datahub/datahub-frontend/app/auth/sso/oidc/OidcAuthorizationGenerator.java

package auth.sso.oidc;

import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.JWTParser;
import java.util.Map.Entry;
import java.util.Optional;
import org.pac4j.core.authorization.generator.AuthorizationGenerator;
import org.pac4j.core.context.CallContext;
import org.pac4j.core.profile.AttributeLocation;
import org.pac4j.core.profile.CommonProfile;
import org.pac4j.core.profile.UserProfile;
import org.pac4j.core.profile.definition.ProfileDefinition;
import org.pac4j.oidc.profile.OidcProfile;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

public class OidcAuthorizationGenerator implements AuthorizationGenerator {

  private static final Logger logger = LoggerFactory.getLogger(OidcAuthorizationGenerator.class);

  private final ProfileDefinition profileDef;
  private final OidcConfigs oidcConfigs;

  public OidcAuthorizationGenerator(
      final ProfileDefinition profileDef, final OidcConfigs oidcConfigs) {
    this.profileDef = profileDef;
    this.oidcConfigs = oidcConfigs;
  }

  @Override
  public Optional<UserProfile> generate(final CallContext context, final UserProfile profile) {
    if (!(profile instanceof OidcProfile oidcProfile)) {
      return Optional.of(profile);
    }

    if (oidcConfigs.getExtractJwtAccessTokenClaims().orElse(false)) {
      try {
        final JWT jwt = JWTParser.parse(oidcProfile.getAccessToken().getValue());

        CommonProfile commonProfile = new CommonProfile();

        // Copy existing attributes
        profile.getAttributes().forEach(commonProfile::addAttribute);

        // Add JWT claims
        for (final Entry<String, Object> entry : jwt.getJWTClaimsSet().getClaims().entrySet()) {
          final String claimName = entry.getKey();

          if (profile.getAttribute(claimName) == null) {
            profileDef.convertAndAdd(
                commonProfile, AttributeLocation.PROFILE_ATTRIBUTE, claimName, entry.getValue());
          }
        }

        return Optional.of(commonProfile);
      } catch (Exception e) {
        logger.warn("Cannot parse access token claims", e);
      }
    }

    return Optional.of(profile);
  }
}
feat(frontend): Parse JWT access token claims (#5138) 2022-06-13 10:12:06 -04:00			`package auth.sso.oidc;`

feat(lint): add spotless for java lint (#9373) 2023-12-06 11:02:42 +05:30			`import com.nimbusds.jwt.JWT;`
			`import com.nimbusds.jwt.JWTParser;`
feat(frontend): Parse JWT access token claims (#5138) 2022-06-13 10:12:06 -04:00			`import java.util.Map.Entry;`
fix(security): play framework upgrade (#6626) * fix(security): play framework upgrade 2022-12-08 20:27:51 -06:00			`import java.util.Optional;`
feat(frontend): Parse JWT access token claims (#5138) 2022-06-13 10:12:06 -04:00			`import org.pac4j.core.authorization.generator.AuthorizationGenerator;`
refactor(datahub-frontend): upgrade frontend pac4j (#11709) 2024-10-28 09:05:16 -05:00			`import org.pac4j.core.context.CallContext;`
feat(frontend): Parse JWT access token claims (#5138) 2022-06-13 10:12:06 -04:00			`import org.pac4j.core.profile.AttributeLocation;`
			`import org.pac4j.core.profile.CommonProfile;`
fix(security): play framework upgrade (#6626) * fix(security): play framework upgrade 2022-12-08 20:27:51 -06:00			`import org.pac4j.core.profile.UserProfile;`
feat(frontend): Parse JWT access token claims (#5138) 2022-06-13 10:12:06 -04:00			`import org.pac4j.core.profile.definition.ProfileDefinition;`
			`import org.pac4j.oidc.profile.OidcProfile;`
			`import org.slf4j.Logger;`
			`import org.slf4j.LoggerFactory;`

			`public class OidcAuthorizationGenerator implements AuthorizationGenerator {`

feat(lint): add spotless for java lint (#9373) 2023-12-06 11:02:42 +05:30			`private static final Logger logger = LoggerFactory.getLogger(OidcAuthorizationGenerator.class);`
feat(frontend): Parse JWT access token claims (#5138) 2022-06-13 10:12:06 -04:00
refactor(datahub-frontend): upgrade frontend pac4j (#11709) 2024-10-28 09:05:16 -05:00			`private final ProfileDefinition profileDef;`
feat(lint): add spotless for java lint (#9373) 2023-12-06 11:02:42 +05:30			`private final OidcConfigs oidcConfigs;`
feat(frontend): Parse JWT access token claims (#5138) 2022-06-13 10:12:06 -04:00
feat(lint): add spotless for java lint (#9373) 2023-12-06 11:02:42 +05:30			`public OidcAuthorizationGenerator(`
refactor(datahub-frontend): upgrade frontend pac4j (#11709) 2024-10-28 09:05:16 -05:00			`final ProfileDefinition profileDef, final OidcConfigs oidcConfigs) {`
feat(lint): add spotless for java lint (#9373) 2023-12-06 11:02:42 +05:30			`this.profileDef = profileDef;`
			`this.oidcConfigs = oidcConfigs;`
			`}`

			`@Override`
refactor(datahub-frontend): upgrade frontend pac4j (#11709) 2024-10-28 09:05:16 -05:00			`public Optional<UserProfile> generate(final CallContext context, final UserProfile profile) {`
			`if (!(profile instanceof OidcProfile oidcProfile)) {`
			`return Optional.of(profile);`
			`}`

feat(lint): add spotless for java lint (#9373) 2023-12-06 11:02:42 +05:30			`if (oidcConfigs.getExtractJwtAccessTokenClaims().orElse(false)) {`
			`try {`
refactor(datahub-frontend): upgrade frontend pac4j (#11709) 2024-10-28 09:05:16 -05:00			`final JWT jwt = JWTParser.parse(oidcProfile.getAccessToken().getValue());`
feat(lint): add spotless for java lint (#9373) 2023-12-06 11:02:42 +05:30
			`CommonProfile commonProfile = new CommonProfile();`

refactor(datahub-frontend): upgrade frontend pac4j (#11709) 2024-10-28 09:05:16 -05:00			`// Copy existing attributes`
			`profile.getAttributes().forEach(commonProfile::addAttribute);`

			`// Add JWT claims`
feat(lint): add spotless for java lint (#9373) 2023-12-06 11:02:42 +05:30			`for (final Entry<String, Object> entry : jwt.getJWTClaimsSet().getClaims().entrySet()) {`
			`final String claimName = entry.getKey();`

			`if (profile.getAttribute(claimName) == null) {`
			`profileDef.convertAndAdd(`
			`commonProfile, AttributeLocation.PROFILE_ATTRIBUTE, claimName, entry.getValue());`
			`}`
feat(frontend): Parse JWT access token claims (#5138) 2022-06-13 10:12:06 -04:00			`}`
feat(lint): add spotless for java lint (#9373) 2023-12-06 11:02:42 +05:30
			`return Optional.of(commonProfile);`
			`} catch (Exception e) {`
			`logger.warn("Cannot parse access token claims", e);`
			`}`
feat(frontend): Parse JWT access token claims (#5138) 2022-06-13 10:12:06 -04:00			`}`
feat(lint): add spotless for java lint (#9373) 2023-12-06 11:02:42 +05:30
refactor(datahub-frontend): upgrade frontend pac4j (#11709) 2024-10-28 09:05:16 -05:00			`return Optional.of(profile);`
feat(lint): add spotless for java lint (#9373) 2023-12-06 11:02:42 +05:30			`}`
feat(frontend): Parse JWT access token claims (#5138) 2022-06-13 10:12:06 -04:00			`}`