org.mitre.oauth2.web.DeviceEndpoint クラス

org.mitre.oauth2.web.DeviceEndpoint 連携図

公開メンバ関数
String	requestDeviceCode (@RequestParam("client_id") String clientId, @RequestParam(name="scope", required=false) String scope, Map< String, String > parameters, ModelMap model)
String	requestUserCode (ModelMap model)
String	readUserCode (@RequestParam("user_code") String userCode, ModelMap model, HttpSession session)
String	approveDevice (@RequestParam("user_code") String userCode, @RequestParam(value="user_oauth_approval") Boolean approve, ModelMap model, Authentication auth, HttpSession session)

静的公開変数類
static final String	URL = "devicecode"
static final String	USER_URL = "device"
static final Logger	logger = LoggerFactory.getLogger(DeviceEndpoint.class)

非公開変数類
ClientDetailsEntityService	clientService
SystemScopeService	scopeService
ConfigurationPropertiesBean	config
DeviceCodeService	deviceCodeService
OAuth2RequestFactory	oAuth2RequestFactory

詳解

Implements https://tools.ietf.org/html/draft-ietf-oauth-device-flow

参照

DeviceTokenGranter

著者

jricher

関数詳解

approveDevice()

String org.mitre.oauth2.web.DeviceEndpoint.approveDevice ( @RequestParam("user_code") String  userCode, @RequestParam(value="user_oauth_approval") Boolean  approve, ModelMap  model, Authentication  auth, HttpSession  session  )

inline

                                                                                                                                                                                                        {

                AuthorizationRequest authorizationRequest = (AuthorizationRequest) session.getAttribute("authorizationRequest");
                DeviceCode dc = (DeviceCode) session.getAttribute("deviceCode");

                // make sure the form that was submitted is the one that we were expecting
                if (!dc.getUserCode().equals(userCode)) {
                        model.addAttribute("error", "userCodeMismatch");
                        return "requestUserCode";
                }

                // make sure the code hasn't expired yet
                if (dc.getExpiration() != null && dc.getExpiration().before(new Date())) {
                        model.addAttribute("error", "expiredUserCode");
                        return "requestUserCode";
                }

                ClientDetailsEntity client = clientService.loadClientByClientId(dc.getClientId());

                model.put("client", client);

                // user did not approve
                if (!approve) {
                        model.addAttribute("approved", false);
                        return "deviceApproved";
                }

                // create an OAuth request for storage
                OAuth2Request o2req = oAuth2RequestFactory.createOAuth2Request(authorizationRequest);
                OAuth2Authentication o2Auth = new OAuth2Authentication(o2req, auth);
                
                DeviceCode approvedCode = deviceCodeService.approveDeviceCode(dc, o2Auth);
                
                // pre-process the scopes
                Set<SystemScope> scopes = scopeService.fromStrings(dc.getScope());

                Set<SystemScope> sortedScopes = new LinkedHashSet<>(scopes.size());
                Set<SystemScope> systemScopes = scopeService.getAll();

                // sort scopes for display based on the inherent order of system scopes
                for (SystemScope s : systemScopes) {
                        if (scopes.contains(s)) {
                                sortedScopes.add(s);
                        }
                }

                // add in any scopes that aren't system scopes to the end of the list
                sortedScopes.addAll(Sets.difference(scopes, systemScopes));

                model.put("scopes", sortedScopes);
                model.put("approved", true);

                return "deviceApproved";
        }

readUserCode()

String org.mitre.oauth2.web.DeviceEndpoint.readUserCode ( @RequestParam("user_code") String  userCode, ModelMap  model, HttpSession  session  )

inline

                                                                                                                    {

                // look up the request based on the user code
                DeviceCode dc = deviceCodeService.lookUpByUserCode(userCode);

                // we couldn't find the device code
                if (dc == null) {
                        model.addAttribute("error", "noUserCode");
                        return "requestUserCode";
                }

                // make sure the code hasn't expired yet
                if (dc.getExpiration() != null && dc.getExpiration().before(new Date())) {
                        model.addAttribute("error", "expiredUserCode");
                        return "requestUserCode";
                }

                // make sure the device code hasn't already been approved
                if (dc.isApproved()) {
                        model.addAttribute("error", "userCodeAlreadyApproved");
                        return "requestUserCode";
                }

                ClientDetailsEntity client = clientService.loadClientByClientId(dc.getClientId());

                model.put("client", client);
                model.put("dc", dc);

                // pre-process the scopes
                Set<SystemScope> scopes = scopeService.fromStrings(dc.getScope());

                Set<SystemScope> sortedScopes = new LinkedHashSet<>(scopes.size());
                Set<SystemScope> systemScopes = scopeService.getAll();

                // sort scopes for display based on the inherent order of system scopes
                for (SystemScope s : systemScopes) {
                        if (scopes.contains(s)) {
                                sortedScopes.add(s);
                        }
                }

                // add in any scopes that aren't system scopes to the end of the list
                sortedScopes.addAll(Sets.difference(scopes, systemScopes));

                model.put("scopes", sortedScopes);

                AuthorizationRequest authorizationRequest = oAuth2RequestFactory.createAuthorizationRequest(dc.getRequestParameters());

                session.setAttribute("authorizationRequest", authorizationRequest);
                session.setAttribute("deviceCode", dc);

                return "approveDevice";
        }

requestDeviceCode()

String org.mitre.oauth2.web.DeviceEndpoint.requestDeviceCode ( @RequestParam("client_id") String  clientId, @RequestParam(name="scope", required=false) String  scope, Map< String, String >  parameters, ModelMap  model  )

inline

                                                                                                                                                                                              {

                ClientDetailsEntity client;
                try {
                        client = clientService.loadClientByClientId(clientId);

                        // make sure this client can do the device flow

                        Collection<String> authorizedGrantTypes = client.getAuthorizedGrantTypes();
                        if (authorizedGrantTypes != null && !authorizedGrantTypes.isEmpty()
                                        && !authorizedGrantTypes.contains(DeviceTokenGranter.GRANT_TYPE)) {
                                throw new InvalidClientException("Unauthorized grant type: " + DeviceTokenGranter.GRANT_TYPE);
                        }

                } catch (IllegalArgumentException e) {
                        logger.error("IllegalArgumentException was thrown when attempting to load client", e);
                        model.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
                        return HttpCodeView.VIEWNAME;
                }

                if (client == null) {
                        logger.error("could not find client " + clientId);
                        model.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
                        return HttpCodeView.VIEWNAME;
                }

                // make sure the client is allowed to ask for those scopes
                Set<String> requestedScopes = OAuth2Utils.parseParameterList(scope);
                Set<String> allowedScopes = client.getScope();

                if (!scopeService.scopesMatch(allowedScopes, requestedScopes)) {
                        // client asked for scopes it can't have
                        logger.error("Client asked for " + requestedScopes + " but is allowed " + allowedScopes);
                        model.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
                        model.put(JsonErrorView.ERROR, "invalid_scope");
                        return JsonErrorView.VIEWNAME;
                }

                // if we got here the request is legit

                try {
                        DeviceCode dc = deviceCodeService.createNewDeviceCode(requestedScopes, client, parameters);
        
                        Map<String, Object> response = new HashMap<>();
                        response.put("device_code", dc.getDeviceCode());
                        response.put("user_code", dc.getUserCode());
                        response.put("verification_uri", config.getIssuer() + USER_URL);
                        if (client.getDeviceCodeValiditySeconds() != null) {
                                response.put("expires_in", client.getDeviceCodeValiditySeconds());
                        }
        
                        model.put(JsonEntityView.ENTITY, response);
        
        
                        return JsonEntityView.VIEWNAME;
                } catch (DeviceCodeCreationException dcce) {
                        
                        model.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
                        model.put(JsonErrorView.ERROR, dcce.getError());
                        model.put(JsonErrorView.ERROR_MESSAGE, dcce.getMessage());
                        
                        return JsonErrorView.VIEWNAME;
                }

        }

requestUserCode()

String org.mitre.oauth2.web.DeviceEndpoint.requestUserCode ( ModelMap  model )

inline

                                                      {

                // print out a page that asks the user to enter their user code
                // user must be logged in

                return "requestUserCode";
        }

メンバ詳解

clientService

ClientDetailsEntityService org.mitre.oauth2.web.DeviceEndpoint.clientService

private

config

ConfigurationPropertiesBean org.mitre.oauth2.web.DeviceEndpoint.config

private

deviceCodeService

DeviceCodeService org.mitre.oauth2.web.DeviceEndpoint.deviceCodeService

private

logger

final Logger org.mitre.oauth2.web.DeviceEndpoint.logger = LoggerFactory.getLogger(DeviceEndpoint.class)

static

oAuth2RequestFactory

OAuth2RequestFactory org.mitre.oauth2.web.DeviceEndpoint.oAuth2RequestFactory

private

scopeService

SystemScopeService org.mitre.oauth2.web.DeviceEndpoint.scopeService

private

URL

final String org.mitre.oauth2.web.DeviceEndpoint.URL = "devicecode"

static

USER_URL

final String org.mitre.oauth2.web.DeviceEndpoint.USER_URL = "device"

static

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/OpenId/mitreid-connect/src/openid-connect-server/src/main/java/org/mitre/oauth2/web/DeviceEndpoint.java