protected StringBuilder prepareRedirectResponse(OAuthRedirectionState state, Client client, List<String> requestedScope, List<String> approvedScope, UserSubject userSubject, ServerAccessToken preAuthorizedToken) { ClientAccessToken clientToken = getClientAccessToken(state, client, requestedScope, approvedScope, userSubject, preAuthorizedToken); // return the token by appending it as a fragment parameter to the redirect URI StringBuilder sb = getUriWithFragment(state.getRedirectUri()); sb.append(OAuthConstants.ACCESS_TOKEN).append("=").append(clientToken.getTokenKey()); sb.append("&"); sb.append(OAuthConstants.ACCESS_TOKEN_TYPE).append("=").append(clientToken.getTokenType()); if (isWriteOptionalParameters()) { sb.append("&").append(OAuthConstants.ACCESS_TOKEN_EXPIRES_IN) .append("=").append(clientToken.getExpiresIn()); if (!StringUtils.isEmpty(clientToken.getApprovedScope())) { sb.append("&").append(OAuthConstants.SCOPE).append("=") .append(HttpUtils.queryEncode(clientToken.getApprovedScope())); } for (Map.Entry<String, String> entry : clientToken.getParameters().entrySet()) { sb.append("&").append(entry.getKey()).append("=").append(HttpUtils.queryEncode(entry.getValue())); } } if (clientToken.getRefreshToken() != null) { processRefreshToken(sb, clientToken.getRefreshToken()); } finalizeResponse(sb, state); return sb; }
protected StringBuilder prepareRedirectResponse(OAuthRedirectionState state, Client client, List<String> requestedScope, List<String> approvedScope, UserSubject userSubject, ServerAccessToken preAuthorizedToken) { ClientAccessToken clientToken = getClientAccessToken(state, client, requestedScope, approvedScope, userSubject, preAuthorizedToken); // return the token by appending it as a fragment parameter to the redirect URI StringBuilder sb = getUriWithFragment(state.getRedirectUri()); sb.append(OAuthConstants.ACCESS_TOKEN).append("=").append(clientToken.getTokenKey()); sb.append("&"); sb.append(OAuthConstants.ACCESS_TOKEN_TYPE).append("=").append(clientToken.getTokenType()); if (isWriteOptionalParameters()) { sb.append("&").append(OAuthConstants.ACCESS_TOKEN_EXPIRES_IN) .append("=").append(clientToken.getExpiresIn()); if (!StringUtils.isEmpty(clientToken.getApprovedScope())) { sb.append("&").append(OAuthConstants.SCOPE).append("=") .append(HttpUtils.queryEncode(clientToken.getApprovedScope())); } for (Map.Entry<String, String> entry : clientToken.getParameters().entrySet()) { sb.append("&").append(entry.getKey()).append("=").append(HttpUtils.queryEncode(entry.getValue())); } } if (clientToken.getRefreshToken() != null) { processRefreshToken(sb, clientToken.getRefreshToken()); } finalizeResponse(sb, state); return sb; }
state.append(ModelEncryptionSupport.SEP); state.append(ModelEncryptionSupport.tokenizeString(secData.getRedirectUri())); state.append(ModelEncryptionSupport.SEP);
state.append(ModelEncryptionSupport.SEP); state.append(ModelEncryptionSupport.tokenizeString(secData.getRedirectUri())); state.append(ModelEncryptionSupport.SEP);
@Override protected StringBuilder prepareRedirectResponse(OAuthRedirectionState state, Client client, List<String> requestedScope, List<String> approvedScope, UserSubject userSubject, ServerAccessToken preAuthorizedToken) { if (canAccessTokenBeReturned(state.getResponseType())) { return super.prepareRedirectResponse(state, client, requestedScope, approvedScope, userSubject, preAuthorizedToken); } // id_token response type processing StringBuilder sb = getUriWithFragment(state.getRedirectUri()); String idToken = getProcessedIdToken(state, userSubject, getApprovedScope(requestedScope, approvedScope)); if (idToken != null) { sb.append(OidcUtils.ID_TOKEN).append("=").append(idToken); } finalizeResponse(sb, state); return sb; }
@Override protected StringBuilder prepareRedirectResponse(OAuthRedirectionState state, Client client, List<String> requestedScope, List<String> approvedScope, UserSubject userSubject, ServerAccessToken preAuthorizedToken) { if (canAccessTokenBeReturned(state.getResponseType())) { return super.prepareRedirectResponse(state, client, requestedScope, approvedScope, userSubject, preAuthorizedToken); } // id_token response type processing StringBuilder sb = getUriWithFragment(state.getRedirectUri()); String idToken = getProcessedIdToken(state, userSubject, getApprovedScope(requestedScope, approvedScope)); if (idToken != null) { sb.append(OidcUtils.ID_TOKEN).append("=").append(idToken); } finalizeResponse(sb, state); return sb; }
String redirectUri = validateRedirectUri(client, state.getRedirectUri());
String redirectUri = validateRedirectUri(client, state.getRedirectUri());
preauthorizedToken); } catch (OAuthServiceException ex) { return createErrorResponse(state.getState(), state.getRedirectUri(), OAuthConstants.ACCESS_DENIED); if (state.getRedirectUri() == null) { OOBAuthorizationResponse bean = new OOBAuthorizationResponse(); bean.setClientId(client.getClientId()); bean.setExpiresIn(grant.getExpiresIn()); bean.setState(state.getState()); bean.setRedirectUri(state.getRedirectUri()); return createHtmlResponse(bean); } else { UriBuilder ub = getRedirectUriBuilder(state.getState(), state.getRedirectUri()); ub.queryParam(OAuthConstants.AUTHORIZATION_CODE_VALUE, grantCode); return Response.seeOther(ub.build()).build();
preauthorizedToken); } catch (OAuthServiceException ex) { return createErrorResponse(state.getState(), state.getRedirectUri(), OAuthConstants.ACCESS_DENIED); if (state.getRedirectUri() == null) { OOBAuthorizationResponse bean = new OOBAuthorizationResponse(); bean.setClientId(client.getClientId()); bean.setExpiresIn(grant.getExpiresIn()); bean.setState(state.getState()); bean.setRedirectUri(state.getRedirectUri()); return createHtmlResponse(bean); } else { UriBuilder ub = getRedirectUriBuilder(state.getState(), state.getRedirectUri()); ub.queryParam(OAuthConstants.AUTHORIZATION_CODE_VALUE, grantCode); return Response.seeOther(ub.build()).build();
protected AbstractFormImplicitResponse prepareFormResponse(OAuthRedirectionState state, Client client, List<String> requestedScope, List<String> approvedScope, UserSubject userSubject, ServerAccessToken preAuthorizedToken) { ClientAccessToken clientToken = getClientAccessToken(state, client, requestedScope, approvedScope, userSubject, preAuthorizedToken); FormTokenResponse bean = new FormTokenResponse(); bean.setResponseType(OAuthConstants.TOKEN_RESPONSE_TYPE); bean.setRedirectUri(state.getRedirectUri()); bean.setState(state.getState()); bean.setAccessToken(clientToken.getTokenKey()); bean.setAccessTokenType(clientToken.getTokenType()); bean.setAccessTokenExpiresIn(clientToken.getExpiresIn()); bean.getParameters().putAll(clientToken.getParameters()); return bean; }
protected AbstractFormImplicitResponse prepareFormResponse(OAuthRedirectionState state, Client client, List<String> requestedScope, List<String> approvedScope, UserSubject userSubject, ServerAccessToken preAuthorizedToken) { ClientAccessToken clientToken = getClientAccessToken(state, client, requestedScope, approvedScope, userSubject, preAuthorizedToken); FormTokenResponse bean = new FormTokenResponse(); bean.setResponseType(OAuthConstants.TOKEN_RESPONSE_TYPE); bean.setRedirectUri(state.getRedirectUri()); bean.setState(state.getState()); bean.setAccessToken(clientToken.getTokenKey()); bean.setAccessTokenType(clientToken.getTokenType()); bean.setAccessTokenExpiresIn(clientToken.getExpiresIn()); bean.getParameters().putAll(clientToken.getParameters()); return bean; }
@Override protected AbstractFormImplicitResponse prepareFormResponse(OAuthRedirectionState state, Client client, List<String> requestedScope, List<String> approvedScope, UserSubject userSubject, ServerAccessToken preAuthorizedToken) { ServerAuthorizationCodeGrant codeGrant = prepareHybrideCode( state, client, requestedScope, approvedScope, userSubject, preAuthorizedToken); AbstractFormImplicitResponse implResp = super.prepareFormResponse(state, client, requestedScope, approvedScope, userSubject, preAuthorizedToken); FormHybridResponse response = new FormHybridResponse(); response.setResponseType(state.getResponseType()); response.setRedirectUri(state.getRedirectUri()); response.setState(state.getState()); response.setImplicitResponse(implResp); if (codeGrant != null) { response.setCode(codeGrant.getCode()); } return response; }
@Override protected AbstractFormImplicitResponse prepareFormResponse(OAuthRedirectionState state, Client client, List<String> requestedScope, List<String> approvedScope, UserSubject userSubject, ServerAccessToken preAuthorizedToken) { ServerAuthorizationCodeGrant codeGrant = prepareHybrideCode( state, client, requestedScope, approvedScope, userSubject, preAuthorizedToken); AbstractFormImplicitResponse implResp = super.prepareFormResponse(state, client, requestedScope, approvedScope, userSubject, preAuthorizedToken); FormHybridResponse response = new FormHybridResponse(); response.setResponseType(state.getResponseType()); response.setRedirectUri(state.getRedirectUri()); response.setState(state.getState()); response.setImplicitResponse(implResp); if (codeGrant != null) { response.setCode(codeGrant.getCode()); } return response; }
@Override protected AbstractFormImplicitResponse prepareFormResponse(OAuthRedirectionState state, Client client, List<String> requestedScope, List<String> approvedScope, UserSubject userSubject, ServerAccessToken preAuthorizedToken) { if (canAccessTokenBeReturned(state.getResponseType())) { return super.prepareFormResponse(state, client, requestedScope, approvedScope, userSubject, preAuthorizedToken); } // id_token response type processing String idToken = getProcessedIdToken(state, userSubject, getApprovedScope(requestedScope, approvedScope)); FormIdTokenResponse response = new FormIdTokenResponse(); response.setIdToken(idToken); response.setResponseType(state.getResponseType()); response.setRedirectUri(state.getRedirectUri()); response.setState(state.getState()); return response; }
protected AuthorizationCodeRegistration createCodeRegistration(OAuthRedirectionState state, Client client, List<String> requestedScope, List<String> approvedScope, UserSubject userSubject, ServerAccessToken preauthorizedToken) { AuthorizationCodeRegistration codeReg = new AuthorizationCodeRegistration(); codeReg.setPreauthorizedTokenAvailable(preauthorizedToken != null); codeReg.setClient(client); codeReg.setRedirectUri(state.getRedirectUri()); codeReg.setRequestedScope(requestedScope); codeReg.setResponseType(state.getResponseType()); codeReg.setApprovedScope(getApprovedScope(requestedScope, approvedScope)); codeReg.setSubject(userSubject); codeReg.setAudience(state.getAudience()); codeReg.setNonce(state.getNonce()); codeReg.setClientCodeChallenge(state.getClientCodeChallenge()); codeReg.getExtraProperties().putAll(state.getExtraProperties()); return codeReg; } protected String processCodeGrant(Client client, String code, UserSubject endUser) {
@Override protected AbstractFormImplicitResponse prepareFormResponse(OAuthRedirectionState state, Client client, List<String> requestedScope, List<String> approvedScope, UserSubject userSubject, ServerAccessToken preAuthorizedToken) { if (canAccessTokenBeReturned(state.getResponseType())) { return super.prepareFormResponse(state, client, requestedScope, approvedScope, userSubject, preAuthorizedToken); } // id_token response type processing String idToken = getProcessedIdToken(state, userSubject, getApprovedScope(requestedScope, approvedScope)); FormIdTokenResponse response = new FormIdTokenResponse(); response.setIdToken(idToken); response.setResponseType(state.getResponseType()); response.setRedirectUri(state.getRedirectUri()); response.setState(state.getState()); return response; }
protected AuthorizationCodeRegistration createCodeRegistration(OAuthRedirectionState state, Client client, List<String> requestedScope, List<String> approvedScope, UserSubject userSubject, ServerAccessToken preauthorizedToken) { AuthorizationCodeRegistration codeReg = new AuthorizationCodeRegistration(); codeReg.setPreauthorizedTokenAvailable(preauthorizedToken != null); codeReg.setClient(client); codeReg.setRedirectUri(state.getRedirectUri()); codeReg.setRequestedScope(requestedScope); codeReg.setResponseType(state.getResponseType()); codeReg.setApprovedScope(getApprovedScope(requestedScope, approvedScope)); codeReg.setSubject(userSubject); codeReg.setAudience(state.getAudience()); codeReg.setNonce(state.getNonce()); codeReg.setClientCodeChallenge(state.getClientCodeChallenge()); codeReg.getExtraProperties().putAll(state.getExtraProperties()); return codeReg; } protected String processCodeGrant(Client client, String code, UserSubject endUser) {