public SecurityToken mapSignInResponse()

in services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpFacebookProtocolHandler.java [86:153]

• 52 lines of code
• 14 McCabe index (conditional complexity)

    public SecurityToken mapSignInResponse(RequestContext context, Idp idp, TrustedIdp trustedIdp) {

        String code = (String) WebUtils.getAttributeFromFlowScope(context,
                                                                  OAuthConstants.CODE_RESPONSE_TYPE);
        if (code != null && !code.isEmpty()) {

            String tokenEndpoint = getProperty(trustedIdp, TOKEN_ENDPOINT);
            if (tokenEndpoint == null || tokenEndpoint.isEmpty()) {
                tokenEndpoint = "https://graph.facebook.com/v2.6/oauth/access_token";
            }

            String apiEndpoint = getProperty(trustedIdp, API_ENDPOINT);
            if (apiEndpoint == null || apiEndpoint.isEmpty()) {
                apiEndpoint = "https://graph.facebook.com/v2.6";
            }

            String clientId = getProperty(trustedIdp, CLIENT_ID);
            String clientSecret = getProperty(trustedIdp, CLIENT_SECRET);
            if (clientSecret == null || clientSecret.isEmpty()) {
                LOG.warn("A CLIENT_SECRET must be configured to use the TrustedIdpFacebookProtocolHandler");
                throw new IllegalStateException("No CLIENT_SECRET specified");
            }

            // Here we need to get the AccessToken using the authorization code
            ClientAccessToken accessToken = getAccessTokenUsingCode(tokenEndpoint, code, clientId,
                                                                    clientSecret, idp.getIdpUrl().toString());
            if (accessToken == null || accessToken.getTokenKey() == null) {
                LOG.warn("No Access Token received from the Facebook IdP");
                return null;
            }

            // Now we need to invoke on the API endpoint using the access token to get the
            // user's claims
            String subjectName = getSubjectName(apiEndpoint, accessToken.getTokenKey(), trustedIdp);
            try {
                String whr = (String) WebUtils.getAttributeFromFlowScope(context, IdpConstants.HOME_REALM);
                if (whr == null) {
                    LOG.warn("Home realm is null");
                    throw new IllegalStateException("Home realm is null");
                }

                // Convert into a SAML Token
                Instant expires = Instant.now().plusSeconds(accessToken.getExpiresIn());
                SecurityToken idpToken = new SecurityToken(IDGenerator.generateID(null), null, expires);
                SamlAssertionWrapper assertion =
                    createSamlAssertion(idp, trustedIdp, null, subjectName, null, expires);
                Document doc = DOMUtils.createDocument();
                Element token = assertion.toDOM(doc);

                // Create new Security token with new id.
                // Parameters for freshness computation are copied from original IDP_TOKEN
                idpToken.setToken(token);

                LOG.info("[IDP_TOKEN={}] for user '{}' issued by home realm [{}]",
                         assertion.getId(), assertion.getSaml2().getSubject().getNameID().getValue(),
                         whr);
                LOG.debug("Expired date={}", expires);

                return idpToken;
            } catch (IllegalStateException ex) {
                throw ex;
            } catch (Exception ex) {
                LOG.warn("Unexpected exception occured", ex);
                throw new IllegalStateException("Unexpected exception occured: " + ex.getMessage());
            }
        }
        return null;
    }