use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.
the class ResourceOwnerGrantHandler method createAccessToken.
public ServerAccessToken createAccessToken(Client client, MultivaluedMap<String, String> params) throws OAuthServiceException {
String ownerName = params.getFirst(OAuthConstants.RESOURCE_OWNER_NAME);
String ownerPassword = params.getFirst(OAuthConstants.RESOURCE_OWNER_PASSWORD);
if (ownerName == null || ownerPassword == null) {
throw new OAuthServiceException(new OAuthError(OAuthConstants.INVALID_REQUEST));
}
UserSubject subject = loginHandler.createSubject(client, ownerName, ownerPassword);
if (subject == null) {
throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
}
return doCreateAccessToken(client, subject, params);
}
use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.
the class AbstractGrantHandler method doCreateAccessToken.
protected ServerAccessToken doCreateAccessToken(Client client, UserSubject subject, String requestedGrant, List<String> requestedScopes, List<String> audiences) {
ServerAccessToken token = getPreAuthorizedToken(client, subject, requestedGrant, requestedScopes, audiences);
if (token != null) {
return token;
}
// Delegate to the data provider to create the one
AccessTokenRegistration reg = new AccessTokenRegistration();
reg.setClient(client);
reg.setGrantType(requestedGrant);
reg.setSubject(subject);
reg.setRequestedScope(requestedScopes);
reg.setApprovedScope(getApprovedScopes(client, subject, requestedScopes));
reg.setAudiences(audiences);
return dataProvider.createAccessToken(reg);
}
use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.
the class AuthorizationCodeGrantHandler method doCreateAccessToken.
private ServerAccessToken doCreateAccessToken(Client client, ServerAuthorizationCodeGrant grant, String requestedGrant, String codeVerifier, List<String> audiences) {
if (grant.isPreauthorizedTokenAvailable()) {
ServerAccessToken token = getPreAuthorizedToken(client, grant.getSubject(), requestedGrant, grant.getRequestedScopes(), getAudiences(client, grant.getAudience()));
if (token != null) {
if (grant.getNonce() != null) {
JAXRSUtils.getCurrentMessage().getExchange().put(OAuthConstants.NONCE, grant.getNonce());
}
return token;
}
// creating a completely new token can be wrong - though this needs to be reviewed
throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
}
if (!client.getAllowedGrantTypes().isEmpty() && !client.getAllowedGrantTypes().contains(requestedGrant)) {
throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
}
// Delegate to the data provider to create the one
AccessTokenRegistration reg = new AccessTokenRegistration();
reg.setGrantCode(grant.getCode());
reg.setClient(client);
reg.setGrantType(requestedGrant);
reg.setSubject(grant.getSubject());
reg.setRequestedScope(grant.getRequestedScopes());
reg.setNonce(grant.getNonce());
if (grant.getApprovedScopes() != null) {
reg.setApprovedScope(grant.getApprovedScopes());
} else {
reg.setApprovedScope(Collections.emptyList());
}
reg.setAudiences(audiences);
reg.setResponseType(grant.getResponseType());
reg.setClientCodeVerifier(codeVerifier);
reg.getExtraProperties().putAll(grant.getExtraProperties());
return getDataProvider().createAccessToken(reg);
}
use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.
the class AuthorizationCodeGrantHandler method createAccessToken.
public ServerAccessToken createAccessToken(Client client, MultivaluedMap<String, String> params) throws OAuthServiceException {
// Get the grant representation from the provider
String codeValue = params.getFirst(OAuthConstants.AUTHORIZATION_CODE_VALUE);
ServerAuthorizationCodeGrant grant = ((AuthorizationCodeDataProvider) getDataProvider()).removeCodeGrant(codeValue);
if (grant == null) {
return null;
}
// check it has not expired, the client ids are the same
if (OAuthUtils.isExpired(grant.getIssuedAt(), grant.getExpiresIn())) {
throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
}
if (!grant.getClient().getClientId().equals(client.getClientId())) {
throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
}
// redirect URIs must match too
String expectedRedirectUri = grant.getRedirectUri();
String providedRedirectUri = params.getFirst(OAuthConstants.REDIRECT_URI);
if (providedRedirectUri != null) {
if (!providedRedirectUri.equals(expectedRedirectUri)) {
throw new OAuthServiceException(OAuthConstants.INVALID_REQUEST);
}
} else if (expectedRedirectUri == null && !isCanSupportPublicClients() || expectedRedirectUri != null && (client.getRedirectUris().size() != 1 || !client.getRedirectUris().contains(expectedRedirectUri))) {
throw new OAuthServiceException(OAuthConstants.INVALID_REQUEST);
}
String clientCodeVerifier = params.getFirst(OAuthConstants.AUTHORIZATION_CODE_VERIFIER);
String clientCodeChallenge = grant.getClientCodeChallenge();
String clientCodeChallengeMethod = grant.getClientCodeChallengeMethod();
if (!compareCodeVerifierWithChallenge(client, clientCodeVerifier, clientCodeChallenge, clientCodeChallengeMethod)) {
throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
}
List<String> audiences = getAudiences(client, params, grant.getAudience());
return doCreateAccessToken(client, grant, getSingleGrantType(), clientCodeVerifier, audiences);
}
use of org.apache.cxf.rs.security.oauth2.common.ServerAccessToken in project cxf by apache.
the class JPAOAuthDataProvider method doRevokeAccessToken.
@Override
protected void doRevokeAccessToken(final ServerAccessToken at) {
executeInTransaction(em -> {
ServerAccessToken tokenToRemove = em.getReference(at.getClass(), at.getTokenKey());
em.remove(tokenToRemove);
return null;
});
}
Aggregations