Examples with AbstractOAuthTokenRequest org.apache.oltu.oauth2.as.request.AbstractOAuthTokenRequest used on opensource projects

Example 1 with AbstractOAuthTokenRequest

use of org.apache.oltu.oauth2.as.request.AbstractOAuthTokenRequest in project Kustvakt by KorAP.

the class OAuth2Controller method requestAccessToken.

/**
 * Grants a client an access token, namely a string used in
 * authenticated requests representing user authorization for
 * the client to access user resources. An additional refresh
 * token strictly associated to the access token is also granted
 * for confidential clients. Both public and confidential clients
 * may issue multiple access tokens.
 *
 * <br /><br />
 *
 * Confidential clients may request refresh access token using
 * this endpoint. This request will grant a new access token.
 *
 * Usually the given refresh token is not changed and can be used
 * until it expires. However, currently there is a limitation of
 * one access token per one refresh token. Thus, the given refresh
 * token will be revoked, and a new access token and a new refresh
 * token will be returned.
 *
 * <br /><br />
 *
 * Client credentials for authentication can be provided either as
 * an authorization header with Basic authentication scheme or as
 * form parameters in the request body.
 *
 * <br /><br />
 *
 * OAuth2 specification describes various ways of requesting an
 * access token. Kustvakt supports:
 * <ul>
 * <li> Authorization code grant: obtains authorization from a
 * third party application. Required parameters: grant_type,
 * code, client_id, redirect_uri (if specified in the
 * authorization request), client_secret (if the client is
 * confidential or issued a secret).
 * </li>
 * <li> Resource owner password grant: strictly for clients that
 * are parts of KorAP. Clients use user credentials, e.g. Kalamar
 * (front-end) with login form. Required parameters: grant_type,
 * username, password, client_id, client_secret (if the client is
 * confidential or issued a secret). Optional parameters: scope.
 * </li>
 * <li> Client credentials grant: strictly for clients that are
 * parts of KorAP. Clients access their own resources, not on
 * behalf of a user. Required parameters: grant_type, client_id,
 * client_secret. Optional parameters: scope.
 * </li>
 * </ul>
 *
 * RFC 6749: The value of the scope parameter is expressed as a
 * list of space-delimited, case-sensitive strings defined by the
 * authorization server.
 *
 * @param request
 *            the request
 * @param form
 *            form parameters in a map
 * @return a JSON object containing an access token, a refresh
 *         token, a token type and the token expiration in seconds
 *         if successful, an error code and an error description
 *         otherwise.
 */
@POST
@Path("token")
@ResourceFilters({ APIVersionFilter.class })
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
@Produces(MediaType.APPLICATION_JSON + ";charset=utf-8")
public Response requestAccessToken(@Context HttpServletRequest request, @FormParam("grant_type") String grantType, MultivaluedMap<String, String> form) {
    try {
        boolean grantTypeExist = grantType != null && !grantType.isEmpty();
        AbstractOAuthTokenRequest oAuthRequest = null;
        if (grantTypeExist && grantType.equals(GrantType.CLIENT_CREDENTIALS.toString())) {
            oAuthRequest = new OAuthTokenRequest(new FormRequestWrapper(request, form));
        } else {
            oAuthRequest = new OAuthUnauthenticatedTokenRequest(new FormRequestWrapper(request, form));
        }
        OAuthResponse oAuthResponse = tokenService.requestAccessToken(oAuthRequest);
        return responseHandler.createResponse(oAuthResponse);
    } catch (KustvaktException e) {
        throw responseHandler.throwit(e);
    } catch (OAuthProblemException e) {
        throw responseHandler.throwit(e);
    } catch (OAuthSystemException e) {
        throw responseHandler.throwit(e);
    }
}