/** * Issue access token in exchange to an Authorization Grant. * * @param tokenReqDTO <Code>OAuth2AccessTokenReqDTO</Code> representing the Access Token request * @return <Code>OAuth2AccessTokenRespDTO</Code> representing the Access Token response */ public OAuth2AccessTokenRespDTO issueAccessToken(OAuth2AccessTokenReqDTO tokenReqDTO) { if (log.isDebugEnabled()) { log.debug( "Access Token request received for Client ID " + tokenReqDTO.getClientId() + ", User ID " + tokenReqDTO.getResourceOwnerUsername() + ", Scope : " + Arrays.toString(tokenReqDTO.getScope()) + " and Grant Type : " + tokenReqDTO.getGrantType()); } try { AccessTokenIssuer tokenIssuer = AccessTokenIssuer.getInstance(); return tokenIssuer.issue(tokenReqDTO); } catch (InvalidOAuthClientException e) { if (log.isDebugEnabled()) { log.debug( "Error occurred while issuing access token for Client ID : " + tokenReqDTO.getClientId() + ", User ID: " + tokenReqDTO.getResourceOwnerUsername() + ", Scope : " + Arrays.toString(tokenReqDTO.getScope()) + " and Grant Type : " + tokenReqDTO.getGrantType(), e); } OAuth2AccessTokenRespDTO tokenRespDTO = new OAuth2AccessTokenRespDTO(); tokenRespDTO.setError(true); tokenRespDTO.setErrorCode(OAuth2ErrorCodes.INVALID_CLIENT); tokenRespDTO.setErrorMsg("Invalid Client"); return tokenRespDTO; } catch (Exception e) { // in case of an error, consider it as a system error log.error( "Error occurred while issuing the access token for Client ID : " + tokenReqDTO.getClientId() + ", User ID " + tokenReqDTO.getResourceOwnerUsername() + ", Scope : " + Arrays.toString(tokenReqDTO.getScope()) + " and Grant Type : " + tokenReqDTO.getGrantType(), e); OAuth2AccessTokenRespDTO tokenRespDTO = new OAuth2AccessTokenRespDTO(); tokenRespDTO.setError(true); if (e.getCause().getCause() instanceof SQLIntegrityConstraintViolationException) { tokenRespDTO.setErrorCode("sql_error"); } else { tokenRespDTO.setErrorCode(OAuth2ErrorCodes.SERVER_ERROR); } tokenRespDTO.setErrorMsg("Server Error"); return tokenRespDTO; } }
@Override public boolean validateGrant(OAuthTokenReqMessageContext tokReqMsgCtx) throws IdentityOAuth2Exception { OAuth2AccessTokenReqDTO oAuth2AccessTokenReqDTO = tokReqMsgCtx.getOauth2AccessTokenReqDTO(); String username = oAuth2AccessTokenReqDTO.getResourceOwnerUsername(); int tenantId; try { tenantId = IdentityUtil.getTenantIdOFUser(username); } catch (IdentityException e) { throw new IdentityOAuth2Exception(e.getMessage(), e); } // tenantId == -1, means an invalid tenant. if (tenantId == -1) { /*if (log.isDebugEnabled()) { log.debug("Token request with Password Grant Type for an invalid tenant : " + MultitenantUtils.getTenantDomain(username)); } return false;*/ tenantId = MultitenantConstants.SUPER_TENANT_ID; } RealmService realmService = OAuthComponentServiceHolder.getRealmService(); boolean authStatus; try { UserStoreManager userStoreManager = realmService.getTenantUserRealm(tenantId).getUserStoreManager(); authStatus = userStoreManager.authenticate( MultitenantUtils.getTenantAwareUsername(username), oAuth2AccessTokenReqDTO.getResourceOwnerPassword()); if (log.isDebugEnabled()) { log.debug( "Token request with Password Grant Type received. " + "Username : "******"Scope : " + OAuth2Util.buildScopeString(oAuth2AccessTokenReqDTO.getScope()) + ", Authentication State : " + authStatus); } } catch (UserStoreException e) { throw new IdentityOAuth2Exception("Error when authenticating the user credentials.", e); } tokReqMsgCtx.setAuthorizedUser(oAuth2AccessTokenReqDTO.getResourceOwnerUsername()); tokReqMsgCtx.setScope(oAuth2AccessTokenReqDTO.getScope()); return authStatus; }
private OAuth2AccessTokenRespDTO handleError( String errorCode, String errorMsg, OAuth2AccessTokenReqDTO tokenReqDTO) { if (log.isDebugEnabled()) { log.debug( "OAuth-Error-Code=" + errorCode + " client-id=" + tokenReqDTO.getClientId() + " grant-type=" + tokenReqDTO.getGrantType() + " scope=" + OAuth2Util.buildScopeString(tokenReqDTO.getScope())); } OAuth2AccessTokenRespDTO tokenRespDTO; tokenRespDTO = new OAuth2AccessTokenRespDTO(); tokenRespDTO.setError(true); tokenRespDTO.setErrorCode(errorCode); tokenRespDTO.setErrorMsg(errorMsg); return tokenRespDTO; }