diff --git a/qqq-backend-core/src/main/java/com/kingsrook/qqq/backend/core/modules/authentication/Auth0AuthenticationModule.java b/qqq-backend-core/src/main/java/com/kingsrook/qqq/backend/core/modules/authentication/Auth0AuthenticationModule.java index 6b53dd6b..aaa9bc36 100644 --- a/qqq-backend-core/src/main/java/com/kingsrook/qqq/backend/core/modules/authentication/Auth0AuthenticationModule.java +++ b/qqq-backend-core/src/main/java/com/kingsrook/qqq/backend/core/modules/authentication/Auth0AuthenticationModule.java @@ -22,12 +22,16 @@ package com.kingsrook.qqq.backend.core.modules.authentication; +import java.nio.charset.StandardCharsets; import java.security.interfaces.RSAPublicKey; import java.time.Duration; import java.time.Instant; import java.util.Base64; import java.util.Map; import java.util.Optional; +import com.auth0.client.auth.AuthAPI; +import com.auth0.exception.Auth0Exception; +import com.auth0.json.auth.TokenHolder; import com.auth0.jwk.Jwk; import com.auth0.jwk.JwkException; import com.auth0.jwk.JwkProvider; @@ -65,6 +69,7 @@ public class Auth0AuthenticationModule implements QAuthenticationModuleInterface public static final int ID_TOKEN_VALIDATION_INTERVAL_SECONDS = 1800; public static final String AUTH0_ID_TOKEN_KEY = "sessionId"; + public static final String BASIC_AUTH_KEY = "basicAuthString"; public static final String TOKEN_NOT_PROVIDED_ERROR = "Id Token was not provided"; public static final String COULD_NOT_DECODE_ERROR = "Unable to decode id token"; @@ -82,6 +87,43 @@ public class Auth0AuthenticationModule implements QAuthenticationModuleInterface @Override public QSession createSession(QInstance qInstance, Map context) throws QAuthenticationException { + /////////////////////////////////////////////////////////// + // check if we are processing a Basic Auth Session first // + /////////////////////////////////////////////////////////// + if(context.containsKey(BASIC_AUTH_KEY)) + { + Auth0AuthenticationMetaData metaData = (Auth0AuthenticationMetaData) qInstance.getAuthentication(); + AuthAPI auth = new AuthAPI(metaData.getBaseUrl(), metaData.getClientId(), metaData.getClientSecret()); + try + { + ///////////////////////////////////////////////// + // decode the credentials from the header auth // + ///////////////////////////////////////////////// + String base64Credentials = context.get(BASIC_AUTH_KEY).trim(); + byte[] credDecoded = Base64.getDecoder().decode(base64Credentials); + String credentials = new String(credDecoded, StandardCharsets.UTF_8); + + ///////////////////////////////////// + // call auth0 with a login request // + ///////////////////////////////////// + TokenHolder result = auth.login(credentials.split(":")[0], credentials.split(":")[1].toCharArray()) + .setScope("openid email nickname") + .execute(); + + context.put(AUTH0_ID_TOKEN_KEY, result.getIdToken()); + } + catch(Auth0Exception e) + { + //////////////// + // ¯\_(ツ)_/¯ // + //////////////// + String message = "An unknown error occurred during handling basic auth"; + LOG.error(message, e); + throw (new QAuthenticationException(message)); + } + + } + ////////////////////////////////////////////////// // get the jwt id token from the context object // ////////////////////////////////////////////////// diff --git a/qqq-backend-core/src/main/java/com/kingsrook/qqq/backend/core/modules/authentication/metadata/Auth0AuthenticationMetaData.java b/qqq-backend-core/src/main/java/com/kingsrook/qqq/backend/core/modules/authentication/metadata/Auth0AuthenticationMetaData.java index 2b01799d..e99d4004 100644 --- a/qqq-backend-core/src/main/java/com/kingsrook/qqq/backend/core/modules/authentication/metadata/Auth0AuthenticationMetaData.java +++ b/qqq-backend-core/src/main/java/com/kingsrook/qqq/backend/core/modules/authentication/metadata/Auth0AuthenticationMetaData.java @@ -31,6 +31,8 @@ import com.kingsrook.qqq.backend.core.model.metadata.QAuthenticationType; public class Auth0AuthenticationMetaData extends QAuthenticationMetaData { private String baseUrl; + private String clientId; + private String clientSecret; @@ -76,4 +78,69 @@ public class Auth0AuthenticationMetaData extends QAuthenticationMetaData this.baseUrl = baseUrl; } + + + /******************************************************************************* + ** Fluent setter, override to help fluent flows + *******************************************************************************/ + public Auth0AuthenticationMetaData withClientId(String clientId) + { + setClientId(clientId); + return this; + } + + + + /******************************************************************************* + ** Getter for clientId + ** + *******************************************************************************/ + public String getClientId() + { + return clientId; + } + + + + /******************************************************************************* + ** Setter for clientId + ** + *******************************************************************************/ + public void setClientId(String clientId) + { + this.clientId = clientId; + } + + + + /******************************************************************************* + ** Fluent setter, override to help fluent flows + *******************************************************************************/ + public Auth0AuthenticationMetaData withClientSecret(String clientSecret) + { + setClientSecret(clientSecret); + return this; + } + + + + /******************************************************************************* + ** Getter for clientSecret + ** + *******************************************************************************/ + public String getClientSecret() + { + return clientSecret; + } + + + + /******************************************************************************* + ** Setter for clientSecret + ** + *******************************************************************************/ + public void setClientSecret(String clientSecret) + { + this.clientSecret = clientSecret; + } }