@Override public void process(ClientAccessToken ct, ServerAccessToken st) { if (st.getResponseType() != null && OidcUtils.CODE_AT_RESPONSE_TYPE.equals(st.getResponseType()) && OAuthConstants.IMPLICIT_GRANT.equals(st.getGrantType())) { // token post-processing as part of the current hybrid (implicit) flow // so no id_token is returned now - however when the code gets exchanged later on // this filter will add id_token to the returned access token return; } // Only add an IdToken if the client has the "openid" scope if (ct.getApprovedScope() == null || !ct.getApprovedScope().contains(OidcUtils.OPENID_SCOPE)) { return; } String idToken = getProcessedIdToken(st); if (idToken != null) { ct.getParameters().put(OidcUtils.ID_TOKEN, idToken); } } private String getProcessedIdToken(ServerAccessToken st) {
@Override public void process(ClientAccessToken ct, ServerAccessToken st) { if (st.getResponseType() != null && OidcUtils.CODE_AT_RESPONSE_TYPE.equals(st.getResponseType()) && OAuthConstants.IMPLICIT_GRANT.equals(st.getGrantType())) { // token post-processing as part of the current hybrid (implicit) flow // so no id_token is returned now - however when the code gets exchanged later on // this filter will add id_token to the returned access token return; } // Only add an IdToken if the client has the "openid" scope if (ct.getApprovedScope() == null || !ct.getApprovedScope().contains(OidcUtils.OPENID_SCOPE)) { return; } String idToken = getProcessedIdToken(st); if (idToken != null) { ct.getParameters().put(OidcUtils.ID_TOKEN, idToken); } } private String getProcessedIdToken(ServerAccessToken st) {
state.append(tokenizeString(token.getGrantType()));
state.append(tokenizeString(token.getGrantType()));
protected RefreshToken doCreateNewRefreshToken(ServerAccessToken at) { RefreshToken rt = new RefreshToken(at.getClient(), refreshTokenLifetime); if (at.getAudiences() != null) { List<String> audiences = new LinkedList<>(); audiences.addAll(at.getAudiences()); rt.setAudiences(audiences); } rt.setGrantType(at.getGrantType()); if (at.getScopes() != null) { List<OAuthPermission> scopes = new LinkedList<>(); scopes.addAll(at.getScopes()); rt.setScopes(scopes); } rt.setGrantCode(at.getGrantCode()); rt.setNonce(at.getNonce()); rt.setSubject(at.getSubject()); rt.setClientCodeVerifier(at.getClientCodeVerifier()); return rt; }
@Override public ServerAccessToken getPreauthorizedToken(Client client, List<String> requestedScopes, UserSubject sub, String grantType) throws OAuthServiceException { if (!isSupportPreauthorizedTokens()) { return null; } ServerAccessToken token = null; for (ServerAccessToken at : getAccessTokens(client, sub)) { if (at.getClient().getClientId().equals(client.getClientId()) && at.getGrantType().equals(grantType) && (sub == null && at.getSubject() == null || sub != null && at.getSubject().getLogin().equals(sub.getLogin()))) { token = at; break; } } if (token != null && OAuthUtils.isExpired(token.getIssuedAt(), token.getExpiresIn())) { revokeToken(client, token.getTokenKey(), OAuthConstants.ACCESS_TOKEN); token = null; } return token; }
protected RefreshToken doCreateNewRefreshToken(ServerAccessToken at) { RefreshToken rt = new RefreshToken(at.getClient(), refreshTokenLifetime); if (at.getAudiences() != null) { List<String> audiences = new LinkedList<>(); audiences.addAll(at.getAudiences()); rt.setAudiences(audiences); } rt.setGrantType(at.getGrantType()); if (at.getScopes() != null) { List<OAuthPermission> scopes = new LinkedList<>(); scopes.addAll(at.getScopes()); rt.setScopes(scopes); } rt.setGrantCode(at.getGrantCode()); rt.setNonce(at.getNonce()); rt.setSubject(at.getSubject()); rt.setClientCodeVerifier(at.getClientCodeVerifier()); return rt; }
@Override public ServerAccessToken getPreauthorizedToken(Client client, List<String> requestedScopes, UserSubject sub, String grantType) throws OAuthServiceException { if (!isSupportPreauthorizedTokens()) { return null; } ServerAccessToken token = null; for (ServerAccessToken at : getAccessTokens(client, sub)) { if (at.getClient().getClientId().equals(client.getClientId()) && at.getGrantType().equals(grantType) && (sub == null && at.getSubject() == null || sub != null && at.getSubject().getLogin().equals(sub.getLogin()))) { token = at; break; } } if (token != null && OAuthUtils.isExpired(token.getIssuedAt(), token.getExpiresIn())) { revokeToken(client, token.getTokenKey(), OAuthConstants.ACCESS_TOKEN); token = null; } return token; }
if (at.getGrantType() != null) { claims.setClaim(OAuthConstants.GRANT_TYPE, at.getGrantType());
if (at.getGrantType() != null) { claims.setClaim(OAuthConstants.GRANT_TYPE, at.getGrantType());
public AccessTokenValidation(ServerAccessToken token) { this.clientId = token.getClient().getClientId(); this.clientSubject = token.getClient().getSubject(); this.isClientConfidential = token.getClient().isConfidential(); this.clientIpAddress = token.getClient().getClientIpAddress(); this.tokenKey = token.getTokenKey(); this.tokenType = token.getTokenType(); this.tokenGrantType = token.getGrantType(); this.tokenIssuedAt = token.getIssuedAt(); this.tokenLifetime = token.getExpiresIn(); this.tokenNotBefore = token.getNotBefore(); this.tokenIssuer = token.getIssuer(); this.tokenSubject = token.getSubject(); this.tokenScopes = token.getScopes(); this.audiences = token.getAudiences(); this.clientCodeVerifier = token.getClientCodeVerifier(); this.extraProps.putAll(token.getExtraProperties()); }
protected ServerAccessToken(ServerAccessToken token, String key) { super(token.getTokenType(), key, token.getExpiresIn(), token.getIssuedAt(), token.getRefreshToken(), token.getParameters()); this.client = token.getClient(); this.grantType = token.getGrantType(); this.scopes = token.getScopes(); this.audiences = token.getAudiences(); this.subject = token.getSubject(); this.responseType = token.getResponseType(); this.clientCodeVerifier = token.getClientCodeVerifier(); this.nonce = token.getNonce(); this.grantCode = token.getGrantCode(); }
public AccessTokenValidation(ServerAccessToken token) { this.clientId = token.getClient().getClientId(); this.clientSubject = token.getClient().getSubject(); this.isClientConfidential = token.getClient().isConfidential(); this.clientIpAddress = token.getClient().getClientIpAddress(); this.tokenKey = token.getTokenKey(); this.tokenType = token.getTokenType(); this.tokenGrantType = token.getGrantType(); this.tokenIssuedAt = token.getIssuedAt(); this.tokenLifetime = token.getExpiresIn(); this.tokenNotBefore = token.getNotBefore(); this.tokenIssuer = token.getIssuer(); this.tokenSubject = token.getSubject(); this.tokenScopes = token.getScopes(); this.audiences = token.getAudiences(); this.clientCodeVerifier = token.getClientCodeVerifier(); this.extraProps.putAll(token.getExtraProperties()); }
protected ServerAccessToken(ServerAccessToken token, String key) { super(token.getTokenType(), key, token.getExpiresIn(), token.getIssuedAt(), token.getRefreshToken(), token.getParameters()); this.client = token.getClient(); this.grantType = token.getGrantType(); this.scopes = token.getScopes(); this.audiences = token.getAudiences(); this.subject = token.getSubject(); this.responseType = token.getResponseType(); this.clientCodeVerifier = token.getClientCodeVerifier(); this.nonce = token.getNonce(); this.grantCode = token.getGrantCode(); }