protected void removeAccessToken(ServerAccessToken at) { dataProvider.revokeToken(at.getClient(), at.getTokenKey(), OAuthConstants.ACCESS_TOKEN); }
public AccessTokenValidation(ServerAccessToken token) { this.clientId = token.getClient().getClientId(); this.clientSubject = token.getClient().getSubject(); this.isClientConfidential = token.getClient().isConfidential(); this.clientIpAddress = token.getClient().getClientIpAddress(); this.tokenKey = token.getTokenKey(); this.tokenType = token.getTokenType(); this.tokenGrantType = token.getGrantType(); this.tokenIssuedAt = token.getIssuedAt(); this.tokenLifetime = token.getExpiresIn(); this.tokenNotBefore = token.getNotBefore(); this.tokenIssuer = token.getIssuer(); this.tokenSubject = token.getSubject(); this.tokenScopes = token.getScopes(); this.audiences = token.getAudiences(); this.clientCodeVerifier = token.getClientCodeVerifier(); this.extraProps.putAll(token.getExtraProperties()); }
public AccessTokenValidation(ServerAccessToken token) { this.clientId = token.getClient().getClientId(); this.clientSubject = token.getClient().getSubject(); this.isClientConfidential = token.getClient().isConfidential(); this.clientIpAddress = token.getClient().getClientIpAddress(); this.tokenKey = token.getTokenKey(); this.tokenType = token.getTokenType(); this.tokenGrantType = token.getGrantType(); this.tokenIssuedAt = token.getIssuedAt(); this.tokenLifetime = token.getExpiresIn(); this.tokenNotBefore = token.getNotBefore(); this.tokenIssuer = token.getIssuer(); this.tokenSubject = token.getSubject(); this.tokenScopes = token.getScopes(); this.audiences = token.getAudiences(); this.clientCodeVerifier = token.getClientCodeVerifier(); this.extraProps.putAll(token.getExtraProperties()); }
protected void removeAccessToken(ServerAccessToken at) { dataProvider.revokeToken(at.getClient(), at.getTokenKey(), OAuthConstants.ACCESS_TOKEN); }
state.append(tokenizeString(token.getClient().getClientId()));
protected static boolean isTokenMatched(ServerAccessToken token, Client c, UserSubject sub) { if (token != null && (c == null || token.getClient().getClientId().equals(c.getClientId()))) { UserSubject tokenSub = token.getSubject(); if (sub == null || tokenSub != null && tokenSub.getLogin().equals(sub.getLogin())) { return true; } } return false; } public void setClients(List<Client> clients) {
protected RefreshToken doCreateNewRefreshToken(ServerAccessToken at) { RefreshToken rt = new RefreshToken(at.getClient(), refreshTokenLifetime); if (at.getAudiences() != null) { List<String> audiences = new LinkedList<>(); audiences.addAll(at.getAudiences()); rt.setAudiences(audiences); } rt.setGrantType(at.getGrantType()); if (at.getScopes() != null) { List<OAuthPermission> scopes = new LinkedList<>(); scopes.addAll(at.getScopes()); rt.setScopes(scopes); } rt.setGrantCode(at.getGrantCode()); rt.setNonce(at.getNonce()); rt.setSubject(at.getSubject()); rt.setClientCodeVerifier(at.getClientCodeVerifier()); return rt; }
protected static boolean isTokenMatched(ServerAccessToken token, Client c, UserSubject sub) { if (token != null && (c == null || token.getClient().getClientId().equals(c.getClientId()))) { UserSubject tokenSub = token.getSubject(); if (sub == null || tokenSub != null && tokenSub.getLogin().equals(sub.getLogin())) { return true; } } return false; } public void setClients(List<Client> clients) {
protected RefreshToken doCreateNewRefreshToken(ServerAccessToken at) { RefreshToken rt = new RefreshToken(at.getClient(), refreshTokenLifetime); if (at.getAudiences() != null) { List<String> audiences = new LinkedList<>(); audiences.addAll(at.getAudiences()); rt.setAudiences(audiences); } rt.setGrantType(at.getGrantType()); if (at.getScopes() != null) { List<OAuthPermission> scopes = new LinkedList<>(); scopes.addAll(at.getScopes()); rt.setScopes(scopes); } rt.setGrantCode(at.getGrantCode()); rt.setNonce(at.getNonce()); rt.setSubject(at.getSubject()); rt.setClientCodeVerifier(at.getClientCodeVerifier()); return rt; }
protected ServerAccessToken(ServerAccessToken token, String key) { super(token.getTokenType(), key, token.getExpiresIn(), token.getIssuedAt(), token.getRefreshToken(), token.getParameters()); this.client = token.getClient(); this.grantType = token.getGrantType(); this.scopes = token.getScopes(); this.audiences = token.getAudiences(); this.subject = token.getSubject(); this.responseType = token.getResponseType(); this.clientCodeVerifier = token.getClientCodeVerifier(); this.nonce = token.getNonce(); this.grantCode = token.getGrantCode(); }
protected ServerAccessToken(ServerAccessToken token, String key) { super(token.getTokenType(), key, token.getExpiresIn(), token.getIssuedAt(), token.getRefreshToken(), token.getParameters()); this.client = token.getClient(); this.grantType = token.getGrantType(); this.scopes = token.getScopes(); this.audiences = token.getAudiences(); this.subject = token.getSubject(); this.responseType = token.getResponseType(); this.clientCodeVerifier = token.getClientCodeVerifier(); this.nonce = token.getNonce(); this.grantCode = token.getGrantCode(); }
private String getProcessedIdToken(ServerAccessToken st) { if (idTokenProvider != null) { IdToken idToken = idTokenProvider.getIdToken(st.getClient().getClientId(), st.getSubject(), OAuthUtils.convertPermissionsToScopeList(st.getScopes())); setAtHashAndNonce(idToken, st); return processJwt(new JwtToken(idToken), st.getClient()); } else if (st.getSubject().getProperties().containsKey(OidcUtils.ID_TOKEN)) { return st.getSubject().getProperties().get(OidcUtils.ID_TOKEN); } else if (st.getSubject() instanceof OidcUserSubject) { OidcUserSubject sub = (OidcUserSubject)st.getSubject(); if (sub.getIdToken() != null) { IdToken idToken = new IdToken(sub.getIdToken()); idToken.setAudience(st.getClient().getClientId()); idToken.setAuthorizedParty(st.getClient().getClientId()); // if this token was refreshed then the cloned IDToken might need to have its // issuedAt and expiry time properties adjusted if it proves to be necessary setAtHashAndNonce(idToken, st); return processJwt(new JwtToken(idToken), st.getClient()); } } return null; } private void setAtHashAndNonce(IdToken idToken, ServerAccessToken st) {
JwtTokenUtils.getClaimName(OAuthConstants.CLIENT_ID, OAuthConstants.CLIENT_ID, getJwtAccessTokenClaimMap()); claims.setClaim(clientIdClaimName, at.getClient().getClientId()); claims.setIssuedAt(at.getIssuedAt()); if (at.getExpiresIn() > 0) {
private String getProcessedIdToken(ServerAccessToken st) { if (idTokenProvider != null) { IdToken idToken = idTokenProvider.getIdToken(st.getClient().getClientId(), st.getSubject(), OAuthUtils.convertPermissionsToScopeList(st.getScopes())); setAtHashAndNonce(idToken, st); return processJwt(new JwtToken(idToken), st.getClient()); } else if (st.getSubject().getProperties().containsKey(OidcUtils.ID_TOKEN)) { return st.getSubject().getProperties().get(OidcUtils.ID_TOKEN); } else if (st.getSubject() instanceof OidcUserSubject) { OidcUserSubject sub = (OidcUserSubject)st.getSubject(); if (sub.getIdToken() != null) { IdToken idToken = new IdToken(sub.getIdToken()); idToken.setAudience(st.getClient().getClientId()); idToken.setAuthorizedParty(st.getClient().getClientId()); // if this token was refreshed then the cloned IDToken might need to have its // issuedAt and expiry time properties adjusted if it proves to be necessary setAtHashAndNonce(idToken, st); return processJwt(new JwtToken(idToken), st.getClient()); } } return null; } private void setAtHashAndNonce(IdToken idToken, ServerAccessToken st) {
@Override public ServerAccessToken getPreauthorizedToken(Client client, List<String> requestedScopes, UserSubject sub, String grantType) throws OAuthServiceException { if (!isSupportPreauthorizedTokens()) { return null; } ServerAccessToken token = null; for (ServerAccessToken at : getAccessTokens(client, sub)) { if (at.getClient().getClientId().equals(client.getClientId()) && at.getGrantType().equals(grantType) && (sub == null && at.getSubject() == null || sub != null && at.getSubject().getLogin().equals(sub.getLogin()))) { token = at; break; } } if (token != null && OAuthUtils.isExpired(token.getIssuedAt(), token.getExpiresIn())) { revokeToken(client, token.getTokenKey(), OAuthConstants.ACCESS_TOKEN); token = null; } return token; }
@Override public ServerAccessToken getPreauthorizedToken(Client client, List<String> requestedScopes, UserSubject sub, String grantType) throws OAuthServiceException { if (!isSupportPreauthorizedTokens()) { return null; } ServerAccessToken token = null; for (ServerAccessToken at : getAccessTokens(client, sub)) { if (at.getClient().getClientId().equals(client.getClientId()) && at.getGrantType().equals(grantType) && (sub == null && at.getSubject() == null || sub != null && at.getSubject().getLogin().equals(sub.getLogin()))) { token = at; break; } } if (token != null && OAuthUtils.isExpired(token.getIssuedAt(), token.getExpiresIn())) { revokeToken(client, token.getTokenKey(), OAuthConstants.ACCESS_TOKEN); token = null; } return token; }
response.setClientId(at.getClient().getClientId()); if (!at.getScopes().isEmpty()) { response.setScope(OAuthUtils.convertPermissionsToScope(at.getScopes()));
response.setClientId(at.getClient().getClientId()); if (!at.getScopes().isEmpty()) { response.setScope(OAuthUtils.convertPermissionsToScope(at.getScopes()));