Cloud Administration APIs - Sample Code

3 months ago

Cloud Administration APIs - Sample Code

The following sample Java client code can be used to generate access code to access the public administration APIs. The code below uses Nimbus library to create and parse the token request response.

gradle dependency

implementation 'com.nimbusds:oauth2-oidc-sdk'

annotationProcessor 'org.projectlombok:lombok'

import com.nimbusds.jose.JOSEException;

import com.nimbusds.jose.JWSAlgorithm;

import com.nimbusds.jose.jwk.AsymmetricJWK;

import com.nimbusds.jose.jwk.Curve;

import com.nimbusds.jose.jwk.ECKey;

import com.nimbusds.jose.jwk.JWK;

import com.nimbusds.jose.jwk.KeyType;

import com.nimbusds.jose.jwk.KeyUse;

import com.nimbusds.jose.jwk.gen.ECKeyGenerator;

import com.nimbusds.jose.jwk.gen.RSAKeyGenerator;

import com.nimbusds.oauth2.sdk.ClientCredentialsGrant;

import com.nimbusds.oauth2.sdk.ParseException;

import com.nimbusds.oauth2.sdk.Scope;

import com.nimbusds.oauth2.sdk.auth.ClientAuthentication;

import com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT;

import com.nimbusds.oauth2.sdk.id.ClientID;

import lombok.AllArgsConstructor;

import lombok.Builder;

import lombok.Getter;

import lombok.NoArgsConstructor;

import lombok.Setter;

import lombok.ToString;

import com.nimbusds.oauth2.sdk.TokenRequest;

import com.nimbusds.oauth2.sdk.TokenResponse;

import java.io.IOException;

import java.net.URI;

import java.net.URISyntaxException;

import java.security.PrivateKey;

import java.util.ArrayList;

import java.util.Arrays;

import java.util.List;

import java.util.UUID;

@Getter

@Setter

@Builder

@AllArgsConstructor

@NoArgsConstructor

@ToString

/**

* Oauth Client utility only support client credential grant and PRIVATE_KEY_JWT client auth

public class OauthClient {

private ClientID clientId;

private String issuerUrL;

private JWK keyPair;

@Builder.Default

private List<String> permissions = new ArrayList<>();

private String encryptionPrivateKey;

private String encryptionPublicKey;

public static JWK generateRSAKey() throws JOSEException {

return new RSAKeyGenerator(2048)

.algorithm(JWSAlgorithm.RS256)

.keyUse(KeyUse.SIGNATURE)

.keyID(UUID.randomUUID().toString())

.generate();

}

public static ECKey generateECKey() throws JOSEException {

return new ECKeyGenerator(Curve.P_256)

.keyID(UUID.randomUUID().toString())

.generate();

}

public OauthClient(String clientId,String issuerUrl) throws JOSEException {

this.clientId = new ClientID(clientId);

this.issuerUrL = issuerUrl;

this.keyPair = generateRSAKey();

}

public OauthClient(String clientId, String issuerUrl, JWK keyPair) {

this.clientId = new ClientID(clientId);

this.keyPair = keyPair;

this.issuerUrL = issuerUrl;

}

public OauthClient(String clientId, String issuerUrl, String keyPair) throws java.text.ParseException {

this.clientId = new ClientID(clientId);

this.keyPair = JWK.parse(keyPair);

this.issuerUrL = issuerUrl;

}

public String generateAccessToken(List<String> permissions) throws URISyntaxException, JOSEException, IOException, ParseException {

URI issuerUri = new URI(issuerUrL + "/token");

ClientAuthentication clientAuthentication = null;

if (!keyPair.isPrivate() /*|| key.getAlgorithm() == null*/ || keyPair.getKeyID() == null) {

throw new JOSEException("Unsupported signing private key: kty="+keyPair.getKeyType()+" alg="+keyPair.getAlgorithm()+" kid="+keyPair.getKeyID()+" private="+keyPair.isPrivate());

}

PrivateKey privateKey = ((AsymmetricJWK) keyPair).toPrivateKey();;

JWSAlgorithm jwsAlgorithm ;

if (keyPair.getKeyType() == KeyType.RSA) {

jwsAlgorithm = JWSAlgorithm.RS256;

}

else

if (keyPair.getKeyType() == KeyType.EC) {

jwsAlgorithm = JWSAlgorithm.ES256;

}

else {

throw new JOSEException("Unsupported signing key: kty="+keyPair.getKeyType()+" alg="+keyPair.getAlgorithm()+" kid=" + keyPair.getKeyID());

}

clientAuthentication = new PrivateKeyJWT(clientId, issuerUri, jwsAlgorithm, privateKey, keyPair.getKeyID(), null);

TokenRequest tokenRequest = new TokenRequest(issuerUri, clientAuthentication, new ClientCredentialsGrant(), new Scope(permissions.toArray(new String[0]))) ;

TokenResponse tokenResponse = TokenResponse.parse(tokenRequest.toHTTPRequest().send());

if (tokenResponse.indicatesSuccess()) {

return tokenResponse.toSuccessResponse().getTokens().getAccessToken().toString();

}

else {

throw new RuntimeException("Failed to generate access token " + tokenResponse.toErrorResponse().getErrorObject().getHTTPStatusCode() + ", " + tokenResponse.toErrorResponse().getErrorObject().toString());

}

public static void main(String[] args) throws JOSEException, java.text.ParseException, URISyntaxException, IOException, ParseException {

OauthClient oauthClient = new OauthClient("client_id", "https://tenant.auth.securid.com/oauth", "{\n"

+" \"p\": \"_kgt3r9zVd2yD-0deehv-3vQOY5q9Xo5mol3XAhYkPFe5_m_pDzZTOWnfiEJAuoZHxQOdvRzcHN6Q7PX5ZGhQeaVuOBjtaeW4D0NEPf3R7VdbLBPBSZCTC75g4JvuTuOsxGVAu304YqjBQbwzDvdQ12IYkJW_-AQrIiTBiHoo30\",\n" +

" \"kty\": \"RSA\",\n" +

" \"q\": \"7wsAecC-69NBVfPMmeY5xBe7KcrR_oZnaNaMzhWcdq0yeWuny2u_bhhXoAijSwXnzH5TtjQGRN-6uFht42mdIFx5kdK_9-0GfY-LeSylHPF10AHVF2MB_G2K_nnnT_G_LYx4J-1WvVkNiQqXFXLvPqySeOGgFzzAt12Jw8t_7-U\",\n" +

" \"d\": \"KIwiUq7kSokRm9ypNg_X8eEdbGxqsw9CV9eVcgBzP1JEgiQFgyGhqm24G6wbVou5GX28HS2oJodiKoyrdBSjecCJt1ltro4X0SlQG5_weVBqQ008Y-9yBEjit43jYD8D91pqhBQ50sG4g5sYEOfFyTq3-Phb3uFciWFdbac0loojrDk03l2X2D2k1ld8f_jOXTCCYtdmnoEfJPKm37TRsGrFpOZMZHQ9fAZpBvzK6KoNtlUJkGNZdt_PV_tk1KgpnrxHh2Q3-16vgyQP6c3HF2KRwUNY6xs0PcRyrTieHq27H_3gaCdUjVJ0a6zry0CgSXyBtA7YImyFS3Zd4nYY5Q\",\n" +

" \"e\": \"AQAB\",\n" +

" \"use\": \"sig\",\n" +

" \"kid\": \"248a8e18-0135-49b3-abc3-416353268a23\",\n" +

" \"qi\": \"Gg-qiT3wPLADjahhHwzOmHwzfIYq2SlqjdeBfA2-gcfhzvuMMNpYiIPoV_u_yovN-qLbtucKQC_9imT7mUHc6rEUjiYOGvSngJW-r9Xo6I1Bdyy1sK3iaOk__O1HrLFwQUehxfXLLRh86kHquwKCcU2hzXrY1IltV7eA-vTB7wk\",\n" +

" \"dp\": \"abHE50a7ASECh54u12JnUagYWCQ7j0e7s-GZ7HZHog_CPDhSkUj9pfn7kfDXVw_JW2Kx1H4tkbteQc_6WKEc31CiQVN7_qDnlNOrn7cCYRsg9zGd1u0dN5969U_9cogv-3y-bJZOaIWA13EYHDxx7zNsojMjCH6xT5YBTtY_Zd0\",\n" +
" \"alg\": \"RS256\",\n" +

" \"dq\": \"DnvpLHdsWhez1sRt-klD6MjTU2XxsW1taKHPaFFQ6LP34fmO8jl2IPKipJTBaDNUZ0SkR98BHj08MB1Tkzr8BVD1IMvXS-t1wDfpaI829fj_fXoO8lrSbPwqNt8mD-cDAXyIb0rnPZPeyRX2L5uGOZL1URPCwoWw26t0RIPZHa0\",\n"+

" \"n\": \"7XBQZdzgW55arq70EhJbRbcwBOQxmgnJsCI_upkRJ-6_xgDw-yMIWDvZw33kmbbxnIdWHOVjTlO5KF_jSZT_KxbVTw_BUyufnWSoTi8z5rLmNXTcpX1Uyx5qrtQNP0Lh-BsUbpzbLZ4SOgLLaC5-6piEV4AnU2vJO9eCN2GI1QbbBFH35OR5AhccnOOII0IS7dem1bsLjI919sM9A272gO2TUpDlb9OOIvnFsIc9kID6OFEwqW5pMDdON86nLjfdiIUgo247oUptpxKhe5xct9XsGeq_ZeC0NcKx9NI4WB19G_MuI8V2tAsVlqL7GBSOZN07ayldske3d_dov77x0Q\"\n" +

"}");

String accessToken = oauthClient.generateAccessToken(Arrays.asList("rsa.audit.admin","rsa.audit.user");

System.out.println(accessToken);

}

Don't see what you're looking for?

Potential Impact from Salesforce Device Activation Change

Cloud Administration APIs - Sample Code

Related Articles

Trending Articles