public OAuth2AccessToken extractAccessToken(String value, Map<String, ?> map) { DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken(value); Map<String, Object> info = new HashMap<String, Object>(map); info.remove(EXP); info.remove(AUD); info.remove(clientIdAttribute); info.remove(scopeAttribute); if (map.containsKey(EXP)) { token.setExpiration(new Date((Long) map.get(EXP) * 1000L)); } if (map.containsKey(JTI)) { info.put(JTI, map.get(JTI)); } token.setScope(extractScope(map)); token.setAdditionalInformation(info); return token; }
@Override public OAuth2AccessToken grant(String grantType, TokenRequest tokenRequest) { OAuth2AccessToken token = super.grant(grantType, tokenRequest); if (token != null) { DefaultOAuth2AccessToken norefresh = new DefaultOAuth2AccessToken(token); // The spec says that client credentials should not be allowed to get a refresh token if (!allowRefresh) { norefresh.setRefreshToken(null); } token = norefresh; } return token; }
public static OAuth2AccessToken valueOf(Map<String, String> tokenParams) { DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken(tokenParams.get(ACCESS_TOKEN)); if (tokenParams.containsKey(EXPIRES_IN)) { long expiration = 0; try { expiration = Long.parseLong(String.valueOf(tokenParams.get(EXPIRES_IN))); } catch (NumberFormatException e) { // fall through... } token.setExpiration(new Date(System.currentTimeMillis() + (expiration * 1000L))); } if (tokenParams.containsKey(REFRESH_TOKEN)) { String refresh = tokenParams.get(REFRESH_TOKEN); DefaultOAuth2RefreshToken refreshToken = new DefaultOAuth2RefreshToken(refresh); token.setRefreshToken(refreshToken); } if (tokenParams.containsKey(SCOPE)) { Set<String> scope = new TreeSet<String>(); for (StringTokenizer tokenizer = new StringTokenizer(tokenParams.get(SCOPE), " ,"); tokenizer .hasMoreTokens();) { scope.add(tokenizer.nextToken()); } token.setScope(scope); } if (tokenParams.containsKey(TOKEN_TYPE)) { token.setTokenType(tokenParams.get(TOKEN_TYPE)); } return token; }
private OAuth2AccessToken createAccessToken(OAuth2Authentication authentication, OAuth2RefreshToken refreshToken) { DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken(UUID.randomUUID().toString()); int validitySeconds = getAccessTokenValiditySeconds(authentication.getOAuth2Request()); if (validitySeconds > 0) { token.setExpiration(new Date(System.currentTimeMillis() + (validitySeconds * 1000L))); } token.setRefreshToken(refreshToken); token.setScope(authentication.getOAuth2Request().getScope()); return accessTokenEnhancer != null ? accessTokenEnhancer.enhance(token, authentication) : token; }
DefaultOAuth2AccessToken accessToken = new DefaultOAuth2AccessToken(tokenValue); accessToken.setTokenType(tokenType); if (expiresIn != null) {
@SuppressWarnings({ "unchecked" }) private Map<String, Object> getMap(String path, String accessToken) { this.logger.debug("Getting user info from: " + path); try { OAuth2RestOperations restTemplate = this.restTemplate; if (restTemplate == null) { BaseOAuth2ProtectedResourceDetails resource = new BaseOAuth2ProtectedResourceDetails(); resource.setClientId(this.clientId); restTemplate = new OAuth2RestTemplate(resource); } OAuth2AccessToken existingToken = restTemplate.getOAuth2ClientContext() .getAccessToken(); if (existingToken == null || !accessToken.equals(existingToken.getValue())) { DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken( accessToken); token.setTokenType(this.tokenType); restTemplate.getOAuth2ClientContext().setAccessToken(token); } return restTemplate.getForEntity(path, Map.class).getBody(); } catch (Exception ex) { this.logger.info("Could not fetch user details: " + ex.getClass() + ", " + ex.getMessage()); return Collections.<String, Object>singletonMap("error", "Could not fetch user details"); } } }
@SuppressWarnings({ "unchecked" }) private Map<String, Object> getMap(String path, String accessToken) { this.logger.debug("Getting user info from: " + path); try { OAuth2RestOperations restTemplate = this.restTemplate; if (restTemplate == null) { BaseOAuth2ProtectedResourceDetails resource = new BaseOAuth2ProtectedResourceDetails(); resource.setClientId(this.clientId); restTemplate = new OAuth2RestTemplate(resource); } OAuth2AccessToken existingToken = restTemplate.getOAuth2ClientContext() .getAccessToken(); if (existingToken == null || !accessToken.equals(existingToken.getValue())) { DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken( accessToken); token.setTokenType(this.tokenType); restTemplate.getOAuth2ClientContext().setAccessToken(token); } return restTemplate.getForEntity(path, Map.class).getBody(); } catch (Exception ex) { this.logger.info("Could not fetch user details: " + ex.getClass() + ", " + ex.getMessage()); return Collections.<String, Object>singletonMap("error", "Could not fetch user details"); } } }
private void setUpContext(String tokenName) { String accessToken = System.getProperty(tokenName); Assume.assumeNotNull(accessToken); context.setAccessToken(new DefaultOAuth2AccessToken(accessToken)); }
protected OAuth2AccessToken convertToExternal(JaxbOAuth2AccessToken jaxbAccessToken) { DefaultOAuth2AccessToken accessToken = new DefaultOAuth2AccessToken(jaxbAccessToken.getAccessToken()); String refreshToken = jaxbAccessToken.getRefreshToken(); if(refreshToken != null) { accessToken.setRefreshToken(new DefaultOAuth2RefreshToken(refreshToken)); } Date expiration = jaxbAccessToken.getExpiration(); if(expiration != null) { accessToken.setExpiration(expiration); } return accessToken; } }
DefaultOAuth2AccessToken accessToken = new DefaultOAuth2AccessToken(tokenValue); accessToken.setTokenType(tokenType); if (expiresIn != null) {
public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) { DefaultOAuth2AccessToken result = new DefaultOAuth2AccessToken(accessToken); Map<String, Object> info = new LinkedHashMap<String, Object>(accessToken.getAdditionalInformation()); String tokenId = result.getValue(); OAuth2RefreshToken refreshToken = result.getRefreshToken(); if (refreshToken != null) { DefaultOAuth2AccessToken encodedRefreshToken = new DefaultOAuth2AccessToken(accessToken); encodedRefreshToken.setValue(refreshToken.getValue());
/** * Obtain a new access token for the specified resource using the refresh token. * * @param resource The resource. * @param refreshToken The refresh token. * @return The access token, or null if failed. * @throws UserRedirectRequiredException */ public OAuth2AccessToken refreshAccessToken(OAuth2ProtectedResourceDetails resource, OAuth2RefreshToken refreshToken, AccessTokenRequest request) throws UserRedirectRequiredException { for (AccessTokenProvider tokenProvider : chain) { if (tokenProvider.supportsRefresh(resource)) { DefaultOAuth2AccessToken refreshedAccessToken = new DefaultOAuth2AccessToken( tokenProvider.refreshAccessToken(resource, refreshToken, request)); if (refreshedAccessToken.getRefreshToken() == null) { // Fixes gh-712 refreshedAccessToken.setRefreshToken(refreshToken); } return refreshedAccessToken; } } throw new OAuth2AccessDeniedException( "Unable to obtain a new access token for resource '" + resource.getId() + "'. The provider manager is not configured to support it.", resource); }
@Test public void test_ensure_that_access_token_is_deleted_and_modified() { String tokenId = "access_token"; DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken(tokenId); DefaultOAuth2RefreshToken refreshToken = new DefaultOAuth2RefreshToken("refresh_token"); Map<String,Object> info = new HashMap(token.getAdditionalInformation()); info.put(JTI, token.getValue()); token.setAdditionalInformation(info); token.setRefreshToken(refreshToken); token.setExpiration(new Date()); }
@Test public void test_using_opaque_parameter_on_refresh_grant() { OAuth2AccessToken accessToken = performPasswordGrant(OPAQUE.getStringValue()); OAuth2RefreshToken refreshToken = accessToken.getRefreshToken(); String refreshTokenValue = refreshToken.getValue(); Map<String, String> parameters = new HashMap<>(); parameters.put(REQUEST_TOKEN_FORMAT, OPAQUE.getStringValue()); TokenRequest refreshTokenRequest = getRefreshTokenRequest(parameters); //validate both opaque and JWT refresh tokenSupport.tokens for (String s : Arrays.asList(refreshTokenValue, tokenSupport.tokens.get(refreshTokenValue).getValue())) { OAuth2AccessToken refreshedAccessToken = tokenServices.refreshAccessToken(s, refreshTokenRequest); assertThat("Token value should be equal to or lesser than 36 characters", refreshedAccessToken.getValue().length(), lessThanOrEqualTo(36)); assertCommonUserAccessTokenProperties(new DefaultOAuth2AccessToken(tokenSupport.tokens.get(refreshedAccessToken).getValue()), CLIENT_ID); validateExternalAttributes(refreshedAccessToken); } }
@Test public void ensure_that_access_token_is_deleted_and_modified() { String tokenId = "access_token"; DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken(tokenId); DefaultOAuth2RefreshToken refreshToken = new DefaultOAuth2RefreshToken("refresh_token"); Map<String,Object> info = new HashMap(token.getAdditionalInformation()); info.put(JTI, token.getValue()); token.setAdditionalInformation(info); token.setRefreshToken(refreshToken); token.setExpiration(new Date()); DefaultOAuth2AccessToken result = granter.prepareForSerialization(token); assertSame(token, result); assertEquals(refreshToken.getValue(), result.getAdditionalInformation().get(JTI)); assertNull(result.getValue()); verify(tokenStore).delete(eq(tokenId), anyInt(), eq(IdentityZoneHolder.get().getId())); }
private OAuth2AccessToken createAccessToken(OAuth2Authentication authentication, OAuth2RefreshToken refreshToken) { DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken(UUID.randomUUID().toString()); int validitySeconds = getAccessTokenValiditySeconds(authentication.getOAuth2Request()); if (validitySeconds > 0) { token.setExpiration(new Date(System.currentTimeMillis() + (validitySeconds * 1000L))); } token.setRefreshToken(refreshToken); token.setScope(authentication.getOAuth2Request().getScope()); return accessTokenEnhancer != null ? accessTokenEnhancer.enhance(token, authentication) : token; }
private OAuth2AccessToken createAccessToken(OAuth2Authentication authentication, OAuth2RefreshToken refreshToken) { DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken(UUID.randomUUID().toString()); int validitySeconds = getAccessTokenValiditySeconds(authentication.getOAuth2Request()); if (validitySeconds > 0) { token.setExpiration(new Date(System.currentTimeMillis() + (validitySeconds * 1000L))); } token.setRefreshToken(refreshToken); token.setScope(authentication.getOAuth2Request().getScope()); return accessTokenEnhancer != null ? accessTokenEnhancer.enhance(token, authentication) : token; }
private OAuth2AccessToken createAccessToken(OAuth2Authentication authentication, OAuth2RefreshToken refreshToken) { DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken(UUID.randomUUID().toString()); int validitySeconds = getAccessTokenValiditySeconds(authentication.getOAuth2Request()); if (validitySeconds > 0) { token.setExpiration(new Date(System.currentTimeMillis() + (validitySeconds * 1000L))); } token.setRefreshToken(refreshToken); token.setScope(authentication.getOAuth2Request().getScope()); return accessTokenEnhancer != null ? accessTokenEnhancer.enhance(token, authentication) : token; }
@Override public OAuth2AccessToken getAccessToken(OAuth2ProtectedResourceDetails resource, Authentication authentication) { ClientUser clientUser = getClientUser(authentication); String accessToken = clientUser.getAccessToken(); Calendar expirationDate = clientUser.getAccessTokenValidity(); if (accessToken == null) return null; DefaultOAuth2AccessToken oAuth2AccessToken = new DefaultOAuth2AccessToken(accessToken); oAuth2AccessToken.setExpiration(expirationDate.getTime()); oAuth2AccessToken.setRefreshToken(new DefaultOAuth2RefreshToken(clientUser.getRefreshToken())); return oAuth2AccessToken; }
@Test public void withRestTemplateChangesState() { OAuth2ProtectedResourceDetails resource = new AuthorizationCodeResourceDetails(); OAuth2ClientContext context = new DefaultOAuth2ClientContext(); context.setAccessToken(new DefaultOAuth2AccessToken("FOO")); this.services.setRestTemplate(new OAuth2RestTemplate(resource, context)); assertThat(this.services.loadAuthentication("BAR").getName()).isEqualTo("me"); assertThat(context.getAccessToken().getValue()).isEqualTo("BAR"); }