private static long getConfiguredRefreshTokenValidityPeriodInMillis(OAuthAppDO oAuthAppBean) { long refreshTokenValidityPeriodInMillis; if (oAuthAppBean.getRefreshTokenExpiryTime() != 0) { refreshTokenValidityPeriodInMillis = oAuthAppBean.getRefreshTokenExpiryTime() * SECOND_TO_MILLISECONDS_FACTOR; if (log.isDebugEnabled()) { log.debug("OAuth application id : " + oAuthAppBean.getOauthConsumerKey() + ", using refresh token " + "validity period configured for application: " + refreshTokenValidityPeriodInMillis + " ms"); } } else { refreshTokenValidityPeriodInMillis = OAuthServerConfiguration.getInstance() .getRefreshTokenValidityPeriodInSeconds() * SECOND_TO_MILLISECONDS_FACTOR; if (log.isDebugEnabled()) { log.debug("OAuth application id: " + oAuthAppBean.getOauthConsumerKey() + ", using refresh token " + "validity period configured for server: " + refreshTokenValidityPeriodInMillis + " ms"); } } return refreshTokenValidityPeriodInMillis; }
private void setValuesToStatementWithNoPKCEAndNoOwnerUpdate(OAuthAppDO oauthAppDO, PreparedStatement prepStmt) throws SQLException, IdentityOAuth2Exception { prepStmt.setLong(4, oauthAppDO.getUserAccessTokenExpiryTime()); prepStmt.setLong(5, oauthAppDO.getApplicationAccessTokenExpiryTime()); prepStmt.setLong(6, oauthAppDO.getRefreshTokenExpiryTime()); prepStmt.setLong(7, oauthAppDO.getIdTokenExpiryTime()); prepStmt.setString(8, persistenceProcessor.getProcessedClientId(oauthAppDO.getOauthConsumerKey())); }
private static long getConfiguredAccessTokenValidityPeriodInMillis(OAuthAuthzReqMessageContext oauthAuthzMsgCtx, OAuthAppDO oAuthAppBean) throws IdentityOAuth2Exception { long validityPeriodInMillis; long callbackValidityPeriod = oauthAuthzMsgCtx.getAccessTokenValidityPeriod(); if (callbackValidityPeriod != OAuthConstants.UNASSIGNED_VALIDITY_PERIOD && callbackValidityPeriod > 0) { // If a valid validity period is set through the callback, use it. validityPeriodInMillis = callbackValidityPeriod * SECOND_TO_MILLISECONDS_FACTOR; if (log.isDebugEnabled()) { log.debug("OAuth application id : " + oAuthAppBean.getOauthConsumerKey() + ", using access token " + "validity period configured from callback: " + validityPeriodInMillis + " ms"); } } else if (oAuthAppBean.getUserAccessTokenExpiryTime() != 0) { // Get user access token expiry time configured for OAuth application. validityPeriodInMillis = oAuthAppBean.getUserAccessTokenExpiryTime() * SECOND_TO_MILLISECONDS_FACTOR; if (log.isDebugEnabled()) { log.debug("OAuth application id: " + oAuthAppBean.getOauthConsumerKey() + ", using user access token " + "" + "validity period configured for application: " + validityPeriodInMillis + " ms"); } } else { // Get user access token expiry time configured over global configuration in identity.xml file. validityPeriodInMillis = OAuthServerConfiguration.getInstance(). getUserAccessTokenValidityPeriodInSeconds() * SECOND_TO_MILLISECONDS_FACTOR; if (log.isDebugEnabled()) { log.debug("OAuth application id: " + oAuthAppBean.getOauthConsumerKey() + ", using user access token " + "" + "validity period configured for server: " + validityPeriodInMillis + " ms"); } } return validityPeriodInMillis; }
private void setValuesToStatementWithPKCENoOwnerUpdate(OAuthAppDO oauthAppDO, PreparedStatement prepStmt) throws SQLException, IdentityOAuth2Exception { prepStmt.setString(4, oauthAppDO.isPkceMandatory() ? "1" : "0"); prepStmt.setString(5, oauthAppDO.isPkceSupportPlain() ? "1" : "0"); prepStmt.setLong(6, oauthAppDO.getUserAccessTokenExpiryTime()); prepStmt.setLong(7, oauthAppDO.getApplicationAccessTokenExpiryTime()); prepStmt.setLong(8, oauthAppDO.getRefreshTokenExpiryTime()); prepStmt.setLong(9, oauthAppDO.getIdTokenExpiryTime()); prepStmt.setString(10, persistenceProcessor.getProcessedClientId(oauthAppDO.getOauthConsumerKey())); }
private void setValuesToStatementWithPKCEAndOwnerUpdate(OAuthAppDO oauthAppDO, PreparedStatement prepStmt) throws SQLException, IdentityOAuth2Exception { prepStmt.setString(4, oauthAppDO.isPkceMandatory() ? "1" : "0"); prepStmt.setString(5, oauthAppDO.isPkceSupportPlain() ? "1" : "0"); prepStmt.setLong(6, oauthAppDO.getUserAccessTokenExpiryTime()); prepStmt.setLong(7, oauthAppDO.getApplicationAccessTokenExpiryTime()); prepStmt.setLong(8, oauthAppDO.getRefreshTokenExpiryTime()); prepStmt.setLong(9, oauthAppDO.getIdTokenExpiryTime()); prepStmt.setString(10, oauthAppDO.getAppOwner().getUserName()); prepStmt.setString(11, oauthAppDO.getAppOwner().getUserStoreDomain()); prepStmt.setString(12, persistenceProcessor.getProcessedClientId(oauthAppDO.getOauthConsumerKey())); }
private void setValuesToStatementWithOwnerUpdateNoPKCE(OAuthAppDO oauthAppDO, PreparedStatement prepStmt) throws SQLException, IdentityOAuth2Exception { prepStmt.setLong(4, oauthAppDO.getUserAccessTokenExpiryTime()); prepStmt.setLong(5, oauthAppDO.getApplicationAccessTokenExpiryTime()); prepStmt.setLong(6, oauthAppDO.getRefreshTokenExpiryTime()); prepStmt.setLong(7, oauthAppDO.getIdTokenExpiryTime()); prepStmt.setString(8, oauthAppDO.getAppOwner().getUserName()); prepStmt.setString(9, oauthAppDO.getAppOwner().getUserStoreDomain()); prepStmt.setString(10, persistenceProcessor.getProcessedClientId(oauthAppDO.getOauthConsumerKey())); }
prepStmt.setString(5, oauthAppDO.isPkceSupportPlain() ? "1" : "0"); prepStmt.setString(6, persistenceProcessor.getProcessedClientId(oauthAppDO.getOauthConsumerKey())); prepStmt.setString(7, persistenceProcessor.getProcessedClientSecret(oauthAppDO.getOauthConsumerSecret())); } else { prepStmt.setString(4, persistenceProcessor.getProcessedClientId(oauthAppDO.getOauthConsumerKey())); prepStmt.setString(5, persistenceProcessor.getProcessedClientSecret(oauthAppDO.getOauthConsumerSecret()));
private void addOrUpdateOIDCSpProperty(OAuthAppDO oauthAppDO, Connection connection) throws IdentityOAuth2Exception, SQLException { String preprocessedClientId = persistenceProcessor.getPreprocessedClientId(oauthAppDO.getOauthConsumerKey()); String spTenantDomain = oauthAppDO.getUser().getTenantDomain(); int spTenantId = IdentityTenantUtil.getTenantId(spTenantDomain); HashSet<String> newAudiences = audiences == null ? new HashSet<>() : new HashSet<>(Arrays.asList (audiences)); List<String> oidcAudienceList = getOIDCAudiences(spTenantDomain, oauthAppDO.getOauthConsumerKey()); Set<String> currentAudiences = oidcAudienceList == null ? new HashSet<>() : new HashSet<>(oidcAudienceList); HashSet<String> newAudienceClone = (HashSet<String>) newAudiences.clone();
/** * Returns oauth token issuer registered in the service provider app. * * @param appDO oauth app data object * @return oauth token issuer * @throws IdentityOAuth2Exception * @throws InvalidOAuthClientException */ public static OauthTokenIssuer getOAuthTokenIssuerForOAuthApp(OAuthAppDO appDO) throws IdentityOAuth2Exception { OauthTokenIssuer oauthIdentityTokenGenerator; if (appDO.getTokenType() != null) { oauthIdentityTokenGenerator = OAuthServerConfiguration.getInstance() .addAndReturnTokenIssuerInstance(appDO.getTokenType()); if (oauthIdentityTokenGenerator == null) { //get server level configured token issuer oauthIdentityTokenGenerator = OAuthServerConfiguration.getInstance().getIdentityOauthTokenIssuer(); } } else { oauthIdentityTokenGenerator = OAuthServerConfiguration.getInstance().getIdentityOauthTokenIssuer(); if (log.isDebugEnabled()) { log.debug("Token type is not set for service provider app with client Id: " + appDO.getOauthConsumerKey() + ". Hence the default Identity OAuth token issuer will be used. " + "No custom token generator is set."); } } return oauthIdentityTokenGenerator; }
if(OAuth2ServiceComponentHolder.isPkceEnabled()) { prepStmt = connection.prepareStatement(SQLQueries.OAuthAppDAOSQLQueries.ADD_OAUTH_APP_WITH_PKCE); prepStmt.setString(1, persistenceProcessor.getProcessedClientId(consumerAppDO.getOauthConsumerKey())); prepStmt.setString(2, persistenceProcessor.getProcessedClientSecret(consumerAppDO.getOauthConsumerSecret())); prepStmt.setString(3, consumerAppDO.getUser().getUserName()); } else { prepStmt = connection.prepareStatement(SQLQueries.OAuthAppDAOSQLQueries.ADD_OAUTH_APP); prepStmt.setString(1, persistenceProcessor.getProcessedClientId(consumerAppDO.getOauthConsumerKey())); prepStmt.setString(2, persistenceProcessor.getProcessedClientSecret(consumerAppDO.getOauthConsumerSecret())); prepStmt.setString(3, consumerAppDO.getUser().getUserName());
break; if (!inboundAuthKey.equals(oAuthAppDO.getOauthConsumerKey())) { validationMsg.add(String.format("The Inbound Auth Key of the application name %s " + "is not match with Oauth Consumer Key %s.", authConfig.getInboundAuthKey(), oAuthAppDO.getOauthConsumerKey()));
throw new IdentityOAuth2Exception("Invalid consumer application. Failed to issue Grant token.", e); appInfoCache.addToCache(oAuthAppDO.getOauthConsumerKey(), oAuthAppDO);
if (dao.isDuplicateConsumer(oAuthAppDO.getOauthConsumerKey())) { dao.updateConsumerApplication(oAuthAppDO); } else {
appInfoCache.addToCache(oauthappdo.getOauthConsumerKey(), oauthappdo);
AppInfoCache.getInstance().addToCache(oauthappdo.getOauthConsumerKey(), oauthappdo); if (log.isDebugEnabled()) { log.debug("Oauth Application update success : " + consumerAppDTO.getApplicationName() + " in " +
appInfoCache.addToCache(app.getOauthConsumerKey(), app);
dto.setApplicationName(app.getApplicationName()); dto.setCallbackUrl(app.getCallbackUrl()); dto.setOauthConsumerKey(app.getOauthConsumerKey()); dto.setOauthConsumerSecret(app.getOauthConsumerSecret()); dto.setOAuthVersion(app.getOauthVersion());
/** * Get OAuth application data by the application name. * * @param appName OAuth application name * @return <code>OAuthConsumerAppDTO</code> with application information * @throws Exception Error when reading application information from persistence store. */ public OAuthConsumerAppDTO getOAuthApplicationDataByAppName(String appName) throws IdentityOAuthAdminException { OAuthConsumerAppDTO dto = new OAuthConsumerAppDTO(); OAuthAppDAO dao = new OAuthAppDAO(); try { OAuthAppDO app = dao.getAppInformationByAppName(appName); if (app != null) { dto.setApplicationName(app.getApplicationName()); dto.setCallbackUrl(app.getCallbackUrl()); dto.setOauthConsumerKey(app.getOauthConsumerKey()); dto.setOauthConsumerSecret(app.getOauthConsumerSecret()); dto.setOAuthVersion(app.getOauthVersion()); dto.setGrantTypes(app.getGrantTypes()); dto.setPkceMandatory(app.isPkceMandatory()); dto.setPkceSupportPlain(app.isPkceSupportPlain()); } return dto; } catch (InvalidOAuthClientException | IdentityOAuth2Exception e) { throw new IdentityOAuthAdminException("Error while retrieving the app information by app name", e); } }
/** * Get OAuth application data by the consumer key. * * @param consumerKey Consumer Key * @return <code>OAuthConsumerAppDTO</code> with application information * @throws Exception Error when reading application information from persistence store. */ public OAuthConsumerAppDTO getOAuthApplicationData(String consumerKey) throws IdentityOAuthAdminException { OAuthConsumerAppDTO dto = new OAuthConsumerAppDTO(); OAuthAppDAO dao = new OAuthAppDAO(); try { OAuthAppDO app = dao.getAppInformation(consumerKey); if (app != null) { dto.setApplicationName(app.getApplicationName()); dto.setCallbackUrl(app.getCallbackUrl()); dto.setOauthConsumerKey(app.getOauthConsumerKey()); dto.setOauthConsumerSecret(app.getOauthConsumerSecret()); dto.setOAuthVersion(app.getOauthVersion()); dto.setGrantTypes(app.getGrantTypes()); dto.setPkceMandatory(app.isPkceMandatory()); dto.setPkceSupportPlain(app.isPkceSupportPlain()); } return dto; } catch (InvalidOAuthClientException | IdentityOAuth2Exception e) { throw new IdentityOAuthAdminException("Error while retrieving the app information using consumer key", e); } }
dto.setApplicationName(appDO.getApplicationName()); dto.setCallbackUrl(appDO.getCallbackUrl()); dto.setOauthConsumerKey(appDO.getOauthConsumerKey()); dto.setOauthConsumerSecret(appDO.getOauthConsumerSecret()); dto.setOAuthVersion(appDO.getOauthVersion());