This documentation is for WSO2 Identity Server 5.6.0. View documentation for the latest release.
Page Comparison - Writing a Custom Federated Authenticator (v.1 vs v.2) - WSO2 Identity Server 5.6.0 - WSO2 Documentation

All docs This doc

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Implement the canHandle() method using the above methods. When Twitter sends the OAuth response, it sends the parameters oauth_token and oauth_verifier in the request. This is a notification to identify that this response can be handled by the authenticator.

    Expand
    titleClick here to expand and view a sample canHandle() method
    Code Block
    languagejava
    public boolean canHandle(HttpServletRequest request) {
            if (request.getParameter("oauth_token")!=null && request.getParameter("oauth_verifier")!=null) {
                return true;
            }
            return false;
    }
  2. For each authentication request that comes into the Identity Server, there is unique value that comes along as a parameter. That parameter is the sessionDataKey. Store this in the Twitter authentication redirection session to facilitate the requirement where getContextIdentifier gives the same value for authentication request and its response.

    Note

    Note: The 'sessionDataKey' query parameter is used to coordinate the request state across components participating in the request flow. It does not correlate with the user session. Furthermore, the request state maintained against the 'sessionDataKey' parameter value is cleared by each participating component at the end of request flow. This means that even if an external party grabs the 'sessionDataKey' they will not be able to get into the authentication sequence, as the user session is not associated with that key.


    Expand
    titleClick here to expand and view getContextIdentifier()
    Code Block
    languagejava
    public String getContextIdentifier(HttpServletRequest request) {
            if(request.getSession().getAttribute("contextIdentifier")==null){ 
                request.getSession().setAttribute("contextIdentifier",request.getParameter("sessionDataKey"));
                return request.getParameter("sessionDataKey");
            }else{
                return (String) request.getSession().getAttribute("contextIdentifier");
            }
    }
  3. Next, implement the initiateAuthenticationRequest method and the processAuthenticationResponse method as follows.

    Expand
    titleClick here to expand and view the initiateAuthenticationRequest method and processAuthenticationResponse method
    Code Block
    languagejava
    protected void initiateAuthenticationRequest(HttpServletRequest request, HttpServletResponse response, AuthenticationContext context) throws AuthenticationFailedException {       
     
            String apiKey= resourceBundle.getString("API_Key");
            String apiSecret= resourceBundle.getString("API_Secret");
     
            Twitter twitter = new TwitterFactory().getInstance();
            twitter.setOAuthConsumer(apiKey, apiSecret);
            
            try {
                String callbackURL = resourceBundle.getString("Call_Back_URL");
                RequestToken requestToken = twitter.getOAuthRequestToken(callbackURL.toString());
                request.getSession().setAttribute("requestToken",requestToken);
                request.getSession().setAttribute("twitter",twitter);
                response.sendRedirect(requestToken.getAuthenticationURL());
     
            } catch (TwitterException e) {
                LOGGER.error("Exception while sending to the Twitter login page.", e);
                throw new AuthenticationFailedException(e.getMessage(), e);
            } catch (IOException e) {
                LOGGER.error("Exception while sending to the Twitter login page.", e);
                throw new AuthenticationFailedException(e.getMessage(), e);
            }
            return;
    }
     
    protected void processAuthenticationResponse(HttpServletRequest request, HttpServletResponse response, AuthenticationContext context) throws AuthenticationFailedException {
            Twitter twitter = (Twitter) request.getSession().getAttribute("twitter");
            RequestToken requestToken = (RequestToken) request.getSession().getAttribute("requestToken");
            String verifier = request.getParameter("oauth_verifier");
            try {
                AccessToken token=twitter.getOAuthAccessToken(requestToken, verifier);
                request.getSession().removeAttribute("requestToken");
                User user= twitter.verifyCredentials();
                buildClaims(user,context);
            } catch (TwitterException e) {
                LOGGER.error("Exception while obtaining OAuth token form Twitter", e);
                throw new AuthenticationFailedException("Exception while obtaining OAuth token form Twitter",e);
            }
    }
     
    public void buildClaims(User user, AuthenticationContext context) {
     
                context.setSubject(String.valueOf(user.getId()));
                Map<ClaimMapping, String> claims = new HashMap<ClaimMapping, String>();
                claims.put(ClaimMapping.build("name", "name", null,false), user.getName());
                claims.put(ClaimMapping.build("screen_name", "screen_name", null,false), user.getScreenName());
                claims.put(ClaimMapping.build("url", "url", null,false), user.getURL());
     
                context.setSubjectAttributes(claims);
    }
  4. The buildClaims method saves the retrieved user attributes to the authenticated context in the Identity Server. That is needed to map the claims to the built in claims of IS.
  5. After implementing these methods you can build your bundle. After building it you have to put that into the <IS_HOME>/repository/components/dropins directory.
  6. Restart the Identity Server to use the Twitter authenticator in IS.

...