@Override
public boolean validateGrant(OAuthTokenReqMessageContext tokReqMsgCtx)
throws IdentityOAuth2Exception {
OAuth2AccessTokenReqDTO oAuth2AccessTokenReqDTO = tokReqMsgCtx.getOauth2AccessTokenReqDTO();
String username = oAuth2AccessTokenReqDTO.getResourceOwnerUsername();
int tenantId;
try {
tenantId = IdentityUtil.getTenantIdOFUser(username);
} catch (IdentityException e) {
throw new IdentityOAuth2Exception(e.getMessage(), e);
}
// tenantId == -1, means an invalid tenant.
if (tenantId == -1) {
/*if (log.isDebugEnabled()) {
log.debug("Token request with Password Grant Type for an invalid tenant : " +
MultitenantUtils.getTenantDomain(username));
}
return false;*/
tenantId = MultitenantConstants.SUPER_TENANT_ID;
}
RealmService realmService = OAuthComponentServiceHolder.getRealmService();
boolean authStatus;
try {
UserStoreManager userStoreManager =
realmService.getTenantUserRealm(tenantId).getUserStoreManager();
authStatus =
userStoreManager.authenticate(
MultitenantUtils.getTenantAwareUsername(username),
oAuth2AccessTokenReqDTO.getResourceOwnerPassword());
if (log.isDebugEnabled()) {
log.debug(
"Token request with Password Grant Type received. "
+ "Username : "******"Scope : "
+ OAuth2Util.buildScopeString(oAuth2AccessTokenReqDTO.getScope())
+ ", Authentication State : "
+ authStatus);
}
} catch (UserStoreException e) {
throw new IdentityOAuth2Exception("Error when authenticating the user credentials.", e);
}
tokReqMsgCtx.setAuthorizedUser(oAuth2AccessTokenReqDTO.getResourceOwnerUsername());
tokReqMsgCtx.setScope(oAuth2AccessTokenReqDTO.getScope());
return authStatus;
}
public String buildIDToken(
OAuthTokenReqMessageContext request, OAuth2AccessTokenRespDTO tokenRespDTO)
throws IdentityOAuth2Exception {
OAuthServerConfiguration config = OAuthServerConfiguration.getInstance();
String issuer = config.getOpenIDConnectIDTokenIssuerIdentifier();
int lifetime = Integer.parseInt(config.getOpenIDConnectIDTokenExpiration()) * 1000;
int curTime = (int) Calendar.getInstance().getTimeInMillis();
// setting subject
String subject = request.getAuthorizedUser();
String claim = config.getOpenIDConnectIDTokenSubjectClaim();
if (claim != null) {
String tenantUser = MultitenantUtils.getTenantAwareUsername(request.getAuthorizedUser());
String domainName = MultitenantUtils.getTenantDomain(request.getAuthorizedUser());
try {
subject =
IdentityTenantUtil.getRealm(domainName, tenantUser)
.getUserStoreManager()
.getUserClaimValue(tenantUser, claim, null);
} catch (Exception e) {
throw new IdentityOAuth2Exception("Erro while generating the IDToken", e);
}
}
if (DEBUG) {
log.debug("Using issuer " + issuer);
log.debug("Subject " + subject);
log.debug("ID Token expiration seconds" + lifetime);
log.debug("Current time " + curTime);
}
try {
IDTokenBuilder builder =
new IDTokenBuilder()
.setIssuer(issuer)
.setSubject(subject)
.setAudience(request.getOauth2AccessTokenReqDTO().getClientId())
.setAuthorizedParty(request.getOauth2AccessTokenReqDTO().getClientId())
.setExpiration(curTime + lifetime)
.setIssuedAt(curTime);
// setting up custom claims
CustomClaimsCallbackHandler claimsCallBackHandler =
OAuthServerConfiguration.getInstance().getOpenIDConnectCustomClaimsCallbackHandler();
claimsCallBackHandler.handleCustomClaims(builder, request);
return builder.buildIDToken();
} catch (IDTokenException e) {
throw new IdentityOAuth2Exception("Erro while generating the IDToken", e);
}
}
