public boolean revokeToken(String tokenValue) { OAuth2AccessToken accessToken = tokenStore.readAccessToken(tokenValue); if (accessToken == null) { return false; } if (accessToken.getRefreshToken() != null) { tokenStore.removeRefreshToken(accessToken.getRefreshToken()); } tokenStore.removeAccessToken(accessToken); return true; }
/** * tests the basic provider */ @Test @OAuth2ContextConfiguration(ClientCredentials.class) public void testPostForToken() throws Exception { OAuth2AccessToken token = context.getAccessToken(); assertNull(token.getRefreshToken()); }
/** * tests the basic provider */ @Test @OAuth2ContextConfiguration(ClientCredentials.class) public void testPostForToken() throws Exception { OAuth2AccessToken token = context.getAccessToken(); assertNull(token.getRefreshToken()); }
/** * tests a happy-day flow of the refresh token provider. */ @Test public void testHappyDay() throws Exception { OAuth2AccessToken accessToken = getAccessToken("read write", "my-trusted-client"); // now use the refresh token to get a new access token. assertNotNull(accessToken.getRefreshToken()); OAuth2AccessToken newAccessToken = refreshAccessToken(accessToken.getRefreshToken().getValue()); assertFalse(newAccessToken.getValue().equals(accessToken.getValue())); verifyAccessTokens(accessToken, newAccessToken); }
public void storeAccessToken(OAuth2AccessToken token, OAuth2Authentication authentication) { if (this.flushCounter.incrementAndGet() >= this.flushInterval) { flush(); this.flushCounter.set(0); } this.accessTokenStore.put(token.getValue(), token); this.authenticationStore.put(token.getValue(), authentication); this.authenticationToAccessTokenStore.put(authenticationKeyGenerator.extractKey(authentication), token); if (!authentication.isClientOnly()) { addToCollection(this.userNameToAccessTokenStore, getApprovalKey(authentication), token); } addToCollection(this.clientIdToAccessTokenStore, authentication.getOAuth2Request().getClientId(), token); if (token.getExpiration() != null) { TokenExpiry expiry = new TokenExpiry(token.getValue(), token.getExpiration()); // Remove existing expiry for this token if present expiryQueue.remove(expiryMap.put(token.getValue(), expiry)); this.expiryQueue.put(expiry); } if (token.getRefreshToken() != null && token.getRefreshToken().getValue() != null) { this.refreshTokenToAccessTokenStore.put(token.getRefreshToken().getValue(), token.getValue()); this.accessTokenToRefreshTokenStore.put(token.getValue(), token.getRefreshToken().getValue()); } }
/** * tests a happy-day flow of the refresh token provider. */ @Test public void testHappyDay() throws Exception { OAuth2AccessToken accessToken = getAccessToken("read write", "my-trusted-client"); // now use the refresh token to get a new access token. assertNotNull(accessToken.getRefreshToken()); OAuth2AccessToken newAccessToken = refreshAccessToken(accessToken.getRefreshToken().getValue()); assertFalse(newAccessToken.getValue().equals(accessToken.getValue())); verifyAccessTokens(accessToken, newAccessToken); cancelToken(accessToken.getValue()); cancelToken(newAccessToken.getValue()); }
protected JaxbOAuth2AccessToken convertToInternal(OAuth2AccessToken accessToken) { JaxbOAuth2AccessToken jaxbAccessToken = new JaxbOAuth2AccessToken(); jaxbAccessToken.setAccessToken(accessToken.getValue()); jaxbAccessToken.setExpriation(accessToken.getExpiration()); OAuth2RefreshToken refreshToken = accessToken.getRefreshToken(); if(refreshToken != null) { jaxbAccessToken.setRefreshToken(refreshToken.getValue()); } return jaxbAccessToken; }
private void validateAccessAndRefreshToken(OAuth2AccessToken accessToken) { validateAccessTokenOnly(accessToken, CLIENT_ID); OAuth2RefreshToken refreshToken = accessToken.getRefreshToken(); this.assertCommonUserRefreshTokenProperties(refreshToken); assertThat(refreshToken, OAuth2RefreshTokenMatchers.issuerUri(is(ISSUER_URI))); assertThat(refreshToken, OAuth2RefreshTokenMatchers.validFor(is(60 * 60 * 24 * 30))); this.assertCommonEventProperties(accessToken, tokenSupport.userId, buildJsonString(tokenSupport.requestedAuthScopes)); }
@Test public void testCreateAccessTokenRefreshGrant() { OAuth2AccessToken accessToken = getOAuth2AccessToken(); TokenRequest refreshTokenRequest = getRefreshTokenRequest(); OAuth2AccessToken refreshedAccessToken = tokenServices.refreshAccessToken(accessToken.getRefreshToken().getValue(), refreshTokenRequest); assertEquals(refreshedAccessToken.getRefreshToken().getValue(), accessToken.getRefreshToken().getValue()); this.assertCommonUserAccessTokenProperties(refreshedAccessToken, CLIENT_ID); assertThat(refreshedAccessToken, issuerUri(is(ISSUER_URI))); assertThat(refreshedAccessToken, scope(is(tokenSupport.requestedAuthScopes))); assertThat(refreshedAccessToken, validFor(is(60 * 60 * 12))); validateExternalAttributes(accessToken); }
public void storeAccessToken(OAuth2AccessToken token, OAuth2Authentication authentication) { String refreshToken = null; if (token.getRefreshToken() != null) { refreshToken = token.getRefreshToken().getValue(); } if (readAccessToken(token.getValue())!=null) { removeAccessToken(token.getValue()); } jdbcTemplate.update(insertAccessTokenSql, new Object[] { extractTokenKey(token.getValue()), new SqlLobValue(serializeAccessToken(token)), authenticationKeyGenerator.extractKey(authentication), authentication.isClientOnly() ? null : authentication.getName(), authentication.getOAuth2Request().getClientId(), new SqlLobValue(serializeAuthentication(authentication)), extractTokenKey(refreshToken) }, new int[] { Types.VARCHAR, Types.BLOB, Types.VARCHAR, Types.VARCHAR, Types.VARCHAR, Types.BLOB, Types.VARCHAR }); }
@Test public void test_refresh_token_is_opaque_when_requested() { OAuth2AccessToken accessToken = performPasswordGrant(OPAQUE.getStringValue()); OAuth2RefreshToken refreshToken = accessToken.getRefreshToken(); String refreshTokenValue = accessToken.getRefreshToken().getValue(); assertThat("Token value should be equal to or lesser than 36 characters", refreshTokenValue.length(), lessThanOrEqualTo(36)); this.assertCommonUserRefreshTokenProperties(refreshToken); assertThat(refreshToken, OAuth2RefreshTokenMatchers.issuerUri(is(ISSUER_URI))); assertThat(refreshToken, OAuth2RefreshTokenMatchers.validFor(is(60 * 60 * 24 * 30))); TokenRequest refreshTokenRequest = getRefreshTokenRequest(); //validate both opaque and JWT refresh tokenSupport.tokens for (String s : Arrays.asList(refreshTokenValue, tokenSupport.tokens.get(refreshTokenValue).getValue())) { OAuth2AccessToken refreshedAccessToken = tokenServices.refreshAccessToken(s, refreshTokenRequest); assertCommonUserAccessTokenProperties(refreshedAccessToken, CLIENT_ID); } }
@Test public void testCreateOpaqueAccessTokenForAClient() { AuthorizationRequest authorizationRequest = new AuthorizationRequest(CLIENT_ID, tokenSupport.clientScopes); authorizationRequest.setResourceIds(new HashSet<>(tokenSupport.resourceIds)); Map<String, String> azParameters = new HashMap<>(authorizationRequest.getRequestParameters()); azParameters.put(REQUEST_TOKEN_FORMAT, OPAQUE.getStringValue()); azParameters.put(GRANT_TYPE, GRANT_TYPE_CLIENT_CREDENTIALS); authorizationRequest.setRequestParameters(azParameters); OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest.createOAuth2Request(), null); OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication); assertTrue("Token is not a composite token", accessToken instanceof CompositeToken); assertThat("Token value should be equal to or lesser than 36 characters", accessToken.getValue().length(), lessThanOrEqualTo(36)); assertThat(accessToken.getRefreshToken(), is(nullValue())); }
@Test public void testWrongClientDoesNotLeakToken() { AuthorizationRequest ar = mock(AuthorizationRequest.class); OAuth2AccessToken accessToken = getOAuth2AccessToken(); TokenRequest refreshTokenRequest = getRefreshTokenRequest(); try { refreshTokenRequest.setClientId("invalidClientForToken"); tokenServices.refreshAccessToken(accessToken.getRefreshToken().getValue(), refreshTokenRequest); fail(); } catch (InvalidGrantException e) { assertThat(e.getMessage(), startsWith("Wrong client for this refresh token")); assertThat(e.getMessage(), not(containsString(accessToken.getRefreshToken().getValue()))); } }
@Test public void testCreateAccessTokenImplicitGrant() { AuthorizationRequest authorizationRequest = new AuthorizationRequest(CLIENT_ID, tokenSupport.requestedAuthScopes); authorizationRequest.setResourceIds(new HashSet<>(tokenSupport.resourceIds)); Map<String, String> azParameters = new HashMap<>(authorizationRequest.getRequestParameters()); azParameters.put(GRANT_TYPE, GRANT_TYPE_IMPLICIT); authorizationRequest.setRequestParameters(azParameters); Authentication userAuthentication = tokenSupport.defaultUserAuthentication; OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest.createOAuth2Request(), userAuthentication); OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication); this.assertCommonUserAccessTokenProperties(accessToken, CLIENT_ID); assertThat(accessToken, issuerUri(is(ISSUER_URI))); assertThat(accessToken, validFor(is(60 * 60 * 12))); assertThat(accessToken.getRefreshToken(), is(nullValue())); this.assertCommonEventProperties(accessToken, tokenSupport.userId, buildJsonString(tokenSupport.requestedAuthScopes)); }
/** * Copy constructor for access token. * * @param accessToken */ public DefaultOAuth2AccessToken(OAuth2AccessToken accessToken) { this(accessToken.getValue()); setAdditionalInformation(accessToken.getAdditionalInformation()); setRefreshToken(accessToken.getRefreshToken()); setExpiration(accessToken.getExpiration()); setScope(accessToken.getScope()); setTokenType(accessToken.getTokenType()); }
@Test public void test_using_opaque_parameter_on_refresh_grant() { OAuth2AccessToken accessToken = performPasswordGrant(OPAQUE.getStringValue()); OAuth2RefreshToken refreshToken = accessToken.getRefreshToken(); String refreshTokenValue = refreshToken.getValue(); Map<String, String> parameters = new HashMap<>(); parameters.put(REQUEST_TOKEN_FORMAT, OPAQUE.getStringValue()); TokenRequest refreshTokenRequest = getRefreshTokenRequest(parameters); //validate both opaque and JWT refresh tokenSupport.tokens for (String s : Arrays.asList(refreshTokenValue, tokenSupport.tokens.get(refreshTokenValue).getValue())) { OAuth2AccessToken refreshedAccessToken = tokenServices.refreshAccessToken(s, refreshTokenRequest); assertThat("Token value should be equal to or lesser than 36 characters", refreshedAccessToken.getValue().length(), lessThanOrEqualTo(36)); assertCommonUserAccessTokenProperties(new DefaultOAuth2AccessToken(tokenSupport.tokens.get(refreshedAccessToken).getValue()), CLIENT_ID); validateExternalAttributes(refreshedAccessToken); } }
@Test public void testCreateAccessTokenOnlyForClientWithoutRefreshToken() { AuthorizationRequest authorizationRequest = new AuthorizationRequest(CLIENT_ID_NO_REFRESH_TOKEN_GRANT, tokenSupport.requestedAuthScopes); authorizationRequest.setResourceIds(new HashSet<>(tokenSupport.resourceIds)); Map<String, String> azParameters = new HashMap<>(authorizationRequest.getRequestParameters()); azParameters.put(GRANT_TYPE, GRANT_TYPE_AUTHORIZATION_CODE); authorizationRequest.setRequestParameters(azParameters); Authentication userAuthentication = tokenSupport.defaultUserAuthentication; OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest.createOAuth2Request(), userAuthentication); OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication); validateAccessTokenOnly(accessToken, CLIENT_ID_NO_REFRESH_TOKEN_GRANT); assertNull(accessToken.getRefreshToken()); }
@Test(expected = InvalidTokenException.class) public void testRefreshTokenAfterApprovalsMissing2() { AuthorizationRequest authorizationRequest = new AuthorizationRequest(CLIENT_ID, tokenSupport.requestedAuthScopes); authorizationRequest.setResourceIds(new HashSet<>(tokenSupport.resourceIds)); Map<String, String> azParameters = new HashMap<>(authorizationRequest.getRequestParameters()); azParameters.put(GRANT_TYPE, GRANT_TYPE_AUTHORIZATION_CODE); authorizationRequest.setRequestParameters(azParameters); Authentication userAuthentication = tokenSupport.defaultUserAuthentication; OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest.createOAuth2Request(), userAuthentication); OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication); AuthorizationRequest refreshAuthorizationRequest = new AuthorizationRequest(CLIENT_ID, tokenSupport.requestedAuthScopes); refreshAuthorizationRequest.setResourceIds(new HashSet<>(tokenSupport.resourceIds)); Map<String, String> refreshAzParameters = new HashMap<>(refreshAuthorizationRequest.getRequestParameters()); refreshAzParameters.put(GRANT_TYPE, GRANT_TYPE_REFRESH_TOKEN); refreshAuthorizationRequest.setRequestParameters(refreshAzParameters); tokenServices.refreshAccessToken(accessToken.getRefreshToken().getValue(), tokenSupport.requestFactory.createTokenRequest(refreshAuthorizationRequest, "refresh_token")); }
@Test public void loadAuthentication_when_given_an_opaque_refreshToken_should_throw_exception() { tokenSupport.defaultClient.setAutoApproveScopes(singleton("true")); AuthorizationRequest authorizationRequest = new AuthorizationRequest(CLIENT_ID, tokenSupport.requestedAuthScopes); authorizationRequest.setResourceIds(new HashSet<>(tokenSupport.resourceIds)); Map<String, String> azParameters = new HashMap<>(authorizationRequest.getRequestParameters()); azParameters.put(GRANT_TYPE, GRANT_TYPE_AUTHORIZATION_CODE); azParameters.put(REQUEST_TOKEN_FORMAT, OPAQUE.getStringValue()); authorizationRequest.setRequestParameters(azParameters); Authentication userAuthentication = tokenSupport.defaultUserAuthentication; OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest.createOAuth2Request(), userAuthentication); OAuth2AccessToken compositeToken = tokenServices.createAccessToken(authentication); String refreshTokenValue = tokenProvisioning.retrieve(compositeToken.getRefreshToken().getValue(), IdentityZoneHolder.get().getId()).getValue(); expectedException.expect(InvalidTokenException.class); expectedException.expectMessage("The token does not bear a \"scope\" claim."); tokenServices.loadAuthentication(refreshTokenValue); }
@Test public void testCreateAccessTokenExternalContext() { OAuth2AccessToken accessToken = getOAuth2AccessToken(); TokenRequest refreshTokenRequest = getRefreshTokenRequest(); OAuth2AccessToken refreshedAccessToken = tokenServices.refreshAccessToken(accessToken.getRefreshToken().getValue(), refreshTokenRequest); validateExternalAttributes(accessToken); validateExternalAttributes(refreshedAccessToken); }