private ClientAccessToken refreshAccessTokenIfExpired(ClientAccessToken at) {
if (at.getRefreshToken() != null
&& ((expiryThreshold > 0
&& OAuthUtils.isExpired(at.getIssuedAt(), at.getExpiresIn() - expiryThreshold))
|| OAuthUtils.isExpired(at.getIssuedAt(), at.getExpiresIn()))) {
return OAuthClientUtils.refreshAccessToken(accessTokenServiceClient, consumer, at);
}
return null;
}
/**
* Processes an access token request
*
* @param params the form parameters representing the access token grant
* @return Access Token or the error
*/
@POST
@Consumes("application/x-www-form-urlencoded")
@Produces("application/json")
public Response handleTokenRequest(MultivaluedMap<String, String> params) {
// Make sure the client is authenticated
Client client = authenticateClientIfNeeded(params);
if (!OAuthUtils.isGrantSupportedForClient(
client, isCanSupportPublicClients(), params.getFirst(OAuthConstants.GRANT_TYPE))) {
return createErrorResponse(params, OAuthConstants.UNAUTHORIZED_CLIENT);
}
try {
checkAudience(params);
} catch (OAuthServiceException ex) {
return super.createErrorResponseFromBean(ex.getError());
}
// Find the grant handler
AccessTokenGrantHandler handler = findGrantHandler(params);
if (handler == null) {
return createErrorResponse(params, OAuthConstants.UNSUPPORTED_GRANT_TYPE);
}
// Create the access token
ServerAccessToken serverToken = null;
try {
serverToken = handler.createAccessToken(client, params);
} catch (OAuthServiceException ex) {
return handleException(ex, OAuthConstants.INVALID_GRANT);
}
if (serverToken == null) {
return createErrorResponse(params, OAuthConstants.INVALID_GRANT);
}
// Extract the information to be of use for the client
ClientAccessToken clientToken =
new ClientAccessToken(serverToken.getTokenType(), serverToken.getTokenKey());
clientToken.setRefreshToken(serverToken.getRefreshToken());
if (isWriteOptionalParameters()) {
clientToken.setExpiresIn(serverToken.getExpiresIn());
List<OAuthPermission> perms = serverToken.getScopes();
if (!perms.isEmpty()) {
clientToken.setApprovedScope(OAuthUtils.convertPermissionsToScope(perms));
}
clientToken.setParameters(serverToken.getParameters());
}
// Return it to the client
return Response.ok(clientToken)
.header(HttpHeaders.CACHE_CONTROL, "no-store")
.header("Pragma", "no-cache")
.build();
}
private void setAtHashAndNonce(IdToken idToken, ServerAccessToken st) {
if (idToken.getAccessTokenHash() == null) {
Properties props = JwsUtils.loadSignatureOutProperties(false);
SignatureAlgorithm sigAlgo = null;
if (super.isSignWithClientSecret()) {
sigAlgo = OAuthUtils.getClientSecretSignatureAlgorithm(props);
} else {
sigAlgo = JwsUtils.getSignatureAlgorithm(props, SignatureAlgorithm.RS256);
}
if (sigAlgo != SignatureAlgorithm.NONE) {
String atHash = OidcUtils.calculateAccessTokenHash(st.getTokenKey(), sigAlgo);
idToken.setAccessTokenHash(atHash);
}
}
Message m = JAXRSUtils.getCurrentMessage();
if (m != null && m.getExchange().containsKey(OAuthConstants.NONCE)) {
idToken.setNonce((String) m.getExchange().get(OAuthConstants.NONCE));
} else if (st.getNonce() != null) {
idToken.setNonce(st.getNonce());
}
}
protected long getIssuedAt() {
return OAuthUtils.getIssuedAt();
}
protected String getCode(AuthorizationCodeRegistration reg) {
return OAuthUtils.generateRandomTokenKey();
}