use of de.ids_mannheim.korap.oauth2.entity.RefreshToken in project Kustvakt by KorAP.
the class OpenIdTokenService method createsAccessTokenResponse.
private AccessTokenResponse createsAccessTokenResponse(Authorization authorization) throws KustvaktException {
Set<AccessScope> scopes = authorization.getScopes();
String[] scopeArray = scopes.stream().map(scope -> scope.toString()).toArray(String[]::new);
Scope scope = new Scope(scopeArray);
AccessToken accessToken = new BearerAccessToken(config.getAccessTokenExpiry(), scope);
RefreshToken refreshToken = new RefreshToken();
de.ids_mannheim.korap.oauth2.entity.RefreshToken rt = refreshDao.storeRefreshToken(refreshToken.getValue(), authorization.getUserId(), authorization.getUserAuthenticationTime(), authorization.getClientId(), scopes);
tokenDao.storeAccessToken(accessToken.getValue(), rt, scopes, authorization.getUserId(), authorization.getClientId(), authorization.getUserAuthenticationTime());
return createsAccessTokenResponse(accessToken, refreshToken, scope, authorization.getClientId(), authorization.getUserId(), authorization.getUserAuthenticationTime(), authorization.getNonce());
}
use of de.ids_mannheim.korap.oauth2.entity.RefreshToken in project Kustvakt by KorAP.
the class OAuth2ClientService method revokeAllAuthorizationsByClientId.
public void revokeAllAuthorizationsByClientId(String clientId) throws KustvaktException {
// revoke all related authorization codes
List<Authorization> authList = authorizationDao.retrieveAuthorizationsByClientId(clientId);
for (Authorization authorization : authList) {
authorization.setRevoked(true);
authorizationDao.updateAuthorization(authorization);
}
// revoke all related access tokens
List<AccessToken> tokens = tokenDao.retrieveAccessTokenByClientId(clientId, null);
for (AccessToken token : tokens) {
token.setRevoked(true);
tokenDao.updateAccessToken(token);
}
List<RefreshToken> refreshTokens = refreshDao.retrieveRefreshTokenByClientId(clientId, null);
for (RefreshToken token : refreshTokens) {
token.setRevoked(true);
refreshDao.updateRefreshToken(token);
}
}
use of de.ids_mannheim.korap.oauth2.entity.RefreshToken in project Kustvakt by KorAP.
the class AccessTokenDao method storeAccessToken.
public void storeAccessToken(String token, RefreshToken refreshToken, Set<AccessScope> scopes, String userId, String clientId, ZonedDateTime authenticationTime) throws KustvaktException {
ParameterChecker.checkStringValue(token, "access_token");
// ParameterChecker.checkObjectValue(refreshToken, "refresh
// token");
ParameterChecker.checkObjectValue(scopes, "scopes");
// ParameterChecker.checkStringValue(userId, "username");
ParameterChecker.checkStringValue(clientId, "client_id");
ParameterChecker.checkObjectValue(authenticationTime, "authentication time");
ZonedDateTime now = ZonedDateTime.now(ZoneId.of(Attributes.DEFAULT_TIME_ZONE));
ZonedDateTime expiry;
AccessToken accessToken = new AccessToken();
if (refreshToken != null) {
accessToken.setRefreshToken(refreshToken);
expiry = now.plusSeconds(config.getAccessTokenExpiry());
} else {
expiry = now.plusSeconds(config.getAccessTokenLongExpiry());
}
OAuth2Client client = clientDao.retrieveClientById(clientId);
accessToken.setCreatedDate(now);
accessToken.setExpiryDate(expiry);
accessToken.setToken(token);
accessToken.setScopes(scopes);
accessToken.setUserId(userId);
accessToken.setClient(client);
accessToken.setUserAuthenticationTime(authenticationTime);
entityManager.persist(accessToken);
}
use of de.ids_mannheim.korap.oauth2.entity.RefreshToken in project Kustvakt by KorAP.
the class OltuTokenService method revokeAllClientTokensViaSuperClient.
public void revokeAllClientTokensViaSuperClient(String username, OAuth2RevokeAllTokenSuperRequest revokeTokenRequest) throws KustvaktException {
String superClientId = revokeTokenRequest.getSuperClientId();
String superClientSecret = revokeTokenRequest.getSuperClientSecret();
OAuth2Client superClient = clientService.authenticateClient(superClientId, superClientSecret);
if (!superClient.isSuper()) {
throw new KustvaktException(StatusCodes.CLIENT_AUTHENTICATION_FAILED);
}
String clientId = revokeTokenRequest.getClientId();
OAuth2Client client = clientService.retrieveClient(clientId);
if (clientService.isPublicClient(client)) {
List<AccessToken> accessTokens = tokenDao.retrieveAccessTokenByClientId(clientId, username);
for (AccessToken t : accessTokens) {
revokeAccessToken(t);
}
} else {
List<RefreshToken> refreshTokens = refreshDao.retrieveRefreshTokenByClientId(clientId, username);
for (RefreshToken r : refreshTokens) {
revokeRefreshToken(r);
}
}
}
use of de.ids_mannheim.korap.oauth2.entity.RefreshToken in project Kustvakt by KorAP.
the class OltuTokenService method createsAccessTokenResponse.
/**
* Creates an OAuthResponse containing an access token of type
* Bearer. By default, MD generator is used to generates access
* token of 128 bit values, represented in hexadecimal comprising
* 32 bytes. The generated value is subsequently encoded in
* Base64.
*
* <br /><br />
* Additionally, a refresh token is issued for confidential clients.
* It can be used to request a new access token without requiring user
* re-authentication.
*
* @param scopes
* a set of access token scopes in String
* @param accessScopes
* a set of access token scopes in {@link AccessScope}
* @param clientId
* a client id
* @param userId
* a user id
* @param authenticationTime
* the user authentication time
* @return an {@link OAuthResponse}
* @throws OAuthSystemException
* @throws KustvaktException
*/
private OAuthResponse createsAccessTokenResponse(Set<String> scopes, Set<AccessScope> accessScopes, String clientId, String userId, ZonedDateTime authenticationTime, boolean isPublicClient) throws OAuthSystemException, KustvaktException {
String random = randomGenerator.createRandomCode();
random += randomGenerator.createRandomCode();
if (isPublicClient) {
return createsAccessTokenResponse(scopes, accessScopes, clientId, userId, authenticationTime);
} else {
RefreshToken refreshToken = refreshDao.storeRefreshToken(random, userId, authenticationTime, clientId, accessScopes);
return createsAccessTokenResponse(scopes, accessScopes, clientId, userId, authenticationTime, refreshToken);
}
}
Aggregations