Examples with RefreshToken - org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken

Example 16 with RefreshToken

use of org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken in project cxf by apache.

the class AbstractOAuthDataProvider method handleLinkedRefreshToken.

protected void handleLinkedRefreshToken(ServerAccessToken accessToken) {
    if (accessToken != null && accessToken.getRefreshToken() != null) {
        RefreshToken rt = getRefreshToken(accessToken.getRefreshToken());
        if (rt == null) {
            return;
        }
        unlinkRefreshAccessToken(rt, accessToken.getTokenKey());
        if (rt.getAccessTokens().isEmpty()) {
            revokeRefreshToken(rt.getTokenKey());
        } else {
            saveRefreshToken(rt);
        }
    }
}

Also used : RefreshToken(org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken)

Example 17 with RefreshToken

use of org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken in project cxf by apache.

the class AbstractOAuthDataProvider method refreshAccessToken.

@Override
public ServerAccessToken refreshAccessToken(Client client, String refreshTokenKey, List<String> restrictedScopes) throws OAuthServiceException {
    RefreshToken currentRefreshToken = recycleRefreshTokens ? revokeRefreshToken(refreshTokenKey) : getRefreshToken(refreshTokenKey);
    if (currentRefreshToken == null) {
        throw new OAuthServiceException(OAuthConstants.ACCESS_DENIED);
    }
    if (OAuthUtils.isExpired(currentRefreshToken.getIssuedAt(), currentRefreshToken.getExpiresIn())) {
        if (!recycleRefreshTokens) {
            revokeRefreshToken(refreshTokenKey);
        }
        throw new OAuthServiceException(OAuthConstants.ACCESS_DENIED);
    }
    if (recycleRefreshTokens) {
        revokeAccessTokens(currentRefreshToken);
    }
    ServerAccessToken at = doRefreshAccessToken(client, currentRefreshToken, restrictedScopes);
    saveAccessToken(at);
    if (recycleRefreshTokens) {
        createNewRefreshToken(at);
    } else {
        updateExistingRefreshToken(currentRefreshToken, at);
    }
    return at;
}

Also used : ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken) RefreshToken(org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken)

Example 18 with RefreshToken

use of org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken in project cxf by apache.

the class ModelEncryptionSupport method recreateRefreshToken.

public static RefreshToken recreateRefreshToken(OAuthDataProvider provider, String newTokenKey, String decryptedSequence) throws SecurityException {
    String[] parts = getParts(decryptedSequence);
    ServerAccessToken token = recreateAccessToken(provider, newTokenKey, parts);
    return new RefreshToken(token, newTokenKey, parseSimpleList(parts[parts.length - 1]));
}

Also used : ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken) RefreshToken(org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken)

Example 19 with RefreshToken

use of org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken in project ddf by codice.

the class OAuthSecurityImpl method refreshToken.

/**
 * Attempts to refresh an expired access token
 *
 * @param id The ID to use when storing tokens
 * @param sourceId The ID of the source using OAuth to use when storing tokens
 * @param clientId The client ID registered with the OAuth provider
 * @param clientSecret The client secret registered with the OAuth provider
 * @param discoveryUrl The URL where the OAuth provider's metadata is hosted
 * @param refreshToken The unexpired refresh token to use
 * @param metadata The OAuh provider's metadata
 * @return refreshed access token
 */
private String refreshToken(String id, String sourceId, String clientId, String clientSecret, String discoveryUrl, String refreshToken, OIDCProviderMetadata metadata) {
    if (refreshToken == null || isExpired(refreshToken)) {
        LOGGER.debug("Error refreshing access token: unable to find an unexpired refresh token.");
        return null;
    }
    ClientAccessToken clientAccessToken;
    try {
        LOGGER.debug("Attempting to refresh the user's access token.");
        WebClient webClient = createWebClient(metadata.getTokenEndpointURI());
        Consumer consumer = new Consumer(clientId, clientSecret);
        AccessTokenGrant accessTokenGrant = new RefreshTokenGrant(refreshToken);
        clientAccessToken = OAuthClientUtils.getAccessToken(webClient, consumer, accessTokenGrant);
    } catch (OAuthServiceException e) {
        LOGGER.debug("Error refreshing access token.", e);
        return null;
    }
    // Validate new access token
    try {
        AccessToken accessToken = convertCxfAccessTokenToNimbusdsToken(clientAccessToken);
        OidcTokenValidator.validateAccessToken(accessToken, null, resourceRetriever, metadata, null);
    } catch (OidcValidationException e) {
        LOGGER.debug("Error validating access token.");
        return null;
    }
    // Store new tokens
    String newAccessToken = clientAccessToken.getTokenKey();
    String newRefreshToken = clientAccessToken.getRefreshToken();
    int status = tokenStorage.create(id, sourceId, newAccessToken, newRefreshToken, discoveryUrl);
    if (status != SC_OK) {
        LOGGER.warn("Error updating the token information.");
    }
    return newAccessToken;
}

Also used : Consumer(org.apache.cxf.rs.security.oauth2.client.Consumer) OAuthServiceException(org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException) RefreshTokenGrant(org.apache.cxf.rs.security.oauth2.grants.refresh.RefreshTokenGrant) ClientAccessToken(org.apache.cxf.rs.security.oauth2.common.ClientAccessToken) AccessToken(com.nimbusds.oauth2.sdk.token.AccessToken) BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken) TypelessAccessToken(com.nimbusds.oauth2.sdk.token.TypelessAccessToken) ClientAccessToken(org.apache.cxf.rs.security.oauth2.common.ClientAccessToken) AccessTokenGrant(org.apache.cxf.rs.security.oauth2.common.AccessTokenGrant) WebClient(org.apache.cxf.jaxrs.client.WebClient) OidcValidationException(org.codice.ddf.security.oidc.validator.OidcValidationException)

Aggregations

RefreshToken (org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken)13 ServerAccessToken (org.apache.cxf.rs.security.oauth2.common.ServerAccessToken)10 Client (org.apache.cxf.rs.security.oauth2.common.Client)6 OAuthPermission (org.apache.cxf.rs.security.oauth2.common.OAuthPermission)5 ClientAccessToken (org.apache.cxf.rs.security.oauth2.common.ClientAccessToken)4 AccessTokenRegistration (org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration)3 Test (org.junit.Test)3 AccessToken (com.nimbusds.oauth2.sdk.token.AccessToken)2 BearerAccessToken (com.nimbusds.oauth2.sdk.token.BearerAccessToken)2 TypelessAccessToken (com.nimbusds.oauth2.sdk.token.TypelessAccessToken)2 ArrayList (java.util.ArrayList)2 WebClient (org.apache.cxf.jaxrs.client.WebClient)2 Consumer (org.apache.cxf.rs.security.oauth2.client.Consumer)2 AccessTokenGrant (org.apache.cxf.rs.security.oauth2.common.AccessTokenGrant)2 RefreshTokenGrant (org.apache.cxf.rs.security.oauth2.grants.refresh.RefreshTokenGrant)2 OAuthServiceException (org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)2 OidcValidationException (org.codice.ddf.security.oidc.validator.OidcValidationException)2 File (java.io.File)1 InvocationTargetException (java.lang.reflect.InvocationTargetException)1 MalformedURLException (java.net.MalformedURLException)1