diff --git a/server/plugins/pfed-sso/src/main/java/com/walmartlabs/concord/server/plugins/pfedsso/SsoClient.java b/server/plugins/pfed-sso/src/main/java/com/walmartlabs/concord/server/plugins/pfedsso/SsoClient.java index 5e4f83dc82..ed53348bc8 100644 --- a/server/plugins/pfed-sso/src/main/java/com/walmartlabs/concord/server/plugins/pfedsso/SsoClient.java +++ b/server/plugins/pfed-sso/src/main/java/com/walmartlabs/concord/server/plugins/pfedsso/SsoClient.java @@ -126,9 +126,9 @@ public String getTokenSigningKey() throws IOException { } } - public Profile getUserProfile(String refreshToken) throws IOException { + public Profile getUserProfileFromRefreshToken(String refreshToken) throws IOException { Token token = getTokenByRefreshToken(refreshToken); - return getProfile(token); + return getProfile(token.accessToken()); } private Token getToken(String urlParameters) throws IOException { @@ -178,7 +178,7 @@ private void postRequest(HttpURLConnection con, String urlParameters) throws IOE } } - private Profile getProfile(Token token) throws IOException { + public Profile getProfile(String accessToken) throws IOException { if (cfg.getUserInfoEndpointUrl() == null) { return null; } @@ -186,7 +186,7 @@ private Profile getProfile(Token token) throws IOException { try { URL url = new URL(cfg.getUserInfoEndpointUrl()); con = (HttpURLConnection) url.openConnection(); - String authzHeaderValue = String.format("Bearer %s", token.accessToken()); + String authzHeaderValue = String.format("Bearer %s", accessToken); con.setRequestProperty(HttpHeaders.AUTHORIZATION, authzHeaderValue); con.setRequestProperty(HttpHeaders.CONTENT_TYPE, CONTENT_TYPE_HEADER); con.setRequestMethod("GET"); diff --git a/server/plugins/pfed-sso/src/main/java/com/walmartlabs/concord/server/plugins/pfedsso/SsoHandler.java b/server/plugins/pfed-sso/src/main/java/com/walmartlabs/concord/server/plugins/pfedsso/SsoHandler.java index f7aaa47d2a..8c1df8c17c 100644 --- a/server/plugins/pfed-sso/src/main/java/com/walmartlabs/concord/server/plugins/pfedsso/SsoHandler.java +++ b/server/plugins/pfed-sso/src/main/java/com/walmartlabs/concord/server/plugins/pfedsso/SsoHandler.java @@ -56,29 +56,34 @@ public AuthenticationToken createToken(ServletRequest request, ServletResponse r HttpServletRequest req = WebUtils.toHttp(request); - String token = SsoCookies.getTokenCookie(req); - if (token == null) { + String bearerToken = extractTokenFromRequest(req); + String incomingToken = bearerToken != null ? bearerToken : SsoCookies.getTokenCookie(req); + + if (incomingToken == null) { return null; } - String login = jwtAuthenticator.validateTokenAndGetLogin(token); + //TODO: If token comes in from bearer token, then this should be an access_token. + // Use this directly to get the user profile i.e. ssoClient.getProfile(accessToken); + + String login = jwtAuthenticator.validateTokenAndGetLogin(incomingToken); if (login == null) { return null; } - String[] as = parseDomain(login); + String[] as = parseDomain(login); //TODO: Can we not get this info from userInfo endpoint? i.e. SsoClient.Profile - String refreshToken = SsoCookies.getRefreshCookie(req); - // get userprofile send the response as null if refreshToken is expired or used SsoClient.Profile profile; try { - profile = ssoClient.getUserProfile(refreshToken); + profile = bearerToken != null ? ssoClient.getProfile(bearerToken) : ssoClient.getUserProfileFromRefreshToken(incomingToken); + } catch (IOException e) { return null; } if (profile == null) { return null; } + //TODO: User name and domain should be returned by the userInfo endpoint(profile) "sub". Do we really need these two? as[0], as[1] return new SsoToken(as[0], as[1], profile.displayName(), profile.mail(), profile.userPrincipalName(), profile.nameInNamespace(), profile.groups()); } @@ -112,4 +117,20 @@ private String[] parseDomain(String s) { String domain = s.substring(pos + 1); return new String[]{username, domain}; } + + private String extractTokenFromRequest(HttpServletRequest request) { + final String value = request.getHeader("Authorization"); + + if (value == null || !value.toLowerCase().startsWith("bearer")) { + return null; + } + + String[] parts = value.split(" "); + + if (parts.length < 2) { + return null; + } + + return parts[1].trim(); + } }