private AuthorizationRequest clientCredentialToken(AccessTokenRequest accessTokenRequest) {
AuthorizationRequest request = new AuthorizationRequest();
request.setClient(accessTokenRequest.getClient());
// We have to construct a AuthenticatedPrincipal on-the-fly as there is only key-secret
// authentication
request.setPrincipal(new AuthenticatedPrincipal(request.getClient().getClientId()));
// Get scopes (either from request or the client's default set)
request.setGrantedScopes(accessTokenRequest.getScopeList());
return request;
}
/*
* In the user consent filter the scopes are (possible) set on the Request
*/
private void processScopes(AuthorizationRequest authReq, HttpServletRequest request) {
if (authReq.getClient().isSkipConsent()) {
// return the scopes in the authentication request since the requested scopes are stored in
// the
// authorizationRequest.
authReq.setGrantedScopes(authReq.getRequestedScopes());
} else {
String[] scopes = (String[]) request.getAttribute(AbstractUserConsentHandler.GRANTED_SCOPES);
if (!ArrayUtils.isEmpty(scopes)) {
authReq.setGrantedScopes(Arrays.asList(scopes));
} else {
authReq.setGrantedScopes(null);
}
}
}
private Response sendImplicitGrantResponse(
AuthorizationRequest authReq, AccessToken accessToken) {
String uri = authReq.getRedirectUri();
String fragment =
String.format(
"access_token=%s&token_type=bearer&expires_in=%s&scope=%s",
accessToken.getToken(),
accessToken.getExpiresIn(),
StringUtils.join(authReq.getGrantedScopes(), ','))
+ appendStateParameter(authReq);
if (authReq.getClient().isIncludePrincipal()) {
fragment += String.format("&principal=%s", authReq.getPrincipal().getDisplayName());
}
return Response.seeOther(UriBuilder.fromUri(uri).fragment(fragment).build())
.cacheControl(cacheControlNoStore())
.header("Pragma", "no-cache")
.build();
}
private AccessToken createAccessToken(AuthorizationRequest request, boolean isImplicitGrant) {
Client client = request.getClient();
long expireDuration = client.getExpireDuration();
long expires =
(expireDuration == 0L ? 0L : (System.currentTimeMillis() + (1000 * expireDuration)));
String refreshToken =
(client.isUseRefreshTokens() && !isImplicitGrant) ? getTokenValue(true) : null;
AuthenticatedPrincipal principal = request.getPrincipal();
AccessToken token =
new AccessToken(
getTokenValue(false),
principal,
client,
expires,
request.getGrantedScopes(),
refreshToken);
return accessTokenRepository.save(token);
}