public OAuth2AccessToken enhance( OAuth2AccessToken accessToken, OAuth2Authentication authentication) { DefaultOAuth2AccessToken result = new DefaultOAuth2AccessToken(accessToken); Map<String, Object> info = new LinkedHashMap<String, Object>(accessToken.getAdditionalInformation()); String tokenId = result.getValue(); if (!info.containsKey(TOKEN_ID)) { info.put(TOKEN_ID, tokenId); } result.setAdditionalInformation(info); return result.setValue(encode(result, authentication)); }
private OAuth2AccessToken createAccessToken( OAuth2Authentication authentication, OAuth2RefreshToken refreshToken) { DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken(UUID.randomUUID().toString()); int validitySeconds = getAccessTokenValiditySeconds(authentication.getOAuth2Request()); if (validitySeconds > 0) { token.setExpiration(new Date(System.currentTimeMillis() + (validitySeconds * 1000L))); } token.setRefreshToken(refreshToken); token.setScope(authentication.getOAuth2Request().getScope()); return accessTokenEnhancer != null ? accessTokenEnhancer.enhance(token, authentication) : token; }
@Test public void testExpiredToken() throws Exception { OAuth2Authentication expectedAuthentication = new OAuth2Authentication( new AuthorizationRequest("id", Collections.singleton("read"), null, null), new TestAuthentication("test2", false)); DefaultOAuth2AccessToken firstAccessToken = (DefaultOAuth2AccessToken) getTokenServices().createAccessToken(expectedAuthentication); // Make it expire (and rely on mutable state in volatile token store) firstAccessToken.setExpiration(new Date(System.currentTimeMillis() - 1000)); expected.expect(InvalidTokenException.class); expected.expectMessage("expired"); getTokenServices().loadAuthentication(firstAccessToken.getValue()); }
private Collection<OAuth2AccessToken> enhance(Collection<OAuth2AccessToken> tokens) { Collection<OAuth2AccessToken> result = new ArrayList<OAuth2AccessToken>(); for (OAuth2AccessToken prototype : tokens) { DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken(prototype); String clientId = tokenStore.readAuthentication(token).getOAuth2Request().getClientId(); if (clientId != null) { Map<String, Object> map = new HashMap<String, Object>(token.getAdditionalInformation()); map.put("client_id", clientId); token.setAdditionalInformation(map); result.add(token); } } return result; }
@Test public void testDifferentRefreshTokenMaintainsState() throws Exception { // create access token getTokenServices().setAccessTokenValiditySeconds(1); getTokenServices() .setClientDetailsService( new ClientDetailsService() { public ClientDetails loadClientByClientId(String clientId) throws OAuth2Exception { BaseClientDetails client = new BaseClientDetails(); client.setAccessTokenValiditySeconds(1); return client; } }); OAuth2Authentication expectedAuthentication = new OAuth2Authentication( new AuthorizationRequest("id", Collections.singleton("read"), null, null), new TestAuthentication("test2", false)); DefaultOAuth2AccessToken firstAccessToken = (DefaultOAuth2AccessToken) getTokenServices().createAccessToken(expectedAuthentication); OAuth2RefreshToken expectedExpiringRefreshToken = firstAccessToken.getRefreshToken(); // Make it expire (and rely on mutable state in volatile token store) firstAccessToken.setExpiration(new Date(System.currentTimeMillis() - 1000)); // create another access token OAuth2AccessToken secondAccessToken = getTokenServices().createAccessToken(expectedAuthentication); assertFalse( "The new access token should be different", firstAccessToken.getValue().equals(secondAccessToken.getValue())); assertEquals( "The new access token should have the same refresh token", expectedExpiringRefreshToken.getValue(), secondAccessToken.getRefreshToken().getValue()); // refresh access token with refresh token getTokenServices() .refreshAccessToken( expectedExpiringRefreshToken.getValue(), expectedAuthentication.getAuthorizationRequest().getScope()); assertEquals(1, getAccessTokenCount()); }