yujunjun/datahub
2
0
Fork 0
mirror of https://github.com/datahub-project/datahub.git synced 2025-07-05 16:22:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
datahub/datahub-frontend/app/auth/sso/oidc/OidcAuthorizationGenerator.java

64 lines
2.1 KiB
Java
Raw Permalink Blame History

package auth.sso.oidc;
import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.JWTParser;
import java.util.Map.Entry;
import java.util.Optional;
import org.pac4j.core.authorization.generator.AuthorizationGenerator;
import org.pac4j.core.context.CallContext;
import org.pac4j.core.profile.AttributeLocation;
import org.pac4j.core.profile.CommonProfile;
import org.pac4j.core.profile.UserProfile;
import org.pac4j.core.profile.definition.ProfileDefinition;
import org.pac4j.oidc.profile.OidcProfile;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class OidcAuthorizationGenerator implements AuthorizationGenerator {
private static final Logger logger = LoggerFactory.getLogger(OidcAuthorizationGenerator.class);
private final ProfileDefinition profileDef;
private final OidcConfigs oidcConfigs;
public OidcAuthorizationGenerator(
final ProfileDefinition profileDef, final OidcConfigs oidcConfigs) {
this.profileDef = profileDef;
this.oidcConfigs = oidcConfigs;
}
@Override
public Optional<UserProfile> generate(final CallContext context, final UserProfile profile) {
if (!(profile instanceof OidcProfile oidcProfile)) {
return Optional.of(profile);
}
if (oidcConfigs.getExtractJwtAccessTokenClaims().orElse(false)) {
try {
final JWT jwt = JWTParser.parse(oidcProfile.getAccessToken().getValue());
CommonProfile commonProfile = new CommonProfile();
// Copy existing attributes
profile.getAttributes().forEach(commonProfile::addAttribute);
// Add JWT claims
for (final Entry<String, Object> entry : jwt.getJWTClaimsSet().getClaims().entrySet()) {
final String claimName = entry.getKey();
if (profile.getAttribute(claimName) == null) {
profileDef.convertAndAdd(
commonProfile, AttributeLocation.PROFILE_ATTRIBUTE, claimName, entry.getValue());
}
}
return Optional.of(commonProfile);
} catch (Exception e) {
logger.warn("Cannot parse access token claims", e);
}
}
return Optional.of(profile);
}
}
Reference in New Issue View Git Blame Copy Permalink