private static String tokenizeServerToken(ServerAccessToken token) { StringBuilder state = new StringBuilder(); // 0: key state.append(tokenizeString(token.getTokenKey())); // 1: type state.append(SEP); state.append(tokenizeString(token.getTokenType())); // 2: expiresIn state.append(SEP); state.append(token.getExpiresIn()); // 3: issuedAt state.append(SEP); state.append(token.getIssuedAt()); // 4: client id state.append(SEP); state.append(tokenizeString(token.getClient().getClientId())); // 5: refresh token state.append(SEP); state.append(tokenizeString(token.getRefreshToken())); // 6: grant type state.append(SEP); state.append(tokenizeString(token.getGrantType())); // 7: audience state.append(SEP); state.append(tokenizeString(token.getAudience())); // 8: other parameters state.append(SEP); // {key=value, key=value} state.append(token.getParameters().toString()); // 9: permissions state.append(SEP); if (token.getScopes().isEmpty()) { state.append(" "); } else { for (OAuthPermission p : token.getScopes()) { // 9.1 state.append(tokenizeString(p.getPermission())); state.append("."); // 9.2 state.append(tokenizeString(p.getDescription())); state.append("."); // 9.3 state.append(p.isDefault()); state.append("."); // 9.4 state.append(p.getHttpVerbs().toString()); state.append("."); // 9.5 state.append(p.getUris().toString()); } } state.append(SEP); // 10: user subject tokenizeUserSubject(state, token.getSubject()); return state.toString(); }
/** * Processes an access token request * * @param params the form parameters representing the access token grant * @return Access Token or the error */ @POST @Consumes("application/x-www-form-urlencoded") @Produces("application/json") public Response handleTokenRequest(MultivaluedMap<String, String> params) { // Make sure the client is authenticated Client client = authenticateClientIfNeeded(params); if (!OAuthUtils.isGrantSupportedForClient( client, isCanSupportPublicClients(), params.getFirst(OAuthConstants.GRANT_TYPE))) { return createErrorResponse(params, OAuthConstants.UNAUTHORIZED_CLIENT); } try { checkAudience(params); } catch (OAuthServiceException ex) { return super.createErrorResponseFromBean(ex.getError()); } // Find the grant handler AccessTokenGrantHandler handler = findGrantHandler(params); if (handler == null) { return createErrorResponse(params, OAuthConstants.UNSUPPORTED_GRANT_TYPE); } // Create the access token ServerAccessToken serverToken = null; try { serverToken = handler.createAccessToken(client, params); } catch (OAuthServiceException ex) { return handleException(ex, OAuthConstants.INVALID_GRANT); } if (serverToken == null) { return createErrorResponse(params, OAuthConstants.INVALID_GRANT); } // Extract the information to be of use for the client ClientAccessToken clientToken = new ClientAccessToken(serverToken.getTokenType(), serverToken.getTokenKey()); clientToken.setRefreshToken(serverToken.getRefreshToken()); if (isWriteOptionalParameters()) { clientToken.setExpiresIn(serverToken.getExpiresIn()); List<OAuthPermission> perms = serverToken.getScopes(); if (!perms.isEmpty()) { clientToken.setApprovedScope(OAuthUtils.convertPermissionsToScope(perms)); } clientToken.setParameters(serverToken.getParameters()); } // Return it to the client return Response.ok(clientToken) .header(HttpHeaders.CACHE_CONTROL, "no-store") .header("Pragma", "no-cache") .build(); }
private void setAtHashAndNonce(IdToken idToken, ServerAccessToken st) { if (idToken.getAccessTokenHash() == null) { Properties props = JwsUtils.loadSignatureOutProperties(false); SignatureAlgorithm sigAlgo = null; if (super.isSignWithClientSecret()) { sigAlgo = OAuthUtils.getClientSecretSignatureAlgorithm(props); } else { sigAlgo = JwsUtils.getSignatureAlgorithm(props, SignatureAlgorithm.RS256); } if (sigAlgo != SignatureAlgorithm.NONE) { String atHash = OidcUtils.calculateAccessTokenHash(st.getTokenKey(), sigAlgo); idToken.setAccessTokenHash(atHash); } } Message m = JAXRSUtils.getCurrentMessage(); if (m != null && m.getExchange().containsKey(OAuthConstants.NONCE)) { idToken.setNonce((String) m.getExchange().get(OAuthConstants.NONCE)); } else if (st.getNonce() != null) { idToken.setNonce(st.getNonce()); } }
@Override public void removeAccessToken(final ServerAccessToken sat) throws OAuthServiceException { if (token != null && token.getTokenKey().equals(sat.getTokenKey())) { token = null; } }
@Override public ServerAccessToken getAccessToken(final String tokenId) throws OAuthServiceException { return token == null || token.getTokenKey().equals(tokenId) ? token : null; }