60 String client_id = null;
61 String clientSecret = null;
63 String authorizationHeader = context.getHttpRequest().getHttpHeaders().getRequestHeaders().getFirst(HttpHeaders.AUTHORIZATION);
65 MediaType mediaType = context.getHttpRequest().getHttpHeaders().getMediaType();
66 boolean hasFormData = mediaType != null && mediaType.isCompatible(MediaType.APPLICATION_FORM_URLENCODED_TYPE);
68 MultivaluedMap<String, String> formData = hasFormData ? context.getHttpRequest().getDecodedFormParameters() : null;
70 if (authorizationHeader != null) {
71 String[] usernameSecret = BasicAuthHelper.parseHeader(authorizationHeader);
72 if (usernameSecret != null) {
73 client_id = usernameSecret[0];
74 clientSecret = usernameSecret[1];
78 if (formData != null && !formData.containsKey(OAuth2Constants.CLIENT_ID)) {
79 Response challengeResponse = Response.status(Response.Status.UNAUTHORIZED).header(HttpHeaders.WWW_AUTHENTICATE,
"Basic realm=\"" + context.getRealm().getName() +
"\"").build();
80 context.challenge(challengeResponse);
86 if (formData != null) {
89 if (formData.containsKey(OAuth2Constants.CLIENT_ID)) {
90 client_id = formData.getFirst(OAuth2Constants.CLIENT_ID);
92 if (formData.containsKey(OAuth2Constants.CLIENT_SECRET)) {
93 clientSecret = formData.getFirst(OAuth2Constants.CLIENT_SECRET);
97 if (client_id == null) {
98 client_id = context.getSession().getAttribute(
"client_id", String.class);
101 if (client_id == null) {
102 Response challengeResponse = ClientAuthUtil.errorResponse(Response.Status.BAD_REQUEST.getStatusCode(),
"invalid_client",
"Missing client_id parameter");
103 context.challenge(challengeResponse);
107 context.getEvent().client(client_id);
109 ClientModel client = context.getRealm().getClientByClientId(client_id);
110 if (client == null) {
111 context.failure(AuthenticationFlowError.CLIENT_NOT_FOUND, null);
115 context.setClient(client);
117 if (!client.isEnabled()) {
118 context.failure(AuthenticationFlowError.CLIENT_DISABLED, null);
123 if (client.isPublicClient()) {
128 if (clientSecret == null) {
129 Response challengeResponse = ClientAuthUtil.errorResponse(Response.Status.BAD_REQUEST.getStatusCode(),
"unauthorized_client",
"Client secret not provided in request");
130 context.challenge(challengeResponse);
134 if (client.getSecret() == null) {
135 Response challengeResponse = ClientAuthUtil.errorResponse(Response.Status.BAD_REQUEST.getStatusCode(),
"unauthorized_client",
"Invalid client secret");
136 context.failure(AuthenticationFlowError.INVALID_CLIENT_CREDENTIALS, challengeResponse);
140 if (!client.validateSecret(clientSecret)) {
141 Response challengeResponse = ClientAuthUtil.errorResponse(Response.Status.BAD_REQUEST.getStatusCode(),
"unauthorized_client",
"Invalid client secret");
142 context.failure(AuthenticationFlowError.INVALID_CLIENT_CREDENTIALS, challengeResponse);