|
|
|
|
@ -81,7 +81,8 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
|
|
|
|
|
/**
|
|
|
|
|
* Logger for this class
|
|
|
|
|
*/
|
|
|
|
|
private static final Logger logger = LoggerFactory.getLogger(DefaultOAuth2ProviderTokenService.class);
|
|
|
|
|
private static final Logger logger =
|
|
|
|
|
LoggerFactory.getLogger(DefaultOAuth2ProviderTokenService.class);
|
|
|
|
|
|
|
|
|
|
@Autowired
|
|
|
|
|
private OAuth2TokenRepository tokenRepository;
|
|
|
|
|
@ -123,6 +124,7 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Utility function to delete an access token that's expired before returning it.
|
|
|
|
|
*
|
|
|
|
|
* @param token the token to check
|
|
|
|
|
* @return null if the token is null or expired, the input token (unchanged) if it hasn't
|
|
|
|
|
*/
|
|
|
|
|
@ -141,6 +143,7 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Utility function to delete a refresh token that's expired before returning it.
|
|
|
|
|
*
|
|
|
|
|
* @param token the token to check
|
|
|
|
|
* @return null if the token is null or expired, the input token (unchanged) if it hasn't
|
|
|
|
|
*/
|
|
|
|
|
@ -158,8 +161,9 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
|
@Transactional(value="defaultTransactionManager")
|
|
|
|
|
public OAuth2AccessTokenEntity createAccessToken(OAuth2Authentication authentication) throws AuthenticationException, InvalidClientException {
|
|
|
|
|
@Transactional(value = "defaultTransactionManager")
|
|
|
|
|
public OAuth2AccessTokenEntity createAccessToken(OAuth2Authentication authentication)
|
|
|
|
|
throws AuthenticationException, InvalidClientException {
|
|
|
|
|
if (authentication != null && authentication.getOAuth2Request() != null) {
|
|
|
|
|
// look up our client
|
|
|
|
|
OAuth2Request request = authentication.getOAuth2Request();
|
|
|
|
|
@ -173,7 +177,8 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
|
|
|
|
|
// handle the PKCE code challenge if present
|
|
|
|
|
if (request.getExtensions().containsKey(CODE_CHALLENGE)) {
|
|
|
|
|
String challenge = (String) request.getExtensions().get(CODE_CHALLENGE);
|
|
|
|
|
PKCEAlgorithm alg = PKCEAlgorithm.parse((String) request.getExtensions().get(CODE_CHALLENGE_METHOD));
|
|
|
|
|
PKCEAlgorithm alg =
|
|
|
|
|
PKCEAlgorithm.parse((String) request.getExtensions().get(CODE_CHALLENGE_METHOD));
|
|
|
|
|
|
|
|
|
|
String verifier = request.getRequestParameters().get(CODE_VERIFIER);
|
|
|
|
|
|
|
|
|
|
@ -186,7 +191,9 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
|
|
|
|
|
// hash the verifier
|
|
|
|
|
try {
|
|
|
|
|
MessageDigest digest = MessageDigest.getInstance("SHA-256");
|
|
|
|
|
String hash = Base64URL.encode(digest.digest(verifier.getBytes(StandardCharsets.US_ASCII))).toString();
|
|
|
|
|
String hash =
|
|
|
|
|
Base64URL.encode(digest.digest(verifier.getBytes(StandardCharsets.US_ASCII)))
|
|
|
|
|
.toString();
|
|
|
|
|
if (!challenge.equals(hash)) {
|
|
|
|
|
throw new InvalidRequestException("Code challenge and verifier do not match");
|
|
|
|
|
}
|
|
|
|
|
@ -197,14 +204,14 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
OAuth2AccessTokenEntity token = new OAuth2AccessTokenEntity();//accessTokenFactory.createNewAccessToken();
|
|
|
|
|
OAuth2AccessTokenEntity token = new OAuth2AccessTokenEntity();// accessTokenFactory.createNewAccessToken();
|
|
|
|
|
|
|
|
|
|
// attach the client
|
|
|
|
|
token.setClient(client);
|
|
|
|
|
|
|
|
|
|
// inherit the scope from the auth, but make a new set so it is
|
|
|
|
|
//not unmodifiable. Unmodifiables don't play nicely with Eclipselink, which
|
|
|
|
|
//wants to use the clone operation.
|
|
|
|
|
// not unmodifiable. Unmodifiables don't play nicely with Eclipselink, which
|
|
|
|
|
// wants to use the clone operation.
|
|
|
|
|
Set<SystemScope> scopes = scopeService.fromStrings(request.getScope());
|
|
|
|
|
|
|
|
|
|
// remove any of the special system scopes
|
|
|
|
|
@ -213,8 +220,10 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
|
|
|
|
|
token.setScope(scopeService.toStrings(scopes));
|
|
|
|
|
|
|
|
|
|
// make it expire if necessary
|
|
|
|
|
if (client.getAccessTokenValiditySeconds() != null && client.getAccessTokenValiditySeconds() > 0) {
|
|
|
|
|
Date expiration = new Date(System.currentTimeMillis() + (client.getAccessTokenValiditySeconds() * 1000L));
|
|
|
|
|
if (client.getAccessTokenValiditySeconds() != null
|
|
|
|
|
&& client.getAccessTokenValiditySeconds() > 0) {
|
|
|
|
|
Date expiration =
|
|
|
|
|
new Date(System.currentTimeMillis() + (client.getAccessTokenValiditySeconds() * 1000L));
|
|
|
|
|
token.setExpiration(expiration);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@ -225,30 +234,36 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
|
|
|
|
|
|
|
|
|
|
token.setAuthenticationHolder(authHolder);
|
|
|
|
|
|
|
|
|
|
// attach a refresh token, if this client is allowed to request them and the user gets the offline scope
|
|
|
|
|
// attach a refresh token, if this client is allowed to request them and the user gets the
|
|
|
|
|
// offline scope
|
|
|
|
|
if (client.isAllowRefresh() && token.getScope().contains(SystemScopeService.OFFLINE_ACCESS)) {
|
|
|
|
|
OAuth2RefreshTokenEntity savedRefreshToken = createRefreshToken(client, authHolder);
|
|
|
|
|
|
|
|
|
|
token.setRefreshToken(savedRefreshToken);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//Add approved site reference, if any
|
|
|
|
|
// Add approved site reference, if any
|
|
|
|
|
OAuth2Request originalAuthRequest = authHolder.getAuthentication().getOAuth2Request();
|
|
|
|
|
|
|
|
|
|
if (originalAuthRequest.getExtensions() != null && originalAuthRequest.getExtensions().containsKey("approved_site")) {
|
|
|
|
|
if (originalAuthRequest.getExtensions() != null
|
|
|
|
|
&& originalAuthRequest.getExtensions().containsKey("approved_site")) {
|
|
|
|
|
|
|
|
|
|
Long apId = Long.parseLong((String) originalAuthRequest.getExtensions().get("approved_site"));
|
|
|
|
|
Long apId =
|
|
|
|
|
Long.parseLong((String) originalAuthRequest.getExtensions().get("approved_site"));
|
|
|
|
|
ApprovedSite ap = approvedSiteService.getById(apId);
|
|
|
|
|
|
|
|
|
|
token.setApprovedSite(ap);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
OAuth2AccessTokenEntity enhancedToken = (OAuth2AccessTokenEntity) tokenEnhancer.enhance(token, authentication);
|
|
|
|
|
OAuth2AccessTokenEntity enhancedToken =
|
|
|
|
|
(OAuth2AccessTokenEntity) tokenEnhancer.enhance(token, authentication);
|
|
|
|
|
|
|
|
|
|
OAuth2AccessTokenEntity savedToken = saveAccessToken(enhancedToken);
|
|
|
|
|
|
|
|
|
|
if (savedToken.getRefreshToken() != null) {
|
|
|
|
|
tokenRepository.saveRefreshToken(savedToken.getRefreshToken()); // make sure we save any changes that might have been enhanced
|
|
|
|
|
tokenRepository.saveRefreshToken(savedToken.getRefreshToken()); // make sure we save any
|
|
|
|
|
// changes that might have
|
|
|
|
|
// been enhanced
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return savedToken;
|
|
|
|
|
@ -258,14 +273,16 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
private OAuth2RefreshTokenEntity createRefreshToken(ClientDetailsEntity client, AuthenticationHolderEntity authHolder) {
|
|
|
|
|
OAuth2RefreshTokenEntity refreshToken = new OAuth2RefreshTokenEntity(); //refreshTokenFactory.createNewRefreshToken();
|
|
|
|
|
private OAuth2RefreshTokenEntity createRefreshToken(ClientDetailsEntity client,
|
|
|
|
|
AuthenticationHolderEntity authHolder) {
|
|
|
|
|
OAuth2RefreshTokenEntity refreshToken = new OAuth2RefreshTokenEntity(); // refreshTokenFactory.createNewRefreshToken();
|
|
|
|
|
JWTClaimsSet.Builder refreshClaims = new JWTClaimsSet.Builder();
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// make it expire if necessary
|
|
|
|
|
if (client.getRefreshTokenValiditySeconds() != null) {
|
|
|
|
|
Date expiration = new Date(System.currentTimeMillis() + (client.getRefreshTokenValiditySeconds() * 1000L));
|
|
|
|
|
Date expiration =
|
|
|
|
|
new Date(System.currentTimeMillis() + (client.getRefreshTokenValiditySeconds() * 1000L));
|
|
|
|
|
refreshToken.setExpiration(expiration);
|
|
|
|
|
refreshClaims.expirationTime(expiration);
|
|
|
|
|
}
|
|
|
|
|
@ -278,25 +295,28 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
|
|
|
|
|
PlainJWT refreshJwt = new PlainJWT(refreshClaims.build());
|
|
|
|
|
refreshToken.setJwt(refreshJwt);
|
|
|
|
|
|
|
|
|
|
//Add the authentication
|
|
|
|
|
// Add the authentication
|
|
|
|
|
refreshToken.setAuthenticationHolder(authHolder);
|
|
|
|
|
refreshToken.setClient(client);
|
|
|
|
|
|
|
|
|
|
// save the token first so that we can set it to a member of the access token (NOTE: is this step necessary?)
|
|
|
|
|
// save the token first so that we can set it to a member of the access token (NOTE: is this
|
|
|
|
|
// step necessary?)
|
|
|
|
|
OAuth2RefreshTokenEntity savedRefreshToken = tokenRepository.saveRefreshToken(refreshToken);
|
|
|
|
|
return savedRefreshToken;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
|
@Transactional(value="defaultTransactionManager")
|
|
|
|
|
public OAuth2AccessTokenEntity refreshAccessToken(String refreshTokenValue, TokenRequest authRequest) throws AuthenticationException {
|
|
|
|
|
@Transactional(value = "defaultTransactionManager")
|
|
|
|
|
public OAuth2AccessTokenEntity refreshAccessToken(String refreshTokenValue,
|
|
|
|
|
TokenRequest authRequest) throws AuthenticationException {
|
|
|
|
|
|
|
|
|
|
if (Strings.isNullOrEmpty(refreshTokenValue)) {
|
|
|
|
|
// throw an invalid token exception if there's no refresh token value at all
|
|
|
|
|
throw new InvalidTokenException("Invalid refresh token: " + refreshTokenValue);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
OAuth2RefreshTokenEntity refreshToken = clearExpiredRefreshToken(tokenRepository.getRefreshTokenByValue(refreshTokenValue));
|
|
|
|
|
OAuth2RefreshTokenEntity refreshToken =
|
|
|
|
|
clearExpiredRefreshToken(tokenRepository.getRefreshTokenByValue(refreshTokenValue));
|
|
|
|
|
|
|
|
|
|
if (refreshToken == null) {
|
|
|
|
|
// throw an invalid token exception if we couldn't find the token
|
|
|
|
|
@ -308,13 +328,14 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
|
|
|
|
|
AuthenticationHolderEntity authHolder = refreshToken.getAuthenticationHolder();
|
|
|
|
|
|
|
|
|
|
// make sure that the client requesting the token is the one who owns the refresh token
|
|
|
|
|
ClientDetailsEntity requestingClient = clientDetailsService.loadClientByClientId(authRequest.getClientId());
|
|
|
|
|
ClientDetailsEntity requestingClient =
|
|
|
|
|
clientDetailsService.loadClientByClientId(authRequest.getClientId());
|
|
|
|
|
if (!client.getClientId().equals(requestingClient.getClientId())) {
|
|
|
|
|
tokenRepository.removeRefreshToken(refreshToken);
|
|
|
|
|
throw new InvalidClientException("Client does not own the presented refresh token");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//Make sure this client allows access token refreshing
|
|
|
|
|
// Make sure this client allows access token refreshing
|
|
|
|
|
if (!client.isAllowRefresh()) {
|
|
|
|
|
throw new InvalidClientException("Client does not allow refreshing access token!");
|
|
|
|
|
}
|
|
|
|
|
@ -334,7 +355,8 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
|
|
|
|
|
Set<String> reservedScopes = scopeService.toStrings(scopeService.getReserved());
|
|
|
|
|
|
|
|
|
|
// Scopes linked to the refresh token, i.e. authorized by the user
|
|
|
|
|
Set<String> authorizedScopes = Sets.newHashSet(refreshToken.getAuthenticationHolder().getAuthentication().getOAuth2Request().getScope());
|
|
|
|
|
Set<String> authorizedScopes = Sets.newHashSet(
|
|
|
|
|
refreshToken.getAuthenticationHolder().getAuthentication().getOAuth2Request().getScope());
|
|
|
|
|
authorizedScopes.removeAll(reservedScopes);
|
|
|
|
|
|
|
|
|
|
// Scopes requested in this refresh token flow
|
|
|
|
|
@ -363,7 +385,8 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
|
|
|
|
|
token.setClient(client);
|
|
|
|
|
|
|
|
|
|
if (client.getAccessTokenValiditySeconds() != null) {
|
|
|
|
|
Date expiration = new Date(System.currentTimeMillis() + (client.getAccessTokenValiditySeconds() * 1000L));
|
|
|
|
|
Date expiration =
|
|
|
|
|
new Date(System.currentTimeMillis() + (client.getAccessTokenValiditySeconds() * 1000L));
|
|
|
|
|
token.setExpiration(expiration);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@ -381,14 +404,10 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
|
|
|
|
|
|
|
|
|
|
token.setAuthenticationHolder(authHolder);
|
|
|
|
|
|
|
|
|
|
OAuth2Authentication auth = authHolder.getAuthentication();
|
|
|
|
|
OAuth2Authentication authentication = authHolder.getAuthentication();
|
|
|
|
|
|
|
|
|
|
// Pass down the audience to IAM specific logic
|
|
|
|
|
if (authRequest.getRequestParameters().containsKey("audience")) {
|
|
|
|
|
auth.getOAuth2Request().getExtensions().put("aud", authRequest.getRequestParameters().get("audience"));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
tokenEnhancer.enhance(token, authHolder.getAuthentication());
|
|
|
|
|
tokenEnhancer.enhance(token, new OAuth2Authentication(
|
|
|
|
|
authentication.getOAuth2Request().refresh(authRequest), authHolder.getUserAuth()));
|
|
|
|
|
|
|
|
|
|
tokenRepository.saveAccessToken(token);
|
|
|
|
|
|
|
|
|
|
@ -396,8 +415,10 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
|
public OAuth2Authentication loadAuthentication(String accessTokenValue) throws AuthenticationException {
|
|
|
|
|
OAuth2AccessTokenEntity accessToken = clearExpiredAccessToken(tokenRepository.getAccessTokenByValue(accessTokenValue));
|
|
|
|
|
public OAuth2Authentication loadAuthentication(String accessTokenValue)
|
|
|
|
|
throws AuthenticationException {
|
|
|
|
|
OAuth2AccessTokenEntity accessToken =
|
|
|
|
|
clearExpiredAccessToken(tokenRepository.getAccessTokenByValue(accessTokenValue));
|
|
|
|
|
|
|
|
|
|
if (accessToken == null) {
|
|
|
|
|
throw new InvalidTokenException("Invalid access token: " + accessTokenValue);
|
|
|
|
|
@ -411,10 +432,13 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
|
|
|
|
|
* Get an access token from its token value.
|
|
|
|
|
*/
|
|
|
|
|
@Override
|
|
|
|
|
public OAuth2AccessTokenEntity readAccessToken(String accessTokenValue) throws AuthenticationException {
|
|
|
|
|
OAuth2AccessTokenEntity accessToken = clearExpiredAccessToken(tokenRepository.getAccessTokenByValue(accessTokenValue));
|
|
|
|
|
public OAuth2AccessTokenEntity readAccessToken(String accessTokenValue)
|
|
|
|
|
throws AuthenticationException {
|
|
|
|
|
OAuth2AccessTokenEntity accessToken =
|
|
|
|
|
clearExpiredAccessToken(tokenRepository.getAccessTokenByValue(accessTokenValue));
|
|
|
|
|
if (accessToken == null) {
|
|
|
|
|
throw new InvalidTokenException("Access token for value " + accessTokenValue + " was not found");
|
|
|
|
|
throw new InvalidTokenException(
|
|
|
|
|
"Access token for value " + accessTokenValue + " was not found");
|
|
|
|
|
} else {
|
|
|
|
|
return accessToken;
|
|
|
|
|
}
|
|
|
|
|
@ -426,19 +450,22 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
|
|
|
|
|
@Override
|
|
|
|
|
public OAuth2AccessTokenEntity getAccessToken(OAuth2Authentication authentication) {
|
|
|
|
|
// TODO: implement this against the new service (#825)
|
|
|
|
|
throw new UnsupportedOperationException("Unable to look up access token from authentication object.");
|
|
|
|
|
throw new UnsupportedOperationException(
|
|
|
|
|
"Unable to look up access token from authentication object.");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Get a refresh token by its token value.
|
|
|
|
|
*/
|
|
|
|
|
@Override
|
|
|
|
|
public OAuth2RefreshTokenEntity getRefreshToken(String refreshTokenValue) throws AuthenticationException {
|
|
|
|
|
OAuth2RefreshTokenEntity refreshToken = tokenRepository.getRefreshTokenByValue(refreshTokenValue);
|
|
|
|
|
public OAuth2RefreshTokenEntity getRefreshToken(String refreshTokenValue)
|
|
|
|
|
throws AuthenticationException {
|
|
|
|
|
OAuth2RefreshTokenEntity refreshToken =
|
|
|
|
|
tokenRepository.getRefreshTokenByValue(refreshTokenValue);
|
|
|
|
|
if (refreshToken == null) {
|
|
|
|
|
throw new InvalidTokenException("Refresh token for value " + refreshTokenValue + " was not found");
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
throw new InvalidTokenException(
|
|
|
|
|
"Refresh token for value " + refreshTokenValue + " was not found");
|
|
|
|
|
} else {
|
|
|
|
|
return refreshToken;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
@ -447,7 +474,7 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
|
|
|
|
|
* Revoke a refresh token and all access tokens issued to it.
|
|
|
|
|
*/
|
|
|
|
|
@Override
|
|
|
|
|
@Transactional(value="defaultTransactionManager")
|
|
|
|
|
@Transactional(value = "defaultTransactionManager")
|
|
|
|
|
public void revokeRefreshToken(OAuth2RefreshTokenEntity refreshToken) {
|
|
|
|
|
tokenRepository.clearAccessTokensForRefreshToken(refreshToken);
|
|
|
|
|
tokenRepository.removeRefreshToken(refreshToken);
|
|
|
|
|
@ -457,7 +484,7 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
|
|
|
|
|
* Revoke an access token.
|
|
|
|
|
*/
|
|
|
|
|
@Override
|
|
|
|
|
@Transactional(value="defaultTransactionManager")
|
|
|
|
|
@Transactional(value = "defaultTransactionManager")
|
|
|
|
|
public void revokeAccessToken(OAuth2AccessTokenEntity accessToken) {
|
|
|
|
|
tokenRepository.removeAccessToken(accessToken);
|
|
|
|
|
}
|
|
|
|
|
@ -503,10 +530,12 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
|
|
|
|
|
}
|
|
|
|
|
}.execute();
|
|
|
|
|
|
|
|
|
|
new AbstractPageOperationTemplate<AuthenticationHolderEntity>("clearExpiredAuthenticationHolders") {
|
|
|
|
|
new AbstractPageOperationTemplate<AuthenticationHolderEntity>(
|
|
|
|
|
"clearExpiredAuthenticationHolders") {
|
|
|
|
|
@Override
|
|
|
|
|
public Collection<AuthenticationHolderEntity> fetchPage() {
|
|
|
|
|
return authenticationHolderRepository.getOrphanedAuthenticationHolders(new DefaultPageCriteria());
|
|
|
|
|
return authenticationHolderRepository
|
|
|
|
|
.getOrphanedAuthenticationHolders(new DefaultPageCriteria());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
|
@ -516,27 +545,35 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
|
|
|
|
|
}.execute();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* (non-Javadoc)
|
|
|
|
|
* @see org.mitre.oauth2.service.OAuth2TokenEntityService#saveAccessToken(org.mitre.oauth2.model.OAuth2AccessTokenEntity)
|
|
|
|
|
/*
|
|
|
|
|
* (non-Javadoc)
|
|
|
|
|
*
|
|
|
|
|
* @see org.mitre.oauth2.service.OAuth2TokenEntityService#saveAccessToken(org.mitre.oauth2.model.
|
|
|
|
|
* OAuth2AccessTokenEntity)
|
|
|
|
|
*/
|
|
|
|
|
@Override
|
|
|
|
|
@Transactional(value="defaultTransactionManager")
|
|
|
|
|
@Transactional(value = "defaultTransactionManager")
|
|
|
|
|
public OAuth2AccessTokenEntity saveAccessToken(OAuth2AccessTokenEntity accessToken) {
|
|
|
|
|
OAuth2AccessTokenEntity newToken = tokenRepository.saveAccessToken(accessToken);
|
|
|
|
|
|
|
|
|
|
// if the old token has any additional information for the return from the token endpoint, carry it through here after save
|
|
|
|
|
if (accessToken.getAdditionalInformation() != null && !accessToken.getAdditionalInformation().isEmpty()) {
|
|
|
|
|
// if the old token has any additional information for the return from the token endpoint, carry
|
|
|
|
|
// it through here after save
|
|
|
|
|
if (accessToken.getAdditionalInformation() != null
|
|
|
|
|
&& !accessToken.getAdditionalInformation().isEmpty()) {
|
|
|
|
|
newToken.getAdditionalInformation().putAll(accessToken.getAdditionalInformation());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return newToken;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* (non-Javadoc)
|
|
|
|
|
* @see org.mitre.oauth2.service.OAuth2TokenEntityService#saveRefreshToken(org.mitre.oauth2.model.OAuth2RefreshTokenEntity)
|
|
|
|
|
/*
|
|
|
|
|
* (non-Javadoc)
|
|
|
|
|
*
|
|
|
|
|
* @see org.mitre.oauth2.service.OAuth2TokenEntityService#saveRefreshToken(org.mitre.oauth2.model.
|
|
|
|
|
* OAuth2RefreshTokenEntity)
|
|
|
|
|
*/
|
|
|
|
|
@Override
|
|
|
|
|
@Transactional(value="defaultTransactionManager")
|
|
|
|
|
@Transactional(value = "defaultTransactionManager")
|
|
|
|
|
public OAuth2RefreshTokenEntity saveRefreshToken(OAuth2RefreshTokenEntity refreshToken) {
|
|
|
|
|
return tokenRepository.saveRefreshToken(refreshToken);
|
|
|
|
|
}
|
|
|
|
|
@ -560,7 +597,8 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
|
|
|
|
|
List<OAuth2AccessTokenEntity> allTokens = getAccessTokensForClient(client);
|
|
|
|
|
|
|
|
|
|
for (OAuth2AccessTokenEntity token : allTokens) {
|
|
|
|
|
if ((token.getScope().contains(SystemScopeService.REGISTRATION_TOKEN_SCOPE) || token.getScope().contains(SystemScopeService.RESOURCE_TOKEN_SCOPE))
|
|
|
|
|
if ((token.getScope().contains(SystemScopeService.REGISTRATION_TOKEN_SCOPE)
|
|
|
|
|
|| token.getScope().contains(SystemScopeService.RESOURCE_TOKEN_SCOPE))
|
|
|
|
|
&& token.getScope().size() == 1) {
|
|
|
|
|
// if it only has the registration scope, then it's a registration token
|
|
|
|
|
return token;
|
|
|
|
|
|
Andrea Ceccanti