public Response processAccessCode( String scopeParam, String state, String redirect, ClientModel client, UserModel user, UserSessionModel session, String username, boolean rememberMe, String authMethod, Audit audit) { isTotpConfigurationRequired(user); isEmailVerificationRequired(user); boolean isResource = client instanceof ApplicationModel; AccessCodeEntry accessCode = tokenManager.createAccessCode(scopeParam, state, redirect, realm, client, user, session); accessCode.setUsername(username); accessCode.setRememberMe(rememberMe); accessCode.setAuthMethod(authMethod); log.debugv("processAccessCode: isResource: {0}", isResource); log.debugv( "processAccessCode: go to oauth page?: {0}", (!isResource && (accessCode.getRealmRolesRequested().size() > 0 || accessCode.getResourceRolesRequested().size() > 0))); audit.detail(Details.CODE_ID, accessCode.getId()); Set<RequiredAction> requiredActions = user.getRequiredActions(); if (!requiredActions.isEmpty()) { accessCode.setRequiredActions(new HashSet<UserModel.RequiredAction>(requiredActions)); accessCode.setExpiration(Time.currentTime() + realm.getAccessCodeLifespanUserAction()); RequiredAction action = user.getRequiredActions().iterator().next(); if (action.equals(RequiredAction.VERIFY_EMAIL)) { audit .clone() .event(EventType.SEND_VERIFY_EMAIL) .detail(Details.EMAIL, accessCode.getUser().getEmail()) .success(); } return Flows.forms(providerSession, realm, uriInfo) .setAccessCode(accessCode.getId(), accessCode.getCode()) .setUser(user) .createResponse(action); } if (!isResource && (accessCode.getRealmRolesRequested().size() > 0 || accessCode.getResourceRolesRequested().size() > 0)) { accessCode.setExpiration(Time.currentTime() + realm.getAccessCodeLifespanUserAction()); return Flows.forms(providerSession, realm, uriInfo) .setAccessCode(accessCode.getId(), accessCode.getCode()) .setAccessRequest( accessCode.getRealmRolesRequested(), accessCode.getResourceRolesRequested()) .setClient(client) .createOAuthGrant(); } if (redirect != null) { audit.success(); return redirectAccessCode(accessCode, session, state, redirect, rememberMe); } else { return null; } }