@Override protected void validateJtiValue(String jtiValue) { if (jtiValue.endsWith(REFRESH_TOKEN_SUFFIX)) { throw new InvalidTokenException("Invalid access token.", null); } }
@Override protected void validateJtiValue(String jtiValue) { if (!jtiValue.endsWith(REFRESH_TOKEN_SUFFIX)) { throw new InvalidTokenException("Invalid refresh token.", null); } }
@Override protected void validateJtiValue(String jtiValue) { if (jtiValue.endsWith(REFRESH_TOKEN_SUFFIX)) { throw new InvalidTokenException("Invalid access token.", null); } } }
@Override public void verify(Map<String, Object> claims) throws InvalidTokenException { if (!CollectionUtils.isEmpty(claims) && claims.containsKey(ISS_CLAIM)) { String jwtIssuer = (String)claims.get(ISS_CLAIM); if (!jwtIssuer.equals(this.issuer.toString())) { throw new InvalidTokenException("Invalid Issuer (iss) claim: " + jwtIssuer); } } } }
public TokenValidation checkIssuer(String issuer) { if (issuer == null) { return this; } if (!claims.containsKey(ISS)) { throw new InvalidTokenException("Token does not bear an ISS claim.", null); } if (!equals(issuer, claims.get(ISS))) { throw new InvalidTokenException("Invalid issuer (" + claims.get(ISS) + ") for token did not match expected: " + issuer, null); } return this; }
@Override public OAuth2Authentication loadAuthentication(String accessToken) throws AuthenticationException, InvalidTokenException { Map<String, Object> map = getMap(this.userInfoEndpointUrl, accessToken); if (map.containsKey("error")) { this.logger.debug("userinfo returned error: " + map.get("error")); throw new InvalidTokenException(accessToken); } return extractAuthentication(map); }
@Override public OAuth2Authentication loadAuthentication(String accessToken) throws AuthenticationException, InvalidTokenException { Map<String, Object> map = getMap(this.userInfoEndpointUrl, accessToken); if (map.containsKey("error")) { this.logger.debug("userinfo returned error: " + map.get("error")); throw new InvalidTokenException(accessToken); } return extractAuthentication(map); }
/** * Get a refresh token by its token value. */ @Override public OAuth2RefreshTokenEntity getRefreshToken(String refreshTokenValue) throws AuthenticationException { OAuth2RefreshTokenEntity refreshToken = tokenRepository.getRefreshTokenByValue(refreshTokenValue); if (refreshToken == null) { throw new InvalidTokenException("Refresh token for value " + refreshTokenValue + " was not found"); } else { return refreshToken; } }
public String getClientId(String tokenValue) { OAuth2Authentication authentication = tokenStore.readAuthentication(tokenValue); if (authentication == null) { throw new InvalidTokenException("Invalid access token: " + tokenValue); } OAuth2Request clientAuth = authentication.getOAuth2Request(); if (clientAuth == null) { throw new InvalidTokenException("Invalid access token (no client id): " + tokenValue); } return clientAuth.getClientId(); }
@Override public OAuth2AccessToken readAccessToken(String tokenValue) { OAuth2AccessToken accessToken = convertAccessToken(tokenValue); if (jwtTokenEnhancer.isRefreshToken(accessToken)) { throw new InvalidTokenException("Encoded token is a refresh token"); } return accessToken; }
private void validateRequiredUserGroups(UaaUser user, ClientDetails client) { Collection<String> requiredUserGroups = ofNullable((Collection<String>) client.getAdditionalInformation().get(REQUIRED_USER_GROUPS)).orElse(emptySet()); if (!UaaTokenUtils.hasRequiredUserAuthorities(requiredUserGroups, user.getAuthorities())) { throw new InvalidTokenException("User does not meet the client's required group criteria."); } }
@RequestMapping(value = "/oauth/check_token") @ResponseBody public Map<String, ?> checkToken(@RequestParam("token") String value) { OAuth2AccessToken token = resourceServerTokenServices.readAccessToken(value); if (token == null) { throw new InvalidTokenException("Token was not recognised"); } if (token.isExpired()) { throw new InvalidTokenException("Token has expired"); } OAuth2Authentication authentication = resourceServerTokenServices.loadAuthentication(token.getValue()); Map<String, Object> response = (Map<String, Object>)accessTokenConverter.convertAccessToken(token, authentication); // gh-1070 response.put("active", true); // Always true if token exists and not expired return response; }
/** * Get an access token from its token value. */ @Override public OAuth2AccessTokenEntity readAccessToken(String accessTokenValue) throws AuthenticationException { OAuth2AccessTokenEntity accessToken = clearExpiredAccessToken(tokenRepository.getAccessTokenByValue(accessTokenValue)); if (accessToken == null) { throw new InvalidTokenException("Access token for value " + accessTokenValue + " was not found"); } else { return accessToken; } }
protected Map<String, Object> decode(String token) { try { Jwt jwt = JwtHelper.decodeAndVerify(token, verifier); String claimsStr = jwt.getClaims(); Map<String, Object> claims = objectMapper.parseMap(claimsStr); if (claims.containsKey(EXP) && claims.get(EXP) instanceof Integer) { Integer intValue = (Integer) claims.get(EXP); claims.put(EXP, new Long(intValue)); } this.getJwtClaimsSetVerifier().verify(claims); return claims; } catch (Exception e) { throw new InvalidTokenException("Cannot convert access token to JSON", e); } }
public ClientDetails getClientDetails(ClientServicesExtension clientDetailsService) { String clientId = (String) claims.get(CID); try { return clientDetailsService.loadClientByClientId(clientId, IdentityZoneHolder.get().getId()); } catch (NoSuchClientException x) { //happens if the client is deleted and token exist throw new InvalidTokenException("Invalid client ID " + clientId); } }
private IntrospectionClaims getClaimsForToken(String token) { org.springframework.security.jwt.Jwt tokenJwt; tokenJwt = JwtHelper.decode(token); IntrospectionClaims claims; try { // we assume token.getClaims is never null due to previously parsing token when verifying the token claims = JsonUtils.readValue(tokenJwt.getClaims(), IntrospectionClaims.class); } catch (JsonUtils.JsonUtilException e) { logger.error("Can't parse introspection claims in token. Is it a valid JSON?"); throw new InvalidTokenException("Cannot read token claims", e); } return claims; }
public TokenValidation checkSignature(SignatureVerifier verifier) { try { this.tokenJwt.verifySignature(verifier); } catch (RuntimeException ex) { logger.debug("Invalid token (could not verify signature)", ex); throw new InvalidTokenException("Could not verify token signature.", new InvalidSignatureException(token)); } return this; }
@Override public OAuth2Authentication loadAuthentication(String accessTokenValue) throws AuthenticationException { OAuth2AccessTokenEntity accessToken = clearExpiredAccessToken(tokenRepository.getAccessTokenByValue(accessTokenValue)); if (accessToken == null) { throw new InvalidTokenException("Invalid access token: " + accessTokenValue); } else { return accessToken.getAuthenticationHolder().getAuthentication(); } }
private OAuth2RefreshToken createRefreshToken(OAuth2AccessToken encodedRefreshToken) { if (!jwtTokenEnhancer.isRefreshToken(encodedRefreshToken)) { throw new InvalidTokenException("Encoded token is not a refresh token"); } if (encodedRefreshToken.getExpiration()!=null) { return new DefaultExpiringOAuth2RefreshToken(encodedRefreshToken.getValue(), encodedRefreshToken.getExpiration()); } return new DefaultOAuth2RefreshToken(encodedRefreshToken.getValue()); }
@Test public void testInvalidToken_inReadAccessToken() { when(resourceServerTokenServices.readAccessToken("valid-token")).thenThrow(new InvalidTokenException("Bla")); IntrospectionClaims claims = introspectEndpoint.introspect("valid-token"); Assert.assertFalse(claims.isActive()); }