Cloud Administration APIs - Sample Code
The following sample Java client code can be used to generate access code to access the public administration APIs. The code below uses Nimbus library to create and parse the token request response.
gradle dependency
implementation 'com.nimbusds:oauth2-oidc-sdk'
annotationProcessor 'org.projectlombok:lombok'
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.jwk.AsymmetricJWK;
import com.nimbusds.jose.jwk.Curve;
import com.nimbusds.jose.jwk.ECKey;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.KeyType;
import com.nimbusds.jose.jwk.KeyUse;
import com.nimbusds.jose.jwk.gen.ECKeyGenerator;
import com.nimbusds.jose.jwk.gen.RSAKeyGenerator;
import com.nimbusds.oauth2.sdk.ClientCredentialsGrant;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.Scope;
import com.nimbusds.oauth2.sdk.auth.ClientAuthentication;
import com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT;
import com.nimbusds.oauth2.sdk.id.ClientID;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;
import lombok.ToString;
import com.nimbusds.oauth2.sdk.TokenRequest;
import com.nimbusds.oauth2.sdk.TokenResponse;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.PrivateKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.UUID;
@Getter
@Setter
@Builder
@AllArgsConstructor
@NoArgsConstructor
@ToString
/**
* Oauth Client utility only support client credential grant and PRIVATE_KEY_JWT client auth
*/
public class OauthClient {
private ClientID clientId;
private String issuerUrL;
private JWK keyPair;
@Builder.Default
private List<String> permissions = new ArrayList<>();
private String encryptionPrivateKey;
private String encryptionPublicKey;
public static JWK generateRSAKey() throws JOSEException {
return new RSAKeyGenerator(2048)
.algorithm(JWSAlgorithm.RS256)
.keyUse(KeyUse.SIGNATURE)
.keyID(UUID.randomUUID().toString())
.generate();
}
public static ECKey generateECKey() throws JOSEException {
return new ECKeyGenerator(Curve.P_256)
.keyID(UUID.randomUUID().toString())
.generate();
}
public OauthClient(String clientId,String issuerUrl) throws JOSEException {
this.clientId = new ClientID(clientId);
this.issuerUrL = issuerUrl;
this.keyPair = generateRSAKey();
}
public OauthClient(String clientId, String issuerUrl, JWK keyPair) {
this.clientId = new ClientID(clientId);
this.keyPair = keyPair;
this.issuerUrL = issuerUrl;
}
public OauthClient(String clientId, String issuerUrl, String keyPair) throws java.text.ParseException {
this.clientId = new ClientID(clientId);
this.keyPair = JWK.parse(keyPair);
this.issuerUrL = issuerUrl;
}
public String generateAccessToken(List<String> permissions) throws URISyntaxException, JOSEException, IOException, ParseException {
URI issuerUri = new URI(issuerUrL + "/token");
ClientAuthentication clientAuthentication = null;
if (!keyPair.isPrivate() /*|| key.getAlgorithm() == null*/ || keyPair.getKeyID() == null) {
throw new JOSEException("Unsupported signing private key: kty="+keyPair.getKeyType()+" alg="+keyPair.getAlgorithm()+" kid="+keyPair.getKeyID()+" private="+keyPair.isPrivate());
}
PrivateKey privateKey = ((AsymmetricJWK) keyPair).toPrivateKey();;
JWSAlgorithm jwsAlgorithm ;
if (keyPair.getKeyType() == KeyType.RSA) {
jwsAlgorithm = JWSAlgorithm.RS256;
}
else
if (keyPair.getKeyType() == KeyType.EC) {
jwsAlgorithm = JWSAlgorithm.ES256;
}
else {
throw new JOSEException("Unsupported signing key: kty="+keyPair.getKeyType()+" alg="+keyPair.getAlgorithm()+" kid=" + keyPair.getKeyID());
}
clientAuthentication = new PrivateKeyJWT(clientId, issuerUri, jwsAlgorithm, privateKey, keyPair.getKeyID(), null);
TokenRequest tokenRequest = new TokenRequest(issuerUri, clientAuthentication, new ClientCredentialsGrant(), new Scope(permissions.toArray(new String[0]))) ;
TokenResponse tokenResponse = TokenResponse.parse(tokenRequest.toHTTPRequest().send());
if (tokenResponse.indicatesSuccess()) {
return tokenResponse.toSuccessResponse().getTokens().getAccessToken().toString();
}
else {
throw new RuntimeException("Failed to generate access token " + tokenResponse.toErrorResponse().getErrorObject().getHTTPStatusCode() + ", " + tokenResponse.toErrorResponse().getErrorObject().toString());
}
}
public static void main(String[] args) throws JOSEException, java.text.ParseException, URISyntaxException, IOException, ParseException {
OauthClient oauthClient = new OauthClient("client_id", "https://tenant.auth.securid.com/oauth", "{\n"
+" \"p\": \"_kgt3r9zVd2yD-0deehv-3vQOY5q9Xo5mol3XAhYkPFe5_m_pDzZTOWnfiEJAuoZHxQOdvRzcHN6Q7PX5ZGhQeaVuOBjtaeW4D0NEPf3R7VdbLBPBSZCTC75g4JvuTuOsxGVAu304YqjBQbwzDvdQ12IYkJW_-AQrIiTBiHoo30\",\n" +
" \"kty\": \"RSA\",\n" +
" \"q\": \"7wsAecC-69NBVfPMmeY5xBe7KcrR_oZnaNaMzhWcdq0yeWuny2u_bhhXoAijSwXnzH5TtjQGRN-6uFht42mdIFx5kdK_9-0GfY-LeSylHPF10AHVF2MB_G2K_nnnT_G_LYx4J-1WvVkNiQqXFXLvPqySeOGgFzzAt12Jw8t_7-U\",\n" +
" \"d\": \"KIwiUq7kSokRm9ypNg_X8eEdbGxqsw9CV9eVcgBzP1JEgiQFgyGhqm24G6wbVou5GX28HS2oJodiKoyrdBSjecCJt1ltro4X0SlQG5_weVBqQ008Y-9yBEjit43jYD8D91pqhBQ50sG4g5sYEOfFyTq3-Phb3uFciWFdbac0loojrDk03l2X2D2k1ld8f_jOXTCCYtdmnoEfJPKm37TRsGrFpOZMZHQ9fAZpBvzK6KoNtlUJkGNZdt_PV_tk1KgpnrxHh2Q3-16vgyQP6c3HF2KRwUNY6xs0PcRyrTieHq27H_3gaCdUjVJ0a6zry0CgSXyBtA7YImyFS3Zd4nYY5Q\",\n" +
" \"e\": \"AQAB\",\n" +
" \"use\": \"sig\",\n" +
" \"kid\": \"248a8e18-0135-49b3-abc3-416353268a23\",\n" +
" \"qi\": \"Gg-qiT3wPLADjahhHwzOmHwzfIYq2SlqjdeBfA2-gcfhzvuMMNpYiIPoV_u_yovN-qLbtucKQC_9imT7mUHc6rEUjiYOGvSngJW-r9Xo6I1Bdyy1sK3iaOk__O1HrLFwQUehxfXLLRh86kHquwKCcU2hzXrY1IltV7eA-vTB7wk\",\n" +
" \"dp\": \"abHE50a7ASECh54u12JnUagYWCQ7j0e7s-GZ7HZHog_CPDhSkUj9pfn7kfDXVw_JW2Kx1H4tkbteQc_6WKEc31CiQVN7_qDnlNOrn7cCYRsg9zGd1u0dN5969U_9cogv-3y-bJZOaIWA13EYHDxx7zNsojMjCH6xT5YBTtY_Zd0\",\n" +
" \"alg\": \"RS256\",\n" +
" \"dq\": \"DnvpLHdsWhez1sRt-klD6MjTU2XxsW1taKHPaFFQ6LP34fmO8jl2IPKipJTBaDNUZ0SkR98BHj08MB1Tkzr8BVD1IMvXS-t1wDfpaI829fj_fXoO8lrSbPwqNt8mD-cDAXyIb0rnPZPeyRX2L5uGOZL1URPCwoWw26t0RIPZHa0\",\n"+
" \"n\": \"7XBQZdzgW55arq70EhJbRbcwBOQxmgnJsCI_upkRJ-6_xgDw-yMIWDvZw33kmbbxnIdWHOVjTlO5KF_jSZT_KxbVTw_BUyufnWSoTi8z5rLmNXTcpX1Uyx5qrtQNP0Lh-BsUbpzbLZ4SOgLLaC5-6piEV4AnU2vJO9eCN2GI1QbbBFH35OR5AhccnOOII0IS7dem1bsLjI919sM9A272gO2TUpDlb9OOIvnFsIc9kID6OFEwqW5pMDdON86nLjfdiIUgo247oUptpxKhe5xct9XsGeq_ZeC0NcKx9NI4WB19G_MuI8V2tAsVlqL7GBSOZN07ayldske3d_dov77x0Q\"\n" +
"}");
String accessToken = oauthClient.generateAccessToken(Arrays.asList("rsa.audit.admin","rsa.audit.user");
System.out.println(accessToken);
}
}
Related Articles
SecurID Access Editions Number of Views Generic REST Collector fails OAuth 2.0 when the Client Secret is expected in the Request Body in RSA Identity Governance &… Number of Views RSA SecurID Authenticator 6.1.1 for Windows Release Notes Number of Views Certificates can be created with longer validity than CAs. Number of Views How to collect data from an RSA Authentication Agent 7.x for Windows for troubleshooting Number of Views
Trending Articles
Download RSA SecurID Access Cloud User Event audit logs using Cloud Administration REST API CLU RSA Authentication Manager 8.9 Patches and Hotfixes Readme This certificate or its signing CA is not valid error when importing a certificate chain in RSA Authentication Manager 8.x… RSA Authentication Manager Upgrade Process RSA SecurID Software Token 5.0.2 for Windows Desktop displays message after reboot due to roaming profile: No token stor…
