Last active
June 19, 2017 21:34
-
-
Save nealeu/74c2843888cc2910115d14a6e090da12 to your computer and use it in GitHub Desktop.
JWK for Auth0 (and prob enough for Okta too)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
public class ConfigurableAccessTokenConverter extends DefaultAccessTokenConverter { | |
public ConfigurableAccessTokenConverter(String usernameAttributeKey) { | |
super(); | |
setUserTokenConverter(new DefaultUserAuthenticationConverter() { | |
@Override | |
public Authentication extractAuthentication(Map<String, ?> map) { | |
if (map.containsKey(usernameAttributeKey)) { | |
Object principal = map.get(usernameAttributeKey); | |
Collection<? extends GrantedAuthority> authorities = getAuthorities(map); | |
// if (userDetailsService != null) { | |
// UserDetails user = userDetailsService.loadUserByUsername((String) map.get(usernameAttributeKey)); | |
// authorities = user.getAuthorities(); | |
// principal = user; | |
// } | |
return new UsernamePasswordAuthenticationToken(principal, "N/A", authorities); | |
} | |
return null; | |
} | |
private Collection<? extends GrantedAuthority> getAuthorities(Map<String, ?> map) { | |
Object authorities = map.get(AUTHORITIES); | |
if (authorities instanceof String) { | |
return AuthorityUtils.commaSeparatedStringToAuthorityList((String) authorities); | |
} | |
if (authorities instanceof Collection) { | |
return AuthorityUtils.commaSeparatedStringToAuthorityList(StringUtils | |
.collectionToCommaDelimitedString((Collection<?>) authorities)); | |
} | |
throw new IllegalArgumentException("Authorities must be either a String or a Collection"); | |
} | |
}); | |
} | |
@Override | |
public OAuth2Authentication extractAuthentication(Map<String, ?> map) { | |
return super.extractAuthentication(map); | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
public class ConfigurableJwkTokenServices extends DefaultTokenServices { | |
private final TokenStore tokenStore; | |
private final Auth0AccessTokenConverter tokenConverter; | |
public ConfigurableJwkTokenServices(TokenStore tokenStore, String usernameAttributeKey) { | |
super.setTokenStore(tokenStore); | |
this.tokenStore = tokenStore; // need to keep a reference | |
tokenConverter = new Auth0AccessTokenConverter(usernameAttributeKey); | |
} | |
@Override | |
public OAuth2Authentication loadAuthentication(String accessTokenValue) throws AuthenticationException, InvalidTokenException { | |
OAuth2AccessToken accessToken = tokenStore.readAccessToken(accessTokenValue); | |
if (accessToken == null) { | |
throw new InvalidTokenException("Invalid access token: " + accessTokenValue); | |
} | |
else if (accessToken.isExpired()) { | |
tokenStore.removeAccessToken(accessToken); | |
throw new InvalidTokenException("Access token expired: " + accessTokenValue); | |
} | |
// OAuth2Authentication result = tokenStore.readAuthentication(accessToken); | |
OAuth2Authentication result = readAuthentication(accessToken); | |
if (result == null) { | |
// in case of race condition | |
throw new InvalidTokenException("Invalid access token: " + accessTokenValue); | |
} | |
return result; | |
} | |
public OAuth2Authentication readAuthentication(OAuth2AccessToken token) { | |
return tokenConverter.extractAuthentication(token.getAdditionalInformation()); | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@Configuration | |
protected static class JwkTokenStoreConfiguration { | |
private final ResourceServerProperties resource; | |
public JwkTokenStoreConfiguration(ResourceServerProperties resource) { | |
this.resource = resource; | |
} | |
@Primary | |
@Bean | |
public DefaultTokenServices jwkTokenServices(TokenStore jwkTokenStore) { | |
return new ConfigurableJwkTokenServices(jwkTokenStore, "nickname"); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment