is distributed on an 12 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 13 | * either express or implied. See the License for the specific 14 | * language governing permissions and limitations under the 15 | * License. 16 | */ 17 | package com.authlete.jaxrs.server.api.backchannel; 18 | 19 | 20 | import java.util.Map; 21 | import java.util.concurrent.ConcurrentHashMap; 22 | 23 | 24 | /** 25 | * The holder storing {@link AuthInfo information} required to complete processes 26 | * that are executed in {@link AsyncAuthenticationDeviceProcessor}. The information 27 | * is expected to be stored in the {@link AsyncAuthenticationDeviceProcessor#process() 28 | * process()} method of {@link AsyncAuthenticationDeviceProcessor} and retrieved 29 | * in {@link BackchannelAuthenticationCallbackEndpoint} to complete the processes. 30 | * 31 | *

32 | * Note that this implementation is a dummy implementation and not suitable for 33 | * commercial use. 34 | *

35 | * 36 | * @see AuthInfo 37 | * 38 | * @see AsyncAuthenticationDeviceProcessor 39 | * 40 | * @see BackchannelAuthenticationCallbackEndpoint 41 | * 42 | * @author Hideki Ikeda 43 | */ 44 | public class AuthInfoHolder 45 | { 46 | private static final Map sHolder = new ConcurrentHashMap(); 47 | 48 | 49 | /** 50 | * Get the information by the request ID. 51 | * 52 | * @param requestId 53 | * The request ID. 54 | * 55 | * @return 56 | * The information associated with the request ID. 57 | */ 58 | public static AuthInfo get(String requestId) 59 | { 60 | return sHolder.get(requestId); 61 | } 62 | 63 | 64 | /** 65 | * Associate information with a request ID. 66 | * 67 | * @param requestId 68 | * A request ID with which the specified information is to be associated. 69 | * 70 | * @param info 71 | * Information to be associated with the specified request ID 72 | * 73 | * @return 74 | * The previous value associated with the specified request ID, or 75 | * {@code null} if there was no mapping for the request ID. 76 | */ 77 | public static AuthInfo put(String requestId, AuthInfo info) 78 | { 79 | return sHolder.put(requestId, info); 80 | } 81 | 82 | 83 | /** 84 | * Remove information for a request ID. 85 | * 86 | * @param requestId 87 | * A request ID whose information is to be removed. 88 | * 89 | * @return 90 | * The previous value associated with the request ID, or {@code null} 91 | * if there was no mapping for the request ID. 92 | */ 93 | public static AuthInfo remove(String requestId) 94 | { 95 | return sHolder.remove(requestId); 96 | } 97 | } 98 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/obb/model/CreateConsentData.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2021 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package com.authlete.jaxrs.server.obb.model; 17 | 18 | 19 | import java.io.Serializable; 20 | 21 | 22 | /** 23 | * CreateConsent.data 24 | * 25 | * @see CreateConsent 27 | */ 28 | public class CreateConsentData implements Serializable 29 | { 30 | private static final long serialVersionUID = 1L; 31 | 32 | 33 | private LoggedUser loggedUser; 34 | private BusinessEntity businessEntity; 35 | private String[] permissions; 36 | private String expirationDateTime; 37 | private String transactionFromDateTime; 38 | private String transactionToDateTime; 39 | 40 | 41 | public LoggedUser getLoggedUser() 42 | { 43 | return loggedUser; 44 | } 45 | 46 | 47 | public CreateConsentData setLoggedUser(LoggedUser loggedUser) 48 | { 49 | this.loggedUser = loggedUser; 50 | 51 | return this; 52 | } 53 | 54 | 55 | public BusinessEntity getBusinessEntity() 56 | { 57 | return businessEntity; 58 | } 59 | 60 | 61 | public CreateConsentData setBusinessEntity(BusinessEntity businessEntity) 62 | { 63 | this.businessEntity = businessEntity; 64 | 65 | return this; 66 | } 67 | 68 | 69 | public String[] getPermissions() 70 | { 71 | return permissions; 72 | } 73 | 74 | 75 | public CreateConsentData setPermissions(String[] permissions) 76 | { 77 | this.permissions = permissions; 78 | 79 | return this; 80 | } 81 | 82 | 83 | public String getExpirationDateTime() 84 | { 85 | return expirationDateTime; 86 | } 87 | 88 | 89 | public CreateConsentData setExpirationDateTime(String datetime) 90 | { 91 | this.expirationDateTime = datetime; 92 | 93 | return this; 94 | } 95 | 96 | 97 | public String getTransactionFromDateTime() 98 | { 99 | return transactionFromDateTime; 100 | } 101 | 102 | 103 | public CreateConsentData setTransactionFromDateTime(String datetime) 104 | { 105 | this.transactionFromDateTime = datetime; 106 | 107 | return this; 108 | } 109 | 110 | 111 | public String getTransactionToDateTime() 112 | { 113 | return transactionToDateTime; 114 | } 115 | 116 | 117 | public CreateConsentData setTransactionToDateTime(String datetime) 118 | { 119 | this.transactionToDateTime = datetime; 120 | 121 | return this; 122 | } 123 | } 124 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/api/backchannel/AuthInfo.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2019 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, 11 | * software distributed under the License is distributed on an 12 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 13 | * either express or implied. See the License for the specific 14 | * language governing permissions and limitations under the 15 | * License. 16 | */ 17 | package com.authlete.jaxrs.server.api.backchannel; 18 | 19 | 20 | import com.authlete.common.types.User; 21 | 22 | 23 | /** 24 | * Information required to complete processes that are executed in {@link AsyncAuthenticationDeviceProcessor} 25 | * 26 | * @see AsyncAuthenticationDeviceProcessor 27 | * 28 | * @author Hideki Ikeda 29 | */ 30 | public class AuthInfo 31 | { 32 | String mTicket; 33 | User mUser; 34 | String[] mClaimNames; 35 | String[] mAcrs; 36 | 37 | 38 | /** 39 | * Construct an information to complete processes that are executed in {@link 40 | * AsyncAuthenticationDeviceProcessor} 41 | * 42 | * @param ticket 43 | * A ticket that was issued by Authlete's {@code /api/backchannel/authentication} 44 | * API. 45 | * 46 | * @param user 47 | * The end-user who was requested to authorize the client application. 48 | * 49 | * @param claimNames 50 | * The names of the requested claims. 51 | * 52 | * @param acrs 53 | * The requested ACRs. 54 | */ 55 | public AuthInfo(String ticket, User user, String[] claimNames, String[] acrs) 56 | { 57 | mTicket = ticket; 58 | mUser = user; 59 | mClaimNames = claimNames; 60 | mAcrs = acrs; 61 | } 62 | 63 | 64 | /** 65 | * Get the ticket that was issued by Authlete's {@code /api/backchannel/authentication} 66 | * API. 67 | * 68 | * @return 69 | * The ticket that was issued by Authlete's {@code /api/backchannel/authentication} 70 | * API. 71 | */ 72 | public String getTicket() 73 | { 74 | return mTicket; 75 | } 76 | 77 | 78 | /** 79 | * Get The end-user who was requested to authorize the client application. 80 | * 81 | * @return 82 | * The end-user who was requested to authorize the client application. 83 | */ 84 | public User getUser() 85 | { 86 | return mUser; 87 | } 88 | 89 | 90 | /** 91 | * Get the names of the requested claims. 92 | * 93 | * @return 94 | * The names of the requested claims. 95 | */ 96 | public String[] getClaimNames() 97 | { 98 | return mClaimNames; 99 | } 100 | 101 | 102 | /** 103 | * Get the requested ACRs. 104 | * 105 | * @return 106 | * The requested ACRs. 107 | */ 108 | public String[] getAcrs() 109 | { 110 | return mAcrs; 111 | } 112 | } 113 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/obb/database/ConsentDao.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2021 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package com.authlete.jaxrs.server.obb.database; 17 | 18 | 19 | import java.util.UUID; 20 | import com.authlete.jaxrs.server.obb.model.Consent; 21 | import com.authlete.jaxrs.server.obb.model.CreateConsent; 22 | import com.authlete.jaxrs.server.obb.model.CreateConsentData; 23 | import com.authlete.jaxrs.server.obb.util.ObbUtils; 24 | 25 | 26 | public class ConsentDao 27 | { 28 | private static final ConsentDao sInstance = new ConsentDao("example"); 29 | 30 | 31 | private final String mNamespace; 32 | private final ConsentStore mStore; 33 | 34 | 35 | private ConsentDao(String namespace) 36 | { 37 | mNamespace = namespace; 38 | mStore = new ConsentStore(); 39 | } 40 | 41 | 42 | private String getNamespace() 43 | { 44 | return mNamespace; 45 | } 46 | 47 | 48 | private ConsentStore getStore() 49 | { 50 | return mStore; 51 | } 52 | 53 | 54 | private String generateConsentId() 55 | { 56 | // '^urn:[a-zA-Z0-9][a-zA-Z0-9-]{0,31}:[a-zA-Z0-9()+,\-.:=@;$_!*''%\/?#]+$' 57 | return String.format("urn:%s:%s", getNamespace(), UUID.randomUUID()); 58 | } 59 | 60 | 61 | public Consent create(CreateConsent createConsent, long clientId) 62 | { 63 | CreateConsentData data = createConsent.getData(); 64 | String consentId = generateConsentId(); 65 | String now = ObbUtils.formatNow(); 66 | 67 | Consent consent = new Consent() 68 | .setConsentId(consentId) 69 | .setPermissions(data.getPermissions()) 70 | .setStatus("AWAITING_AUTHORISATION") 71 | .setCreationDateTime(now) 72 | .setExpirationDateTime(data.getExpirationDateTime()) 73 | .setStatusUpdateDateTime(now) 74 | .setClientId(clientId) 75 | ; 76 | 77 | getStore().put(consentId, consent); 78 | 79 | return consent; 80 | } 81 | 82 | 83 | public synchronized Consent read(String consentId) 84 | { 85 | return getStore().get(consentId); 86 | } 87 | 88 | 89 | public synchronized void update(Consent consent) 90 | { 91 | consent.setStatusUpdateDateTime(ObbUtils.formatNow()); 92 | 93 | getStore().put(consent.getConsentId(), consent); 94 | } 95 | 96 | 97 | public synchronized void delete(String consentId) 98 | { 99 | getStore().remove(consentId); 100 | } 101 | 102 | 103 | public static ConsentDao getInstance() 104 | { 105 | return sInstance; 106 | } 107 | } 108 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/api/device/DeviceAuthorizationEndpoint.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2019-2024 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, 11 | * software distributed under the License is distributed on an 12 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 13 | * either express or implied. See the License for the specific 14 | * language governing permissions and limitations under the 15 | * License. 16 | */ 17 | package com.authlete.jaxrs.server.api.device; 18 | 19 | 20 | import javax.servlet.http.HttpServletRequest; 21 | import javax.ws.rs.Consumes; 22 | import javax.ws.rs.POST; 23 | import javax.ws.rs.Path; 24 | import javax.ws.rs.core.Context; 25 | import javax.ws.rs.core.HttpHeaders; 26 | import javax.ws.rs.core.MediaType; 27 | import javax.ws.rs.core.MultivaluedMap; 28 | import javax.ws.rs.core.Response; 29 | import com.authlete.common.api.AuthleteApi; 30 | import com.authlete.common.api.AuthleteApiFactory; 31 | import com.authlete.jaxrs.BaseDeviceAuthorizationEndpoint; 32 | import com.authlete.jaxrs.DeviceAuthorizationRequestHandler.Params; 33 | 34 | 35 | /** 36 | * An implementation of device authorization endpoint of OAuth 2.0 Device Authorization 37 | * Grant (Device Flow). 38 | * 39 | * @see RFC 8628: OAuth 2.0 Device Authorization Grant 41 | * 42 | * @author Hideki Ikeda 43 | */ 44 | @Path("/api/device/authorization") 45 | public class DeviceAuthorizationEndpoint extends BaseDeviceAuthorizationEndpoint 46 | { 47 | /** 48 | * The device authorization endpoint. 49 | */ 50 | @POST 51 | @Consumes(MediaType.APPLICATION_FORM_URLENCODED) 52 | public Response post( 53 | @Context HttpServletRequest request, 54 | MultivaluedMap parameters) 55 | { 56 | // Authlete API 57 | AuthleteApi authleteApi = AuthleteApiFactory.getDefaultApi(); 58 | 59 | // Parameters for Authlete's /device/authorization API 60 | Params params = buildParams(request, parameters); 61 | 62 | // Handle the device authorization request. 63 | return handle(authleteApi, params); 64 | } 65 | 66 | 67 | private Params buildParams( 68 | HttpServletRequest request, MultivaluedMap parameters) 69 | { 70 | Params params = new Params(); 71 | 72 | // RFC 6749 73 | // The OAuth 2.0 Authorization Framework 74 | params.setParameters(parameters) 75 | .setAuthorization(request.getHeader(HttpHeaders.AUTHORIZATION)) 76 | ; 77 | 78 | // MTLS 79 | // RFC 8705 : OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens 80 | params.setClientCertificatePath(extractClientCertificateChain(request)); 81 | 82 | // OAuth 2.0 Attestation-Based Client Authentication 83 | params.setClientAttestation( request.getHeader("OAuth-Client-Attestation")) 84 | .setClientAttestationPop(request.getHeader("OAuth-Client-Attestation-PoP")) 85 | ; 86 | 87 | return params; 88 | } 89 | } 90 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/api/backchannel/BackchannelAuthenticationEndpoint.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2019-2024 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, 11 | * software distributed under the License is distributed on an 12 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 13 | * either express or implied. See the License for the specific 14 | * language governing permissions and limitations under the 15 | * License. 16 | */ 17 | package com.authlete.jaxrs.server.api.backchannel; 18 | 19 | 20 | import javax.servlet.http.HttpServletRequest; 21 | import javax.ws.rs.Consumes; 22 | import javax.ws.rs.POST; 23 | import javax.ws.rs.Path; 24 | import javax.ws.rs.core.Context; 25 | import javax.ws.rs.core.HttpHeaders; 26 | import javax.ws.rs.core.MediaType; 27 | import javax.ws.rs.core.MultivaluedMap; 28 | import javax.ws.rs.core.Response; 29 | import com.authlete.common.api.AuthleteApi; 30 | import com.authlete.common.api.AuthleteApiFactory; 31 | import com.authlete.jaxrs.BackchannelAuthenticationRequestHandler.Params; 32 | import com.authlete.jaxrs.BaseBackchannelAuthenticationEndpoint; 33 | 34 | 35 | /** 36 | * An implementation of backchannel authentication endpoint of CIBA (Client Initiated 37 | * Backchannel Authentication). 38 | * 39 | * @author Hideki Ikeda 40 | */ 41 | @Path("/api/backchannel/authentication") 42 | public class BackchannelAuthenticationEndpoint extends BaseBackchannelAuthenticationEndpoint 43 | { 44 | /** 45 | * The backchannel authentication endpoint. 46 | */ 47 | @POST 48 | @Consumes(MediaType.APPLICATION_FORM_URLENCODED) 49 | public Response post( 50 | @Context HttpServletRequest request, 51 | MultivaluedMap parameters) 52 | { 53 | // Authlete API 54 | AuthleteApi authleteApi = AuthleteApiFactory.getDefaultApi(); 55 | 56 | // Parameters for Authlete's /backchannel/authentication API 57 | Params params = buildParams(request, parameters); 58 | 59 | // Handle the backchannel authentication request. 60 | return handle(authleteApi, 61 | new BackchannelAuthenticationRequestHandlerSpiImpl(), params); 62 | } 63 | 64 | 65 | private Params buildParams( 66 | HttpServletRequest request, MultivaluedMap parameters) 67 | { 68 | Params params = new Params(); 69 | 70 | // RFC 6749 71 | // The OAuth 2.0 Authorization Framework 72 | params.setParameters(parameters) 73 | .setAuthorization(request.getHeader(HttpHeaders.AUTHORIZATION)) 74 | ; 75 | 76 | // MTLS 77 | // RFC 8705 : OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens 78 | params.setClientCertificatePath(extractClientCertificateChain(request)); 79 | 80 | // OAuth 2.0 Attestation-Based Client Authentication 81 | params.setClientAttestation( request.getHeader("OAuth-Client-Attestation")) 82 | .setClientAttestationPop(request.getHeader("OAuth-Client-Attestation-PoP")) 83 | ; 84 | 85 | return params; 86 | } 87 | } 88 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/ad/dto/PollAuthenticationResultResponse.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2019 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, 11 | * software distributed under the License is distributed on an 12 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 13 | * either express or implied. See the License for the specific 14 | * language governing permissions and limitations under the 15 | * License. 16 | */ 17 | package com.authlete.jaxrs.server.ad.dto; 18 | 19 | 20 | import java.io.Serializable; 21 | import com.authlete.jaxrs.server.ad.type.Result; 22 | import com.authlete.jaxrs.server.ad.type.Status; 23 | 24 | 25 | /** 26 | * A class representing a request from 27 | * /api/authenticate/result API of 28 | * Authlete CIBA authentication device simulator. 29 | * 30 | * @see Authlete CIBA authentication 31 | * device simulator 32 | * 33 | * @see 34 | * /api/authenticate/result API 35 | * 36 | * @author Hideki Ikeda 37 | */ 38 | public class PollAuthenticationResultResponse implements Serializable 39 | { 40 | private static final long serialVersionUID = 1L; 41 | 42 | 43 | Status status; 44 | Result result; 45 | 46 | 47 | /** 48 | * Get the status of end-user authentication and authorization. 49 | * 50 | * @return 51 | * The status of end-user authentication and authorization. 52 | */ 53 | public Status getStatus() 54 | { 55 | return status; 56 | } 57 | 58 | 59 | /** 60 | * Set the status of end-user authentication and authorization. 61 | * 62 | * @param status 63 | * The status of end-user authentication and authorization. 64 | */ 65 | public PollAuthenticationResultResponse setStatus(Status status) 66 | { 67 | this.status = status; 68 | 69 | return this; 70 | } 71 | 72 | 73 | /** 74 | * Get the result of end-user authentication and authorization. 75 | * 76 | * @return 77 | * The result of end-user authentication and authorization. {@code null} 78 | * is returned if the end-user authentication and authorization has 79 | * not completed yet. 80 | */ 81 | public Result getResult() 82 | { 83 | return result; 84 | } 85 | 86 | 87 | /** 88 | * Set the result of end-user authentication and authorization. 89 | * 90 | * @param result 91 | * The result of end-user authentication and authorization. 92 | * 93 | * @return 94 | * {@code this} object. 95 | */ 96 | public PollAuthenticationResultResponse setResult(Result result) 97 | { 98 | this.result = result; 99 | 100 | return this; 101 | } 102 | } 103 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/api/RevocationEndpoint.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2016-2024 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, 11 | * software distributed under the License is distributed on an 12 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 13 | * either express or implied. See the License for the specific 14 | * language governing permissions and limitations under the 15 | * License. 16 | */ 17 | package com.authlete.jaxrs.server.api; 18 | 19 | 20 | import javax.servlet.http.HttpServletRequest; 21 | import javax.ws.rs.Consumes; 22 | import javax.ws.rs.POST; 23 | import javax.ws.rs.Path; 24 | import javax.ws.rs.core.Context; 25 | import javax.ws.rs.core.HttpHeaders; 26 | import javax.ws.rs.core.MediaType; 27 | import javax.ws.rs.core.MultivaluedMap; 28 | import javax.ws.rs.core.Response; 29 | import com.authlete.common.api.AuthleteApi; 30 | import com.authlete.common.api.AuthleteApiFactory; 31 | import com.authlete.jaxrs.BaseRevocationEndpoint; 32 | import com.authlete.jaxrs.RevocationRequestHandler.Params; 33 | 34 | 35 | /** 36 | * An implementation of revocation endpoint (RFC 7009). 38 | * 39 | * @see RFC 7009: OAuth 2.0 Token Revocation 41 | * 42 | * @author Takahiko Kawasaki 43 | */ 44 | @Path("/api/revocation") 45 | public class RevocationEndpoint extends BaseRevocationEndpoint 46 | { 47 | /** 48 | * The revocation endpoint for {@code POST} method. 49 | * 50 | * @see RFC 7009, 2.1. Revocation Request 52 | */ 53 | @POST 54 | @Consumes(MediaType.APPLICATION_FORM_URLENCODED) 55 | public Response post( 56 | @Context HttpServletRequest request, 57 | MultivaluedMap parameters) 58 | { 59 | // Authlete API 60 | AuthleteApi authleteApi = AuthleteApiFactory.getDefaultApi(); 61 | 62 | // Parameters for Authlete's /auth/revocation API 63 | Params params = buildParams(request, parameters); 64 | 65 | // Handle the revocation request. 66 | return handle(authleteApi, params); 67 | } 68 | 69 | 70 | private Params buildParams( 71 | HttpServletRequest request, MultivaluedMap parameters) 72 | { 73 | Params params = new Params(); 74 | 75 | // RFC 6749 76 | // The OAuth 2.0 Authorization Framework 77 | params.setParameters(parameters) 78 | .setAuthorization(request.getHeader(HttpHeaders.AUTHORIZATION)) 79 | ; 80 | 81 | // MTLS 82 | // RFC 8705 : OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens 83 | params.setClientCertificatePath(extractClientCertificateChain(request)); 84 | 85 | // OAuth 2.0 Attestation-Based Client Authentication 86 | params.setClientAttestation( request.getHeader("OAuth-Client-Attestation")) 87 | .setClientAttestationPop(request.getHeader("OAuth-Client-Attestation-PoP")) 88 | ; 89 | 90 | return params; 91 | } 92 | } 93 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/db/VerifiedClaimsDao.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2019-2020 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, 11 | * software distributed under the License is distributed on an 12 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 13 | * either express or implied. See the License for the specific 14 | * language governing permissions and limitations under the 15 | * License. 16 | */ 17 | package com.authlete.jaxrs.server.db; 18 | 19 | 20 | import java.util.Arrays; 21 | import java.util.HashMap; 22 | import java.util.List; 23 | import java.util.Map; 24 | import com.authlete.common.assurance.Claims; 25 | import com.authlete.common.assurance.Document; 26 | import com.authlete.common.assurance.IDDocument; 27 | import com.authlete.common.assurance.Issuer; 28 | import com.authlete.common.assurance.Verification; 29 | import com.authlete.common.assurance.VerifiedClaims; 30 | import com.authlete.common.assurance.constraint.VerifiedClaimsConstraint; 31 | 32 | 33 | /** 34 | * Operations to access the database of verified claims. 35 | */ 36 | public class VerifiedClaimsDao 37 | { 38 | // Dummy database for verified claims. Keys are end-user subjects. 39 | private static final Map sVerifiedClaimsDB = 40 | buildVerifiedClaimsDB(); 41 | 42 | 43 | private static Map buildVerifiedClaimsDB() 44 | { 45 | Map db = new HashMap(); 46 | 47 | setupVerifiedClaimsDB(db); 48 | 49 | return db; 50 | } 51 | 52 | 53 | private static void setupVerifiedClaimsDB(Map db) 54 | { 55 | db.put("1003", new VerifiedClaims() 56 | .setVerification(new Verification() 57 | .setTrustFramework("de_aml") 58 | .setTime("2012-04-23T18:25:43+01") 59 | .setVerificationProcess("676q3636461467647q8498785747q487") 60 | .addEvidence(new IDDocument() 61 | .setMethod("pipp") 62 | .setDocument(new Document() 63 | .setType("idcard") 64 | .setIssuer(new Issuer() 65 | .setName("Stadt Augsburg") 66 | .setCountry("DE") 67 | ) 68 | .setNumber("53554554") 69 | .setDateOfIssuance("2012-04-23") 70 | .setDateOfExpiry("2022-04-22") 71 | ) 72 | ) 73 | ) 74 | .setClaims(new Claims() 75 | .putClaim("given_name","Max") 76 | .putClaim("family_name", "Meier") 77 | .putClaim("birthdate", "1956-01-28") 78 | .putClaim("nationalities", Arrays.asList("USA", "DEU")) 79 | ) 80 | ); 81 | } 82 | 83 | 84 | public static List get(String subject, VerifiedClaimsConstraint constraint) 85 | { 86 | // NOTE: 87 | // Commercial implementations should have complex logic to construct 88 | // verified claims based on the constraint. 89 | VerifiedClaims vc = sVerifiedClaimsDB.get(subject); 90 | 91 | return Arrays.asList(vc); 92 | } 93 | } 94 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/obb/model/AccountData.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2021 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package com.authlete.jaxrs.server.obb.model; 17 | 18 | 19 | import java.io.Serializable; 20 | 21 | 22 | /** 23 | * AccountData 24 | * 25 | * @see AccountData 27 | */ 28 | public class AccountData implements Serializable 29 | { 30 | private static final long serialVersionUID = 1L; 31 | 32 | 33 | private String brandName; 34 | private String companyCnpj; 35 | private String type; 36 | private String compeCode; 37 | private String branchCode; 38 | private String number; 39 | private String checkDigit; 40 | private String accountId; 41 | 42 | 43 | public String getBrandName() 44 | { 45 | return brandName; 46 | } 47 | 48 | 49 | public AccountData setBrandName(String brandName) 50 | { 51 | this.brandName = brandName; 52 | 53 | return this; 54 | } 55 | 56 | 57 | public String getCompanyCnpj() 58 | { 59 | return companyCnpj; 60 | } 61 | 62 | 63 | public AccountData setCompanyCnpj(String companyCnpj) 64 | { 65 | this.companyCnpj = companyCnpj; 66 | 67 | return this; 68 | } 69 | 70 | 71 | public String getType() 72 | { 73 | return type; 74 | } 75 | 76 | 77 | public AccountData setType(String type) 78 | { 79 | this.type = type; 80 | 81 | return this; 82 | } 83 | 84 | 85 | public String getCompeCode() 86 | { 87 | return compeCode; 88 | } 89 | 90 | 91 | public AccountData setCompeCode(String compeCode) 92 | { 93 | this.compeCode = compeCode; 94 | 95 | return this; 96 | } 97 | 98 | 99 | public String getBranchCode() 100 | { 101 | return branchCode; 102 | } 103 | 104 | 105 | public AccountData setBranchCode(String branchCode) 106 | { 107 | this.branchCode = branchCode; 108 | 109 | return this; 110 | } 111 | 112 | 113 | public String getNumber() 114 | { 115 | return number; 116 | } 117 | 118 | 119 | public AccountData setNumber(String number) 120 | { 121 | this.number = number; 122 | 123 | return this; 124 | } 125 | 126 | 127 | public String getCheckDigit() 128 | { 129 | return checkDigit; 130 | } 131 | 132 | 133 | public AccountData setCheckDigit(String checkDigit) 134 | { 135 | this.checkDigit = checkDigit; 136 | 137 | return this; 138 | } 139 | 140 | 141 | public String getAccountId() 142 | { 143 | return accountId; 144 | } 145 | 146 | 147 | public AccountData setAccountId(String accountId) 148 | { 149 | this.accountId = accountId; 150 | 151 | return this; 152 | } 153 | } 154 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/obb/model/Consent.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2021 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package com.authlete.jaxrs.server.obb.model; 17 | 18 | 19 | import java.io.Serializable; 20 | 21 | 22 | public class Consent implements Serializable 23 | { 24 | private static final long serialVersionUID = 1L; 25 | 26 | 27 | private String consentId; 28 | private String[] permissions; 29 | private String status; 30 | private String creationDateTime; 31 | private String expirationDateTime; 32 | private String statusUpdateDateTime; 33 | private long clientId; 34 | private String refreshToken; 35 | 36 | 37 | public String getConsentId() 38 | { 39 | return consentId; 40 | } 41 | 42 | 43 | public Consent setConsentId(String consentId) 44 | { 45 | this.consentId = consentId; 46 | 47 | return this; 48 | } 49 | 50 | 51 | public String[] getPermissions() 52 | { 53 | return permissions; 54 | } 55 | 56 | 57 | public Consent setPermissions(String[] permissions) 58 | { 59 | this.permissions = permissions; 60 | 61 | return this; 62 | } 63 | 64 | 65 | public String getStatus() 66 | { 67 | return status; 68 | } 69 | 70 | 71 | public Consent setStatus(String status) 72 | { 73 | this.status = status; 74 | 75 | return this; 76 | } 77 | 78 | 79 | public String getCreationDateTime() 80 | { 81 | return creationDateTime; 82 | } 83 | 84 | 85 | public Consent setCreationDateTime(String creationDateTime) 86 | { 87 | this.creationDateTime = creationDateTime; 88 | 89 | return this; 90 | } 91 | 92 | 93 | public String getExpirationDateTime() 94 | { 95 | return expirationDateTime; 96 | } 97 | 98 | 99 | public Consent setExpirationDateTime(String expirationDateTime) 100 | { 101 | this.expirationDateTime = expirationDateTime; 102 | 103 | return this; 104 | } 105 | 106 | 107 | public String getStatusUpdateDateTime() 108 | { 109 | return statusUpdateDateTime; 110 | } 111 | 112 | 113 | public Consent setStatusUpdateDateTime(String statusUpdateDateTime) 114 | { 115 | this.statusUpdateDateTime = statusUpdateDateTime; 116 | 117 | return this; 118 | } 119 | 120 | 121 | public long getClientId() 122 | { 123 | return clientId; 124 | } 125 | 126 | 127 | public Consent setClientId(long clientId) 128 | { 129 | this.clientId = clientId; 130 | 131 | return this; 132 | } 133 | 134 | 135 | public String getRefreshToken() 136 | { 137 | return refreshToken; 138 | } 139 | 140 | 141 | public Consent setRefreshToken(String refreshToken) 142 | { 143 | this.refreshToken = refreshToken; 144 | 145 | return this; 146 | } 147 | } 148 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/db/ResourceServerDao.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2023 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, 11 | * software distributed under the License is distributed on an 12 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 13 | * either express or implied. See the License for the specific 14 | * language governing permissions and limitations under the 15 | * License. 16 | */ 17 | package com.authlete.jaxrs.server.db; 18 | 19 | 20 | import java.io.IOException; 21 | import java.io.Reader; 22 | import java.lang.reflect.Type; 23 | import java.util.ArrayList; 24 | import java.util.Collections; 25 | import java.util.List; 26 | import java.util.Map; 27 | import java.util.stream.Collectors; 28 | import com.google.gson.Gson; 29 | import com.google.gson.reflect.TypeToken; 30 | 31 | 32 | /** 33 | * Operations to access the resource server database. 34 | */ 35 | public class ResourceServerDao extends BaseDao 36 | { 37 | private static final String RESOURCE_SERVER = "/resource_servers.json"; 38 | 39 | 40 | /** 41 | * Holder of the cache of resource server entities. 42 | */ 43 | private static final class ResourceServerEntityHolder 44 | { 45 | // Cache of resource server entities. Keys are resource server 46 | // IDs. Values are ResourceServerEntity objects loaded from JSON 47 | // files. 48 | private static final Map INSTANCE = 49 | createResourceServers(); 50 | } 51 | 52 | 53 | /** 54 | * Create the content of ResourceServersHolder.INSTANCE. 55 | */ 56 | private static Map createResourceServers() 57 | { 58 | return loadResourceServers(RESOURCE_SERVER) 59 | .stream() 60 | .collect(Collectors.toMap(s -> s.getId(), s -> s)); 61 | } 62 | 63 | 64 | /** 65 | * Load configurations of resource servers from the resource. 66 | */ 67 | private static List loadResourceServers(String resource) 68 | { 69 | // Create a Reader to read the resource. 70 | try ( Reader reader = createReader(ResourceServerDao.class, resource) ) 71 | { 72 | // The type of the object to be loaded. 73 | Type type = new TypeToken>(){}.getType(); 74 | 75 | // Convert the JSON in the resource into a list of ResourceServerEntity. 76 | return new Gson().fromJson(reader, type); 77 | } 78 | catch (IOException e) 79 | { 80 | // Failed to read the resource. 81 | e.printStackTrace(); 82 | 83 | return Collections.emptyList(); 84 | } 85 | } 86 | 87 | 88 | /** 89 | * Get a resource server entity. 90 | * 91 | * @param rsId 92 | * The ID of a resource server. 93 | * 94 | * @return 95 | * A resource server entity specified by the ID. null is 96 | * returned when the resource server entity is unavailable. 97 | */ 98 | public static ResourceServerEntity get(String rsId) 99 | { 100 | return ResourceServerEntityHolder.INSTANCE.get(rsId); 101 | } 102 | } 103 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/api/TestEndpoint.java: -------------------------------------------------------------------------------- 1 | package com.authlete.jaxrs.server.api; 2 | 3 | 4 | import java.util.ArrayList; 5 | import java.util.Arrays; 6 | import java.util.Enumeration; 7 | import java.util.List; 8 | import java.util.Map; 9 | import java.util.TreeMap; 10 | import java.util.stream.Collectors; 11 | import javax.servlet.http.HttpServletRequest; 12 | import javax.ws.rs.GET; 13 | import javax.ws.rs.Path; 14 | import javax.ws.rs.core.Context; 15 | import javax.ws.rs.core.MediaType; 16 | import javax.ws.rs.core.Response; 17 | import com.google.gson.Gson; 18 | import com.google.gson.GsonBuilder; 19 | 20 | 21 | @Path("/api/test") 22 | public class TestEndpoint 23 | { 24 | /** 25 | * Returns HTTP headers that this endpoint received in JSON format. 26 | */ 27 | @GET 28 | @Path("headers") 29 | public Response headers(@Context HttpServletRequest req) throws Exception 30 | { 31 | Map map = new TreeMap<>(); 32 | 33 | Enumeration headerNameEnumerator = req.getHeaderNames(); 34 | 35 | while (headerNameEnumerator.hasMoreElements()) 36 | { 37 | String headerName = headerNameEnumerator.nextElement(); 38 | 39 | Enumeration headerValueEnumerator = req.getHeaders(headerName); 40 | List headerValues = new ArrayList<>(); 41 | 42 | while (headerValueEnumerator.hasMoreElements()) 43 | { 44 | headerValues.add(headerValueEnumerator.nextElement()); 45 | } 46 | 47 | if (headerValues.size() == 1) 48 | { 49 | map.put(headerName, headerValues.get(0)); 50 | } 51 | else 52 | { 53 | map.put(headerName, headerValues); 54 | } 55 | } 56 | 57 | return toResponse(map); 58 | } 59 | 60 | 61 | /** 62 | * Checks whether the root certificate of the certificate chain that 63 | * consists of the presented client certificate and intermediate 64 | * certificates is a certificate issued by the authority of Open 65 | * Banking Brasil. The result is returned in JSON format. 66 | * 67 | *

68 | * Below is an example of API call, assuming certificates.pem 69 | * includes a client certificate and intermediate certificates. 70 | *

71 | * 72 | * 
 73 |      * $ curl -k --key private.pem --cert certificates.pem https://example/api/test/obb
 74 |      *
75 | */ 76 | @GET 77 | @Path("obb") 78 | public Response obb(@Context HttpServletRequest req) 79 | { 80 | Map map = new TreeMap<>(); 81 | 82 | try 83 | { 84 | OBBCertValidator.getInstance().validate(req); 85 | map.put("result", "succeeded"); 86 | } 87 | catch (Exception e) 88 | { 89 | e.printStackTrace(); 90 | 91 | map.put("result", "failed"); 92 | map.put("error_message", e.getMessage()); 93 | 94 | List stacktrace = Arrays.stream( 95 | e.getStackTrace()).map(st -> st.toString()) 96 | .collect(Collectors.toList()); 97 | 98 | map.put("stacktrace", stacktrace); 99 | } 100 | 101 | return toResponse(map); 102 | } 103 | 104 | 105 | private static Response toResponse(Map map) 106 | { 107 | Gson gson = new GsonBuilder().setPrettyPrinting().create(); 108 | String json = gson.toJson(map); 109 | 110 | return Response.ok(json).type(MediaType.APPLICATION_JSON).build(); 111 | } 112 | } 113 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/federation/FederationsConfigLoader.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2022 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package com.authlete.jaxrs.server.federation; 17 | 18 | 19 | import java.io.IOException; 20 | import java.io.Reader; 21 | import java.nio.charset.StandardCharsets; 22 | import java.nio.file.Files; 23 | import java.nio.file.Path; 24 | import java.nio.file.Paths; 25 | import com.google.gson.Gson; 26 | 27 | 28 | /** 29 | * Loader for configuration of ID federations. 30 | * 31 | *

32 | * This loader loads configuration from a file. When the name of a configuration 33 | * file is not explicitly specified, in other words, when {@link #load()} method 34 | * is used, the file name is determined in the following order. 35 | *

36 | * 37 | *
    38 | *
  1. Environment variable, {@code FEDERATIONS_FILE} 39 | *
  2. System property, {@code federations.file} 40 | *
  3. The default file name, {@code "federations.json"} 41 | *
42 | * 43 | *

44 | * The content of the configuration file should be a JSON object that contains 45 | * {@code "federations"} as a top-level property. 46 | *

47 | * 48 | * 
 49 |  * {
 50 |  *     "federations": [
 51 |  *         (each element is mapped to {@link FederationConfig})
 52 |  *     ]
 53 |  * }
 54 |  *
55 | * 56 | * @see FederationsConfig 57 | */ 58 | public class FederationsConfigLoader 59 | { 60 | private static final String DEFAULT_FILE = "federations.json"; 61 | private static final String SYSPROP_FILE = "federations.file"; 62 | private static final String ENVVAR_FILE = "FEDERATIONS_FILE"; 63 | 64 | 65 | private static String determineFile() 66 | { 67 | // From the environment variable. 68 | String file = getFileFromEnv(); 69 | 70 | if (file == null) 71 | { 72 | // From the system property. 73 | file = getFileFromSysProp(); 74 | } 75 | 76 | if (file == null) 77 | { 78 | // The default file. 79 | file = DEFAULT_FILE; 80 | } 81 | 82 | return file; 83 | } 84 | 85 | 86 | private static String getFileFromEnv() 87 | { 88 | return System.getenv(ENVVAR_FILE); 89 | } 90 | 91 | 92 | private static String getFileFromSysProp() 93 | { 94 | return System.getProperty(SYSPROP_FILE); 95 | } 96 | 97 | 98 | public static FederationsConfig load() throws IOException 99 | { 100 | return load(determineFile()); 101 | } 102 | 103 | 104 | public static FederationsConfig load(String file) throws IOException 105 | { 106 | return load(Paths.get(file)); 107 | } 108 | 109 | 110 | public static FederationsConfig load(Path path) throws IOException 111 | { 112 | try (Reader reader = Files.newBufferedReader(path, StandardCharsets.UTF_8)) 113 | { 114 | return load(reader); 115 | } 116 | } 117 | 118 | 119 | public static FederationsConfig load(Reader reader) throws IOException 120 | { 121 | return new Gson().fromJson(reader, FederationsConfig.class); 122 | } 123 | } 124 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/api/PushedAuthReqEndpoint.java: -------------------------------------------------------------------------------- 1 | package com.authlete.jaxrs.server.api; 2 | 3 | 4 | import javax.servlet.http.HttpServletRequest; 5 | import javax.ws.rs.Consumes; 6 | import javax.ws.rs.POST; 7 | import javax.ws.rs.Path; 8 | import javax.ws.rs.core.Context; 9 | import javax.ws.rs.core.HttpHeaders; 10 | import javax.ws.rs.core.MediaType; 11 | import javax.ws.rs.core.MultivaluedMap; 12 | import javax.ws.rs.core.Response; 13 | import com.authlete.common.api.AuthleteApi; 14 | import com.authlete.common.api.AuthleteApiFactory; 15 | import com.authlete.jaxrs.BasePushedAuthReqEndpoint; 16 | import com.authlete.jaxrs.PushedAuthReqHandler.Params; 17 | 18 | 19 | /** 20 | * An implementation of a pushed authorization endpoint. 21 | * 22 | * @see OAuth 2.0 Pushed Authorization Requests 24 | * 25 | * @author Justin Richer 26 | * 27 | */ 28 | @Path("/api/par") 29 | public class PushedAuthReqEndpoint extends BasePushedAuthReqEndpoint 30 | { 31 | /** 32 | * The pushed authorization request endpoint. This uses the 33 | * {@code POST} method and the same client authentication as 34 | * is available on the Token Endpoint. 35 | */ 36 | @POST 37 | @Consumes(MediaType.APPLICATION_FORM_URLENCODED) 38 | public Response post( 39 | @Context HttpServletRequest request, 40 | MultivaluedMap parameters) 41 | { 42 | // Authlete API 43 | AuthleteApi authleteApi = AuthleteApiFactory.getDefaultApi(); 44 | 45 | // Parameters for Authlete's pushed_auth_req API. 46 | Params params = buildParams(request, parameters); 47 | 48 | // Handle the PAR request. 49 | return handle(authleteApi, params); 50 | } 51 | 52 | 53 | private Params buildParams( 54 | HttpServletRequest request, MultivaluedMap parameters) 55 | { 56 | Params params = new Params(); 57 | 58 | // RFC 6749 59 | // The OAuth 2.0 Authorization Framework 60 | params.setParameters(parameters) 61 | .setAuthorization(request.getHeader(HttpHeaders.AUTHORIZATION)) 62 | ; 63 | 64 | // MTLS 65 | // RFC 8705 : OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens 66 | params.setClientCertificatePath(extractClientCertificateChain(request)); 67 | 68 | // DPoP 69 | // RFC 9449 : OAuth 2.0 Demonstrating Proof of Possession (DPoP) 70 | params.setDpop(request.getHeader("DPoP")) 71 | .setHtm("POST") 72 | //.setHtu(request.getRequestURL().toString()) 73 | ; 74 | 75 | // We can reconstruct the URL of the PAR endpoint by calling 76 | // request.getRequestURL().toString() and set it to params by the 77 | // setHtu(String) method. However, the calculated URL may be invalid 78 | // behind proxies. 79 | // 80 | // If "htu" is not set here, the "pushedAuthReqEndpoint" property of 81 | // "Service" (which can be configured by using Authlete's web console) 82 | // is referred to as the default value. Therefore, we don't call the 83 | // setHtu(String) method here intentionally. Note that this means you 84 | // have to set "pushedAuthReqEndpoint" properly to support DPoP. 85 | 86 | // Even the call of the setHtm(String) method can be omitted, too. 87 | // When "htm" is not set, "POST" is used as the default value. 88 | 89 | // OAuth 2.0 Attestation-Based Client Authentication 90 | params.setClientAttestation( request.getHeader("OAuth-Client-Attestation")) 91 | .setClientAttestationPop(request.getHeader("OAuth-Client-Attestation-PoP")) 92 | ; 93 | 94 | return params; 95 | } 96 | } 97 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/api/backchannel/SyncAuthenticationDeviceProcessor.java: -------------------------------------------------------------------------------- 1 | package com.authlete.jaxrs.server.api.backchannel; 2 | 3 | 4 | import com.authlete.common.dto.Scope; 5 | import com.authlete.common.types.User; 6 | import com.authlete.jaxrs.server.ad.AuthenticationDevice; 7 | import com.authlete.jaxrs.server.ad.dto.SyncAuthenticationResponse; 8 | 9 | 10 | /** 11 | * A processor that communicates with 12 | * Authlete CIBA authentication device simulator for end-user authentication 13 | * and authorization in synchronous mode. 14 | * 15 | * @see Authlete CIBA authentication device 16 | * simulator 17 | * 18 | * @see Authlete 19 | * CIBA authentication device simulator API 20 | * 21 | * @author Hideki Ikeda 22 | */ 23 | public class SyncAuthenticationDeviceProcessor extends BaseAuthenticationDeviceProcessor 24 | { 25 | /** 26 | * Construct a processor that communicates with the authentication device simulator 27 | * for end-user authentication and authorization in synchronous mode. 28 | * 29 | * @param ticket 30 | * A ticket that was issued by Authlete's {@code /api/backchannel/authentication} 31 | * API. 32 | * 33 | * @param user 34 | * An end-user to be authenticated and asked to authorize the client 35 | * application. 36 | * 37 | * @param clientName 38 | * The name of the client application. 39 | * 40 | * @param acrs 41 | * The requested ACRs. 42 | * 43 | * @param scopes 44 | * The requested scopes. 45 | * 46 | * @param claimNames 47 | * The names of the requested claims. 48 | * 49 | * @param bindingMessage 50 | * The binding message to be shown to the end-user on the authentication 51 | * device. 52 | * 53 | * @param authReqId 54 | * The authentication request ID ({@code auth_req_id}) issued to the 55 | * client. 56 | * 57 | * @param expiresIn 58 | * The duration of the issued authentication request ID ({@code auth_req_id}) 59 | * in seconds. 60 | * 61 | * @return 62 | * A processor that communicates with the authentication device simulator 63 | * for end-user authentication and authorization in synchronous mode. 64 | */ 65 | public SyncAuthenticationDeviceProcessor(String ticket, User user, String clientName, 66 | String[] acrs, Scope[] scopes, String[] claimNames, String bindingMessage, 67 | String authReqId, int expiresIn) 68 | { 69 | super(ticket, user, clientName, acrs, scopes, claimNames, bindingMessage, 70 | authReqId, expiresIn); 71 | } 72 | 73 | 74 | @Override 75 | public void process() 76 | { 77 | // The response from the authentication device. 78 | SyncAuthenticationResponse response; 79 | 80 | try 81 | { 82 | // Perform the end-user authentication and authorization by communicating 83 | // with the authentication device in the sync mode. 84 | response = AuthenticationDevice.sync(mUser.getSubject(), buildMessage(), 85 | computeAuthTimeout(), mAuthReqId); 86 | } 87 | catch (Throwable t) 88 | { 89 | // An unexpected error occurred when communicating with the authentication 90 | // device. 91 | completeWithTransactionFailed( 92 | "Failed to communicate with the authentication device synchronously."); 93 | return; 94 | } 95 | 96 | // Handle the authentication/authorization result returned from the authentication 97 | // device. 98 | handleResult(response.getResult()); 99 | } 100 | } 101 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/core/SessionTracker.java: -------------------------------------------------------------------------------- 1 | package com.authlete.jaxrs.server.core; 2 | 3 | 4 | import java.util.HashSet; 5 | import java.util.Set; 6 | import javax.servlet.annotation.WebListener; 7 | import javax.servlet.http.HttpSessionEvent; 8 | import javax.servlet.http.HttpSessionListener; 9 | import org.slf4j.Logger; 10 | import org.slf4j.LoggerFactory; 11 | 12 | 13 | /** 14 | * Session Tracker to track active session IDs. 15 | * 16 | *

17 | * This class is designed to check whether a session corresponding to a given 18 | * session ID exists. 19 | *

20 | * 21 | *

22 | * To support the "OpenID Connect 24 | * Native SSO for Mobile Apps 1.0" specification (a.k.a. "Native SSO"), it 25 | * is necessary for the token endpoint implementation to verify whether the 26 | * session ID associated with a presented refresh token or subject token 27 | * exists. For this purpose, the {@link #isActiveSessionId(String)} method is 28 | * used. 29 | *

30 | * 31 | *

32 | * When a token request compliant with Native SSO is processed by Authlete's 33 | * {@code /auth/token} API, the {@code action} field in the API response will 34 | * be {@link com.authlete.common.dto.TokenResponse.Action#NATIVE_SSO NATIVE_SSO}, 35 | * and the session ID corresponding to the refresh token or subject token will 36 | * be included as the value of the {@code sessionId} parameter. This value 37 | * should be passed to the {@link #isActiveSessionId(String)} method to 38 | * determine whether the session ID is still active. 39 | *

40 | * 41 | *

42 | * Support for the Native SSO specification was introduced in Authlete 3.0. 43 | *

44 | * 45 | * @see OpenID Connect Native SSO for Mobile Apps 1.0 47 | */ 48 | @WebListener 49 | public class SessionTracker implements HttpSessionListener 50 | { 51 | private static final Set activeSessionIds = new HashSet<>(); 52 | private static final Logger logger = LoggerFactory.getLogger(SessionTracker.class); 53 | 54 | 55 | @Override 56 | public void sessionCreated(HttpSessionEvent se) 57 | { 58 | // The session ID. 59 | String sessionId = retrieveSessionId(se); 60 | 61 | logger.debug("A session with the session ID '{}' was created.", sessionId); 62 | 63 | // Add the session ID to the list of active session IDs. 64 | activeSessionIds.add(sessionId); 65 | } 66 | 67 | 68 | @Override 69 | public void sessionDestroyed(HttpSessionEvent se) 70 | { 71 | // The session ID. 72 | String sessionId = retrieveSessionId(se); 73 | 74 | logger.debug("The session with the session ID '{}' was destroyed.", sessionId); 75 | 76 | // Remove the session ID from the list of active session IDs. 77 | activeSessionIds.remove(sessionId); 78 | } 79 | 80 | 81 | private static String retrieveSessionId(HttpSessionEvent se) 82 | { 83 | return se.getSession().getId(); 84 | } 85 | 86 | 87 | /** 88 | * Check whether the session corresponding to the specified session ID is 89 | * active. 90 | * 91 | * @param sessionId 92 | * A session ID. 93 | * 94 | * @return 95 | * {@code true} if the session corresponding to the specified 96 | * session ID is active. 97 | */ 98 | public static boolean isActiveSessionId(String sessionId) 99 | { 100 | if (sessionId == null) 101 | { 102 | return false; 103 | } 104 | 105 | // Whether the session with the specified session ID is active. 106 | boolean active = activeSessionIds.contains(sessionId); 107 | 108 | logger.debug("The session with the session ID '{}' is {}active.", sessionId, active ? "" : "not "); 109 | 110 | return active; 111 | } 112 | } 113 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/api/TokenRequestHandlerSpiImpl.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2016-2022 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, 11 | * software distributed under the License is distributed on an 12 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 13 | * either express or implied. See the License for the specific 14 | * language governing permissions and limitations under the 15 | * License. 16 | */ 17 | package com.authlete.jaxrs.server.api; 18 | 19 | 20 | import java.util.Map; 21 | import javax.servlet.http.HttpServletRequest; 22 | import javax.ws.rs.core.Response; 23 | import com.authlete.common.api.AuthleteApi; 24 | import com.authlete.common.dto.Property; 25 | import com.authlete.common.dto.TokenResponse; 26 | import com.authlete.common.types.User; 27 | import com.authlete.jaxrs.server.db.UserDao; 28 | import com.authlete.jaxrs.spi.TokenRequestHandlerSpiAdapter; 29 | 30 | 31 | /** 32 | * Implementation of {@link com.authlete.jaxrs.spi.TokenRequestHandlerSpi 33 | * TokenRequestHandlerSpi} interface which needs to be given to the 34 | * constructor of {@link com.authlete.jaxrs.TokenRequestHandler 35 | * TokenRequestHandler}. 36 | * 37 | * @author Takahiko Kawasaki 38 | */ 39 | class TokenRequestHandlerSpiImpl extends TokenRequestHandlerSpiAdapter 40 | { 41 | private final AuthleteApi mAuthleteApi; 42 | private final HttpServletRequest mRequest; 43 | 44 | 45 | public TokenRequestHandlerSpiImpl(AuthleteApi authleteApi, HttpServletRequest request) 46 | { 47 | mAuthleteApi = authleteApi; 48 | mRequest = request; 49 | } 50 | 51 | 52 | @Override 53 | public String authenticateUser(String username, String password) 54 | { 55 | // Note: this method needs to be implemented only when you 56 | // want to support "Resource Owner Password Credentials Grant". 57 | 58 | // Search the user database for a user. 59 | User user = UserDao.getByCredentials(username, password); 60 | 61 | // If not found. 62 | if (user == null) 63 | { 64 | // There is no user who has the credentials. 65 | return null; 66 | } 67 | 68 | // Return the subject (= unique identifier) of the user. 69 | return user.getSubject(); 70 | } 71 | 72 | 73 | @Override 74 | public Property[] getProperties() 75 | { 76 | // Properties returned from this method will be associated with an 77 | // access token that will be issued as a result of the token request. 78 | return null; 79 | } 80 | 81 | 82 | @Override 83 | public Response tokenExchange( 84 | TokenResponse tokenResponse, Map headers) 85 | { 86 | // Handle the token exchange request (RFC 8693). 87 | return new TokenExchanger(mAuthleteApi, mRequest, tokenResponse, headers).process(); 88 | } 89 | 90 | 91 | @Override 92 | public Response jwtBearer( 93 | TokenResponse tokenResponse, Map headers) 94 | { 95 | // Handle the token request that uses the grant type 96 | // "urn:ietf:params:oauth:grant-type:jwt-bearer" (RFC 7523). 97 | return new JwtAuthzGrantProcessor(mAuthleteApi, mRequest, tokenResponse, headers).process(); 98 | } 99 | 100 | 101 | @Override 102 | public Response nativeSso(TokenResponse tokenResponse, Map headers) 103 | { 104 | // Handle the token request that complies with the 105 | // "OpenID Connect Native SSO for Mobile Apps 1.0" specification. 106 | return new NativeSsoProcessor(mAuthleteApi, mRequest, tokenResponse, headers).process(); 107 | } 108 | } 109 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/api/obb/ResourcesEndpoint.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2021 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, 11 | * software distributed under the License is distributed on an 12 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 13 | * either express or implied. See the License for the specific 14 | * language governing permissions and limitations under the 15 | * License. 16 | */ 17 | package com.authlete.jaxrs.server.api.obb; 18 | 19 | 20 | import static com.authlete.common.util.FapiUtils.X_FAPI_INTERACTION_ID; 21 | import javax.servlet.http.HttpServletRequest; 22 | import javax.ws.rs.GET; 23 | import javax.ws.rs.HeaderParam; 24 | import javax.ws.rs.Path; 25 | import javax.ws.rs.core.Context; 26 | import javax.ws.rs.core.Response; 27 | import com.authlete.common.api.AuthleteApi; 28 | import com.authlete.common.api.AuthleteApiFactory; 29 | import com.authlete.common.dto.IntrospectionResponse; 30 | import com.authlete.jaxrs.server.obb.model.Links; 31 | import com.authlete.jaxrs.server.obb.model.Meta; 32 | import com.authlete.jaxrs.server.obb.model.Resource; 33 | import com.authlete.jaxrs.server.obb.model.ResponseResourceList; 34 | import com.authlete.jaxrs.server.obb.util.ObbUtils; 35 | 36 | 37 | /** 38 | * Sample implementation of Resources API of Open Banking Brasil. 39 | */ 40 | @Path("/api/obb/resources") 41 | public class ResourcesEndpoint 42 | { 43 | @GET 44 | public Response read( 45 | @Context HttpServletRequest request, 46 | @HeaderParam(X_FAPI_INTERACTION_ID) String incomingInteractionId) 47 | { 48 | String code = "Resources Read"; 49 | 50 | // Compute a value for the "x-fapi-interaction-id" HTTP response header. 51 | String outgoingInteractionId = 52 | ObbUtils.computeOutgoingInteractionId(code, incomingInteractionId); 53 | 54 | // Validate the access token. 55 | AuthleteApi authleteApi = AuthleteApiFactory.getDefaultApi(); 56 | IntrospectionResponse info = ObbUtils.validateAccessToken( 57 | outgoingInteractionId, code, authleteApi, request, "resources"); 58 | 59 | // Make sure that the access token has a "consent:{consentId}" scope. 60 | ensureConsentScope(outgoingInteractionId, code, info); 61 | 62 | // Build a response body. 63 | ResponseResourceList body = buildResponseBody(); 64 | 65 | // Build a successful response. 66 | return ObbUtils.ok(outgoingInteractionId, body); 67 | } 68 | 69 | 70 | private static void ensureConsentScope( 71 | String outgoingInteractionId, String code, IntrospectionResponse info) 72 | { 73 | // Extract a "consent:{consentId}" scope from the scope list of 74 | // the access token. 75 | String consentScope = ObbUtils.extractConsentScope(info); 76 | 77 | if (consentScope != null) 78 | { 79 | // Okay. The access token has a consent scope. 80 | return; 81 | } 82 | 83 | // The access token does not have a consent scope. 84 | throw ObbUtils.forbiddenException(outgoingInteractionId, code, 85 | "The access token does not have a consent scope."); 86 | } 87 | 88 | 89 | private static ResponseResourceList buildResponseBody() 90 | { 91 | // Build dummy resources. 92 | Resource resource = new Resource("resourceId", "type", "status"); 93 | Resource[] data = new Resource[] { resource }; 94 | Links links = new Links().setSelf("/"); 95 | Meta meta = new Meta(1, 1, ObbUtils.formatNow()); 96 | 97 | return new ResponseResourceList(data, links, meta); 98 | } 99 | } 100 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/api/vci/CredentialOfferIssueEndpoint.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2023 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, 11 | * software distributed under the License is distributed on an 12 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 13 | * either express or implied. See the License for the specific 14 | * language governing permissions and limitations under the 15 | * License. 16 | */ 17 | package com.authlete.jaxrs.server.api.vci; 18 | 19 | 20 | import java.util.Map; 21 | import javax.servlet.http.HttpServletRequest; 22 | import javax.servlet.http.HttpSession; 23 | import javax.ws.rs.Consumes; 24 | import javax.ws.rs.GET; 25 | import javax.ws.rs.POST; 26 | import javax.ws.rs.Path; 27 | import javax.ws.rs.core.Context; 28 | import javax.ws.rs.core.MediaType; 29 | import javax.ws.rs.core.MultivaluedMap; 30 | import javax.ws.rs.core.Response; 31 | import org.glassfish.jersey.server.mvc.Viewable; 32 | import com.authlete.common.api.AuthleteApi; 33 | import com.authlete.common.api.AuthleteApiFactory; 34 | import com.authlete.common.dto.CredentialOfferCreateRequest; 35 | import com.authlete.common.dto.CredentialOfferCreateResponse; 36 | import com.authlete.common.types.User; 37 | import com.authlete.jaxrs.BaseEndpoint; 38 | import com.authlete.jaxrs.server.util.ExceptionUtil; 39 | import com.authlete.jaxrs.server.util.ProcessingUtil; 40 | 41 | 42 | @Path("/api/offer/issue") 43 | public class CredentialOfferIssueEndpoint extends BaseEndpoint 44 | { 45 | @GET 46 | public Response get() 47 | { 48 | // Create a Viewable instance that represents the credential offer page. 49 | // Viewable is a class provided by Jersey for MVC. 50 | final Viewable viewable = new Viewable("/credential-offer", new CredentialOfferPageModel()); 51 | 52 | // Create a response that has the viewable as its content. 53 | return Response.ok(viewable, MediaType.TEXT_HTML_TYPE.withCharset("UTF-8")).build(); 54 | } 55 | 56 | 57 | @POST 58 | @Consumes(MediaType.APPLICATION_FORM_URLENCODED) 59 | public Response post( 60 | @Context HttpServletRequest request, 61 | MultivaluedMap parameters) 62 | { 63 | // Get the existing session. 64 | final HttpSession session = ProcessingUtil.getSession(request); 65 | 66 | // Read request 67 | final Map flatMap = ProcessingUtil.flattenMultivaluedMap(parameters); 68 | final CredentialOfferPageModel model = new CredentialOfferPageModel() 69 | .setValues(flatMap); 70 | 71 | final AuthleteApi api = AuthleteApiFactory.getDefaultApi(); 72 | final User user = ProcessingUtil.getUser(session, parameters); 73 | 74 | if (user == null) 75 | { 76 | throw ExceptionUtil.badRequestException("Bad authentication."); 77 | } 78 | 79 | final CredentialOfferCreateRequest createRequest = model.toRequest(user); 80 | final CredentialOfferCreateResponse response = api.credentialOfferCreate(createRequest); 81 | 82 | switch (response.getAction()) 83 | { 84 | case CREATED: 85 | model.setInfo(response.getInfo()); 86 | model.setUser(user); 87 | 88 | // Create a Viewable instance that represents the credential offer page. 89 | // Viewable is a class provided by Jersey for MVC. 90 | final Viewable viewable = new Viewable("/credential-offer", model); 91 | 92 | // Create a response that has the viewable as its content. 93 | return Response.ok(viewable, MediaType.TEXT_HTML_TYPE.withCharset("UTF-8")).build(); 94 | 95 | default: 96 | throw ExceptionUtil.badRequestException("An exception occured: " + response.getResultMessage()); 97 | } 98 | } 99 | } 100 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/federation/ClientConfig.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2022 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | package com.authlete.jaxrs.server.federation; 17 | 18 | 19 | import static com.authlete.jaxrs.server.federation.ConfigValidationHelper.ensureNotEmpty; 20 | import static com.authlete.jaxrs.server.federation.ConfigValidationHelper.ensureUri; 21 | import java.io.Serializable; 22 | 23 | 24 | /** 25 | * Client configuration for ID federation. 26 | * 27 | * 
 28 |  * {
 29 |  *     "clientId": "(client ID issued by the OpenID Provider)",
 30 |  *     "clientSecret": "(client secret issued by the OpenID Provider)",
 31 |  *     "redirectUri": "(redirect URI registered to the OpenID Provider)",
 32 |  *     "idTokenSignedResponseAlg": "(algorithm of ID Token signature)"
 33 |  * }
 34 |  *
35 | * 36 | *

37 | * {@code "clientId"} is the client ID issued to your client application by 38 | * the OpenID Provider. 39 | *

40 | * 41 | *

42 | * If {@code "clientSecret"} is set, token requests made by {@link Federation} 43 | * will include an {@code Authorization} header for client authentication. 44 | * This behavior assumes that the token endpoint of the OpenID Provider 45 | * supports {@code client_secret_basic} as a method of client authentication. 46 | *

47 | * 48 | *

49 | * {@code "redirectUri"} must be a redirect URI that you have registered into 50 | * the OpenID Provider. For example, 51 | * http://localhost:8080/api/federation/callback/okta. 52 | *

53 | * 54 | *

55 | * If {@code "idTokenSignedResponseAlg"} is omitted, {@code "RS256"} is used 56 | * as the default value. See technical documents of the OpenID Provider 57 | * about the actual algorithm it uses for signing ID tokens. 58 | *

59 | * 60 | * @see FederationConfig 61 | */ 62 | public class ClientConfig implements Serializable 63 | { 64 | private static final long serialVersionUID = 1L; 65 | 66 | 67 | private String clientId; 68 | private String clientSecret; 69 | private String redirectUri; 70 | private String idTokenSignedResponseAlg; 71 | 72 | 73 | public String getClientId() 74 | { 75 | return clientId; 76 | } 77 | 78 | 79 | public ClientConfig setClientId(String clientId) 80 | { 81 | this.clientId = clientId; 82 | 83 | return this; 84 | } 85 | 86 | 87 | public String getClientSecret() 88 | { 89 | return clientSecret; 90 | } 91 | 92 | 93 | public ClientConfig setClientSecret(String clientSecret) 94 | { 95 | this.clientSecret = clientSecret; 96 | 97 | return this; 98 | } 99 | 100 | 101 | public String getRedirectUri() 102 | { 103 | return redirectUri; 104 | } 105 | 106 | 107 | public ClientConfig setRedirectUri(String redirectUri) 108 | { 109 | this.redirectUri = redirectUri; 110 | 111 | return this; 112 | } 113 | 114 | 115 | public String getIdTokenSignedResponseAlg() 116 | { 117 | return idTokenSignedResponseAlg; 118 | } 119 | 120 | 121 | public ClientConfig setIdTokenSignedResponseAlg(String idTokenSignedResponseAlg) 122 | { 123 | this.idTokenSignedResponseAlg = idTokenSignedResponseAlg; 124 | 125 | return this; 126 | } 127 | 128 | 129 | public void validate() throws IllegalStateException 130 | { 131 | ensureNotEmpty("client/clientId", clientId); 132 | ensureNotEmpty("client/redirectUri", redirectUri); 133 | ensureUri("client/redirectUri", redirectUri); 134 | } 135 | } 136 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/api/UserInfoRequestHandlerSpiImpl.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2016-2022 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, 11 | * software distributed under the License is distributed on an 12 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 13 | * either express or implied. See the License for the specific 14 | * language governing permissions and limitations under the 15 | * License. 16 | */ 17 | package com.authlete.jaxrs.server.api; 18 | 19 | 20 | import java.util.List; 21 | import java.util.Map; 22 | import com.authlete.common.assurance.VerifiedClaims; 23 | import com.authlete.common.assurance.constraint.VerifiedClaimsConstraint; 24 | import com.authlete.common.types.User; 25 | import com.authlete.jaxrs.server.db.DatasetDao; 26 | import com.authlete.jaxrs.server.db.UserDao; 27 | import com.authlete.jaxrs.server.db.VerifiedClaimsDao; 28 | import com.authlete.jaxrs.spi.UserInfoRequestHandlerSpiAdapter; 29 | 30 | 31 | /** 32 | * Implementation of {@link com.authlete.jaxrs.spi.UserInfoRequestHandlerSpi 33 | * UserInfoRequestHandlerSpi} interface which needs to be given to the 34 | * constructor of {@link com.authlete.jaxrs.UserInfoRequestHandler 35 | * UserInfoRequestHandler}. 36 | */ 37 | public class UserInfoRequestHandlerSpiImpl extends UserInfoRequestHandlerSpiAdapter 38 | { 39 | private User mUser; 40 | 41 | 42 | @Override 43 | public void prepareUserClaims(String subject, String[] claimNames) 44 | { 45 | // Look up a user who has the subject. 46 | mUser = UserDao.getBySubject(subject); 47 | } 48 | 49 | 50 | @Override 51 | public Object getUserClaim(String claimName, String languageTag) 52 | { 53 | // If looking up a user has failed in prepareUserClaims(). 54 | if (mUser == null) 55 | { 56 | // No claim is available. 57 | return null; 58 | } 59 | 60 | // Get the value of the claim. 61 | return mUser.getClaim(claimName, languageTag); 62 | } 63 | 64 | 65 | @Override 66 | public List getVerifiedClaims(String subject, VerifiedClaimsConstraint constraint) 67 | { 68 | // This method, getVerifiedClaims(String, VerifiedClaimsConstraint), 69 | // is no longer called since authlete-java-jaxrs 2.42 unless the 70 | // 'oldIdaFormatUsed' flag of UserInfoRequestHandler.Params is on. 71 | // Instead, getVerifiedClaims(String, Object) is called. 72 | 73 | // The third Implementer's Draft of OpenID Connect for Identity 74 | // Assurance 1.0 (which was published in September 2021) has introduced 75 | // many breaking changes. In addition, it is scheduled that the next 76 | // draft will introduce further breaking changes. The specification is 77 | // still unstable. It turned out to be inadequate to define Java classes 78 | // that correspond to data structures of elements under "verified_claims". 79 | // In that sense, the classes under com.authlete.common.assurance package 80 | // of the authlete-java-common library are no longer useful. 81 | // 82 | // Authlete 2.3 has implemented a different approach for ID3 and future 83 | // drafts of OIDC4IDA that is less susceptible to specification changes. 84 | 85 | return VerifiedClaimsDao.get(subject, constraint); 86 | } 87 | 88 | 89 | @Override 90 | public Object getVerifiedClaims(String subject, Object verifiedClaimsRequest) 91 | { 92 | // The list of available datasets of the subject. 93 | List> datasets = DatasetDao.get(subject); 94 | 95 | // Build the content of "verified_claims" which meets conditions 96 | // of the request from the available datasets. 97 | return new VerifiedClaimsBuilder(verifiedClaimsRequest, datasets).build(); 98 | } 99 | } 100 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/api/FederationRegistrationEndpoint.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2022 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, 11 | * software distributed under the License is distributed on an 12 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 13 | * either express or implied. See the License for the specific 14 | * language governing permissions and limitations under the 15 | * License. 16 | */ 17 | package com.authlete.jaxrs.server.api; 18 | 19 | 20 | import javax.ws.rs.Consumes; 21 | import javax.ws.rs.POST; 22 | import javax.ws.rs.Path; 23 | import javax.ws.rs.core.Response; 24 | import com.authlete.common.api.AuthleteApiFactory; 25 | import com.authlete.common.dto.FederationRegistrationRequest; 26 | import com.authlete.jaxrs.BaseFederationRegistrationEndpoint; 27 | 28 | 29 | /** 30 | * An implementation of the federation registration endpoint. 31 | * 32 | *

33 | * An OpenID Provider that supports the "explicit" client registration defined 34 | * in OpenID Connect Federation 1.0 is supposed to provide a federation 36 | * registration endpoint that accepts explicit client registration requests. 37 | *

38 | * 39 | *

40 | * The endpoint accepts {@code POST} requests whose {@code Content-Type} 41 | * is either of the following. 42 | *

43 | * 44 | *
    45 | *
  1. {@code application/entity-statement+jwt} 46 | *
  2. {@code application/trust-chain+json} 47 | *
48 | * 49 | *

50 | * When the {@code Content-Type} of a request is 51 | * {@code application/entity-statement+jwt}, the content of the request is 52 | * the entity configuration of a relying party that is to be registered. 53 | *

54 | * 55 | *

56 | * On the other hand, when the {@code Content-Type} of a request is 57 | * {@code application/trust-chain+json}, the content of the request is a 58 | * JSON array that contains entity statements in JWT format. The sequence 59 | * of the entity statements composes the trust chain of a relying party 60 | * that is to be registered. 61 | *

62 | * 63 | *

64 | * On successful registration, the endpoint should return a kind of entity 65 | * statement (JWT) with the HTTP status code {@code 200 OK} and the content 66 | * type {@code application/jose}. 67 | *

68 | * 69 | *

70 | * The discovery document (OpenID Connect 72 | * Discovery 1.0) should include the {@code federation_registration_endpoint} 73 | * server metadata that denotes the URL of the federation registration endpoint. 74 | *

75 | * 76 | *

77 | * Note that OpenID Connect Federation 1.0 is supported since Authlete 2.3. 78 | *

79 | * 80 | * @see OpenID Connect Federation 1.0 82 | */ 83 | @Path("/api/federation/register") 84 | public class FederationRegistrationEndpoint extends BaseFederationRegistrationEndpoint 85 | { 86 | @POST 87 | @Consumes("application/entity-statement+jwt") 88 | public Response entityConfiguration(String jwt) 89 | { 90 | // Client registration by a relying party's entity configuration. 91 | return handle( 92 | AuthleteApiFactory.getDefaultApi(), 93 | request().setEntityConfiguration(jwt)); 94 | } 95 | 96 | 97 | @POST 98 | @Consumes("application/trust-chain+json") 99 | public Response trustChain(String json) 100 | { 101 | // Client registration by a relying party's trust chain. 102 | return handle( 103 | AuthleteApiFactory.getDefaultApi(), 104 | request().setTrustChain(json)); 105 | } 106 | 107 | 108 | private static FederationRegistrationRequest request() 109 | { 110 | return new FederationRegistrationRequest(); 111 | } 112 | } 113 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/vc/VerifiableCredentialType.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2023-2024 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, 11 | * software distributed under the License is distributed on an 12 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 13 | * either express or implied. See the License for the specific 14 | * language governing permissions and limitations under the 15 | * License. 16 | */ 17 | package com.authlete.jaxrs.server.vc; 18 | 19 | 20 | import java.util.Arrays; 21 | import com.authlete.common.types.StandardClaims; 22 | 23 | 24 | /** 25 | * Verifiable Credential Type identified by the "{@code vct}" claim 26 | * in an SD-JWT VC. 27 | */ 28 | public enum VerifiableCredentialType 29 | { 30 | IDENTITY_CREDENTIAL( 31 | "https://credentials.example.com/identity_credential", 32 | new String[] { 33 | StandardClaims.GIVEN_NAME, 34 | StandardClaims.FAMILY_NAME, 35 | StandardClaims.BIRTHDATE 36 | } 37 | ), 38 | 39 | DIGITAL_CREDENTIAL( 40 | "https://credentials.example.com/digital_credential", 41 | new String[] { 42 | StandardClaims.GIVEN_NAME, 43 | StandardClaims.FAMILY_NAME, 44 | StandardClaims.BIRTHDATE 45 | } 46 | ), 47 | 48 | /** 49 | * The vct used in the POTENTIAL Interop Event Track 2. 51 | * 52 | *
53 | * 54 | * 55 | * 56 | * 57 | * 58 | * 59 | * 62 | * 74 | * 75 | *
vctclaims
60 | * urn:eu.europa.ec.eudi:pid:1 61 | * 63 | *
    64 | *
  • family_name 65 | *
  • given_name 66 | *
  • birthdate 67 | *
  • age_equal_or_over/18 68 | *
  • place_of_birth/locality 69 | *
  • address/formatted 70 | *
  • issuing_authority 71 | *
  • issuing_country 72 | *
73 | *
76 | *
77 | * 78 | * @see POTENTIAL Interop Event Track 2 / description 80 | */ 81 | EUDI_PID_1( 82 | "urn:eu.europa.ec.eudi:pid:1", 83 | new String[] { 84 | StandardClaims.FAMILY_NAME, 85 | StandardClaims.GIVEN_NAME, 86 | StandardClaims.BIRTHDATE, 87 | "age_equal_or_over", 88 | "place_of_birth", 89 | StandardClaims.ADDRESS, 90 | "issuing_authority", 91 | "issuing_country", 92 | } 93 | ), 94 | ; 95 | 96 | 97 | private final String id; 98 | private final String[] claims; 99 | 100 | 101 | private VerifiableCredentialType(String id, String[] claims) 102 | { 103 | this.id = id; 104 | this.claims = claims; 105 | } 106 | 107 | 108 | public String getId() 109 | { 110 | return id; 111 | } 112 | 113 | 114 | public String[] getClaims() 115 | { 116 | return claims; 117 | } 118 | 119 | 120 | public static VerifiableCredentialType byId(final String id) 121 | { 122 | return Arrays.stream(VerifiableCredentialType.values()) 123 | .filter(format -> format.getId().equals(id)) 124 | .findFirst() 125 | .orElse(null); 126 | } 127 | } 128 | -------------------------------------------------------------------------------- /src/main/java/com/authlete/jaxrs/server/api/AuthorizationEndpoint.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2016 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, 11 | * software distributed under the License is distributed on an 12 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 13 | * either express or implied. See the License for the specific 14 | * language governing permissions and limitations under the 15 | * License. 16 | */ 17 | package com.authlete.jaxrs.server.api; 18 | 19 | 20 | import javax.servlet.http.HttpServletRequest; 21 | import javax.ws.rs.Consumes; 22 | import javax.ws.rs.GET; 23 | import javax.ws.rs.POST; 24 | import javax.ws.rs.Path; 25 | import javax.ws.rs.core.Context; 26 | import javax.ws.rs.core.MediaType; 27 | import javax.ws.rs.core.MultivaluedMap; 28 | import javax.ws.rs.core.Response; 29 | import javax.ws.rs.core.UriInfo; 30 | import com.authlete.common.api.AuthleteApiFactory; 31 | import com.authlete.jaxrs.BaseAuthorizationEndpoint; 32 | 33 | 34 | /** 35 | * An implementation of OAuth 2.0 authorization endpoint with OpenID Connect support. 36 | * 37 | * @see RFC 6749, 3.1. Authorization Endpoint 39 | * 40 | * @see OpenID Connect Core 1.0, 3.1.2. Authorization Endpoint (Authorization Code Flow) 42 | * 43 | * @see OpenID Connect Core 1.0, 3.2.2. Authorization Endpoint (Implicit Flow) 45 | * 46 | * @see OpenID Connect Core 1.0, 3.3.2. Authorization Endpoint (Hybrid Flow) 48 | * 49 | * @author Takahiko Kawasaki 50 | */ 51 | @Path("/api/authorization") 52 | public class AuthorizationEndpoint extends BaseAuthorizationEndpoint 53 | { 54 | /** 55 | * The authorization endpoint for {@code GET} method. 56 | * 57 | *

58 | * RFC 6749, 59 | * 3.1 Authorization Endpoint says that the authorization endpoint 60 | * MUST support {@code GET} method. 61 | *

62 | * 63 | * @see RFC 6749, 3.1 Authorization Endpoint 65 | */ 66 | @GET 67 | public Response get( 68 | @Context HttpServletRequest request, 69 | @Context UriInfo uriInfo) 70 | { 71 | // Handle the authorization request. 72 | return handle(request, uriInfo.getQueryParameters()); 73 | } 74 | 75 | 76 | /** 77 | * The authorization endpoint for {@code POST} method. 78 | * 79 | *

80 | * RFC 6749, 81 | * 3.1 Authorization Endpoint says that the authorization endpoint 82 | * MAY support {@code POST} method. 83 | *

84 | * 85 | *

86 | * In addition, OpenID Connect Core 1.0, 3.1.2.1. Authentication Request says 88 | * that the authorization endpoint MUST support {@code POST} method. 89 | *

90 | */ 91 | @POST 92 | @Consumes(MediaType.APPLICATION_FORM_URLENCODED) 93 | public Response post( 94 | @Context HttpServletRequest request, 95 | MultivaluedMap parameters) 96 | { 97 | // Handle the authorization request. 98 | return handle(request, parameters); 99 | } 100 | 101 | 102 | /** 103 | * Handle the authorization request. 104 | */ 105 | private Response handle(HttpServletRequest request, MultivaluedMap parameters) 106 | { 107 | return handle(AuthleteApiFactory.getDefaultApi(), 108 | new AuthorizationRequestHandlerSpiImpl(request), parameters); 109 | } 110 | } 111 | -------------------------------------------------------------------------------- /src/main/webapp/css/authorization.css: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2016-2022 Authlete, Inc. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, 11 | * software distributed under the License is distributed on an 12 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 13 | * either express or implied. See the License for the specific 14 | * language governing permissions and limitations under the 15 | * License. 16 | */ 17 | 18 | .font-default 19 | { 20 | font-family: 'Source Sans Pro', 'Helvetica Neue', 'Segoe UI', 'Arial', sans-serif; 21 | -webkit-font-smoothing: antialiased; 22 | color: #666; 23 | } 24 | 25 | body { 26 | margin: 0; 27 | text-shadow: none; 28 | } 29 | 30 | p { 31 | margin-top: 0; 32 | } 33 | 34 | h3, h4 { 35 | color: steelblue; 36 | } 37 | 38 | .indent { 39 | margin-left: 15px; 40 | } 41 | 42 | #page_title { 43 | background: #F5F5F5; 44 | color: steelblue; 45 | padding: 0.5em; 46 | margin: 0; 47 | } 48 | 49 | #content { 50 | padding: 0 20px 20px; 51 | } 52 | 53 | #logo { 54 | width: 150px; 55 | height: 150px; 56 | background: lightgray; 57 | margin: 0 20px 10px 5px; 58 | float: left; 59 | } 60 | 61 | #client-summary { 62 | float: left; 63 | } 64 | 65 | #client-link-list { 66 | margin: 0; 67 | padding: 0; 68 | } 69 | 70 | #client-link-list li { 71 | list-style-type: none; 72 | } 73 | 74 | #client-link-list a { 75 | position: relative; 76 | padding-left: 25px; 77 | text-decoration: none; 78 | color: cadetblue; 79 | } 80 | 81 | #client-link-list a:hover { 82 | text-decoration: underline; 83 | } 84 | 85 | #client-link-list a:before { 86 | display: block; 87 | content: ""; 88 | position: absolute; 89 | top: 50%; 90 | left: 0; 91 | width: 0; 92 | margin: -5px 0 0 0; 93 | border-top: 12px solid cadetblue; 94 | border-left: 12px solid transparent; 95 | -webkit-transform: rotate(45deg); 96 | transform: rotate(45deg); 97 | } 98 | 99 | #scope-list { 100 | margin-left: 20px; 101 | } 102 | 103 | #scope-list dt { 104 | font-weight: bold; 105 | } 106 | 107 | #scope-list dd { 108 | margin-bottom: 10px; 109 | } 110 | 111 | input { 112 | color: black; 113 | } 114 | 115 | #login-fields { 116 | margin-bottom: 20px; 117 | } 118 | 119 | #login-prompt { 120 | font-size: 85%; 121 | margin-bottom: 5px; 122 | } 123 | 124 | #loginId { 125 | display: block; 126 | border: 1px solid #666; 127 | border-bottom: none; 128 | padding: 0.3em 0.5em; 129 | width: 300px; 130 | } 131 | 132 | #password { 133 | display: block; 134 | border: 1px solid #666; 135 | padding: 0.3em 0.5em; 136 | width: 300px; 137 | } 138 | 139 | #login-user { 140 | font-style: italic; 141 | } 142 | 143 | #federations-prompt { 144 | font-size: 85%; 145 | margin-bottom: 5px; 146 | } 147 | 148 | #federation-message { 149 | font-size: 85%; 150 | margin-bottom: 5px; 151 | color: darkred; 152 | } 153 | 154 | #authorization-form-buttons { 155 | margin: 20px auto; 156 | } 157 | 158 | #authorize-button, #deny-button { 159 | display: inline-block; 160 | width: 150px; 161 | padding: 12px 0; 162 | margin: 13px; 163 | min-height: 26px; 164 | text-align: center; 165 | text-decoration: none; 166 | outline: 0; 167 | -webkit-transition: none; 168 | transition: none; 169 | } 170 | 171 | #authorize-button { 172 | background-color: #4285f4; 173 | color: white; 174 | } 175 | 176 | #authorize-button:hover { 177 | background-color: #1255f4; 178 | } 179 | 180 | #authorize-button:active { 181 | background-color: blue; 182 | } 183 | 184 | #deny-button { 185 | background-color: #f08080; 186 | color: white; 187 | } 188 | 189 | #deny-button:hover { 190 | background-color: #f05050; 191 | } 192 | 193 | #deny-button:active { 194 | background-color: red; 195 | } 196 | 197 | pre { 198 | background: #f4f4f4; 199 | border: 1px solid #ddd; 200 | border-left: 3px solid #33b0f3; 201 | color: #666; 202 | page-break-inside: avoid; 203 | font-family: monospace; 204 | margin-bottom: 1.6em; 205 | max-width: 60%; 206 | overflow: auto; 207 | padding: 1em 1.5em; 208 | display: block; 209 | word-wrap: break-word; 210 | } --------------------------------------------------------------------------------