public void revoke(@FormParam("token") String token, @FormParam("token_type_hint") String tokenTypeHint, HttpServletRequest servletRequest, HttpServletResponse servletResponse) throws IOException { if (token == null) { ServletUtils.applyHTTPResponse(new TokenErrorResponse(OAuth2Error.INVALID_GRANT).toHTTPResponse(), servletResponse); return; } ClientID clientId = null; try { ClientAuthentication clientAuth = ClientAuthentication.parse(FixedServletUtils.createHTTPRequest(servletRequest)); if (clientAuth != null) { clientId = clientAuth.getClientID(); } } catch (ParseException e) { // ignore; no clientid given } if ("login_session".equals(tokenTypeHint)) { LoginSessionToken loginSessionToken = new LoginSessionToken(token); tokenStore.remove(loginSessionToken); tokenStore.invalidateLoginSession(loginSessionToken); } else { tokenStore.remove(token, clientId); } HTTPResponse httpResponse = new HTTPResponse(HTTPResponse.SC_OK); httpResponse.setHeader("Content-Type", "text/plain"); httpResponse.setHeader("Pragma", "no-cache"); httpResponse.setHeader("Cache-Control", "no-store"); ServletUtils.applyHTTPResponse(httpResponse, servletResponse); }
userInfoRequest = UserInfoRequest.parse(FixedServletUtils.createHTTPRequest(servletRequest)); } catch (Exception e) { ServletUtils.applyHTTPResponse( new UserInfoErrorResponse(BearerTokenError.INVALID_REQUEST).toHTTPResponse(), servletResponse); ServletUtils.applyHTTPResponse( new UserInfoErrorResponse(BearerTokenError.INVALID_TOKEN).toHTTPResponse(), servletResponse); ServletUtils.applyHTTPResponse( new UserInfoErrorResponse(BearerTokenError.INVALID_TOKEN).toHTTPResponse(), servletResponse); httpResponse.setCacheControl("s-maxage=" + cacheLiveTime); ServletUtils.applyHTTPResponse(httpResponse, servletResponse);
public void token(HttpServletRequest servletRequest, HttpServletResponse servletResponse) throws IOException { TokenRequest request; try { request = TokenRequest.parse(FixedServletUtils.createHTTPRequest(servletRequest)); } catch (ParseException e) { ServletUtils.applyHTTPResponse( new TokenErrorResponse(OAuth2Error.UNSUPPORTED_GRANT_TYPE).toHTTPResponse(), servletResponse); return; } LOG.debug("tokenRequest {}", request); AuthorizationGrant authorizationGrant = request.getAuthorizationGrant(); if (authorizationGrant.getType() == GrantType.AUTHORIZATION_CODE) { doAuthorizationCodeGrantFlow(request, servletRequest, servletResponse); return; } if (authorizationGrant.getType() == GrantType.PASSWORD) { doResourceOwnerPasswordCredentialFlow(request, servletRequest, servletResponse); return; } if (authorizationGrant.getType() == GrantType.REFRESH_TOKEN) { doRefreshTokenGrantFlow(request, servletRequest, servletResponse); return; } ServletUtils.applyHTTPResponse( new TokenErrorResponse(OAuth2Error.UNSUPPORTED_GRANT_TYPE).toHTTPResponse(), servletResponse); }
private void doResourceOwnerPasswordCredentialFlow(TokenRequest request, HttpServletRequest servletRequest, HttpServletResponse servletResponse) throws IOException { UserInfo userInfo = userInfoFactory.createUserInfo(servletRequest); LOG.debug(userInfo.toJSONObject().toJSONString()); RefreshToken refreshToken = new RefreshToken(); LOG.debug("request.getClientAuthentication() {}", request.getClientAuthentication()); tokenStore.addRefreshToken(refreshToken, userInfo, request.getClientAuthentication().getClientID(), null, refreshTokenLifetime); BearerAccessToken accessToken = new BearerAccessToken(tokenLifetime, request.getScope()); LOG.debug("resourceOwnerPasswordCredentialFlow {}", accessToken.toJSONString()); tokenStore.addAccessToken(accessToken, userInfo, request.getClientAuthentication().getClientID(), refreshToken); LOG.debug("accessToken {}", accessToken.toJSONString()); ServletUtils.applyHTTPResponse( new AccessTokenResponse(new Tokens(accessToken, refreshToken)).toHTTPResponse(), servletResponse); }
) { LOG.info("tokenRequest: invalid grant {}", authorizationCodeGrant.getAuthorizationCode()); ServletUtils.applyHTTPResponse( new TokenErrorResponse(OAuth2Error.INVALID_GRANT).toHTTPResponse(), servletResponse); ServletUtils.applyHTTPResponse( new AccessTokenResponse(new Tokens(accessToken, refreshToken), customParameters).toHTTPResponse(), servletResponse);
request = resolveAuthorizationRequest(servletRequest); } catch (ParseException e) { ServletUtils.applyHTTPResponse( new TokenErrorResponse(OAuth2Error.INVALID_REQUEST).toHTTPResponse(), resp); return; ServletUtils.applyHTTPResponse(new AuthorizationErrorResponse(request.getEndpointURI(), OAuth2Error.INVALID_REQUEST, request.getState(), request.getResponseMode()).toHTTPResponse(), resp); return; ServletUtils.applyHTTPResponse( new AuthorizationErrorResponse(redirectionURI, OAuth2Error.UNAUTHORIZED_CLIENT, request.getState(), request.getResponseMode()).toHTTPResponse(), resp); return; ServletUtils.applyHTTPResponse( new AuthorizationErrorResponse(redirectionURI, OAuth2Error.INVALID_CLIENT, request.getState(), request.getResponseMode()).toHTTPResponse(), resp); ServletUtils.applyHTTPResponse( new AuthorizationErrorResponse(redirectionURI, OAuth2Error.UNSUPPORTED_RESPONSE_TYPE, request.getState(), request.getResponseMode()).toHTTPResponse(), resp); HTTPResponse httpResponse = new HTTPResponse(303); httpResponse.setLocation(request.toURI()); ServletUtils.applyHTTPResponse(httpResponse, resp); return; ServletUtils.applyHTTPResponse(response, resp);
private void doRefreshTokenGrantFlow(TokenRequest request, HttpServletRequest servletRequest, HttpServletResponse servletResponse) throws IOException { RefreshTokenGrant refreshTokenGrant = (RefreshTokenGrant) request.getAuthorizationGrant(); RefreshTokenAndMetadata refreshTokeMetadata = tokenStore.findRefreshToken(refreshTokenGrant.getRefreshToken()); if (refreshTokeMetadata == null || !refreshTokeMetadata.getClientId().equals(request.getClientAuthentication().getClientID())) { ServletUtils.applyHTTPResponse( new TokenErrorResponse(OAuth2Error.INVALID_GRANT).toHTTPResponse(), servletResponse); return; } RefreshToken refreshToken = new RefreshToken(); tokenStore.addRefreshToken(refreshToken, refreshTokeMetadata.getUserInfo(), refreshTokeMetadata.getClientId(), refreshTokeMetadata.getLoginSession(), refreshTokenLifetime); BearerAccessToken accessToken = new BearerAccessToken(tokenLifetime, request.getScope()); tokenStore.addAccessToken(accessToken, refreshTokeMetadata.getUserInfo(), refreshTokeMetadata.getClientId(), refreshToken); tokenStore.remove(refreshTokeMetadata.getRefreshToken().getValue(), refreshTokeMetadata.getClientId()); ServletUtils.applyHTTPResponse( new AccessTokenResponse(new Tokens(accessToken, refreshToken)).toHTTPResponse(), servletResponse); }