use of com.peterphi.std.guice.web.rest.auth.oauth2.OAuth2SessionRef in project stdlib by petergeneric.
the class OAuth2ClientCallbackRestServiceImpl method callback.
@Override
@AuthConstraint(id = "oauth2_client_callback", skip = true, comment = "Allow non-logged-in users to be redirected to the callback page so they can be logged in")
public Response callback(final String code, final String state, final String error, final String errorText, final String errorUri) {
final OAuth2SessionRef sessionRef = sessionRefProvider.get();
// Check the state nonce value and retrieve the returnTo data
// This ensures that we always warn the user if the nonce value does not match
final URI redirectTo = sessionRef.getRedirectToFromState(state);
if (StringUtils.isNotBlank(error)) {
throw new IllegalArgumentException("The authorisation server failed the authorisation request with error " + error + " with description " + errorText + "." + ((errorUri != null) ? " Additional information can be found at this page: " + errorUri : ""));
}
// Now call to exchange the authorisation code for a token
final String responseStr = remote.getToken(UserManagerOAuthService.GRANT_TYPE_AUTHORIZATION_CODE, code, sessionRef.getOwnCallbackUri().toString(), clientId, clientSecret, null, null, null, null);
final OAuth2TokenResponse response = OAuth2TokenResponse.decode(responseStr);
// Store the token information so that it is accessible across the session
sessionRef.load(response);
if (redirectTo == null) {
return Response.seeOther(URI.create("/")).cacheControl(CacheControl.valueOf(NO_CACHE)).build();
} else {
return Response.seeOther(redirectTo).cacheControl(CacheControl.valueOf(NO_CACHE)).build();
}
}
Aggregations