protected void saveAccessToken(ServerAccessToken serverToken) { getEntityManager().getTransaction().begin(); List<OAuthPermission> perms = new LinkedList<OAuthPermission>(); for (OAuthPermission perm : serverToken.getScopes()) { OAuthPermission permSaved = getEntityManager().find(OAuthPermission.class, perm.getPermission()); if (permSaved != null) { perms.add(permSaved); } else { getEntityManager().persist(perm); perms.add(perm); } } serverToken.setScopes(perms); UserSubject sub = getEntityManager().find(UserSubject.class, serverToken.getSubject().getLogin()); if (sub == null) { getEntityManager().persist(serverToken.getSubject()); } else { sub = getEntityManager().merge(serverToken.getSubject()); serverToken.setSubject(sub); } getEntityManager().persist(serverToken); getEntityManager().getTransaction().commit(); }
private static String tokenizeServerToken(ServerAccessToken token) { StringBuilder state = new StringBuilder(); // 0: key state.append(tokenizeString(token.getTokenKey())); // 1: type state.append(SEP); state.append(tokenizeString(token.getTokenType())); // 2: expiresIn state.append(SEP); state.append(token.getExpiresIn()); // 3: issuedAt state.append(SEP); state.append(token.getIssuedAt()); // 4: client id state.append(SEP); state.append(tokenizeString(token.getClient().getClientId())); // 5: refresh token state.append(SEP); state.append(tokenizeString(token.getRefreshToken())); // 6: grant type state.append(SEP); state.append(tokenizeString(token.getGrantType())); // 7: audience state.append(SEP); state.append(tokenizeString(token.getAudience())); // 8: other parameters state.append(SEP); // {key=value, key=value} state.append(token.getParameters().toString()); // 9: permissions state.append(SEP); if (token.getScopes().isEmpty()) { state.append(" "); } else { for (OAuthPermission p : token.getScopes()) { // 9.1 state.append(tokenizeString(p.getPermission())); state.append("."); // 9.2 state.append(tokenizeString(p.getDescription())); state.append("."); // 9.3 state.append(p.isDefault()); state.append("."); // 9.4 state.append(p.getHttpVerbs().toString()); state.append("."); // 9.5 state.append(p.getUris().toString()); } } state.append(SEP); // 10: user subject tokenizeUserSubject(state, token.getSubject()); return state.toString(); }
private String getProcessedIdToken(ServerAccessToken st) { if (userInfoProvider != null) { IdToken idToken = userInfoProvider.getIdToken( st.getClient().getClientId(), st.getSubject(), st.getScopes()); setAtHashAndNonce(idToken, st); return super.processJwt(new JwtToken(idToken), st.getClient()); } else if (st.getSubject().getProperties().containsKey(OidcUtils.ID_TOKEN)) { return st.getSubject().getProperties().get(OidcUtils.ID_TOKEN); } else if (st.getSubject() instanceof OidcUserSubject) { OidcUserSubject sub = (OidcUserSubject) st.getSubject(); IdToken idToken = new IdToken(sub.getIdToken()); idToken.setAudience(st.getClient().getClientId()); idToken.setAuthorizedParty(st.getClient().getClientId()); // if this token was refreshed then the cloned IDToken might need to have its // issuedAt and expiry time properties adjusted if it proves to be necessary setAtHashAndNonce(idToken, st); return super.processJwt(new JwtToken(idToken), st.getClient()); } else { return null; } }