github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

tie refresh token generation to "offline" scope tag

pull/263/head
Justin Richer 2012-11-26 13:16:19 -05:00
parent 50040a8ef4
commit 84401531ae
1 changed files with 3 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java
View File

@ -91,7 +91,6 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
token.setScope(scopes);
// make it expire if necessary
// TODO: pending upstream updates, check for 0 or -1 value here
if (client.getAccessTokenValiditySeconds() != null && client.getAccessTokenValiditySeconds() > 0) {
Date expiration = new Date(System.currentTimeMillis() + (client.getAccessTokenValiditySeconds() * 1000L));
token.setExpiration(expiration);
@ -104,9 +103,9 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
token.setAuthenticationHolder(authHolder);
// TODO: tie this to the offline_access scope
// attach a refresh token, if this client is allowed to request them
if (client.isAllowRefresh()) {
// attach a refresh token, if this client is allowed to request them and the user gets the offline scope
// TODO: tie this to some kind of scope service
if (client.isAllowRefresh() && scopes.contains("offline")) {
OAuth2RefreshTokenEntity refreshToken = new OAuth2RefreshTokenEntity(); //refreshTokenFactory.createNewRefreshToken();
// make it expire if necessary