Made ID tokens ephemeral, made access token’s “additional information” extensible
Justin Richer
parent
91ed758ed1
commit
91da3935f5
|
|
@ -69,7 +69,6 @@ import com.nimbusds.jwt.JWT;
|
|||
@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_EXPIRED_BY_DATE, query = "select a from OAuth2AccessTokenEntity a where a.expiration <= :" + OAuth2AccessTokenEntity.PARAM_DATE),
|
||||
@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_REFRESH_TOKEN, query = "select a from OAuth2AccessTokenEntity a where a.refreshToken = :" + OAuth2AccessTokenEntity.PARAM_REFERSH_TOKEN),
|
||||
@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_CLIENT, query = "select a from OAuth2AccessTokenEntity a where a.client = :" + OAuth2AccessTokenEntity.PARAM_CLIENT),
|
||||
@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_ID_TOKEN, query = "select a from OAuth2AccessTokenEntity a where a.idToken = :" + OAuth2AccessTokenEntity.PARAM_ID_TOKEN),
|
||||
@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_TOKEN_VALUE, query = "select a from OAuth2AccessTokenEntity a where a.jwt = :" + OAuth2AccessTokenEntity.PARAM_TOKEN_VALUE),
|
||||
@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_APPROVED_SITE, query = "select a from OAuth2AccessTokenEntity a where a.approvedSite = :" + OAuth2AccessTokenEntity.PARAM_APPROVED_SITE),
|
||||
@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_RESOURCE_SET, query = "select a from OAuth2AccessTokenEntity a join a.permissions p where p.resourceSet.id = :" + OAuth2AccessTokenEntity.PARAM_RESOURCE_SET_ID)
|
||||
|
|
@ -82,7 +81,6 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
|
|||
|
||||
public static final String QUERY_BY_APPROVED_SITE = "OAuth2AccessTokenEntity.getByApprovedSite";
|
||||
public static final String QUERY_BY_TOKEN_VALUE = "OAuth2AccessTokenEntity.getByTokenValue";
|
||||
public static final String QUERY_BY_ID_TOKEN = "OAuth2AccessTokenEntity.getByIdToken";
|
||||
public static final String QUERY_BY_CLIENT = "OAuth2AccessTokenEntity.getByClient";
|
||||
public static final String QUERY_BY_REFRESH_TOKEN = "OAuth2AccessTokenEntity.getByRefreshToken";
|
||||
public static final String QUERY_EXPIRED_BY_DATE = "OAuth2AccessTokenEntity.getAllExpiredByDate";
|
||||
|
|
@ -90,7 +88,6 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
|
|||
public static final String QUERY_BY_RESOURCE_SET = "OAuth2AccessTokenEntity.getByResourceSet";
|
||||
|
||||
public static final String PARAM_TOKEN_VALUE = "tokenValue";
|
||||
public static final String PARAM_ID_TOKEN = "idToken";
|
||||
public static final String PARAM_CLIENT = "client";
|
||||
public static final String PARAM_REFERSH_TOKEN = "refreshToken";
|
||||
public static final String PARAM_DATE = "date";
|
||||
|
|
@ -107,8 +104,6 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
|
|||
|
||||
private JWT jwtValue; // JWT-encoded access token value
|
||||
|
||||
private OAuth2AccessTokenEntity idToken; // JWT-encoded OpenID Connect IdToken
|
||||
|
||||
private Date expiration;
|
||||
|
||||
private String tokenType = OAuth2AccessToken.BEARER_TYPE;
|
||||
|
|
@ -120,6 +115,8 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
|
|||
private Set<Permission> permissions;
|
||||
|
||||
private ApprovedSite approvedSite;
|
||||
|
||||
private Map<String, Object> additionalInformation = new HashMap<>(); // ephemeral map of items to be added to the OAuth token response
|
||||
|
||||
/**
|
||||
* Create a new, blank access token
|
||||
|
|
@ -146,16 +143,13 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
|
|||
}
|
||||
|
||||
/**
|
||||
* Get all additional information to be sent to the serializer. Inserts a copy of the IdToken (in JWT String form).
|
||||
* Get all additional information to be sent to the serializer as part of the token response.
|
||||
* This map is not persisted to the database.
|
||||
*/
|
||||
@Override
|
||||
@Transient
|
||||
public Map<String, Object> getAdditionalInformation() {
|
||||
Map<String, Object> map = new HashMap<>(); //super.getAdditionalInformation();
|
||||
if (getIdToken() != null) {
|
||||
map.put(ID_TOKEN_FIELD_NAME, getIdTokenString());
|
||||
}
|
||||
return map;
|
||||
return additionalInformation;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -262,34 +256,6 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
|
|||
return getExpiration() == null ? false : System.currentTimeMillis() > getExpiration().getTime();
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the idToken
|
||||
*/
|
||||
@OneToOne(cascade=CascadeType.ALL, orphanRemoval=true) // one-to-one mapping for now
|
||||
@JoinColumn(name = "id_token_id")
|
||||
public OAuth2AccessTokenEntity getIdToken() {
|
||||
return idToken;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param idToken the idToken to set
|
||||
*/
|
||||
public void setIdToken(OAuth2AccessTokenEntity idToken) {
|
||||
this.idToken = idToken;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the idTokenString
|
||||
*/
|
||||
@Transient
|
||||
public String getIdTokenString() {
|
||||
if (idToken != null) {
|
||||
return idToken.getValue(); // get the JWT string value of the id token entity
|
||||
} else {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the jwtValue
|
||||
*/
|
||||
|
|
@ -352,4 +318,15 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
|
|||
public void setApprovedSite(ApprovedSite approvedSite) {
|
||||
this.approvedSite = approvedSite;
|
||||
}
|
||||
|
||||
/**
|
||||
* Add the ID Token to the additionalInformation map for a token response.
|
||||
* @param idToken
|
||||
*/
|
||||
@Transient
|
||||
public void setIdToken(JWT idToken) {
|
||||
if (idToken != null) {
|
||||
additionalInformation.put(ID_TOKEN_FIELD_NAME, idToken.serialize());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -51,8 +51,6 @@ public interface OAuth2TokenRepository {
|
|||
|
||||
public List<OAuth2RefreshTokenEntity> getRefreshTokensForClient(ClientDetailsEntity client);
|
||||
|
||||
public OAuth2AccessTokenEntity getAccessTokenForIdToken(OAuth2AccessTokenEntity idToken);
|
||||
|
||||
public Set<OAuth2AccessTokenEntity> getAllAccessTokens();
|
||||
|
||||
public Set<OAuth2RefreshTokenEntity> getAllRefreshTokens();
|
||||
|
|
|
|||
|
|
@ -50,12 +50,6 @@ public interface OAuth2TokenEntityService extends AuthorizationServerTokenServic
|
|||
@Override
|
||||
public OAuth2AccessTokenEntity getAccessToken(OAuth2Authentication authentication);
|
||||
|
||||
/**
|
||||
* @param incomingToken
|
||||
* @return
|
||||
*/
|
||||
public OAuth2AccessTokenEntity getAccessTokenForIdToken(OAuth2AccessTokenEntity idToken);
|
||||
|
||||
public OAuth2AccessTokenEntity getAccessTokenById(Long id);
|
||||
|
||||
public OAuth2RefreshTokenEntity getRefreshTokenById(Long id);
|
||||
|
|
|
|||
|
|
@ -33,7 +33,6 @@ public interface SystemScopeService {
|
|||
|
||||
public static final String OFFLINE_ACCESS = "offline_access";
|
||||
public static final String OPENID_SCOPE = "openid";
|
||||
public static final String ID_TOKEN_SCOPE = "id-token"; // ID tokens are generated using this scope
|
||||
public static final String REGISTRATION_TOKEN_SCOPE = "registration-token"; // this scope manages dynamic client registrations
|
||||
public static final String RESOURCE_TOKEN_SCOPE = "resource-token"; // this scope manages client-style protected resources
|
||||
public static final String UMA_PROTECTION_SCOPE = "uma_protection";
|
||||
|
|
@ -41,7 +40,6 @@ public interface SystemScopeService {
|
|||
|
||||
public static final Set<SystemScope> reservedScopes =
|
||||
Sets.newHashSet(
|
||||
new SystemScope(ID_TOKEN_SCOPE),
|
||||
new SystemScope(REGISTRATION_TOKEN_SCOPE),
|
||||
new SystemScope(RESOURCE_TOKEN_SCOPE)
|
||||
);
|
||||
|
|
|
|||
|
|
@ -22,6 +22,8 @@ import org.mitre.oauth2.model.ClientDetailsEntity;
|
|||
import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
|
||||
import org.springframework.security.oauth2.provider.OAuth2Request;
|
||||
|
||||
import com.nimbusds.jwt.JWT;
|
||||
|
||||
/**
|
||||
* Service to create specialty OpenID Connect tokens.
|
||||
*
|
||||
|
|
@ -41,7 +43,7 @@ public interface OIDCTokenService {
|
|||
* @param accessToken
|
||||
* @return
|
||||
*/
|
||||
public OAuth2AccessTokenEntity createIdToken(
|
||||
public JWT createIdToken(
|
||||
ClientDetailsEntity client, OAuth2Request request, Date issueTime,
|
||||
String sub, OAuth2AccessTokenEntity accessToken);
|
||||
|
||||
|
|
|
|||
|
|
@ -10,7 +10,6 @@ CREATE TABLE IF NOT EXISTS access_token (
|
|||
refresh_token_id BIGINT,
|
||||
client_id BIGINT,
|
||||
auth_holder_id BIGINT,
|
||||
id_token_id BIGINT,
|
||||
approved_site_id BIGINT
|
||||
);
|
||||
|
||||
|
|
|
|||
|
|
@ -97,13 +97,7 @@ public class JpaOAuth2TokenRepository implements OAuth2TokenRepository {
|
|||
public void removeAccessToken(OAuth2AccessTokenEntity accessToken) {
|
||||
OAuth2AccessTokenEntity found = getAccessTokenByValue(accessToken.getValue());
|
||||
if (found != null) {
|
||||
OAuth2AccessTokenEntity accessTokenForIdToken = getAccessTokenForIdToken(found);
|
||||
if (accessTokenForIdToken != null) {
|
||||
accessTokenForIdToken.setIdToken(null);
|
||||
JpaUtil.saveOrUpdate(accessTokenForIdToken.getId(), manager, accessTokenForIdToken);
|
||||
} else {
|
||||
manager.remove(found);
|
||||
}
|
||||
manager.remove(found);
|
||||
} else {
|
||||
throw new IllegalArgumentException("Access token not found: " + accessToken);
|
||||
}
|
||||
|
|
@ -193,17 +187,6 @@ public class JpaOAuth2TokenRepository implements OAuth2TokenRepository {
|
|||
return refreshTokens;
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.mitre.oauth2.repository.OAuth2TokenRepository#getAccessTokenForIdToken(org.mitre.oauth2.model.OAuth2AccessTokenEntity)
|
||||
*/
|
||||
@Override
|
||||
public OAuth2AccessTokenEntity getAccessTokenForIdToken(OAuth2AccessTokenEntity idToken) {
|
||||
TypedQuery<OAuth2AccessTokenEntity> queryA = manager.createNamedQuery(OAuth2AccessTokenEntity.QUERY_BY_ID_TOKEN, OAuth2AccessTokenEntity.class);
|
||||
queryA.setParameter(OAuth2AccessTokenEntity.PARAM_ID_TOKEN, idToken);
|
||||
List<OAuth2AccessTokenEntity> accessTokens = queryA.getResultList();
|
||||
return JpaUtil.getSingleResult(accessTokens);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Set<OAuth2AccessTokenEntity> getAllExpiredAccessTokens() {
|
||||
TypedQuery<OAuth2AccessTokenEntity> query = manager.createNamedQuery(OAuth2AccessTokenEntity.QUERY_EXPIRED_BY_DATE, OAuth2AccessTokenEntity.class);
|
||||
|
|
|
|||
|
|
@ -263,7 +263,7 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
|
|||
|
||||
OAuth2AccessTokenEntity enhancedToken = (OAuth2AccessTokenEntity) tokenEnhancer.enhance(token, authentication);
|
||||
|
||||
OAuth2AccessTokenEntity savedToken = tokenRepository.saveAccessToken(enhancedToken);
|
||||
OAuth2AccessTokenEntity savedToken = saveAccessToken(enhancedToken);
|
||||
|
||||
if (savedToken.getRefreshToken() != null) {
|
||||
tokenRepository.saveRefreshToken(savedToken.getRefreshToken()); // make sure we save any changes that might have been enhanced
|
||||
|
|
@ -542,7 +542,14 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
|
|||
*/
|
||||
@Override
|
||||
public OAuth2AccessTokenEntity saveAccessToken(OAuth2AccessTokenEntity accessToken) {
|
||||
return tokenRepository.saveAccessToken(accessToken);
|
||||
OAuth2AccessTokenEntity newToken = tokenRepository.saveAccessToken(accessToken);
|
||||
|
||||
// if the old token has any additional information for the return from the token endpoint, carry it through here after save
|
||||
if (accessToken.getAdditionalInformation() != null && !accessToken.getAdditionalInformation().isEmpty()) {
|
||||
newToken.getAdditionalInformation().putAll(accessToken.getAdditionalInformation());
|
||||
}
|
||||
|
||||
return newToken;
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
|
|
@ -567,15 +574,6 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
|
|||
this.tokenEnhancer = tokenEnhancer;
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.mitre.oauth2.service.OAuth2TokenEntityService#getAccessTokenForIdToken(org.mitre.oauth2.model.OAuth2AccessTokenEntity)
|
||||
*/
|
||||
@Override
|
||||
public OAuth2AccessTokenEntity getAccessTokenForIdToken(OAuth2AccessTokenEntity idToken) {
|
||||
return tokenRepository.getAccessTokenForIdToken(idToken);
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public OAuth2AccessTokenEntity getRegistrationAccessTokenForClient(ClientDetailsEntity client) {
|
||||
List<OAuth2AccessTokenEntity> allTokens = getAccessTokensForClient(client);
|
||||
|
|
|
|||
|
|
@ -84,7 +84,6 @@ public class TokenApiView extends AbstractView {
|
|||
|
||||
o.addProperty("value", src.getValue());
|
||||
o.addProperty("id", src.getId());
|
||||
o.addProperty("idTokenId", src.getIdToken() != null ? src.getIdToken().getId() : null);
|
||||
o.addProperty("refreshTokenId", src.getRefreshToken() != null ? src.getRefreshToken().getId() : null);
|
||||
|
||||
o.add("scopes", context.serialize(src.getScope()));
|
||||
|
|
|
|||
|
|
@ -53,6 +53,7 @@ import com.google.common.collect.Maps;
|
|||
import com.google.common.collect.Sets;
|
||||
import com.nimbusds.jose.Algorithm;
|
||||
import com.nimbusds.jose.JWEHeader;
|
||||
import com.nimbusds.jose.JWEObject;
|
||||
import com.nimbusds.jose.JWSAlgorithm;
|
||||
import com.nimbusds.jose.JWSHeader;
|
||||
import com.nimbusds.jose.util.Base64URL;
|
||||
|
|
@ -94,7 +95,7 @@ public class DefaultOIDCTokenService implements OIDCTokenService {
|
|||
private OAuth2TokenEntityService tokenService;
|
||||
|
||||
@Override
|
||||
public OAuth2AccessTokenEntity createIdToken(ClientDetailsEntity client, OAuth2Request request, Date issueTime, String sub, OAuth2AccessTokenEntity accessToken) {
|
||||
public JWT createIdToken(ClientDetailsEntity client, OAuth2Request request, Date issueTime, String sub, OAuth2AccessTokenEntity accessToken) {
|
||||
|
||||
JWSAlgorithm signingAlg = jwtService.getDefaultSigningAlgorithm();
|
||||
|
||||
|
|
@ -103,7 +104,8 @@ public class DefaultOIDCTokenService implements OIDCTokenService {
|
|||
}
|
||||
|
||||
|
||||
OAuth2AccessTokenEntity idTokenEntity = new OAuth2AccessTokenEntity();
|
||||
JWT idToken = null;
|
||||
|
||||
JWTClaimsSet.Builder idClaims = new JWTClaimsSet.Builder();
|
||||
|
||||
// if the auth time claim was explicitly requested OR if the client always wants the auth time, put it in
|
||||
|
|
@ -128,7 +130,6 @@ public class DefaultOIDCTokenService implements OIDCTokenService {
|
|||
if (client.getIdTokenValiditySeconds() != null) {
|
||||
Date expiration = new Date(System.currentTimeMillis() + (client.getIdTokenValiditySeconds() * 1000L));
|
||||
idClaims.expirationTime(expiration);
|
||||
idTokenEntity.setExpiration(expiration);
|
||||
}
|
||||
|
||||
idClaims.issuer(configBean.getIssuer());
|
||||
|
|
@ -157,11 +158,9 @@ public class DefaultOIDCTokenService implements OIDCTokenService {
|
|||
|
||||
if (encrypter != null) {
|
||||
|
||||
EncryptedJWT idToken = new EncryptedJWT(new JWEHeader(client.getIdTokenEncryptedResponseAlg(), client.getIdTokenEncryptedResponseEnc()), idClaims.build());
|
||||
idToken = new EncryptedJWT(new JWEHeader(client.getIdTokenEncryptedResponseAlg(), client.getIdTokenEncryptedResponseEnc()), idClaims.build());
|
||||
|
||||
encrypter.encryptJwt(idToken);
|
||||
|
||||
idTokenEntity.setJwt(idToken);
|
||||
encrypter.encryptJwt((JWEObject) idToken);
|
||||
|
||||
} else {
|
||||
logger.error("Couldn't find encrypter for client: " + client.getClientId());
|
||||
|
|
@ -169,8 +168,6 @@ public class DefaultOIDCTokenService implements OIDCTokenService {
|
|||
|
||||
} else {
|
||||
|
||||
JWT idToken;
|
||||
|
||||
if (signingAlg.equals(Algorithm.NONE)) {
|
||||
// unsigned ID token
|
||||
idToken = new PlainJWT(idClaims.build());
|
||||
|
|
@ -206,20 +203,9 @@ public class DefaultOIDCTokenService implements OIDCTokenService {
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
idTokenEntity.setJwt(idToken);
|
||||
}
|
||||
|
||||
idTokenEntity.setAuthenticationHolder(accessToken.getAuthenticationHolder());
|
||||
|
||||
// create a scope set with just the special "id-token" scope
|
||||
//Set<String> idScopes = new HashSet<String>(token.getScope()); // this would copy the original token's scopes in, we don't really want that
|
||||
Set<String> idScopes = Sets.newHashSet(SystemScopeService.ID_TOKEN_SCOPE);
|
||||
idTokenEntity.setScope(idScopes);
|
||||
|
||||
idTokenEntity.setClient(accessToken.getClient());
|
||||
|
||||
return idTokenEntity;
|
||||
return idToken;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -223,7 +223,6 @@ public class MITREidDataService_1_0 extends MITREidDataServiceSupport implements
|
|||
private Map<Long, String> accessTokenToClientRefs = new HashMap<>();
|
||||
private Map<Long, Long> accessTokenToAuthHolderRefs = new HashMap<>();
|
||||
private Map<Long, Long> accessTokenToRefreshTokenRefs = new HashMap<>();
|
||||
private Map<Long, Long> accessTokenToIdTokenRefs = new HashMap<>();
|
||||
private Map<Long, Long> accessTokenOldToNewIdMap = new HashMap<>();
|
||||
|
||||
/**
|
||||
|
|
@ -243,7 +242,6 @@ public class MITREidDataService_1_0 extends MITREidDataServiceSupport implements
|
|||
String clientId = null;
|
||||
Long authHolderId = null;
|
||||
Long refreshTokenId = null;
|
||||
Long idTokenId = null;
|
||||
while (reader.hasNext()) {
|
||||
switch (reader.peek()) {
|
||||
case END_OBJECT:
|
||||
|
|
@ -271,8 +269,6 @@ public class MITREidDataService_1_0 extends MITREidDataServiceSupport implements
|
|||
authHolderId = reader.nextLong();
|
||||
} else if (name.equals("refreshTokenId")) {
|
||||
refreshTokenId = reader.nextLong();
|
||||
} else if (name.equals("idTokenId")) {
|
||||
idTokenId = reader.nextLong();
|
||||
} else if (name.equals("scope")) {
|
||||
Set<String> scope = readSet(reader);
|
||||
token.setScope(scope);
|
||||
|
|
@ -296,9 +292,6 @@ public class MITREidDataService_1_0 extends MITREidDataServiceSupport implements
|
|||
if (refreshTokenId != null) {
|
||||
accessTokenToRefreshTokenRefs.put(currentId, refreshTokenId);
|
||||
}
|
||||
if (idTokenId != null) {
|
||||
accessTokenToIdTokenRefs.put(currentId, idTokenId);
|
||||
}
|
||||
accessTokenOldToNewIdMap.put(currentId, newId);
|
||||
logger.debug("Read access token {}", currentId);
|
||||
}
|
||||
|
|
@ -883,16 +876,6 @@ public class MITREidDataService_1_0 extends MITREidDataServiceSupport implements
|
|||
}
|
||||
accessTokenToRefreshTokenRefs.clear();
|
||||
refreshTokenOldToNewIdMap.clear();
|
||||
for (Long oldAccessTokenId : accessTokenToIdTokenRefs.keySet()) {
|
||||
Long oldIdTokenId = accessTokenToIdTokenRefs.get(oldAccessTokenId);
|
||||
Long newIdTokenId = accessTokenOldToNewIdMap.get(oldIdTokenId);
|
||||
OAuth2AccessTokenEntity idToken = tokenRepository.getAccessTokenById(newIdTokenId);
|
||||
Long newAccessTokenId = accessTokenOldToNewIdMap.get(oldAccessTokenId);
|
||||
OAuth2AccessTokenEntity accessToken = tokenRepository.getAccessTokenById(newAccessTokenId);
|
||||
accessToken.setIdToken(idToken);
|
||||
tokenRepository.saveAccessToken(accessToken);
|
||||
}
|
||||
accessTokenToIdTokenRefs.clear();
|
||||
whitelistedSiteOldToNewIdMap.clear();
|
||||
for (Long oldGrantId : grantToAccessTokensRefs.keySet()) {
|
||||
Set<Long> oldAccessTokenIds = grantToAccessTokensRefs.get(oldGrantId);
|
||||
|
|
|
|||
|
|
@ -226,7 +226,6 @@ public class MITREidDataService_1_1 extends MITREidDataServiceSupport implements
|
|||
private Map<Long, String> accessTokenToClientRefs = new HashMap<>();
|
||||
private Map<Long, Long> accessTokenToAuthHolderRefs = new HashMap<>();
|
||||
private Map<Long, Long> accessTokenToRefreshTokenRefs = new HashMap<>();
|
||||
private Map<Long, Long> accessTokenToIdTokenRefs = new HashMap<>();
|
||||
private Map<Long, Long> accessTokenOldToNewIdMap = new HashMap<>();
|
||||
|
||||
/**
|
||||
|
|
@ -246,7 +245,6 @@ public class MITREidDataService_1_1 extends MITREidDataServiceSupport implements
|
|||
String clientId = null;
|
||||
Long authHolderId = null;
|
||||
Long refreshTokenId = null;
|
||||
Long idTokenId = null;
|
||||
while (reader.hasNext()) {
|
||||
switch (reader.peek()) {
|
||||
case END_OBJECT:
|
||||
|
|
@ -274,8 +272,6 @@ public class MITREidDataService_1_1 extends MITREidDataServiceSupport implements
|
|||
authHolderId = reader.nextLong();
|
||||
} else if (name.equals("refreshTokenId")) {
|
||||
refreshTokenId = reader.nextLong();
|
||||
} else if (name.equals("idTokenId")) {
|
||||
idTokenId = reader.nextLong();
|
||||
} else if (name.equals("scope")) {
|
||||
Set<String> scope = readSet(reader);
|
||||
token.setScope(scope);
|
||||
|
|
@ -299,9 +295,6 @@ public class MITREidDataService_1_1 extends MITREidDataServiceSupport implements
|
|||
if (refreshTokenId != null) {
|
||||
accessTokenToRefreshTokenRefs.put(currentId, refreshTokenId);
|
||||
}
|
||||
if (idTokenId != null) {
|
||||
accessTokenToIdTokenRefs.put(currentId, idTokenId);
|
||||
}
|
||||
accessTokenOldToNewIdMap.put(currentId, newId);
|
||||
logger.debug("Read access token {}", currentId);
|
||||
}
|
||||
|
|
@ -897,16 +890,6 @@ public class MITREidDataService_1_1 extends MITREidDataServiceSupport implements
|
|||
}
|
||||
accessTokenToRefreshTokenRefs.clear();
|
||||
refreshTokenOldToNewIdMap.clear();
|
||||
for (Long oldAccessTokenId : accessTokenToIdTokenRefs.keySet()) {
|
||||
Long oldIdTokenId = accessTokenToIdTokenRefs.get(oldAccessTokenId);
|
||||
Long newIdTokenId = accessTokenOldToNewIdMap.get(oldIdTokenId);
|
||||
OAuth2AccessTokenEntity idToken = tokenRepository.getAccessTokenById(newIdTokenId);
|
||||
Long newAccessTokenId = accessTokenOldToNewIdMap.get(oldAccessTokenId);
|
||||
OAuth2AccessTokenEntity accessToken = tokenRepository.getAccessTokenById(newAccessTokenId);
|
||||
accessToken.setIdToken(idToken);
|
||||
tokenRepository.saveAccessToken(accessToken);
|
||||
}
|
||||
accessTokenToIdTokenRefs.clear();
|
||||
for (Long oldGrantId : grantToAccessTokensRefs.keySet()) {
|
||||
Set<Long> oldAccessTokenIds = grantToAccessTokensRefs.get(oldGrantId);
|
||||
|
||||
|
|
|
|||
|
|
@ -137,7 +137,6 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
|
|||
private static final String REQUEST_PARAMETERS = "requestParameters";
|
||||
private static final String TYPE = "type";
|
||||
private static final String SCOPE = "scope";
|
||||
private static final String ID_TOKEN_ID = "idTokenId";
|
||||
private static final String REFRESH_TOKEN_ID = "refreshTokenId";
|
||||
private static final String VALUE = "value";
|
||||
private static final String AUTHENTICATION_HOLDER_ID = "authenticationHolderId";
|
||||
|
|
@ -291,7 +290,6 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
|
|||
private Map<Long, String> accessTokenToClientRefs = new HashMap<Long, String>();
|
||||
private Map<Long, Long> accessTokenToAuthHolderRefs = new HashMap<Long, Long>();
|
||||
private Map<Long, Long> accessTokenToRefreshTokenRefs = new HashMap<Long, Long>();
|
||||
private Map<Long, Long> accessTokenToIdTokenRefs = new HashMap<Long, Long>();
|
||||
private Map<Long, Long> accessTokenOldToNewIdMap = new HashMap<Long, Long>();
|
||||
|
||||
/**
|
||||
|
|
@ -311,7 +309,6 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
|
|||
String clientId = null;
|
||||
Long authHolderId = null;
|
||||
Long refreshTokenId = null;
|
||||
Long idTokenId = null;
|
||||
while (reader.hasNext()) {
|
||||
switch (reader.peek()) {
|
||||
case END_OBJECT:
|
||||
|
|
@ -339,8 +336,6 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
|
|||
authHolderId = reader.nextLong();
|
||||
} else if (name.equals(REFRESH_TOKEN_ID)) {
|
||||
refreshTokenId = reader.nextLong();
|
||||
} else if (name.equals(ID_TOKEN_ID)) {
|
||||
idTokenId = reader.nextLong();
|
||||
} else if (name.equals(SCOPE)) {
|
||||
Set<String> scope = readSet(reader);
|
||||
token.setScope(scope);
|
||||
|
|
@ -364,9 +359,6 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
|
|||
if (refreshTokenId != null) {
|
||||
accessTokenToRefreshTokenRefs.put(currentId, refreshTokenId);
|
||||
}
|
||||
if (idTokenId != null) {
|
||||
accessTokenToIdTokenRefs.put(currentId, idTokenId);
|
||||
}
|
||||
accessTokenOldToNewIdMap.put(currentId, newId);
|
||||
logger.debug("Read access token {}", currentId);
|
||||
}
|
||||
|
|
@ -888,16 +880,6 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
|
|||
}
|
||||
accessTokenToRefreshTokenRefs.clear();
|
||||
refreshTokenOldToNewIdMap.clear();
|
||||
for (Long oldAccessTokenId : accessTokenToIdTokenRefs.keySet()) {
|
||||
Long oldIdTokenId = accessTokenToIdTokenRefs.get(oldAccessTokenId);
|
||||
Long newIdTokenId = accessTokenOldToNewIdMap.get(oldIdTokenId);
|
||||
OAuth2AccessTokenEntity idToken = tokenRepository.getAccessTokenById(newIdTokenId);
|
||||
Long newAccessTokenId = accessTokenOldToNewIdMap.get(oldAccessTokenId);
|
||||
OAuth2AccessTokenEntity accessToken = tokenRepository.getAccessTokenById(newAccessTokenId);
|
||||
accessToken.setIdToken(idToken);
|
||||
tokenRepository.saveAccessToken(accessToken);
|
||||
}
|
||||
accessTokenToIdTokenRefs.clear();
|
||||
for (Long oldGrantId : grantToAccessTokensRefs.keySet()) {
|
||||
Set<Long> oldAccessTokenIds = grantToAccessTokensRefs.get(oldGrantId);
|
||||
|
||||
|
|
|
|||
|
|
@ -139,7 +139,6 @@ public class MITREidDataService_1_3 extends MITREidDataServiceSupport implements
|
|||
private static final String REQUEST_PARAMETERS = "requestParameters";
|
||||
private static final String TYPE = "type";
|
||||
private static final String SCOPE = "scope";
|
||||
private static final String ID_TOKEN_ID = "idTokenId";
|
||||
private static final String REFRESH_TOKEN_ID = "refreshTokenId";
|
||||
private static final String VALUE = "value";
|
||||
private static final String AUTHENTICATION_HOLDER_ID = "authenticationHolderId";
|
||||
|
|
@ -257,8 +256,6 @@ public class MITREidDataService_1_3 extends MITREidDataServiceSupport implements
|
|||
.value((token.getAuthenticationHolder() != null) ? token.getAuthenticationHolder().getId() : null);
|
||||
writer.name(REFRESH_TOKEN_ID)
|
||||
.value((token.getRefreshToken() != null) ? token.getRefreshToken().getId() : null);
|
||||
writer.name(ID_TOKEN_ID)
|
||||
.value((token.getIdToken() != null) ? token.getIdToken().getId() : null);
|
||||
writer.name(SCOPE);
|
||||
writer.beginArray();
|
||||
for (String s : token.getScope()) {
|
||||
|
|
@ -658,7 +655,6 @@ public class MITREidDataService_1_3 extends MITREidDataServiceSupport implements
|
|||
private Map<Long, String> accessTokenToClientRefs = new HashMap<Long, String>();
|
||||
private Map<Long, Long> accessTokenToAuthHolderRefs = new HashMap<Long, Long>();
|
||||
private Map<Long, Long> accessTokenToRefreshTokenRefs = new HashMap<Long, Long>();
|
||||
private Map<Long, Long> accessTokenToIdTokenRefs = new HashMap<Long, Long>();
|
||||
private Map<Long, Long> accessTokenOldToNewIdMap = new HashMap<Long, Long>();
|
||||
|
||||
/**
|
||||
|
|
@ -678,7 +674,6 @@ public class MITREidDataService_1_3 extends MITREidDataServiceSupport implements
|
|||
String clientId = null;
|
||||
Long authHolderId = null;
|
||||
Long refreshTokenId = null;
|
||||
Long idTokenId = null;
|
||||
while (reader.hasNext()) {
|
||||
switch (reader.peek()) {
|
||||
case END_OBJECT:
|
||||
|
|
@ -706,8 +701,6 @@ public class MITREidDataService_1_3 extends MITREidDataServiceSupport implements
|
|||
authHolderId = reader.nextLong();
|
||||
} else if (name.equals(REFRESH_TOKEN_ID)) {
|
||||
refreshTokenId = reader.nextLong();
|
||||
} else if (name.equals(ID_TOKEN_ID)) {
|
||||
idTokenId = reader.nextLong();
|
||||
} else if (name.equals(SCOPE)) {
|
||||
Set<String> scope = readSet(reader);
|
||||
token.setScope(scope);
|
||||
|
|
@ -731,9 +724,6 @@ public class MITREidDataService_1_3 extends MITREidDataServiceSupport implements
|
|||
if (refreshTokenId != null) {
|
||||
accessTokenToRefreshTokenRefs.put(currentId, refreshTokenId);
|
||||
}
|
||||
if (idTokenId != null) {
|
||||
accessTokenToIdTokenRefs.put(currentId, idTokenId);
|
||||
}
|
||||
accessTokenOldToNewIdMap.put(currentId, newId);
|
||||
logger.debug("Read access token {}", currentId);
|
||||
}
|
||||
|
|
@ -1263,16 +1253,6 @@ public class MITREidDataService_1_3 extends MITREidDataServiceSupport implements
|
|||
}
|
||||
accessTokenToRefreshTokenRefs.clear();
|
||||
refreshTokenOldToNewIdMap.clear();
|
||||
for (Long oldAccessTokenId : accessTokenToIdTokenRefs.keySet()) {
|
||||
Long oldIdTokenId = accessTokenToIdTokenRefs.get(oldAccessTokenId);
|
||||
Long newIdTokenId = accessTokenOldToNewIdMap.get(oldIdTokenId);
|
||||
OAuth2AccessTokenEntity idToken = tokenRepository.getAccessTokenById(newIdTokenId);
|
||||
Long newAccessTokenId = accessTokenOldToNewIdMap.get(oldAccessTokenId);
|
||||
OAuth2AccessTokenEntity accessToken = tokenRepository.getAccessTokenById(newAccessTokenId);
|
||||
accessToken.setIdToken(idToken);
|
||||
tokenRepository.saveAccessToken(accessToken);
|
||||
}
|
||||
accessTokenToIdTokenRefs.clear();
|
||||
for (Long oldGrantId : grantToAccessTokensRefs.keySet()) {
|
||||
Set<Long> oldAccessTokenIds = grantToAccessTokensRefs.get(oldGrantId);
|
||||
|
||||
|
|
|
|||
|
|
@ -44,6 +44,7 @@ import com.google.common.base.Strings;
|
|||
import com.google.common.collect.Lists;
|
||||
import com.nimbusds.jose.JWSAlgorithm;
|
||||
import com.nimbusds.jose.JWSHeader;
|
||||
import com.nimbusds.jwt.JWT;
|
||||
import com.nimbusds.jwt.JWTClaimsSet;
|
||||
import com.nimbusds.jwt.JWTClaimsSet.Builder;
|
||||
import com.nimbusds.jwt.SignedJWT;
|
||||
|
|
@ -132,12 +133,12 @@ public class ConnectTokenEnhancer implements TokenEnhancer {
|
|||
|
||||
if (userInfo != null) {
|
||||
|
||||
OAuth2AccessTokenEntity idTokenEntity = connectTokenService.createIdToken(client,
|
||||
JWT idToken = connectTokenService.createIdToken(client,
|
||||
originalAuthRequest, claims.getIssueTime(),
|
||||
userInfo.getSub(), token);
|
||||
|
||||
// attach the id token to the parent access token
|
||||
token.setIdToken(idTokenEntity);
|
||||
token.setIdToken(idToken);
|
||||
} else {
|
||||
// can't create an id token if we can't find the user
|
||||
logger.warn("Request for ID token when no user is present.");
|
||||
|
|
|
|||
|
|
@ -295,7 +295,6 @@ public class TestMITREidDataService_1_0 {
|
|||
token2.setExpiration(expirationDate2);
|
||||
token2.setJwt(JWTParser.parse("eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE0MTI3OTI5NjgsImF1ZCI6WyJjbGllbnQiXSwiaXNzIjoiaHR0cDpcL1wvbG9jYWxob3N0OjgwODBcL29wZW5pZC1jb25uZWN0LXNlcnZlci13ZWJhcHBcLyIsImp0aSI6IjBmZGE5ZmRiLTYyYzItNGIzZS05OTdiLWU0M2VhMDUwMzNiOSIsImlhdCI6MTQxMjc4OTM2OH0.xgaVpRLYE5MzbgXfE0tZt823tjAm6Oh3_kdR1P2I9jRLR6gnTlBQFlYi3Y_0pWNnZSerbAE8Tn6SJHZ9k-curVG0-ByKichV7CNvgsE5X_2wpEaUzejvKf8eZ-BammRY-ie6yxSkAarcUGMvGGOLbkFcz5CtrBpZhfd75J49BIQ"));
|
||||
token2.setAuthenticationHolder(mockedAuthHolder2);
|
||||
token2.setIdToken(token1);
|
||||
token2.setRefreshToken(mockRefreshToken2);
|
||||
token2.setScope(ImmutableSet.of("openid", "offline_access", "email", "profile"));
|
||||
token2.setTokenType("Bearer");
|
||||
|
|
@ -365,8 +364,8 @@ public class TestMITREidDataService_1_0 {
|
|||
}
|
||||
});
|
||||
dataService.importData(reader);
|
||||
//2 times for token, 2 times to update client, 2 times to update authHolder, 2 times to update id token, 2 times to update refresh token
|
||||
verify(tokenRepository, times(8)).saveAccessToken(capturedAccessTokens.capture());
|
||||
//2 times for token, 2 times to update client, 2 times to update authHolder, 1 times to update refresh token
|
||||
verify(tokenRepository, times(7)).saveAccessToken(capturedAccessTokens.capture());
|
||||
|
||||
List<OAuth2AccessTokenEntity> savedAccessTokens = new ArrayList(fakeDb.values()); //capturedAccessTokens.getAllValues();
|
||||
Collections.sort(savedAccessTokens, new accessTokenIdComparator());
|
||||
|
|
|
|||
|
|
@ -299,7 +299,6 @@ public class TestMITREidDataService_1_1 {
|
|||
token2.setExpiration(expirationDate2);
|
||||
token2.setJwt(JWTParser.parse("eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE0MTI3OTI5NjgsImF1ZCI6WyJjbGllbnQiXSwiaXNzIjoiaHR0cDpcL1wvbG9jYWxob3N0OjgwODBcL29wZW5pZC1jb25uZWN0LXNlcnZlci13ZWJhcHBcLyIsImp0aSI6IjBmZGE5ZmRiLTYyYzItNGIzZS05OTdiLWU0M2VhMDUwMzNiOSIsImlhdCI6MTQxMjc4OTM2OH0.xgaVpRLYE5MzbgXfE0tZt823tjAm6Oh3_kdR1P2I9jRLR6gnTlBQFlYi3Y_0pWNnZSerbAE8Tn6SJHZ9k-curVG0-ByKichV7CNvgsE5X_2wpEaUzejvKf8eZ-BammRY-ie6yxSkAarcUGMvGGOLbkFcz5CtrBpZhfd75J49BIQ"));
|
||||
token2.setAuthenticationHolder(mockedAuthHolder2);
|
||||
token2.setIdToken(token1);
|
||||
token2.setRefreshToken(mockRefreshToken2);
|
||||
token2.setScope(ImmutableSet.of("openid", "offline_access", "email", "profile"));
|
||||
token2.setTokenType("Bearer");
|
||||
|
|
@ -369,8 +368,8 @@ public class TestMITREidDataService_1_1 {
|
|||
}
|
||||
});
|
||||
dataService.importData(reader);
|
||||
//2 times for token, 2 times to update client, 2 times to update authHolder, 2 times to update id token, 2 times to update refresh token
|
||||
verify(tokenRepository, times(8)).saveAccessToken(capturedAccessTokens.capture());
|
||||
//2 times for token, 2 times to update client, 2 times to update authHolder, 1 times to update refresh token
|
||||
verify(tokenRepository, times(7)).saveAccessToken(capturedAccessTokens.capture());
|
||||
|
||||
List<OAuth2AccessTokenEntity> savedAccessTokens = new ArrayList(fakeDb.values()); //capturedAccessTokens.getAllValues();
|
||||
Collections.sort(savedAccessTokens, new accessTokenIdComparator());
|
||||
|
|
|
|||
|
|
@ -314,7 +314,6 @@ public class TestMITREidDataService_1_2 {
|
|||
token2.setExpiration(expirationDate2);
|
||||
token2.setJwt(JWTParser.parse("eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE0MTI3OTI5NjgsImF1ZCI6WyJjbGllbnQiXSwiaXNzIjoiaHR0cDpcL1wvbG9jYWxob3N0OjgwODBcL29wZW5pZC1jb25uZWN0LXNlcnZlci13ZWJhcHBcLyIsImp0aSI6IjBmZGE5ZmRiLTYyYzItNGIzZS05OTdiLWU0M2VhMDUwMzNiOSIsImlhdCI6MTQxMjc4OTM2OH0.xgaVpRLYE5MzbgXfE0tZt823tjAm6Oh3_kdR1P2I9jRLR6gnTlBQFlYi3Y_0pWNnZSerbAE8Tn6SJHZ9k-curVG0-ByKichV7CNvgsE5X_2wpEaUzejvKf8eZ-BammRY-ie6yxSkAarcUGMvGGOLbkFcz5CtrBpZhfd75J49BIQ"));
|
||||
token2.setAuthenticationHolder(mockedAuthHolder2);
|
||||
token2.setIdToken(token1);
|
||||
token2.setRefreshToken(mockRefreshToken2);
|
||||
token2.setScope(ImmutableSet.of("openid", "offline_access", "email", "profile"));
|
||||
token2.setTokenType("Bearer");
|
||||
|
|
@ -384,8 +383,8 @@ public class TestMITREidDataService_1_2 {
|
|||
}
|
||||
});
|
||||
dataService.importData(reader);
|
||||
//2 times for token, 2 times to update client, 2 times to update authHolder, 2 times to update id token, 2 times to update refresh token
|
||||
verify(tokenRepository, times(8)).saveAccessToken(capturedAccessTokens.capture());
|
||||
//2 times for token, 2 times to update client, 2 times to update authHolder, 1 times to update refresh token
|
||||
verify(tokenRepository, times(7)).saveAccessToken(capturedAccessTokens.capture());
|
||||
|
||||
List<OAuth2AccessTokenEntity> savedAccessTokens = new ArrayList(fakeDb.values()); //capturedAccessTokens.getAllValues();
|
||||
Collections.sort(savedAccessTokens, new accessTokenIdComparator());
|
||||
|
|
|
|||
|
|
@ -423,7 +423,6 @@ public class TestMITREidDataService_1_3 {
|
|||
token2.setExpiration(expirationDate2);
|
||||
token2.setJwt(JWTParser.parse("eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE0MTI3OTI5NjgsImF1ZCI6WyJjbGllbnQiXSwiaXNzIjoiaHR0cDpcL1wvbG9jYWxob3N0OjgwODBcL29wZW5pZC1jb25uZWN0LXNlcnZlci13ZWJhcHBcLyIsImp0aSI6IjBmZGE5ZmRiLTYyYzItNGIzZS05OTdiLWU0M2VhMDUwMzNiOSIsImlhdCI6MTQxMjc4OTM2OH0.xgaVpRLYE5MzbgXfE0tZt823tjAm6Oh3_kdR1P2I9jRLR6gnTlBQFlYi3Y_0pWNnZSerbAE8Tn6SJHZ9k-curVG0-ByKichV7CNvgsE5X_2wpEaUzejvKf8eZ-BammRY-ie6yxSkAarcUGMvGGOLbkFcz5CtrBpZhfd75J49BIQ"));
|
||||
token2.setAuthenticationHolder(mockedAuthHolder2);
|
||||
token2.setIdToken(token1);
|
||||
token2.setRefreshToken(mockRefreshToken2);
|
||||
token2.setScope(ImmutableSet.of("openid", "offline_access", "email", "profile"));
|
||||
token2.setTokenType("Bearer");
|
||||
|
|
@ -505,13 +504,8 @@ public class TestMITREidDataService_1_3 {
|
|||
assertThat(token.get("authenticationHolderId").getAsLong(), equalTo(compare.getAuthenticationHolder().getId()));
|
||||
assertTrue(token.get("scope").isJsonArray());
|
||||
assertThat(jsonArrayToStringSet(token.getAsJsonArray("scope")), equalTo(compare.getScope()));
|
||||
if(token.get("idTokenId").isJsonNull()) {
|
||||
assertNull(compare.getIdToken());
|
||||
} else {
|
||||
assertThat(token.get("idTokenId").getAsLong(), equalTo(compare.getIdToken().getId()));
|
||||
}
|
||||
if(token.get("refreshTokenId").isJsonNull()) {
|
||||
assertNull(compare.getIdToken());
|
||||
assertNull(compare.getRefreshToken());
|
||||
} else {
|
||||
assertThat(token.get("refreshTokenId").getAsLong(), equalTo(compare.getRefreshToken().getId()));
|
||||
}
|
||||
|
|
@ -567,7 +561,6 @@ public class TestMITREidDataService_1_3 {
|
|||
token2.setExpiration(expirationDate2);
|
||||
token2.setJwt(JWTParser.parse("eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE0MTI3OTI5NjgsImF1ZCI6WyJjbGllbnQiXSwiaXNzIjoiaHR0cDpcL1wvbG9jYWxob3N0OjgwODBcL29wZW5pZC1jb25uZWN0LXNlcnZlci13ZWJhcHBcLyIsImp0aSI6IjBmZGE5ZmRiLTYyYzItNGIzZS05OTdiLWU0M2VhMDUwMzNiOSIsImlhdCI6MTQxMjc4OTM2OH0.xgaVpRLYE5MzbgXfE0tZt823tjAm6Oh3_kdR1P2I9jRLR6gnTlBQFlYi3Y_0pWNnZSerbAE8Tn6SJHZ9k-curVG0-ByKichV7CNvgsE5X_2wpEaUzejvKf8eZ-BammRY-ie6yxSkAarcUGMvGGOLbkFcz5CtrBpZhfd75J49BIQ"));
|
||||
token2.setAuthenticationHolder(mockedAuthHolder2);
|
||||
token2.setIdToken(token1);
|
||||
token2.setRefreshToken(mockRefreshToken2);
|
||||
token2.setScope(ImmutableSet.of("openid", "offline_access", "email", "profile"));
|
||||
token2.setTokenType("Bearer");
|
||||
|
|
@ -637,8 +630,8 @@ public class TestMITREidDataService_1_3 {
|
|||
}
|
||||
});
|
||||
dataService.importData(reader);
|
||||
//2 times for token, 2 times to update client, 2 times to update authHolder, 2 times to update id token, 2 times to update refresh token
|
||||
verify(tokenRepository, times(8)).saveAccessToken(capturedAccessTokens.capture());
|
||||
//2 times for token, 2 times to update client, 2 times to update authHolder, 1 times to update refresh token
|
||||
verify(tokenRepository, times(7)).saveAccessToken(capturedAccessTokens.capture());
|
||||
|
||||
List<OAuth2AccessTokenEntity> savedAccessTokens = new ArrayList(fakeDb.values()); //capturedAccessTokens.getAllValues();
|
||||
Collections.sort(savedAccessTokens, new accessTokenIdComparator());
|
||||
|
|
|
|||
|
|
@ -442,8 +442,10 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
|
|||
.value((token.getAuthenticationHolder() != null) ? token.getAuthenticationHolder().getId() : null);
|
||||
writer.name(REFRESH_TOKEN_ID)
|
||||
.value((token.getRefreshToken() != null) ? token.getRefreshToken().getId() : null);
|
||||
/*
|
||||
writer.name(ID_TOKEN_ID)
|
||||
.value((token.getIdToken() != null) ? token.getIdToken().getId() : null);
|
||||
*/
|
||||
writer.name(SCOPE);
|
||||
writer.beginArray();
|
||||
for (String s : token.getScope()) {
|
||||
|
|
@ -1780,16 +1782,6 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
|
|||
}
|
||||
accessTokenToRefreshTokenRefs.clear();
|
||||
refreshTokenOldToNewIdMap.clear();
|
||||
for (Long oldAccessTokenId : accessTokenToIdTokenRefs.keySet()) {
|
||||
Long oldIdTokenId = accessTokenToIdTokenRefs.get(oldAccessTokenId);
|
||||
Long newIdTokenId = accessTokenOldToNewIdMap.get(oldIdTokenId);
|
||||
OAuth2AccessTokenEntity idToken = tokenRepository.getAccessTokenById(newIdTokenId);
|
||||
Long newAccessTokenId = accessTokenOldToNewIdMap.get(oldAccessTokenId);
|
||||
OAuth2AccessTokenEntity accessToken = tokenRepository.getAccessTokenById(newAccessTokenId);
|
||||
accessToken.setIdToken(idToken);
|
||||
tokenRepository.saveAccessToken(accessToken);
|
||||
}
|
||||
accessTokenToIdTokenRefs.clear();
|
||||
for (Long oldGrantId : grantToAccessTokensRefs.keySet()) {
|
||||
Set<Long> oldAccessTokenIds = grantToAccessTokensRefs.get(oldGrantId);
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue