import enkan.collection.Parameters; //导入方法依赖的package包/类
/**
* Authorization endpoint.
*
* @param params Request parameters
* @param principal User principal
* @param request HttpRequest object
* @return Authorization response
*/
public HttpResponse authorize(Parameters params, UserPermissionPrincipal principal, HttpRequest request) {
if (principal != null) {
Parameters responseParams = Parameters.of();
if (params.containsKey("state")) {
responseParams.put("state", params.get("state"));
}
String clientId = params.get("client_id");
OidcApplicationDao oidcApplicationDao = daoProvider.getDao(OidcApplicationDao.class);
OidcApplication oidcApplication = oidcApplicationDao.selectByClientId(clientId);
String redirectUrl = (String) params.getOrDefault("redirect_url", oidcApplication.getCallbackUrl());
Set responseTypes = Arrays.stream(((String) params.getOrDefault("response_type", "code")).split("[ ,]+"))
.map(rt -> ResponseType.of(rt))
.filter(Objects::nonNull)
.collect(Collectors.toSet());
if (responseTypes.contains(ID_TOKEN)) {
String nonce = params.get("nonce");
responseParams.put("id_token", createIdToken(principal.getId(), oidcApplication, nonce));
}
if (responseTypes.contains(TOKEN)) {
responseParams.put("access_token", createAccessToken(principal.getName(), clientId, Collections.emptyList()));
responseParams.put("token_type", "bearer");
responseParams.put("expires_in", 3600);
}
if (responseTypes.contains(CODE)) {
KeyValueStore authorizationCodeStore = storeProvider.getStore(AUTHORIZATION_CODE);
String code = RandomUtils.generateRandomString(16, config.getSecureRandom());
authorizationCodeStore.write(code, principal.getId());
responseParams.put("code", code);
}
return HttpResponseUtils.redirect(makeCallbackUrl(redirectUrl, responseParams, responseTypes), FOUND);
} else {
return HttpResponseUtils.redirect("/my/signIn?url=" + request.getUri() + "?" + CodecUtils.urlEncode(request.getQueryString()), SEE_OTHER);
}
}