diff --git a/server/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java b/server/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java index 3c1a410fa..cf823be5d 100644 --- a/server/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java +++ b/server/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java @@ -470,4 +470,14 @@ public class ClientDetailsEntity implements ClientDetails { } + /** + * TODO: Implement + * See github issue #3 + */ + @Override + public int getAccessTokenValiditySeconds() { + // TODO Auto-generated method stub + return 0; + } + } diff --git a/server/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java b/server/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java index 11aebde73..a3fd939cd 100644 --- a/server/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java +++ b/server/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java @@ -4,6 +4,7 @@ package org.mitre.oauth2.model; import java.util.Date; +import java.util.Map; import java.util.Set; import javax.persistence.Basic; @@ -18,11 +19,12 @@ import javax.persistence.Lob; import javax.persistence.ManyToOne; import javax.persistence.NamedQueries; import javax.persistence.NamedQuery; -import javax.persistence.OneToMany; import javax.persistence.Table; import javax.persistence.Temporal; import javax.persistence.Transient; +import org.mitre.jwt.model.Jwt; +import org.mitre.openid.connect.model.IdToken; import org.springframework.security.oauth2.common.OAuth2AccessToken; import org.springframework.security.oauth2.common.OAuth2RefreshToken; import org.springframework.security.oauth2.provider.OAuth2Authentication; @@ -40,10 +42,17 @@ import org.springframework.security.oauth2.provider.OAuth2Authentication; }) public class OAuth2AccessTokenEntity extends OAuth2AccessToken { + public static String ID_TOKEN = "id_token"; + private ClientDetailsEntity client; private OAuth2Authentication authentication; // the authentication that made this access + private String idTokenString; + + //JWT-encoded representation of this access token entity + private Jwt jwt; + /** * */ @@ -51,6 +60,18 @@ public class OAuth2AccessTokenEntity extends OAuth2AccessToken { super(null); } + /** + * Override this method to insert the ID Token + */ + @Override + @Transient + public Map getAdditionalInformation() { + Map map = super.getAdditionalInformation(); + map.put(ID_TOKEN, idTokenString); + return map; + } + + /** * @return the authentication @@ -94,17 +115,21 @@ public class OAuth2AccessTokenEntity extends OAuth2AccessToken { @Id @Column(name="id") public String getValue() { - // TODO Auto-generated method stub - return super.getValue(); + return jwt.toString(); } - /* (non-Javadoc) - * @see org.springframework.security.oauth2.common.OAuth2AccessToken#setValue(java.lang.String) + /** + * Set the "value" of this Access Token + * + * @param value */ - @Override public void setValue(String value) { - // TODO Auto-generated method stub - super.setValue(value); + try { + Jwt valueJwt = Jwt.parse(value); + setJwt(valueJwt); + } catch (IllegalArgumentException e) { + //TODO: What to do in this case? + } } /* (non-Javadoc) @@ -207,4 +232,52 @@ public class OAuth2AccessTokenEntity extends OAuth2AccessToken { } + /** + * This is transient b/c the IdToken is not serializable. Instead, + * the toString of the IdToken is persisted in idTokenString + * @return the idToken + */ + @Transient + public IdToken getIdToken() { + return IdToken.parse(idTokenString); + } + + + /** + * @param idToken the idToken to set + */ + public void setIdToken(IdToken idToken) { + this.idTokenString = idToken.toString(); + } + + /** + * @return the idTokenString + */ + @Basic + public String getIdTokenString() { + return idTokenString; + } + + /** + * @param idTokenString the idTokenString to set + */ + public void setIdTokenString(String idTokenString) { + this.idTokenString = idTokenString; + } + + /** + * @return the jwt + */ + @Transient + public Jwt getJwt() { + return jwt; + } + + + /** + * @param jwt the jwt to set + */ + public void setJwt(Jwt jwt) { + this.jwt = jwt; + } } diff --git a/server/src/main/java/org/mitre/oauth2/model/OAuth2RefreshTokenEntity.java b/server/src/main/java/org/mitre/oauth2/model/OAuth2RefreshTokenEntity.java index 72d73f48f..02c46e5bd 100644 --- a/server/src/main/java/org/mitre/oauth2/model/OAuth2RefreshTokenEntity.java +++ b/server/src/main/java/org/mitre/oauth2/model/OAuth2RefreshTokenEntity.java @@ -21,6 +21,7 @@ import javax.persistence.Table; import javax.persistence.Temporal; import javax.persistence.Transient; +import org.mitre.jwt.model.Jwt; import org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken; /** @@ -37,6 +38,9 @@ public class OAuth2RefreshTokenEntity extends ExpiringOAuth2RefreshToken { private ClientDetailsEntity client; + //JWT-encoded representation of this access token entity + private Jwt jwt; + private Set scope; // we save the scope issued to the refresh token so that we can reissue a new access token /** @@ -44,6 +48,7 @@ public class OAuth2RefreshTokenEntity extends ExpiringOAuth2RefreshToken { */ public OAuth2RefreshTokenEntity() { // TODO Auto-generated constructor stub + super(null, null); } /* (non-Javadoc) @@ -54,16 +59,15 @@ public class OAuth2RefreshTokenEntity extends ExpiringOAuth2RefreshToken { @Column(name="id") public String getValue() { // TODO Auto-generated method stub - return super.getValue(); + return jwt.toString(); } /* (non-Javadoc) * @see org.springframework.security.oauth2.common.OAuth2RefreshToken#setValue(java.lang.String) */ - @Override public void setValue(String value) { // TODO Auto-generated method stub - super.setValue(value); + setJwt(Jwt.parse(value)); } /* (non-Javadoc) @@ -80,10 +84,10 @@ public class OAuth2RefreshTokenEntity extends ExpiringOAuth2RefreshToken { /* (non-Javadoc) * @see org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken#setExpiration(java.util.Date) */ - @Override + public void setExpiration(Date expiration) { // TODO Auto-generated method stub - super.setExpiration(expiration); + //super.setExpiration(expiration); } /** @@ -131,6 +135,19 @@ public class OAuth2RefreshTokenEntity extends ExpiringOAuth2RefreshToken { this.scope = scope; } - + /** + * @return the jwt + */ + @Transient + public Jwt getJwt() { + return jwt; + } + + /** + * @param jwt the jwt to set + */ + public void setJwt(Jwt jwt) { + this.jwt = jwt; + } } diff --git a/server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java b/server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java index 3b71b7318..dac2527a6 100644 --- a/server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java +++ b/server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java @@ -25,7 +25,6 @@ import org.springframework.security.oauth2.common.exceptions.InvalidClientExcept import org.springframework.security.oauth2.common.exceptions.InvalidTokenException; import org.springframework.security.oauth2.provider.AuthorizationRequest; import org.springframework.security.oauth2.provider.OAuth2Authentication; -import org.springframework.security.oauth2.provider.client.ClientAuthenticationToken; import org.springframework.stereotype.Service; import com.google.common.collect.Sets; @@ -216,6 +215,18 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi } } + /** + * TODO: Implement + * See github issue #2 + */ + @Override + public OAuth2AccessTokenEntity getAccessToken(OAuth2Authentication authentication) { + + OAuth2AccessTokenEntity accessToken = new OAuth2AccessTokenEntity(); + + return accessToken; + } + @Override public OAuth2RefreshTokenEntity getRefreshToken(String refreshTokenValue) throws AuthenticationException { OAuth2RefreshTokenEntity refreshToken = tokenRepository.getRefreshTokenByValue(refreshTokenValue); diff --git a/server/src/main/java/org/mitre/openid/connect/token/ConnectAuthCodeTokenGranter.java b/server/src/main/java/org/mitre/openid/connect/token/ConnectAuthCodeTokenGranter.java index c3a02f081..37c0712d1 100644 --- a/server/src/main/java/org/mitre/openid/connect/token/ConnectAuthCodeTokenGranter.java +++ b/server/src/main/java/org/mitre/openid/connect/token/ConnectAuthCodeTokenGranter.java @@ -109,8 +109,8 @@ public class ConnectAuthCodeTokenGranter implements TokenGranter { } AuthorizationRequest unconfirmedAuthorizationRequest = storedAuth.getAuthenticationRequest(); - if (unconfirmedAuthorizationRequest.getRequestedRedirect() != null - && !unconfirmedAuthorizationRequest.getRequestedRedirect().equals(redirectUri)) { + if (unconfirmedAuthorizationRequest.getRedirectUri() != null + && !unconfirmedAuthorizationRequest.getRedirectUri().equals(redirectUri)) { throw new RedirectMismatchException("Redirect URI mismatch."); } @@ -147,8 +147,7 @@ public class ConnectAuthCodeTokenGranter implements TokenGranter { //See github issue #1 IdToken idToken = idTokenService.generateIdToken(userId, "http://id.mitre.org/openidconnect"); - - //TODO: insert IdToken into OAuth2AccessTokenEntity + token.setIdToken(idToken); } return token; diff --git a/server/src/main/webapp/db/tables/accesstoken.sql b/server/src/main/webapp/db/tables/accesstoken.sql index f4df2c8b8..b4721fc87 100644 --- a/server/src/main/webapp/db/tables/accesstoken.sql +++ b/server/src/main/webapp/db/tables/accesstoken.sql @@ -4,5 +4,6 @@ CREATE TABLE accesstoken ( tokenType VARCHAR(256), refresh_token_id VARCHAR(256), client_id VARCHAR(256), - authentication LONGBLOB + authentication LONGBLOB, + idTokenString VARCHAR(256) ); \ No newline at end of file diff --git a/spring-security-oauth b/spring-security-oauth index 92f3ec73e..2e7150fc0 160000 --- a/spring-security-oauth +++ b/spring-security-oauth @@ -1 +1 @@ -Subproject commit 92f3ec73e303878f264610ca9d9ff9386b1f6264 +Subproject commit 2e7150fc0fd1307bc4adb33112bd9487e5b9715f