fixes #763 add client authenticated user request in the OauthHelper f…

…or light-spa-4j (#764)

client/src/main/java/com/networknt/client/ClientConfig.java

@@ -21,6 +21,7 @@ public final class ClientConfig {
     public static final String SAML_BEARER = "saml_bearer";
     public static final String CLIENT_CREDENTIALS = "client_credentials";
     public static final String AUTHORIZATION_CODE = "authorization_code";
+    public static final String CLIENT_AUTHENTICATED_USER = "client_authenticated_user";
     public static final String CACHE = "cache";
     public static final String CAPACITY = "capacity";
     public static final String OAUTH = "oauth";

client/src/main/java/com/networknt/client/oauth/ClientAuthenticatedUserRequest.java

@@ -0,0 +1,81 @@
+package com.networknt.client.oauth;
+
+import com.networknt.client.ClientConfig;
+import com.networknt.client.Http2Client;
+import com.networknt.common.SecretConstants;
+import com.networknt.config.Config;
+
+import java.util.List;
+import java.util.Map;
+
+public class ClientAuthenticatedUserRequest extends TokenRequest {
+    private String userType;
+    private String userId;
+    private String roles;
+    private String redirectUri;
+
+    /**
+     * load default values from client.yml for client authenticated user grant, overwrite by setters
+     * in case you want to change it at runtime.
+     */
+    public ClientAuthenticatedUserRequest(String userType, String userId, String roles) {
+        setGrantType(ClientConfig.CLIENT_AUTHENTICATED_USER);
+        setUserType(userType);
+        setUserId(userId);
+        setRoles(roles);
+        Map<String, Object> tokenConfig = ClientConfig.get().getTokenConfig();
+        if(tokenConfig != null) {
+            setServerUrl((String)tokenConfig.get(ClientConfig.SERVER_URL));
+            setServiceId((String)tokenConfig.get(ClientConfig.SERVICE_ID));
+            Object object = tokenConfig.get(ClientConfig.ENABLE_HTTP2);
+            setEnableHttp2(object != null && (Boolean) object);
+            Map<String, Object> acConfig = (Map<String, Object>) tokenConfig.get(ClientConfig.AUTHORIZATION_CODE);
+            if(acConfig != null) {
+                setClientId((String)acConfig.get(ClientConfig.CLIENT_ID));
+                // load client secret from client.yml and fallback to secret.yml
+                if(acConfig.get(ClientConfig.CLIENT_SECRET) != null) {
+                    setClientSecret((String)acConfig.get(ClientConfig.CLIENT_SECRET));
+                } else {
+                    Map<String, Object> secret = Config.getInstance().getJsonMapConfig(Http2Client.CONFIG_SECRET);
+                    setClientSecret((String)secret.get(SecretConstants.AUTHORIZATION_CODE_CLIENT_SECRET));
+                }
+                setUri((String)acConfig.get(ClientConfig.URI));
+                setScope((List<String>)acConfig.get(ClientConfig.SCOPE));
+                setRedirectUri((String)acConfig.get(ClientConfig.REDIRECT_URI));
+            }
+        }
+    }
+
+    public String getUserType() {
+        return userType;
+    }
+
+    public void setUserType(String userType) {
+        this.userType = userType;
+    }
+
+    public String getUserId() {
+        return userId;
+    }
+
+    public void setUserId(String userId) {
+        this.userId = userId;
+    }
+
+    public String getRoles() {
+        return roles;
+    }
+
+    public void setRoles(String roles) {
+        this.roles = roles;
+    }
+
+    public String getRedirectUri() {
+        return redirectUri;
+    }
+
+    public void setRedirectUri(String redirectUri) {
+        this.redirectUri = redirectUri;
+    }
+
+}

client/src/main/java/com/networknt/client/oauth/ClientRequestComposerProvider.java

@@ -11,8 +11,7 @@
 import java.util.HashMap;
 import java.util.Map;
 
-import static com.networknt.client.oauth.ClientRequestComposerProvider.ClientRequestComposers.CLIENT_CREDENTIAL_REQUEST_COMPOSER;
-import static com.networknt.client.oauth.ClientRequestComposerProvider.ClientRequestComposers.SAML_BEARER_REQUEST_COMPOSER;
+import static com.networknt.client.oauth.ClientRequestComposerProvider.ClientRequestComposers.*;
 
 /**
  * This class is a singleton to provide registered IClientRequestComposable composers.
@@ -22,7 +21,7 @@
  * To see composer please check {@link com.networknt.client.oauth.IClientRequestComposable}
  */
 public class ClientRequestComposerProvider {
-    public enum ClientRequestComposers { CLIENT_CREDENTIAL_REQUEST_COMPOSER, SAML_BEARER_REQUEST_COMPOSER }
+    public enum ClientRequestComposers { CLIENT_CREDENTIAL_REQUEST_COMPOSER, SAML_BEARER_REQUEST_COMPOSER, CLIENT_AUTHENTICATED_USER_REQUEST_COMPOSER }
     private static final ClientRequestComposerProvider INSTANCE = new ClientRequestComposerProvider();
     private Map<ClientRequestComposers, IClientRequestComposable> composersMap = new HashMap<>();
     private static final Logger logger = LoggerFactory.getLogger(ClientRequestComposerProvider.class);
@@ -54,6 +53,9 @@ private void initDefaultComposer(ClientRequestComposers composerName) {
             case SAML_BEARER_REQUEST_COMPOSER:
                 composersMap.put(SAML_BEARER_REQUEST_COMPOSER, new DefaultSAMLBearerRequestComposer());
                 break;
+            case CLIENT_AUTHENTICATED_USER_REQUEST_COMPOSER:
+                composersMap.put(CLIENT_AUTHENTICATED_USER_REQUEST_COMPOSER, new DefaultClientAuthenticatedUserRequestComposer());
+                break;
             default:
                 break;
         }
@@ -125,4 +127,31 @@ public String composeRequestBody(TokenRequest tokenRequest) {
             return "";
         }
     }
+
+    /**
+     * the default composer to compose a ClientRequest with the given TokenRequest to get ClientAuthenticatedUser token.
+     */
+    private static class DefaultClientAuthenticatedUserRequestComposer implements IClientRequestComposable {
+
+        @Override
+        public ClientRequest composeClientRequest(TokenRequest tokenRequest) {
+            final ClientRequest request = new ClientRequest().setMethod(Methods.POST).setPath(tokenRequest.getUri());
+            request.getRequestHeaders().put(Headers.HOST, "localhost");
+            request.getRequestHeaders().put(Headers.TRANSFER_ENCODING, "chunked");
+            request.getRequestHeaders().put(Headers.CONTENT_TYPE, "application/x-www-form-urlencoded");
+            request.getRequestHeaders().put(Headers.AUTHORIZATION, OauthHelper.getBasicAuthHeader(tokenRequest.getClientId(), tokenRequest.getClientSecret()));
+            return request;
+        }
+
+        @Override
+        public String composeRequestBody(TokenRequest tokenRequest) {
+            try {
+                return OauthHelper.getEncodedString(tokenRequest);
+            } catch (UnsupportedEncodingException e) {
+                logger.error("get encoded string from tokenRequest fails: \n {}", e.toString());
+            }
+            return "";
+        }
+    }
+
 }

client/src/main/java/com/networknt/client/oauth/OauthHelper.java

@@ -59,6 +59,9 @@ public class OauthHelper {
     private static final String BASIC = "Basic";
     private static final String GRANT_TYPE = "grant_type";
     private static final String CODE = "code";
+    private static final String USER_ID = "userId";
+    private static final String USER_TYPE = "userType";
+    private static final String ROLES = "roles";
 
     /**
      * @deprecated will be moved to {@link ClientConfig#SCOPE}
@@ -513,7 +516,7 @@ public static String encodeCredentials(String clientId, String clientSecret) {
     public static String getEncodedString(TokenRequest request) throws UnsupportedEncodingException {
         Map<String, String> params = new HashMap<>();
         params.put(GRANT_TYPE, request.getGrantType());
-        if(TokenRequest.AUTHORIZATION_CODE.equals(request.getGrantType())) {
+        if(ClientConfig.AUTHORIZATION_CODE.equals(request.getGrantType())) {
             params.put(CODE, ((AuthorizationCodeRequest)request).getAuthCode());
             // The redirectUri can be null so that OAuth 2.0 provider will use the redirectUri defined in the client registration
             if(((AuthorizationCodeRequest)request).getRedirectUri() != null) {
@@ -524,7 +527,20 @@ public static String getEncodedString(TokenRequest request) throws UnsupportedEn
                 params.put(CSRF, csrf);
             }
         }
-        if(TokenRequest.REFRESH_TOKEN.equals(request.getGrantType())) {
+        if(ClientConfig.CLIENT_AUTHENTICATED_USER.equals(request.getGrantType())) {
+            params.put(USER_TYPE, ((ClientAuthenticatedUserRequest)request).getUserType());
+            params.put(USER_ID, ((ClientAuthenticatedUserRequest)request).getUserId());
+            params.put(ROLES, ((ClientAuthenticatedUserRequest)request).getRoles());
+            // The redirectUri can be null so that OAuth 2.0 provider will use the redirectUri defined in the client registration
+            if(((ClientAuthenticatedUserRequest)request).getRedirectUri() != null) {
+                params.put(REDIRECT_URI, ((ClientAuthenticatedUserRequest)request).getRedirectUri());
+            }
+            String csrf = request.getCsrf();
+            if(csrf != null) {
+                params.put(CSRF, csrf);
+            }
+        }
+        if(ClientConfig.REFRESH_TOKEN.equals(request.getGrantType())) {
             params.put(REFRESH_TOKEN, ((RefreshTokenRequest)request).getRefreshToken());
             String csrf = request.getCsrf();
             if(csrf != null) {