public AuthorizationResponse(AccessTokenResponse response, boolean upgraded) { setToken(response.getToken()); setTokenType("Bearer"); setRefreshToken(response.getRefreshToken()); setRefreshExpiresIn(response.getRefreshExpiresIn()); setExpiresIn(response.getExpiresIn()); setNotBeforePolicy(response.getNotBeforePolicy()); this.upgraded = upgraded; }
private void parseAccessToken(AccessTokenResponse tokenResponse) throws VerificationException { tokenString = tokenResponse.getToken(); refreshToken = tokenResponse.getRefreshToken(); idTokenString = tokenResponse.getIdToken(); token = RSATokenVerifier.verifyToken(tokenString, deployment.getRealmKey(), deployment.getRealm()); if (idTokenString != null) { JWSInput input = new JWSInput(idTokenString); try { idToken = input.readJsonContent(IDToken.class); } catch (IOException e) { throw new VerificationException(); } } }
@Override public void attachUserSession(UserSessionModel userSession, ClientSessionModel clientSession, BrokeredIdentityContext context) { AccessTokenResponse tokenResponse = (AccessTokenResponse)context.getContextData().get(FEDERATED_ACCESS_TOKEN_RESPONSE); userSession.setNote(FEDERATED_ACCESS_TOKEN, tokenResponse.getToken()); userSession.setNote(FEDERATED_ID_TOKEN, tokenResponse.getIdToken()); }
/** * Invalidates the current token, but only when it is equal to the token passed as an argument. * * @param token the token to invalidate (cannot be null). */ public synchronized void invalidate(String token) { if (currentToken == null) { return; // There's nothing to invalidate. } if (token.equals(currentToken.getToken())) { // When used next, this cause a refresh attempt, that in turn will cause a grant attempt if refreshing fails. expirationTime = -1; } } }
log.trace("received refresh response"); String tokenString = response.getToken(); AccessToken token = null; try { AdapterTokenVerifier.VerifiedTokens tokens = AdapterTokenVerifier.verifyTokens(tokenString, response.getIdToken(), deployment); token = tokens.getAccessToken(); log.debug("Token Verification succeeded!"); if (response.getNotBeforePolicy() > deployment.getNotBefore()) { deployment.updateNotBefore(response.getNotBeforePolicy()); if (response.getRefreshToken() != null) { if (log.isTraceEnabled()) { log.trace("Setup new refresh token to the security context"); this.refreshToken = response.getRefreshToken();
String refreshTokenValue = clientToken.getRefreshToken(); try { RefreshToken refreshToken = JsonSerialization.readValue(new JWSInput(refreshTokenValue).getContent(), RefreshToken.class); String token = clientToken.getToken(); .form() .param("grant_type", "refresh_token") .param("refresh_token", clientToken.getRefreshToken()) .response() .json(AccessTokenResponse.class) return clientToken.getToken();
public synchronized AccessTokenResponse refreshToken() { Form form = new Form().param(GRANT_TYPE, REFRESH_TOKEN) .param(REFRESH_TOKEN, currentToken.getRefreshToken()); if (config.isPublicClient()) { form.param(CLIENT_ID, config.getClientId()); } try { int requestTime = Time.currentTime(); currentToken = tokenService.refreshToken(config.getRealm(), form.asMap()); expirationTime = requestTime + currentToken.getExpiresIn(); return currentToken; } catch (BadRequestException e) { return grantToken(); } }
private void logout(AccessTokenResponse accessTokenResponse) { try(CloseableHttpClient client = HttpClientBuilder.create().build()) { HttpPost post = new HttpPost(KeycloakUriBuilder.fromUri(baseUrl) .path(ServiceUrlConstants.TOKEN_SERVICE_LOGOUT_PATH).build(LiveOak.LIVEOAK_APP_REALM)); List<NameValuePair> formparams = new ArrayList<>(); formparams.add(new BasicNameValuePair(OAuth2Constants.REFRESH_TOKEN, accessTokenResponse.getRefreshToken())); formparams.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ID, "liveoak-admin-client")); UrlEncodedFormEntity form = new UrlEncodedFormEntity(formparams, "UTF-8"); post.setEntity(form); client.execute(post); } catch (IOException e) { // Not a problem we need to report } this.accessTokenResponse = null; }
public AccessTokenResponse grantToken() { Form form = new Form().param(GRANT_TYPE, accessTokenGrantType); if (PASSWORD.equals(accessTokenGrantType)) { form.param("username", config.getUsername()) .param("password", config.getPassword()); } if (config.isPublicClient()) { form.param(CLIENT_ID, config.getClientId()); } int requestTime = Time.currentTime(); synchronized (this) { currentToken = tokenService.grantToken(config.getRealm(), form.asMap()); expirationTime = requestTime + currentToken.getExpiresIn(); } return currentToken; }
String accessToken = verifyAccessToken(key, tokenResponse); String encodedIdToken = tokenResponse.getIdToken(); if (tokenResponse.getSessionState() != null) { identity.setBrokerSessionId(getConfig().getAlias() + "." + tokenResponse.getSessionState());
private String verifyAccessToken(PublicKey key, AccessTokenResponse tokenResponse) { String accessToken = tokenResponse.getToken(); if (accessToken == null) { throw new IdentityBrokerException("No access_token from server."); } return accessToken; }
tokenString = tokenResponse.getToken(); refreshToken = tokenResponse.getRefreshToken(); idTokenString = tokenResponse.getIdToken(); return challenge(403, OIDCAuthenticationError.Reason.INVALID_TOKEN, null); if (tokenResponse.getNotBeforePolicy() > deployment.getNotBefore()) { deployment.updateNotBefore(tokenResponse.getNotBeforePolicy());
public static void saveTokens(AccessTokenResponse tokens, String endpoint, String realm, String clientId, String signKey, Long sigExpiresAt, String secret) { handler.saveMergeConfig(config -> { config.setServerUrl(endpoint); config.setRealm(realm); RealmConfigData realmConfig = config.ensureRealmConfigData(endpoint, realm); realmConfig.setToken(tokens.getToken()); realmConfig.setRefreshToken(tokens.getRefreshToken()); realmConfig.setSigningToken(signKey); realmConfig.setSecret(secret); realmConfig.setExpiresAt(System.currentTimeMillis() + tokens.getExpiresIn() * 1000); realmConfig.setRefreshExpiresAt(tokens.getRefreshExpiresIn() == 0 ? Long.MAX_VALUE : System.currentTimeMillis() + tokens.getRefreshExpiresIn() * 1000); realmConfig.setSigExpiresAt(sigExpiresAt); realmConfig.setClientId(clientId); }); }
public String getAccessTokenString() { return getAccessToken().getToken(); }
refreshToken = tokenResponse.getRefreshToken(); AdapterTokenVerifier.VerifiedTokens tokens = AdapterTokenVerifier.verifyTokens(tokenResponse.getToken(), tokenResponse.getIdToken(), deployment); return postTokenVerification(tokenResponse.getToken(), tokens.getAccessToken());
public static void saveTokens(AccessTokenResponse tokens, String endpoint, String realm, String clientId, String signKey, Long sigExpiresAt, String secret) { handler.saveMergeConfig(config -> { config.setServerUrl(endpoint); config.setRealm(realm); RealmConfigData realmConfig = config.ensureRealmConfigData(endpoint, realm); realmConfig.setToken(tokens.getToken()); realmConfig.setRefreshToken(tokens.getRefreshToken()); realmConfig.setSigningToken(signKey); realmConfig.setSecret(secret); realmConfig.setExpiresAt(System.currentTimeMillis() + tokens.getExpiresIn() * 1000); realmConfig.setRefreshExpiresAt(tokens.getRefreshExpiresIn() == 0 ? Long.MAX_VALUE : System.currentTimeMillis() + tokens.getRefreshExpiresIn() * 1000); realmConfig.setSigExpiresAt(sigExpiresAt); realmConfig.setClientId(clientId); }); }
private String getTokenString() { AccessTokenResponse token = getAccessTokenResponse(); return "Bearer " + token.getToken(); }
realmData.setToken(token.getToken()); realmData.setRefreshToken(token.getRefreshToken()); realmData.setExpiresAt(currentTimeMillis() + token.getExpiresIn() * 1000); realmData.setRefreshExpiresAt(currentTimeMillis() + token.getRefreshExpiresIn() * 1000); }); return token.getToken();
public static String getAccessToken() { LOG.fine("Creating authorization client..."); // create a new instance based on the configuration define at keycloak-authz.json AuthzClient authzClient = AuthzClient.create(); LOG.fine("Requesting token..."); String token = authzClient.obtainAccessToken(DEFAULT_USER, DEFAULT_PASSWORD).getToken(); LOG.fine("Retrieved token: " + token); return token; } }
realmData.setToken(token.getToken()); realmData.setRefreshToken(token.getRefreshToken()); realmData.setExpiresAt(currentTimeMillis() + token.getExpiresIn() * 1000); realmData.setRefreshExpiresAt(currentTimeMillis() + token.getRefreshExpiresIn() * 1000); }); return token.getToken();