From d2c83104fbeda54e2964e6bed8ae0d472201bbd3 Mon Sep 17 00:00:00 2001
From: Justin Richer <jricher@mit.edu>
Date: Tue, 27 May 2014 19:28:38 -0400
Subject: [PATCH] cascade token saves

---
 .../impl/DefaultOAuth2ProviderTokenService.java | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java
index 1c7f315bc..8030105af 100644
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java
@@ -190,13 +190,14 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
 
 
 				// save the token first so that we can set it to a member of the access token (NOTE: is this step necessary?)
-				tokenRepository.saveRefreshToken(refreshToken);
+				OAuth2RefreshTokenEntity savedRefreshToken = tokenRepository.saveRefreshToken(refreshToken);
 
-				token.setRefreshToken(refreshToken);
+				token.setRefreshToken(savedRefreshToken);
 			}
+			
+			OAuth2AccessTokenEntity enhancedToken = (OAuth2AccessTokenEntity) tokenEnhancer.enhance(token, authentication);
 
-			token = (OAuth2AccessTokenEntity) tokenEnhancer.enhance(token, authentication);
-			tokenRepository.saveAccessToken(token);
+			OAuth2AccessTokenEntity savedToken = tokenRepository.saveAccessToken(enhancedToken);
 
 			//Add approved site reference, if any
 			OAuth2Request originalAuthRequest = authHolder.getAuthentication().getOAuth2Request();
@@ -206,17 +207,17 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
 				Long apId = (Long) originalAuthRequest.getExtensions().get("approved_site");
 				ApprovedSite ap = approvedSiteService.getById(apId);
 				Set<OAuth2AccessTokenEntity> apTokens = ap.getApprovedAccessTokens();
-				apTokens.add(token);
+				apTokens.add(savedToken);
 				ap.setApprovedAccessTokens(apTokens);
 				approvedSiteService.save(ap);
 
 			}
 
-			if (token.getRefreshToken() != null) {
-				tokenRepository.saveRefreshToken(token.getRefreshToken()); // make sure we save any changes that might have been enhanced
+			if (savedToken.getRefreshToken() != null) {
+				tokenRepository.saveRefreshToken(savedToken.getRefreshToken()); // make sure we save any changes that might have been enhanced
 			}
 
-			return token;
+			return savedToken;
 		}
 
 		throw new AuthenticationCredentialsNotFoundException("No authentication credentials found");