Example 1 with OAuth2TokenRevokedEvent
use of io.jmix.securityoauth2.event.OAuth2TokenRevokedEvent in project jmix by jmix-framework.
the class TokenRevoker method revokeAccessToken.
@Nullable
protected String revokeAccessToken(String token, @Nullable Authentication clientAuth, TokenRevocationInitiator revocationInitiator) {
OAuth2AccessToken accessToken = tokenStore.readAccessToken(token);
if (accessToken != null) {
OAuth2Authentication authToRevoke = tokenStore.readAuthentication(accessToken);
if (revocationInitiator == TokenRevocationInitiator.CLIENT) {
checkIfTokenIsIssuedToClient(clientAuth, authToRevoke);
}
if (accessToken.getRefreshToken() != null) {
tokenStore.removeRefreshToken(accessToken.getRefreshToken());
}
tokenStore.removeAccessToken(accessToken);
log.debug("Access token removed: {}", tokenMasker.maskToken(token));
if (applicationEventPublisher != null) {
applicationEventPublisher.publishEvent(new OAuth2TokenRevokedEvent(accessToken, revocationInitiator));
}
return accessToken.getValue();
}
log.debug("No access token {} found in the token store", tokenMasker.maskToken(token));
return null;
}
Also used :
OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
OAuth2TokenRevokedEvent(io.jmix.securityoauth2.event.OAuth2TokenRevokedEvent)
Nullable(javax.annotation.Nullable)
Aggregations
OAuth2TokenRevokedEvent (io.jmix.securityoauth2.event.OAuth2TokenRevokedEvent)1
Nullable (javax.annotation.Nullable)1
OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)1
OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)1
