Created
July 11, 2019 02:22
-
-
Save salrashid123/2cd2fb924fa9e4435273abae86b35597 to your computer and use it in GitHub Desktop.
Impersonated credentials verify token sample
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@Override | |
public String getIdToken(String targetAudience, boolean includeEmail) { | |
String token; | |
try { | |
token = getOIDCToken(targetAudience, includeEmail); | |
} catch (IOException ex) { | |
throw new IdTokenProviderException("Failed to get IdToken ", ex); | |
} | |
return token; | |
} | |
private String getOIDCToken(String targetAudience, boolean includeEmail) throws IOException{ | |
String signBlobUrl = String.format(IAM_ID_TOKEN_ENDPOINT, getAccount()); | |
GenericUrl genericUrl = new GenericUrl(signBlobUrl); | |
GenericData signRequest = new GenericData(); | |
signRequest.set("delegates", this.delegates); | |
signRequest.set("audience", targetAudience); | |
signRequest.set("includeEmail", includeEmail); | |
JsonHttpContent signContent = new JsonHttpContent(OAuth2Utils.JSON_FACTORY, signRequest); | |
HttpTransport httpTransport = this.transportFactory.create(); | |
HttpCredentialsAdapter adapter = new HttpCredentialsAdapter(sourceCredentials); | |
HttpRequestFactory requestFactory = httpTransport.createRequestFactory(); | |
HttpRequest request = requestFactory.buildPostRequest(genericUrl, signContent); | |
Map<String, List<String>> headers = getRequestMetadata(); | |
HttpHeaders requestHeaders = request.getHeaders(); | |
for (Map.Entry<String, List<String>> entry : headers.entrySet()) { | |
requestHeaders.put(entry.getKey(), entry.getValue()); | |
} | |
JsonObjectParser parser = new JsonObjectParser(OAuth2Utils.JSON_FACTORY); | |
adapter.initialize(request); | |
request.setParser(parser); | |
request.setThrowExceptionOnExecuteError(false); | |
HttpResponse response = request.execute(); | |
int statusCode = response.getStatusCode(); | |
if (statusCode >= 400 && statusCode < HttpStatusCodes.STATUS_CODE_SERVER_ERROR) { | |
GenericData responseError = response.parseAs(GenericData.class); | |
Map<String, Object> error = OAuth2Utils.validateMap(responseError, "error", PARSE_ERROR_MESSAGE); | |
String errorMessage = OAuth2Utils.validateString(error, "message", PARSE_ERROR_MESSAGE); | |
throw new IOException(String.format("Error code %s trying to getIDToken: %s", | |
statusCode, errorMessage)); | |
} | |
if (statusCode != HttpStatusCodes.STATUS_CODE_OK) { | |
throw new IOException(String.format("Unexpected Error code %s trying to getIDToken: %s", statusCode, | |
response.parseAsString())); | |
} | |
InputStream content = response.getContent(); | |
if (content == null) { | |
// Throw explicitly here on empty content to avoid NullPointerException from parseAs call. | |
// Mock transports will have success code with empty content by default. | |
throw new IOException("Empty content from idToken request."); | |
} | |
GenericData responseData = response.parseAs(GenericData.class); | |
return OAuth2Utils.validateString(responseData, "token", PARSE_ERROR_SIGNATURE); | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment