protected void saveAccessToken(ServerAccessToken serverToken) {
getEntityManager().getTransaction().begin();
List<OAuthPermission> perms = new LinkedList<OAuthPermission>();
for (OAuthPermission perm : serverToken.getScopes()) {
OAuthPermission permSaved =
getEntityManager().find(OAuthPermission.class, perm.getPermission());
if (permSaved != null) {
perms.add(permSaved);
} else {
getEntityManager().persist(perm);
perms.add(perm);
}
}
serverToken.setScopes(perms);
UserSubject sub =
getEntityManager().find(UserSubject.class, serverToken.getSubject().getLogin());
if (sub == null) {
getEntityManager().persist(serverToken.getSubject());
} else {
sub = getEntityManager().merge(serverToken.getSubject());
serverToken.setSubject(sub);
}
getEntityManager().persist(serverToken);
getEntityManager().getTransaction().commit();
}
private static String tokenizeServerToken(ServerAccessToken token) {
StringBuilder state = new StringBuilder();
// 0: key
state.append(tokenizeString(token.getTokenKey()));
// 1: type
state.append(SEP);
state.append(tokenizeString(token.getTokenType()));
// 2: expiresIn
state.append(SEP);
state.append(token.getExpiresIn());
// 3: issuedAt
state.append(SEP);
state.append(token.getIssuedAt());
// 4: client id
state.append(SEP);
state.append(tokenizeString(token.getClient().getClientId()));
// 5: refresh token
state.append(SEP);
state.append(tokenizeString(token.getRefreshToken()));
// 6: grant type
state.append(SEP);
state.append(tokenizeString(token.getGrantType()));
// 7: audience
state.append(SEP);
state.append(tokenizeString(token.getAudience()));
// 8: other parameters
state.append(SEP);
// {key=value, key=value}
state.append(token.getParameters().toString());
// 9: permissions
state.append(SEP);
if (token.getScopes().isEmpty()) {
state.append(" ");
} else {
for (OAuthPermission p : token.getScopes()) {
// 9.1
state.append(tokenizeString(p.getPermission()));
state.append(".");
// 9.2
state.append(tokenizeString(p.getDescription()));
state.append(".");
// 9.3
state.append(p.isDefault());
state.append(".");
// 9.4
state.append(p.getHttpVerbs().toString());
state.append(".");
// 9.5
state.append(p.getUris().toString());
}
}
state.append(SEP);
// 10: user subject
tokenizeUserSubject(state, token.getSubject());
return state.toString();
}
private String getProcessedIdToken(ServerAccessToken st) {
if (userInfoProvider != null) {
IdToken idToken =
userInfoProvider.getIdToken(
st.getClient().getClientId(), st.getSubject(), st.getScopes());
setAtHashAndNonce(idToken, st);
return super.processJwt(new JwtToken(idToken), st.getClient());
} else if (st.getSubject().getProperties().containsKey(OidcUtils.ID_TOKEN)) {
return st.getSubject().getProperties().get(OidcUtils.ID_TOKEN);
} else if (st.getSubject() instanceof OidcUserSubject) {
OidcUserSubject sub = (OidcUserSubject) st.getSubject();
IdToken idToken = new IdToken(sub.getIdToken());
idToken.setAudience(st.getClient().getClientId());
idToken.setAuthorizedParty(st.getClient().getClientId());
// if this token was refreshed then the cloned IDToken might need to have its
// issuedAt and expiry time properties adjusted if it proves to be necessary
setAtHashAndNonce(idToken, st);
return super.processJwt(new JwtToken(idToken), st.getClient());
} else {
return null;
}
}
