Example 1 with InvalidNonceException
use of edu.uiuc.ncsa.security.oauth_2_0.server.InvalidNonceException in project OA4MP by ncsa.
the class OA2MPService method getAccessToken.
public ATResponse2 getAccessToken(OA2Asset asset, AuthorizationGrant ag) {
DelegatedAssetRequest dar = new DelegatedAssetRequest();
dar.setAuthorizationGrant(ag);
dar.setClient(getEnvironment().getClient());
Map<String, String> m1 = getATParameters(asset, ag, null);
dar.setParameters(m1);
ATResponse2 atResponse2 = (ATResponse2) getEnvironment().getDelegationService().getAT(dar);
asset.setIssuedAt((Date) atResponse2.getParameters().get(OA2Claims.ISSUED_AT));
asset.setUsername((String) atResponse2.getParameters().get(OA2Claims.SUBJECT));
if (!NonceHerder.hasNonce((String) atResponse2.getParameters().get(OA2Constants.NONCE))) {
throw new InvalidNonceException("Unknown nonce.");
}
// prevent replay attacks.
NonceHerder.removeNonce((String) atResponse2.getParameters().get(OA2Constants.NONCE));
asset.setAccessToken(atResponse2.getAccessToken());
asset.setRefreshToken(atResponse2.getRefreshToken());
getAssetStore().save(asset);
return atResponse2;
}
Also used :
ATResponse2(edu.uiuc.ncsa.security.oauth_2_0.client.ATResponse2)
InvalidNonceException(edu.uiuc.ncsa.security.oauth_2_0.server.InvalidNonceException)
Aggregations
ATResponse2 (edu.uiuc.ncsa.security.oauth_2_0.client.ATResponse2)1
InvalidNonceException (edu.uiuc.ncsa.security.oauth_2_0.server.InvalidNonceException)1
