Examples with AccessTokenService org.apache.cxf.rs.security.oauth2.services.AccessTokenService used on opensource projects

Example 6 with AccessTokenService

use of org.apache.cxf.rs.security.oauth2.services.AccessTokenService in project cxf by apache.

the class OAuthClientUtilsTest method getAccessToken.

@Test
public void getAccessToken() {
    WebClient accessTokenService = mock(WebClient.class);
    String tokenKey = "tokenKey";
    String response = "{\"" + OAuthConstants.ACCESS_TOKEN + "\":\"" + tokenKey + "\"}";
    expect(accessTokenService.form(anyObject(Form.class))).andReturn(Response.ok(new ByteArrayInputStream(response.getBytes()), MediaType.APPLICATION_JSON).build());
    replay(accessTokenService);
    ClientAccessToken cat = OAuthClientUtils.getAccessToken(accessTokenService, null, new RefreshTokenGrant(""), null, "defaultTokenType", false);
    assertEquals(tokenKey, cat.getTokenKey());
    verify(accessTokenService);
}

Example 7 with AccessTokenService

use of org.apache.cxf.rs.security.oauth2.services.AccessTokenService in project cxf by apache.

the class BearerAuthSupplier method refreshAccessToken.

private boolean refreshAccessToken(AuthorizationPolicy authPolicy) {
    ClientAccessToken at = getClientAccessToken();
    if (at.getRefreshToken() == null) {
        return false;
    }
    // Client id and secret are needed to refresh the tokens
    // AuthorizationPolicy can hold them by default, Consumer can also be injected into this supplier
    // and checked if the policy is null.
    // Client TLS authentication is also fine as an alternative authentication mechanism,
    // how can we check here that a 2-way TLS has been set up ?
    Consumer theConsumer = consumer;
    if (theConsumer == null && authPolicy != null && authPolicy.getUserName() != null && authPolicy.getPassword() != null) {
        theConsumer = new Consumer(authPolicy.getUserName(), authPolicy.getPassword());
    }
    if (theConsumer == null) {
        return false;
    }
    // Can WebCient be safely constructed at HttpConduit initialization time ?
    // If yes then createAccessTokenServiceClient() can be called inside
    // setAccessTokenServiceUri, though given that the token refreshment would
    // not be done on every request the current approach is quite reasonable
    WebClient accessTokenService = createAccessTokenServiceClient();
    setClientAccessToken(OAuthClientUtils.refreshAccessToken(accessTokenService, theConsumer, at));
    return true;
}

Example 8 with AccessTokenService

use of org.apache.cxf.rs.security.oauth2.services.AccessTokenService in project cxf by apache.

the class OAuthClientUtils method getAccessToken.

/**
 * Obtains the access token from OAuth AccessToken Service
 * @param accessTokenServiceUri the AccessToken endpoint address
 * @param consumer {@link Consumer} representing the registered client
 * @param grant {@link AccessTokenGrant} grant
 * @param setAuthorizationHeader if set to true then HTTP Basic scheme
 *           will be used to pass client id and secret, otherwise they will
 *           be passed in the form payload
 * @return {@link ClientAccessToken} access token
 * @throws OAuthServiceException
 */
public static ClientAccessToken getAccessToken(String accessTokenServiceUri, Consumer consumer, AccessTokenGrant grant, boolean setAuthorizationHeader) throws OAuthServiceException {
    OAuthJSONProvider provider = new OAuthJSONProvider();
    WebClient accessTokenService = WebClient.create(accessTokenServiceUri, Collections.singletonList(provider));
    accessTokenService.accept("application/json");
    return getAccessToken(accessTokenService, consumer, grant, setAuthorizationHeader);
}