/**
* Issue access token in exchange to an Authorization Grant.
*
* @param tokenReqDTO <Code>OAuth2AccessTokenReqDTO</Code> representing the Access Token request
* @return <Code>OAuth2AccessTokenRespDTO</Code> representing the Access Token response
*/
public OAuth2AccessTokenRespDTO issueAccessToken(OAuth2AccessTokenReqDTO tokenReqDTO) {
if (log.isDebugEnabled()) {
log.debug(
"Access Token request received for Client ID "
+ tokenReqDTO.getClientId()
+ ", User ID "
+ tokenReqDTO.getResourceOwnerUsername()
+ ", Scope : "
+ Arrays.toString(tokenReqDTO.getScope())
+ " and Grant Type : "
+ tokenReqDTO.getGrantType());
}
try {
AccessTokenIssuer tokenIssuer = AccessTokenIssuer.getInstance();
return tokenIssuer.issue(tokenReqDTO);
} catch (InvalidOAuthClientException e) {
if (log.isDebugEnabled()) {
log.debug(
"Error occurred while issuing access token for Client ID : "
+ tokenReqDTO.getClientId()
+ ", User ID: "
+ tokenReqDTO.getResourceOwnerUsername()
+ ", Scope : "
+ Arrays.toString(tokenReqDTO.getScope())
+ " and Grant Type : "
+ tokenReqDTO.getGrantType(),
e);
}
OAuth2AccessTokenRespDTO tokenRespDTO = new OAuth2AccessTokenRespDTO();
tokenRespDTO.setError(true);
tokenRespDTO.setErrorCode(OAuth2ErrorCodes.INVALID_CLIENT);
tokenRespDTO.setErrorMsg("Invalid Client");
return tokenRespDTO;
} catch (Exception e) { // in case of an error, consider it as a system error
log.error(
"Error occurred while issuing the access token for Client ID : "
+ tokenReqDTO.getClientId()
+ ", User ID "
+ tokenReqDTO.getResourceOwnerUsername()
+ ", Scope : "
+ Arrays.toString(tokenReqDTO.getScope())
+ " and Grant Type : "
+ tokenReqDTO.getGrantType(),
e);
OAuth2AccessTokenRespDTO tokenRespDTO = new OAuth2AccessTokenRespDTO();
tokenRespDTO.setError(true);
if (e.getCause().getCause() instanceof SQLIntegrityConstraintViolationException) {
tokenRespDTO.setErrorCode("sql_error");
} else {
tokenRespDTO.setErrorCode(OAuth2ErrorCodes.SERVER_ERROR);
}
tokenRespDTO.setErrorMsg("Server Error");
return tokenRespDTO;
}
}
@Override
public boolean validateGrant(OAuthTokenReqMessageContext tokReqMsgCtx)
throws IdentityOAuth2Exception {
OAuth2AccessTokenReqDTO oAuth2AccessTokenReqDTO = tokReqMsgCtx.getOauth2AccessTokenReqDTO();
String username = oAuth2AccessTokenReqDTO.getResourceOwnerUsername();
int tenantId;
try {
tenantId = IdentityUtil.getTenantIdOFUser(username);
} catch (IdentityException e) {
throw new IdentityOAuth2Exception(e.getMessage(), e);
}
// tenantId == -1, means an invalid tenant.
if (tenantId == -1) {
/*if (log.isDebugEnabled()) {
log.debug("Token request with Password Grant Type for an invalid tenant : " +
MultitenantUtils.getTenantDomain(username));
}
return false;*/
tenantId = MultitenantConstants.SUPER_TENANT_ID;
}
RealmService realmService = OAuthComponentServiceHolder.getRealmService();
boolean authStatus;
try {
UserStoreManager userStoreManager =
realmService.getTenantUserRealm(tenantId).getUserStoreManager();
authStatus =
userStoreManager.authenticate(
MultitenantUtils.getTenantAwareUsername(username),
oAuth2AccessTokenReqDTO.getResourceOwnerPassword());
if (log.isDebugEnabled()) {
log.debug(
"Token request with Password Grant Type received. "
+ "Username : "******"Scope : "
+ OAuth2Util.buildScopeString(oAuth2AccessTokenReqDTO.getScope())
+ ", Authentication State : "
+ authStatus);
}
} catch (UserStoreException e) {
throw new IdentityOAuth2Exception("Error when authenticating the user credentials.", e);
}
tokReqMsgCtx.setAuthorizedUser(oAuth2AccessTokenReqDTO.getResourceOwnerUsername());
tokReqMsgCtx.setScope(oAuth2AccessTokenReqDTO.getScope());
return authStatus;
}