/** {@inheritDoc} */
  public void updateAuthorizationCode(AuthorizationCode authorizationCode) {
    deleteAuthorizationCode(authorizationCode.getTokenId());

    // Store in CTS
    try {
      tokenStore.create(authorizationCode);
      if (auditLogger.isAuditLogEnabled()) {
        String[] obs = {"UPDATED_AUTHORIZATION_CODE", authorizationCode.toString()};
        auditLogger.logAccessMessage("CREATED_AUTHORIZATION_CODE", obs, null);
      }
    } catch (CoreTokenException e) {
      if (auditLogger.isAuditLogEnabled()) {
        String[] obs = {"FAILED_UPDATE_AUTHORIZATION_CODE", authorizationCode.toString()};
        auditLogger.logErrorMessage("FAILED_UPDATE_AUTHORIZATION_CODE", obs, null);
      }
      logger.error(
          "DefaultOAuthTokenStoreImpl::Unable to create authorization code "
              + authorizationCode.getTokenInfo(),
          e);
      throw new OAuthProblemException(
          Status.SERVER_ERROR_INTERNAL.getCode(),
          "Internal error",
          "Could not create token in CTS",
          null);
    }
  }
  /** For c_hash, used when code and id_token exist in scope. */
  private String generateCHash(
      String algorithm, OAuth2Request request, OAuth2ProviderSettings providerSettings)
      throws ServerException {

    final AuthorizationCode authorizationCode = request.getToken(AuthorizationCode.class);

    if (authorizationCode == null) {
      logger.message("c_hash generation requires an existing code.");
      return null;
    }

    final String codeValue = authorizationCode.getTokenId();

    return generateHash(algorithm, codeValue, providerSettings);
  }
  /** {@inheritDoc} */
  public RefreshToken createRefreshToken(
      String grantType,
      String clientId,
      String resourceOwnerId,
      String redirectUri,
      Set<String> scope,
      OAuth2Request request)
      throws ServerException, NotFoundException {

    final String realm = realmNormaliser.normalise(request.<String>getParameter(REALM));

    logger.message("Create refresh token");

    OpenIdConnectClientRegistration clientRegistration = getClientRegistration(clientId, request);

    final OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(request);

    final String id = UUID.randomUUID().toString();
    final String auditId = UUID.randomUUID().toString();

    final long lifeTime;
    if (clientRegistration == null) {
      lifeTime = providerSettings.getRefreshTokenLifetime();
    } else {
      lifeTime = clientRegistration.getRefreshTokenLifeTime(providerSettings);
    }

    long expiryTime = lifeTime < 0 ? -1 : lifeTime + System.currentTimeMillis();

    AuthorizationCode token = request.getToken(AuthorizationCode.class);
    String authModules = null;
    String acr = null;
    if (token != null) {
      authModules = token.getAuthModules();
      acr = token.getAuthenticationContextClassReference();
    }

    RefreshToken currentRefreshToken = request.getToken(RefreshToken.class);
    if (currentRefreshToken != null) {
      authModules = currentRefreshToken.getAuthModules();
      acr = currentRefreshToken.getAuthenticationContextClassReference();
    }

    RefreshToken refreshToken =
        new OpenAMRefreshToken(
            id,
            resourceOwnerId,
            clientId,
            redirectUri,
            scope,
            expiryTime,
            OAuth2Constants.Bearer.BEARER,
            OAuth2Constants.Token.OAUTH_REFRESH_TOKEN,
            grantType,
            realm,
            authModules,
            acr,
            auditId);

    try {
      tokenStore.create(refreshToken);
      if (auditLogger.isAuditLogEnabled()) {
        String[] obs = {"CREATED_REFRESH_TOKEN", refreshToken.toString()};
        auditLogger.logAccessMessage("CREATED_REFRESH_TOKEN", obs, null);
      }
    } catch (CoreTokenException e) {
      if (auditLogger.isAuditLogEnabled()) {
        String[] obs = {"FAILED_CREATE_REFRESH_TOKEN", refreshToken.toString()};
        auditLogger.logErrorMessage("FAILED_CREATE_REFRESH_TOKEN", obs, null);
      }
      logger.error("Unable to create refresh token: " + refreshToken.getTokenInfo(), e);
      throw new ServerException("Could not create token in CTS: " + e.getMessage());
    }

    request.setToken(RefreshToken.class, refreshToken);

    return refreshToken;
  }