protected State handleOAuth2ServerSuccess(Request request, Response response, OAuth2Params params) throws Throwable {
AccessToken at = null;
if(config.isLoginWithAccessToken()) {
String code = params.getCode();
if(Strings.isEmpty(code)) {
return error(request, response, "illegal_state", "code required from oauth2 server");
}
at = codeVerifier.verifyCode(code);
if(null == at) {
return error(request, response, "illegal_state", "invalid authorization code");
}
}
String idToken = params.getIdToken();
if(Strings.isEmpty(idToken)) {
return error(request, response, "illegal_state", "id_token required from oauth2 server");
}
try{
IdToken credentials = idTokenVerifier.verifyIdToken(params, idToken);
Authentication authc = authenticate(params, credentials, at);
login(request, response, authc);
return State.CONTINUE;
}catch (TokenVerifyException e) {
return error(request, response, e.getErrorCode().name(), e.getMessage());
}
}